chore: Merge alpha and beta

# Conflicts:
#	.github/workflows/docker.yaml

.github/workflows/docker.yaml

@@ -0,0 +1,61 @@
+name: Docker
+
+on:
+  push:
+    branches:
+      - Beta
+    tags:
+      - "v*"
+env:
+  REGISTRY: docker.io
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: latest
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_ACCOUNT }}/${{secrets.DOCKERHUB_REPO}}
+
+      - name: Log into registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: |
+            linux/386
+            linux/amd64
+            linux/arm64/v8
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/prerelease.yml

@@ -1,8 +1,15 @@
-name: Release
+name: Prerelease
-on: [push]
+on:
+  push:
+    branches:
+      - Alpha
+      - Beta
+  pull_request:
+    branches:
+      - Alpha
+      - Beta
 jobs:
-  Feature-build:
+  Build:
-    if: ${{ !contains(github.event.head_commit.message, '[Skip CI]') }}
     runs-on: ubuntu-latest
     steps:
       - name: Get latest go version
@@ -24,9 +31,13 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      #      - name: Get dependencies, run test
+
-      #        run: |
+
-      #          go test ./...
+      - name: Test
+        if: ${{env.GITHUB_REF_NAME=='Beta'}}
+        run: |
+          go test ./...
+
       - name: Build
         if: success()
         env:
@@ -38,34 +49,22 @@ jobs:
         uses: andreaswilli/delete-release-assets-action@v2.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          tag: alpha
+          tag: Prerelease-${{env.GITHUB_REF_NAME}}
           deleteOnlyFromDrafts: false
 
       - name: Tag Repo
         uses: richardsimko/update-tag@v1
         with:
-          tag_name: v1.10.0
+          tag_name: Prerelease-${{env.GITHUB_REF_NAME}}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Upload Release
+      - name: Upload Alpha
         uses: softprops/action-gh-release@v1
-        if: ${{ env.GIT_BRANCH == 'Meta' && success() }}
+        if: ${{  success() }}
         with:
-          tag: ${{ github.ref }}
+          tag: ${{env.GITHUB_REF_NAME}}
-          tag_name: v1.10.0
+          tag_name: Prerelease-${{env.GITHUB_REF_NAME}}
           files: bin/*
-          prerelease: false
+          prerelease: true
-
+          generate_release_notes: true
-      - name: send telegram message on push
-        uses: appleboy/telegram-action@master
-        with:
-          to: ${{ secrets.TTELEGRAM_CHAT_ID }}
-          token: ${{ secrets.TELEGRAM_TOKEN }}
-          message: |
-            ${{ github.actor }} created commit:
-            Commit message: ${{ github.event.commits[0].message }}
-
-            Repository: ${{ github.repository }}
-
-            See changes: https://github.com/${{ github.repository }}/commit/${{github.sha}}

.github/workflows/release.yaml

@@ -0,0 +1,44 @@
+name: Release
+on:
+  push:
+    tags:
+      - "v*"
+jobs:
+  Build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get latest go version
+        id: version
+        run: |
+          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ steps.version.outputs.go_version }}
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+      - name: Cache go module
+        uses: actions/cache@v2
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Test
+        run: |
+          go test ./...
+      - name: Build
+        if: success()
+        env:
+          NAME: Clash.Meta
+          BINDIR: bin
+        run: make -j releases
+
+      - name: Upload Release
+        uses: softprops/action-gh-release@v1
+        if: ${{ success() && startsWith(github.ref, 'refs/tags/')}}
+        with:
+          tag: ${{ github.ref }}
+          files: bin/*
+          generate_release_notes: true

Dockerfile

@@ -1,18 +1,26 @@
 FROM golang:alpine as builder
 
 RUN apk add --no-cache make git && \
-    wget -O /Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb
+    mkdir /clash-config && \
-WORKDIR /clash-src
+    wget -O /clash-config/Country.mmdb https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb && \
-COPY --from=tonistiigi/xx:golang / /
+    wget -O /clash-config/geosite.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat && \
+    wget -O /clash-config/geoip.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
+
+
 COPY . /clash-src
+WORKDIR /clash-src
 RUN go mod download &&\
     make docker &&\
-    mv ./bin/clash-docker /clash
+    mv ./bin/Clash.Meta-docker /clash
 
 FROM alpine:latest
-LABEL org.opencontainers.image.source="https://github.com/Dreamacro/clash"
+LABEL org.opencontainers.image.source="https://github.com/MetaCubeX/Clash.Meta"
 
 RUN apk add --no-cache ca-certificates tzdata
-COPY --from=builder /Country.mmdb /root/.config/clash/
+
-COPY --from=builder /clash /
+VOLUME ["/root/.config/clash/"]
+
+COPY --from=builder /clash-config/ /root/.config/clash/
+COPY --from=builder /clash /clash
+RUN chmod +x /clash
 ENTRYPOINT [ "/clash" ]

Makefile

@@ -1,7 +1,16 @@
 NAME=Clash.Meta
 BINDIR=bin
-BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
+BRANCH=$(shell git branch --show-current)
-VERSION=$(shell git describe --tags || echo "unknown version")
+ifeq ($(BRANCH),Alpha)
+VERSION=alpha-$(shell git rev-parse --short HEAD)
+else ifeq ($(BRANCH),Beta)
+VERSION=beta-$(shell git rev-parse --short HEAD)
+else ifeq ($(BRANCH),HEAD)
+VERSION=$(shell git describe --tags)
+else
+VERSION=unknown
+endif
+
 BUILDTIME=$(shell date -u)
 GOBUILD=CGO_ENABLED=0 go build -trimpath -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
 		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
@@ -43,7 +52,7 @@ all:linux-amd64 linux-arm64\
  	windows-amd64 windows-arm64\
 
 docker:
-	$(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
 darwin-amd64v3:
 	GOARCH=amd64 GOOS=darwin GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@

adapter/adapter.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"net/netip"
 	"net/url"
 	"strings"
 	"time"
@@ -21,7 +22,7 @@ var UnifiedDelay = atomic.NewBool(false)
 
 type Proxy struct {
 	C.ProxyAdapter
-	history *queue.Queue
+	history *queue.Queue[C.DelayHistory]
 	alive   *atomic.Bool
 }
 
@@ -64,10 +65,10 @@ func (p *Proxy) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 
 // DelayHistory implements C.Proxy
 func (p *Proxy) DelayHistory() []C.DelayHistory {
-	queue := p.history.Copy()
+	queueM := p.history.Copy()
 	histories := []C.DelayHistory{}
-	for _, item := range queue {
+	for _, item := range queueM {
-		histories = append(histories, item.(C.DelayHistory))
+		histories = append(histories, item)
 	}
 	return histories
 }
@@ -80,11 +81,7 @@ func (p *Proxy) LastDelay() (delay uint16) {
 		return max
 	}
 
-	last := p.history.Last()
+	history := p.history.Last()
-	if last == nil {
-		return max
-	}
-	history := last.(C.DelayHistory)
 	if history.Delay == 0 {
 		return max
 	}
@@ -99,7 +96,7 @@ func (p *Proxy) MarshalJSON() ([]byte, error) {
 	}
 
 	mapping := map[string]any{}
-	json.Unmarshal(inner, &mapping)
+	_ = json.Unmarshal(inner, &mapping)
 	mapping["history"] = p.DelayHistory()
 	mapping["name"] = p.Name()
 	mapping["udp"] = p.SupportUDP()
@@ -133,7 +130,9 @@ func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 	if err != nil {
 		return
 	}
-	defer instance.Close()
+	defer func() {
+		_ = instance.Close()
+	}()
 
 	req, err := http.NewRequest(http.MethodHead, url, nil)
 	if err != nil {
@@ -142,7 +141,7 @@ func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 	req = req.WithContext(ctx)
 
 	transport := &http.Transport{
-		Dial: func(string, string) (net.Conn, error) {
+		DialContext: func(context.Context, string, string) (net.Conn, error) {
 			return instance, nil
 		},
 		// from http.DefaultTransport
@@ -171,14 +170,13 @@ func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 			return
 		}
 	}
-
+	_ = resp.Body.Close()
-	resp.Body.Close()
 	t = uint16(time.Since(start) / time.Millisecond)
 	return
 }
 
 func NewProxy(adapter C.ProxyAdapter) *Proxy {
-	return &Proxy{adapter, queue.New(10), atomic.NewBool(true)}
+	return &Proxy{adapter, queue.New[C.DelayHistory](10), atomic.NewBool(true)}
 }
 
 func urlToMetadata(rawURL string) (addr C.Metadata, err error) {
@@ -203,7 +201,7 @@ func urlToMetadata(rawURL string) (addr C.Metadata, err error) {
 	addr = C.Metadata{
 		AddrType: C.AtypDomainName,
 		Host:     u.Hostname(),
-		DstIP:    nil,
+		DstIP:    netip.Addr{},
 		DstPort:  port,
 	}
 	return

adapter/inbound/socket.go

@@ -2,6 +2,7 @@ package inbound
 
 import (
 	"net"
+	"net/netip"
 
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/context"
@@ -13,10 +14,14 @@ func NewSocket(target socks5.Addr, conn net.Conn, source C.Type) *context.ConnCo
 	metadata := parseSocksAddr(target)
 	metadata.NetWork = C.TCP
 	metadata.Type = source
-	if ip, port, err := parseAddr(conn.RemoteAddr().String()); err == nil {
+	remoteAddr := conn.RemoteAddr()
+	// Filter when net.Addr interface is nil
+	if remoteAddr != nil {
+		if ip, port, err := parseAddr(remoteAddr.String()); err == nil {
 			metadata.SrcIP = ip
 			metadata.SrcPort = port
 		}
+	}
 
 	return context.NewConnContext(conn, metadata)
 }
@@ -29,14 +34,15 @@ func NewInner(conn net.Conn, dst string, host string) *context.ConnContext {
 	metadata.Host = host
 	metadata.AddrType = C.AtypDomainName
 	metadata.Process = C.ClashName
-	if ip, port, err := parseAddr(dst); err == nil {
+	if h, port, err := net.SplitHostPort(dst); err == nil {
 		metadata.DstPort = port
 		if host == "" {
+			if ip, err := netip.ParseAddr(h); err == nil {
 				metadata.DstIP = ip
-			if ip.To4() == nil {
-				metadata.AddrType = C.AtypIPv6
-			} else {
 				metadata.AddrType = C.AtypIPv4
+				if ip.Is6() {
+					metadata.AddrType = C.AtypIPv6
+				}
 			}
 		}
 	}

adapter/inbound/util.go

@@ -3,9 +3,11 @@ package inbound
 import (
 	"net"
 	"net/http"
+	"net/netip"
 	"strconv"
 	"strings"
 
+	"github.com/Dreamacro/clash/common/nnip"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
@@ -21,12 +23,10 @@ func parseSocksAddr(target socks5.Addr) *C.Metadata {
 		metadata.Host = strings.TrimRight(string(target[2:2+target[1]]), ".")
 		metadata.DstPort = strconv.Itoa((int(target[2+target[1]]) << 8) | int(target[2+target[1]+1]))
 	case socks5.AtypIPv4:
-		ip := net.IP(target[1 : 1+net.IPv4len])
+		metadata.DstIP = nnip.IpToAddr(net.IP(target[1 : 1+net.IPv4len]))
-		metadata.DstIP = ip
 		metadata.DstPort = strconv.Itoa((int(target[1+net.IPv4len]) << 8) | int(target[1+net.IPv4len+1]))
 	case socks5.AtypIPv6:
-		ip := net.IP(target[1 : 1+net.IPv6len])
+		metadata.DstIP = nnip.IpToAddr(net.IP(target[1 : 1+net.IPv6len]))
-		metadata.DstIP = ip
 		metadata.DstPort = strconv.Itoa((int(target[1+net.IPv6len]) << 8) | int(target[1+net.IPv6len+1]))
 	}
 
@@ -47,14 +47,14 @@ func parseHTTPAddr(request *http.Request) *C.Metadata {
 		NetWork:  C.TCP,
 		AddrType: C.AtypDomainName,
 		Host:     host,
-		DstIP:    nil,
+		DstIP:    netip.Addr{},
 		DstPort:  port,
 	}
 
-	ip := net.ParseIP(host)
+	ip, err := netip.ParseAddr(host)
-	if ip != nil {
+	if err == nil {
 		switch {
-		case ip.To4() == nil:
+		case ip.Is6():
 			metadata.AddrType = C.AtypIPv6
 		default:
 			metadata.AddrType = C.AtypIPv4
@@ -65,12 +65,12 @@ func parseHTTPAddr(request *http.Request) *C.Metadata {
 	return metadata
 }
 
-func parseAddr(addr string) (net.IP, string, error) {
+func parseAddr(addr string) (netip.Addr, string, error) {
 	host, port, err := net.SplitHostPort(addr)
 	if err != nil {
-		return nil, "", err
+		return netip.Addr{}, "", err
 	}
 
-	ip := net.ParseIP(host)
+	ip, err := netip.ParseAddr(host)
-	return ip, port, nil
+	return ip, port, err
 }

adapter/outbound/base.go

@@ -2,9 +2,12 @@ package outbound
 
 import (
 	"context"
+	"crypto/sha1"
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"net"
+	"regexp"
 
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
@@ -39,6 +42,16 @@ func (b *Base) ListenPacketContext(ctx context.Context, metadata *C.Metadata, op
 	return nil, errors.New("no support")
 }
 
+// ListenPacketOnStreamConn implements C.ProxyAdapter
+func (b *Base) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	return nil, errors.New("no support")
+}
+
+// SupportUOT implements C.ProxyAdapter
+func (b *Base) SupportUOT() bool {
+	return false
+}
+
 // SupportUDP implements C.ProxyAdapter
 func (b *Base) SupportUDP() bool {
 	return b.udp
@@ -136,3 +149,28 @@ func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
 func newPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
 	return &packetConn{pc, []string{a.Name()}}
 }
+
+func uuidMap(str string) string {
+	match, _ := regexp.MatchString(`[\da-f]{8}(-[\da-f]{4}){3}-[\da-f]{12}$`, str)
+	if !match {
+		var Nil [16]byte
+		h := sha1.New()
+		h.Write(Nil[:])
+		h.Write([]byte(str))
+		u := h.Sum(nil)[:16]
+		u[6] = (u[6] & 0x0f) | (5 << 4)
+		u[8] = u[8]&(0xff>>2) | (0x02 << 6)
+		buf := make([]byte, 36)
+		hex.Encode(buf[0:8], u[0:4])
+		buf[8] = '-'
+		hex.Encode(buf[9:13], u[4:6])
+		buf[13] = '-'
+		hex.Encode(buf[14:18], u[6:8])
+		buf[18] = '-'
+		hex.Encode(buf[19:23], u[8:10])
+		buf[23] = '-'
+		hex.Encode(buf[24:], u[10:])
+		return string(buf)
+	}
+	return str
+}

adapter/outbound/direct.go

@@ -60,7 +60,7 @@ func NewCompatible() *Direct {
 func NewPass() *Direct {
 	return &Direct{
 		Base: &Base{
-			name: "Pass",
+			name: "PASS",
 			tp:   C.Pass,
 			udp:  true,
 		},

adapter/outbound/http.go

@@ -22,6 +22,7 @@ type Http struct {
 	user      string
 	pass      string
 	tlsConfig *tls.Config
+	option    *HttpOption
 }
 
 type HttpOption struct {
@@ -34,6 +35,7 @@ type HttpOption struct {
 	TLS            bool              `proxy:"tls,omitempty"`
 	SNI            string            `proxy:"sni,omitempty"`
 	SkipCertVerify bool              `proxy:"skip-cert-verify,omitempty"`
+	Headers        map[string]string `proxy:"headers,omitempty"`
 }
 
 // StreamConn implements C.ProxyAdapter
@@ -84,6 +86,13 @@ func (h *Http) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
 		},
 	}
 
+	//增加headers
+	if len(h.option.Headers) != 0 {
+		for key, value := range h.option.Headers {
+			req.Header.Add(key, value)
+		}
+	}
+
 	if h.user != "" && h.pass != "" {
 		auth := h.user + ":" + h.pass
 		req.Header.Add("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(auth)))
@@ -141,5 +150,6 @@ func NewHttp(option HttpOption) *Http {
 		user:      option.UserName,
 		pass:      option.Password,
 		tlsConfig: tlsConfig,
+		option:    &option,
 	}
 }

adapter/outbound/shadowsocksr.go

@@ -92,6 +92,12 @@ func (ssr *ShadowSocksR) ListenPacketContext(ctx context.Context, metadata *C.Me
 }
 
 func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
+	// SSR protocol compatibility
+	// https://github.com/Dreamacro/clash/pull/2056
+	if option.Cipher == "none" {
+		option.Cipher = "dummy"
+	}
+
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	cipher := option.Cipher
 	password := option.Password
@@ -103,13 +109,14 @@ func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
 		ivSize int
 		key    []byte
 	)
+
 	if option.Cipher == "dummy" {
 		ivSize = 0
 		key = core.Kdf(option.Password, 16)
 	} else {
 		ciph, ok := coreCiph.(*core.StreamCipher)
 		if !ok {
-			return nil, fmt.Errorf("%s is not dummy or a supported stream cipher in ssr", cipher)
+			return nil, fmt.Errorf("%s is not none or a supported stream cipher in ssr", cipher)
 		}
 		ivSize = ciph.IVSize()
 		key = ciph.Key

adapter/outbound/snell.go

@@ -53,6 +53,10 @@ func streamConn(c net.Conn, option streamOption) *snell.Snell {
 // StreamConn implements C.ProxyAdapter
 func (s *Snell) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
+	if metadata.NetWork == C.UDP {
+		err := snell.WriteUDPHeader(c, s.version)
+		return c, err
+	}
 	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
 	err := snell.WriteHeader(c, metadata.String(), uint(port), s.version)
 	return c, err
@@ -95,15 +99,20 @@ func (s *Snell) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 	tcpKeepAlive(c)
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
 
-	err = snell.WriteUDPHeader(c, s.version)
+	return s.ListenPacketOnStreamConn(c, metadata)
-	if err != nil {
-		return nil, err
 }
 
+// ListenPacketOnStreamConn implements C.ProxyAdapter
+func (s *Snell) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	pc := snell.PacketConn(c)
 	return newPacketConn(pc, s), nil
 }
 
+// SupportUOT implements C.ProxyAdapter
+func (s *Snell) SupportUOT() bool {
+	return true
+}
+
 func NewSnell(option SnellOption) (*Snell, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	psk := []byte(option.Psk)

adapter/outbound/trojan.go

@@ -90,6 +90,10 @@ func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 		return nil, err
 	}
 
+	if metadata.NetWork == C.UDP {
+		err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
+		return c, err
+	}
 	err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata))
 	return c, err
 }
@@ -157,15 +161,20 @@ func (t *Trojan) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 		}
 	}
 
-	err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
+	return t.ListenPacketOnStreamConn(c, metadata)
-	if err != nil {
-		return nil, err
 }
 
+// ListenPacketOnStreamConn implements C.ProxyAdapter
+func (t *Trojan) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	pc := t.instance.PacketConn(c)
 	return newPacketConn(pc, t), err
 }
 
+// SupportUOT implements C.ProxyAdapter
+func (t *Trojan) SupportUOT() bool {
+	return true
+}
+
 func NewTrojan(option TrojanOption) (*Trojan, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 

adapter/outbound/util.go

@@ -22,8 +22,8 @@ var (
 
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
-		tcp.SetKeepAlive(true)
+		_ = tcp.SetKeepAlive(true)
-		tcp.SetKeepAlivePeriod(30 * time.Second)
+		_ = tcp.SetKeepAlivePeriod(30 * time.Second)
 	}
 }
 
@@ -48,14 +48,14 @@ func serializesSocksAddr(metadata *C.Metadata) []byte {
 	port := []byte{uint8(p >> 8), uint8(p & 0xff)}
 	switch metadata.AddrType {
 	case socks5.AtypDomainName:
-		len := uint8(len(metadata.Host))
+		lenM := uint8(len(metadata.Host))
 		host := []byte(metadata.Host)
-		buf = [][]byte{{aType, len}, host, port}
+		buf = [][]byte{{aType, lenM}, host, port}
 	case socks5.AtypIPv4:
-		host := metadata.DstIP.To4()
+		host := metadata.DstIP.AsSlice()
 		buf = [][]byte{{aType}, host, port}
 	case socks5.AtypIPv6:
-		host := metadata.DstIP.To16()
+		host := metadata.DstIP.AsSlice()
 		buf = [][]byte{{aType}, host, port}
 	}
 	return bytes.Join(buf, nil)
@@ -76,6 +76,6 @@ func resolveUDPAddr(network, address string) (*net.UDPAddr, error) {
 
 func safeConnClose(c net.Conn, err error) {
 	if err != nil {
-		c.Close()
+		_ = c.Close()
 	}
 }

adapter/outbound/vless.go

@@ -249,26 +249,36 @@ func (v *Vless) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 		return nil, fmt.Errorf("new vless client error: %v", err)
 	}
 
+	return v.ListenPacketOnStreamConn(c, metadata)
+}
+
+// ListenPacketOnStreamConn implements C.ProxyAdapter
+func (v *Vless) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	return newPacketConn(&vlessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }
 
+// SupportUOT implements C.ProxyAdapter
+func (v *Vless) SupportUOT() bool {
+	return true
+}
+
 func parseVlessAddr(metadata *C.Metadata) *vless.DstAddr {
 	var addrType byte
 	var addr []byte
 	switch metadata.AddrType {
 	case C.AtypIPv4:
-		addrType = byte(vless.AtypIPv4)
+		addrType = vless.AtypIPv4
 		addr = make([]byte, net.IPv4len)
-		copy(addr[:], metadata.DstIP.To4())
+		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypIPv6:
-		addrType = byte(vless.AtypIPv6)
+		addrType = vless.AtypIPv6
 		addr = make([]byte, net.IPv6len)
-		copy(addr[:], metadata.DstIP.To16())
+		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypDomainName:
-		addrType = byte(vless.AtypDomainName)
+		addrType = vless.AtypDomainName
 		addr = make([]byte, len(metadata.Host)+1)
 		addr[0] = byte(len(metadata.Host))
-		copy(addr[1:], []byte(metadata.Host))
+		copy(addr[1:], metadata.Host)
 	}
 
 	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
@@ -386,7 +396,7 @@ func NewVless(option VlessOption) (*Vless, error) {
 		}
 	}
 
-	client, err := vless.NewClient(option.UUID, addons, option.FlowShow)
+	client, err := vless.NewClient(uuidMap(option.UUID), addons, option.FlowShow)
 	if err != nil {
 		return nil, err
 	}

adapter/outbound/vmess.go

@@ -260,13 +260,23 @@ func (v *Vmess) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 		return nil, fmt.Errorf("new vmess client error: %v", err)
 	}
 
+	return v.ListenPacketOnStreamConn(c, metadata)
+}
+
+// ListenPacketOnStreamConn implements C.ProxyAdapter
+func (v *Vmess) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	return newPacketConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }
 
+// SupportUOT implements C.ProxyAdapter
+func (v *Vmess) SupportUOT() bool {
+	return true
+}
+
 func NewVmess(option VmessOption) (*Vmess, error) {
 	security := strings.ToLower(option.Cipher)
 	client, err := vmess.NewClient(vmess.Config{
-		UUID:     option.UUID,
+		UUID:     uuidMap(option.UUID),
 		AlterID:  uint16(option.AlterID),
 		Security: security,
 		HostName: option.Server,
@@ -342,11 +352,11 @@ func parseVmessAddr(metadata *C.Metadata) *vmess.DstAddr {
 	case C.AtypIPv4:
 		addrType = byte(vmess.AtypIPv4)
 		addr = make([]byte, net.IPv4len)
-		copy(addr[:], metadata.DstIP.To4())
+		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypIPv6:
 		addrType = byte(vmess.AtypIPv6)
 		addr = make([]byte, net.IPv6len)
-		copy(addr[:], metadata.DstIP.To16())
+		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypDomainName:
 		addrType = byte(vmess.AtypDomainName)
 		addr = make([]byte, len(metadata.Host)+1)

adapter/outboundgroup/common.go

@@ -1,55 +0,0 @@
-package outboundgroup
-
-import (
-	"github.com/Dreamacro/clash/tunnel"
-	"github.com/dlclark/regexp2"
-	"time"
-
-	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/constant/provider"
-)
-
-const (
-	defaultGetProxiesDuration = time.Second * 5
-)
-
-func getProvidersProxies(providers []provider.ProxyProvider, touch bool, filter string) []C.Proxy {
-	proxies := []C.Proxy{}
-	for _, provider := range providers {
-		if touch {
-			proxies = append(proxies, provider.ProxiesWithTouch()...)
-		} else {
-			proxies = append(proxies, provider.Proxies()...)
-		}
-	}
-
-	var filterReg *regexp2.Regexp = nil
-	var matchedProxies []C.Proxy
-	if len(filter) > 0 {
-		//filterReg = regexp.MustCompile(filter)
-		filterReg = regexp2.MustCompile(filter, 0)
-		for _, p := range proxies {
-			if p.Type() < 8 {
-				matchedProxies = append(matchedProxies, p)
-			}
-
-			//if filterReg.MatchString(p.Name()) {
-			if mat, _ := filterReg.FindStringMatch(p.Name()); mat != nil {
-				matchedProxies = append(matchedProxies, p)
-			}
-		}
-
-		if len(matchedProxies) > 0 {
-			return matchedProxies
-		} else {
-			return append([]C.Proxy{}, tunnel.Proxies()["COMPATIBLE"])
-		}
-	} else {
-		if len(proxies) == 0 {
-			return append(proxies, tunnel.Proxies()["COMPATIBLE"])
-		} else {
-			return proxies
-		}
-	}
-
-}

adapter/outboundgroup/fallback.go

@@ -8,18 +8,14 @@ import (
 	"time"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
-	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 
 type Fallback struct {
-	*outbound.Base
+	*GroupBase
 	disableUDP  bool
-	filter      string
-	single      *singledo.Single
-	providers   []provider.ProxyProvider
 	failedTimes *atomic.Int32
 	failedTime  *atomic.Int64
 }
@@ -98,7 +94,7 @@ func (f *Fallback) SupportUDP() bool {
 // MarshalJSON implements C.ProxyAdapter
 func (f *Fallback) MarshalJSON() ([]byte, error) {
 	all := []string{}
-	for _, proxy := range f.proxies(false) {
+	for _, proxy := range f.GetProxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
@@ -114,16 +110,8 @@ func (f *Fallback) Unwrap(metadata *C.Metadata) C.Proxy {
 	return proxy
 }
 
-func (f *Fallback) proxies(touch bool) []C.Proxy {
-	elm, _, _ := f.single.Do(func() (any, error) {
-		return getProvidersProxies(f.providers, touch, f.filter), nil
-	})
-
-	return elm.([]C.Proxy)
-}
-
 func (f *Fallback) findAliveProxy(touch bool) C.Proxy {
-	proxies := f.proxies(touch)
+	proxies := f.GetProxies(touch)
 	for _, proxy := range proxies {
 		if proxy.Alive() {
 			return proxy
@@ -135,16 +123,17 @@ func (f *Fallback) findAliveProxy(touch bool) C.Proxy {
 
 func NewFallback(option *GroupCommonOption, providers []provider.ProxyProvider) *Fallback {
 	return &Fallback{
-		Base: outbound.NewBase(outbound.BaseOption{
+		GroupBase: NewGroupBase(GroupBaseOption{
+			outbound.BaseOption{
 				Name:        option.Name,
 				Type:        C.Fallback,
 				Interface:   option.Interface,
 				RoutingMark: option.RoutingMark,
+			},
+			option.Filter,
+			providers,
 		}),
-		single:      singledo.NewSingle(defaultGetProxiesDuration),
-		providers:   providers,
 		disableUDP:  option.DisableUDP,
-		filter:      option.Filter,
 		failedTimes: atomic.NewInt32(-1),
 		failedTime:  atomic.NewInt64(-1),
 	}

adapter/outboundgroup/groupbase.go

@@ -0,0 +1,98 @@
+package outboundgroup
+
+import (
+	"github.com/Dreamacro/clash/adapter/outbound"
+	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/constant/provider"
+	types "github.com/Dreamacro/clash/constant/provider"
+	"github.com/Dreamacro/clash/tunnel"
+	"github.com/dlclark/regexp2"
+	"sync"
+)
+
+type GroupBase struct {
+	*outbound.Base
+	filter    *regexp2.Regexp
+	providers []provider.ProxyProvider
+	versions  sync.Map // map[string]uint
+	proxies   sync.Map // map[string][]C.Proxy
+}
+
+type GroupBaseOption struct {
+	outbound.BaseOption
+	filter    string
+	providers []provider.ProxyProvider
+}
+
+func NewGroupBase(opt GroupBaseOption) *GroupBase {
+	var filter *regexp2.Regexp = nil
+	if opt.filter != "" {
+		filter = regexp2.MustCompile(opt.filter, 0)
+	}
+	return &GroupBase{
+		Base:      outbound.NewBase(opt.BaseOption),
+		filter:    filter,
+		providers: opt.providers,
+	}
+}
+
+func (gb *GroupBase) GetProxies(touch bool) []C.Proxy {
+	if gb.filter == nil {
+		var proxies []C.Proxy
+		for _, pd := range gb.providers {
+			if touch {
+				proxies = append(proxies, pd.ProxiesWithTouch()...)
+			} else {
+				proxies = append(proxies, pd.Proxies()...)
+			}
+		}
+		if len(proxies) == 0 {
+			return append(proxies, tunnel.Proxies()["COMPATIBLE"])
+		}
+		return proxies
+	}
+	//TODO("Touch Version 没变的")
+	for _, pd := range gb.providers {
+		if pd.VehicleType() == types.Compatible {
+			if touch {
+				gb.proxies.Store(pd.Name(), pd.ProxiesWithTouch())
+			} else {
+				gb.proxies.Store(pd.Name(), pd.Proxies())
+			}
+
+			gb.versions.Store(pd.Name(), pd.Version())
+			continue
+		}
+
+		if version, ok := gb.versions.Load(pd.Name()); !ok || version != pd.Version() {
+			var (
+				proxies    []C.Proxy
+				newProxies []C.Proxy
+			)
+
+			if touch {
+				proxies = pd.ProxiesWithTouch()
+			} else {
+				proxies = pd.Proxies()
+			}
+
+			for _, p := range proxies {
+				if mat, _ := gb.filter.FindStringMatch(p.Name()); mat != nil {
+					newProxies = append(newProxies, p)
+				}
+			}
+
+			gb.proxies.Store(pd.Name(), newProxies)
+			gb.versions.Store(pd.Name(), pd.Version())
+		}
+	}
+	var proxies []C.Proxy
+	gb.proxies.Range(func(key, value any) bool {
+		proxies = append(proxies, value.([]C.Proxy)...)
+		return true
+	})
+	if len(proxies) == 0 {
+		return append(proxies, tunnel.Proxies()["COMPATIBLE"])
+	}
+	return proxies
+}

adapter/outboundgroup/loadbalance.go

@@ -9,7 +9,6 @@ import (
 
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/murmur3"
-	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
@@ -20,11 +19,8 @@ import (
 type strategyFn = func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy
 
 type LoadBalance struct {
-	*outbound.Base
+	*GroupBase
 	disableUDP bool
-	single     *singledo.Single
-	filter     string
-	providers  []provider.ProxyProvider
 	strategyFn strategyFn
 }
 
@@ -51,7 +47,7 @@ func getKey(metadata *C.Metadata) string {
 		}
 	}
 
-	if metadata.DstIP == nil {
+	if !metadata.DstIP.IsValid() {
 		return ""
 	}
 
@@ -136,22 +132,14 @@ func strategyConsistentHashing() strategyFn {
 
 // Unwrap implements C.ProxyAdapter
 func (lb *LoadBalance) Unwrap(metadata *C.Metadata) C.Proxy {
-	proxies := lb.proxies(true)
+	proxies := lb.GetProxies(true)
 	return lb.strategyFn(proxies, metadata)
 }
 
-func (lb *LoadBalance) proxies(touch bool) []C.Proxy {
-	elm, _, _ := lb.single.Do(func() (any, error) {
-		return getProvidersProxies(lb.providers, touch, lb.filter), nil
-	})
-
-	return elm.([]C.Proxy)
-}
-
 // MarshalJSON implements C.ProxyAdapter
 func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
 	all := []string{}
-	for _, proxy := range lb.proxies(false) {
+	for _, proxy := range lb.GetProxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
@@ -171,16 +159,17 @@ func NewLoadBalance(option *GroupCommonOption, providers []provider.ProxyProvide
 		return nil, fmt.Errorf("%w: %s", errStrategy, strategy)
 	}
 	return &LoadBalance{
-		Base: outbound.NewBase(outbound.BaseOption{
+		GroupBase: NewGroupBase(GroupBaseOption{
+			outbound.BaseOption{
 				Name:        option.Name,
 				Type:        C.LoadBalance,
 				Interface:   option.Interface,
 				RoutingMark: option.RoutingMark,
+			},
+			option.Filter,
+			providers,
 		}),
-		single:     singledo.NewSingle(defaultGetProxiesDuration),
-		providers:  providers,
 		strategyFn: strategyFn,
 		disableUDP: option.DisableUDP,
-		filter:     option.Filter,
 	}, nil
 }

adapter/outboundgroup/relay.go

@@ -6,27 +6,18 @@ import (
 	"fmt"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
-	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 
 type Relay struct {
-	*outbound.Base
+	*GroupBase
-	single    *singledo.Single
-	providers []provider.ProxyProvider
-	filter    string
 }
 
 // DialContext implements C.ProxyAdapter
 func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
-	var proxies []C.Proxy
+	proxies, chainProxies := r.proxies(metadata, true)
-	for _, proxy := range r.proxies(metadata, true) {
-		if proxy.Type() != C.Direct && proxy.Type() != C.Compatible {
-			proxies = append(proxies, proxy)
-		}
-	}
 
 	switch len(proxies) {
 	case 0:
@@ -64,13 +55,86 @@ func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 		return nil, fmt.Errorf("%s connect error: %w", last.Addr(), err)
 	}
 
-	return outbound.NewConn(c, r), nil
+	conn := outbound.NewConn(c, last)
+
+	for i := len(chainProxies) - 2; i >= 0; i-- {
+		conn.AppendToChains(chainProxies[i])
+	}
+
+	conn.AppendToChains(r)
+
+	return conn, nil
+}
+
+// ListenPacketContext implements C.ProxyAdapter
+func (r *Relay) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
+	proxies, chainProxies := r.proxies(metadata, true)
+
+	switch len(proxies) {
+	case 0:
+		return outbound.NewDirect().ListenPacketContext(ctx, metadata, r.Base.DialOptions(opts...)...)
+	case 1:
+		return proxies[0].ListenPacketContext(ctx, metadata, r.Base.DialOptions(opts...)...)
+	}
+
+	first := proxies[0]
+	last := proxies[len(proxies)-1]
+
+	c, err := dialer.DialContext(ctx, "tcp", first.Addr(), r.Base.DialOptions(opts...)...)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
+	}
+	tcpKeepAlive(c)
+
+	var currentMeta *C.Metadata
+	for _, proxy := range proxies[1:] {
+		currentMeta, err = addrToMetadata(proxy.Addr())
+		if err != nil {
+			return nil, err
+		}
+
+		c, err = first.StreamConn(c, currentMeta)
+		if err != nil {
+			return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
+		}
+
+		first = proxy
+	}
+
+	c, err = last.StreamConn(c, metadata)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", last.Addr(), err)
+	}
+
+	var pc C.PacketConn
+	pc, err = last.ListenPacketOnStreamConn(c, metadata)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
+	}
+
+	for i := len(chainProxies) - 2; i >= 0; i-- {
+		pc.AppendToChains(chainProxies[i])
+	}
+
+	pc.AppendToChains(r)
+
+	return pc, nil
+}
+
+// SupportUDP implements C.ProxyAdapter
+func (r *Relay) SupportUDP() bool {
+	proxies, _ := r.proxies(nil, false)
+	if len(proxies) == 0 { // C.Direct
+		return true
+	}
+	last := proxies[len(proxies)-1]
+	return last.SupportUDP() && last.SupportUOT()
 }
 
 // MarshalJSON implements C.ProxyAdapter
 func (r *Relay) MarshalJSON() ([]byte, error) {
 	all := []string{}
-	for _, proxy := range r.rawProxies(false) {
+	for _, proxy := range r.GetProxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
@@ -79,38 +143,44 @@ func (r *Relay) MarshalJSON() ([]byte, error) {
 	})
 }
 
-func (r *Relay) rawProxies(touch bool) []C.Proxy {
+func (r *Relay) proxies(metadata *C.Metadata, touch bool) ([]C.Proxy, []C.Proxy) {
-	elm, _, _ := r.single.Do(func() (any, error) {
+	rawProxies := r.GetProxies(touch)
-		return getProvidersProxies(r.providers, touch, r.filter), nil
-	})
 
-	return elm.([]C.Proxy)
+	var proxies []C.Proxy
-}
+	var chainProxies []C.Proxy
+	var targetProxies []C.Proxy
 
-func (r *Relay) proxies(metadata *C.Metadata, touch bool) []C.Proxy {
+	for n, proxy := range rawProxies {
-	proxies := r.rawProxies(touch)
+		proxies = append(proxies, proxy)
-
+		chainProxies = append(chainProxies, proxy)
-	for n, proxy := range proxies {
 		subproxy := proxy.Unwrap(metadata)
 		for subproxy != nil {
+			chainProxies = append(chainProxies, subproxy)
 			proxies[n] = subproxy
 			subproxy = subproxy.Unwrap(metadata)
 		}
 	}
 
-	return proxies
+	for _, proxy := range proxies {
+		if proxy.Type() != C.Direct && proxy.Type() != C.Compatible {
+			targetProxies = append(targetProxies, proxy)
+		}
+	}
+
+	return targetProxies, chainProxies
 }
 
 func NewRelay(option *GroupCommonOption, providers []provider.ProxyProvider) *Relay {
 	return &Relay{
-		Base: outbound.NewBase(outbound.BaseOption{
+		GroupBase: NewGroupBase(GroupBaseOption{
+			outbound.BaseOption{
 				Name:        option.Name,
 				Type:        C.Relay,
 				Interface:   option.Interface,
 				RoutingMark: option.RoutingMark,
+			},
+			"",
+			providers,
 		}),
-		single:    singledo.NewSingle(defaultGetProxiesDuration),
-		providers: providers,
-		filter:    option.Filter,
 	}
 }

adapter/outboundgroup/selector.go

@@ -6,19 +6,15 @@ import (
 	"errors"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
-	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 
 type Selector struct {
-	*outbound.Base
+	*GroupBase
 	disableUDP bool
-	single     *singledo.Single
 	selected   string
-	filter     string
-	providers  []provider.ProxyProvider
 }
 
 // DialContext implements C.ProxyAdapter
@@ -51,7 +47,7 @@ func (s *Selector) SupportUDP() bool {
 // MarshalJSON implements C.ProxyAdapter
 func (s *Selector) MarshalJSON() ([]byte, error) {
 	all := []string{}
-	for _, proxy := range getProvidersProxies(s.providers, false, s.filter) {
+	for _, proxy := range s.GetProxies(false) {
 		all = append(all, proxy.Name())
 	}
 
@@ -67,10 +63,9 @@ func (s *Selector) Now() string {
 }
 
 func (s *Selector) Set(name string) error {
-	for _, proxy := range getProvidersProxies(s.providers, false, s.filter) {
+	for _, proxy := range s.GetProxies(false) {
 		if proxy.Name() == name {
 			s.selected = name
-			s.single.Reset()
 			return nil
 		}
 	}
@@ -84,32 +79,29 @@ func (s *Selector) Unwrap(*C.Metadata) C.Proxy {
 }
 
 func (s *Selector) selectedProxy(touch bool) C.Proxy {
-	elm, _, _ := s.single.Do(func() (any, error) {
+	proxies := s.GetProxies(touch)
-		proxies := getProvidersProxies(s.providers, touch, s.filter)
 	for _, proxy := range proxies {
 		if proxy.Name() == s.selected {
-				return proxy, nil
+			return proxy
 		}
 	}
 
-		return proxies[0], nil
+	return proxies[0]
-	})
-
-	return elm.(C.Proxy)
 }
 
 func NewSelector(option *GroupCommonOption, providers []provider.ProxyProvider) *Selector {
 	return &Selector{
-		Base: outbound.NewBase(outbound.BaseOption{
+		GroupBase: NewGroupBase(GroupBaseOption{
+			outbound.BaseOption{
 				Name:        option.Name,
 				Type:        C.Selector,
 				Interface:   option.Interface,
 				RoutingMark: option.RoutingMark,
+			},
+			option.Filter,
+			providers,
 		}),
-		single:     singledo.NewSingle(defaultGetProxiesDuration),
-		providers:  providers,
 		selected:   "COMPATIBLE",
 		disableUDP: option.DisableUDP,
-		filter:     option.Filter,
 	}
 }

adapter/outboundgroup/urltest.go

@@ -23,14 +23,11 @@ func urlTestWithTolerance(tolerance uint16) urlTestOption {
 }
 
 type URLTest struct {
-	*outbound.Base
+	*GroupBase
 	tolerance   uint16
 	disableUDP  bool
 	fastNode    C.Proxy
-	filter      string
+	fastSingle  *singledo.Single[C.Proxy]
-	single      *singledo.Single
-	fastSingle  *singledo.Single
-	providers   []provider.ProxyProvider
 	failedTimes *atomic.Int32
 	failedTime  *atomic.Int64
 }
@@ -70,17 +67,9 @@ func (u *URLTest) Unwrap(*C.Metadata) C.Proxy {
 	return u.fast(true)
 }
 
-func (u *URLTest) proxies(touch bool) []C.Proxy {
-	elm, _, _ := u.single.Do(func() (any, error) {
-		return getProvidersProxies(u.providers, touch, u.filter), nil
-	})
-
-	return elm.([]C.Proxy)
-}
-
 func (u *URLTest) fast(touch bool) C.Proxy {
-	elm, _, _ := u.fastSingle.Do(func() (any, error) {
+	elm, _, _ := u.fastSingle.Do(func() (C.Proxy, error) {
-		proxies := u.proxies(touch)
+		proxies := u.GetProxies(touch)
 		fast := proxies[0]
 		min := fast.LastDelay()
 		fastNotExist := true
@@ -109,7 +98,7 @@ func (u *URLTest) fast(touch bool) C.Proxy {
 		return u.fastNode, nil
 	})
 
-	return elm.(C.Proxy)
+	return elm
 }
 
 // SupportUDP implements C.ProxyAdapter
@@ -124,7 +113,7 @@ func (u *URLTest) SupportUDP() bool {
 // MarshalJSON implements C.ProxyAdapter
 func (u *URLTest) MarshalJSON() ([]byte, error) {
 	all := []string{}
-	for _, proxy := range u.proxies(false) {
+	for _, proxy := range u.GetProxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
@@ -175,17 +164,18 @@ func parseURLTestOption(config map[string]any) []urlTestOption {
 
 func NewURLTest(option *GroupCommonOption, providers []provider.ProxyProvider, options ...urlTestOption) *URLTest {
 	urlTest := &URLTest{
-		Base: outbound.NewBase(outbound.BaseOption{
+		GroupBase: NewGroupBase(GroupBaseOption{
+			outbound.BaseOption{
 				Name:        option.Name,
 				Type:        C.URLTest,
 				Interface:   option.Interface,
 				RoutingMark: option.RoutingMark,
+			},
+			option.Filter,
+			providers,
 		}),
-		single:      singledo.NewSingle(defaultGetProxiesDuration),
+		fastSingle:  singledo.NewSingle[C.Proxy](time.Second * 10),
-		fastSingle:  singledo.NewSingle(time.Second * 10),
-		providers:   providers,
 		disableUDP:  option.DisableUDP,
-		filter:      option.Filter,
 		failedTimes: atomic.NewInt32(-1),
 		failedTime:  atomic.NewInt64(-1),
 	}

adapter/outboundgroup/util.go

@@ -3,6 +3,7 @@ package outboundgroup
 import (
 	"fmt"
 	"net"
+	"net/netip"
 	"time"
 
 	C "github.com/Dreamacro/clash/constant"
@@ -15,20 +16,21 @@ func addrToMetadata(rawAddress string) (addr *C.Metadata, err error) {
 		return
 	}
 
-	ip := net.ParseIP(host)
+	ip, err := netip.ParseAddr(host)
-	if ip == nil {
+	if err != nil {
 		addr = &C.Metadata{
 			AddrType: C.AtypDomainName,
 			Host:     host,
-			DstIP:    nil,
+			DstIP:    netip.Addr{},
 			DstPort:  port,
 		}
+		err = nil
 		return
-	} else if ip4 := ip.To4(); ip4 != nil {
+	} else if ip.Is4() {
 		addr = &C.Metadata{
 			AddrType: C.AtypIPv4,
 			Host:     "",
-			DstIP:    ip4,
+			DstIP:    ip,
 			DstPort:  port,
 		}
 		return
@@ -45,7 +47,7 @@ func addrToMetadata(rawAddress string) (addr *C.Metadata, err error) {
 
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
-		tcp.SetKeepAlive(true)
+		_ = tcp.SetKeepAlive(true)
-		tcp.SetKeepAlivePeriod(30 * time.Second)
+		_ = tcp.SetKeepAlivePeriod(30 * time.Second)
 	}
 }

adapter/provider/healthcheck.go

@@ -65,14 +65,14 @@ func (hc *HealthCheck) touch() {
 }
 
 func (hc *HealthCheck) check() {
-	b, _ := batch.New(context.Background(), batch.WithConcurrencyNum(10))
+	b, _ := batch.New[bool](context.Background(), batch.WithConcurrencyNum[bool](10))
 	for _, proxy := range hc.proxies {
 		p := proxy
-		b.Go(p.Name(), func() (any, error) {
+		b.Go(p.Name(), func() (bool, error) {
 			ctx, cancel := context.WithTimeout(context.Background(), defaultURLTestTimeout)
 			defer cancel()
-			p.URLTest(ctx, hc.url)
+			_, _ = p.URLTest(ctx, hc.url)
-			return nil, nil
+			return false, nil
 		})
 	}
 	b.Wait()

adapter/provider/provider.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/dlclark/regexp2"
+	"math"
 	"runtime"
 	"time"
 
@@ -32,6 +33,11 @@ type proxySetProvider struct {
 	*fetcher
 	proxies     []C.Proxy
 	healthCheck *HealthCheck
+	version     uint
+}
+
+func (pp *proxySetProvider) Version() uint {
+	return pp.version
 }
 
 func (pp *proxySetProvider) MarshalJSON() ([]byte, error) {
@@ -94,6 +100,7 @@ func (pp *proxySetProvider) setProxies(proxies []C.Proxy) {
 	if pp.healthCheck.auto() {
 		go pp.healthCheck.check()
 	}
+
 }
 
 func stopProxyProvider(pd *ProxySetProvider) {
@@ -116,6 +123,11 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, veh
 	onUpdate := func(elm any) {
 		ret := elm.([]C.Proxy)
 		pd.setProxies(ret)
+		if pd.version == math.MaxUint {
+			pd.version = 0
+		} else {
+			pd.version++
+		}
 	}
 
 	proxiesParseAndFilter := func(buf []byte) (any, error) {
@@ -170,6 +182,11 @@ type compatibleProvider struct {
 	name        string
 	healthCheck *HealthCheck
 	proxies     []C.Proxy
+	version     uint
+}
+
+func (cp *compatibleProvider) Version() uint {
+	return cp.version
 }
 
 func (cp *compatibleProvider) MarshalJSON() ([]byte, error) {

adapter/provider/vehicle.go

@@ -2,7 +2,6 @@ package provider
 
 import (
 	"context"
-	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/listener/inner"
 	"io"
 	"net"
@@ -58,7 +57,7 @@ func (h *HTTPVehicle) Read() ([]byte, error) {
 	}
 
 	req, err := http.NewRequest(http.MethodGet, uri.String(), nil)
-	req.Header.Set("user-agent", netHttp.UA)
+	req.Header.Set("User-Agent", netHttp.UA)
 
 	if err != nil {
 		return nil, err
@@ -86,10 +85,6 @@ func (h *HTTPVehicle) Read() ([]byte, error) {
 	client := http.Client{Transport: transport}
 	resp, err := client.Do(req)
 	if err != nil {
-		transport.DialContext = func(ctx context.Context, network, address string) (net.Conn, error) {
-			return dialer.DialContext(ctx, network, address)
-		}
-		resp, err = client.Do(req)
 		if err != nil {
 			return nil, err
 		}

check_amd64.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+flags=$(grep '^flags\b' </proc/cpuinfo | head -n 1)
+flags=" ${flags#*:} "
+
+has_flags () {
+  for flag; do
+    case "$flags" in
+      *" $flag "*) :;;
+      *) return 1;;
+    esac
+  done
+}
+
+determine_level () {
+  level=0
+  has_flags lm cmov cx8 fpu fxsr mmx syscall sse2 || return 0
+  level=1
+  has_flags cx16 lahf_lm popcnt sse4_1 sse4_2 ssse3 || return 0
+  level=2
+  has_flags avx avx2 bmi1 bmi2 f16c fma abm movbe xsave || return 0
+  level=3
+  has_flags avx512f avx512bw avx512cd avx512dq avx512vl || return 0
+  level=4
+}
+
+determine_level
+echo "Your CPU supports amd64-v$level"
+return $level

common/batch/batch.go

@@ -5,10 +5,10 @@ import (
 	"sync"
 )
 
-type Option = func(b *Batch)
+type Option[T any] func(b *Batch[T])
 
-type Result struct {
+type Result[T any] struct {
-	Value any
+	Value T
 	Err   error
 }
 
@@ -17,8 +17,8 @@ type Error struct {
 	Err error
 }
 
-func WithConcurrencyNum(n int) Option {
+func WithConcurrencyNum[T any](n int) Option[T] {
-	return func(b *Batch) {
+	return func(b *Batch[T]) {
 		q := make(chan struct{}, n)
 		for i := 0; i < n; i++ {
 			q <- struct{}{}
@@ -28,8 +28,8 @@ func WithConcurrencyNum(n int) Option {
 }
 
 // Batch similar to errgroup, but can control the maximum number of concurrent
-type Batch struct {
+type Batch[T any] struct {
-	result map[string]Result
+	result map[string]Result[T]
 	queue  chan struct{}
 	wg     sync.WaitGroup
 	mux    sync.Mutex
@@ -38,7 +38,7 @@ type Batch struct {
 	cancel func()
 }
 
-func (b *Batch) Go(key string, fn func() (any, error)) {
+func (b *Batch[T]) Go(key string, fn func() (T, error)) {
 	b.wg.Add(1)
 	go func() {
 		defer b.wg.Done()
@@ -59,14 +59,14 @@ func (b *Batch) Go(key string, fn func() (any, error)) {
 			})
 		}
 
-		ret := Result{value, err}
+		ret := Result[T]{value, err}
 		b.mux.Lock()
 		defer b.mux.Unlock()
 		b.result[key] = ret
 	}()
 }
 
-func (b *Batch) Wait() *Error {
+func (b *Batch[T]) Wait() *Error {
 	b.wg.Wait()
 	if b.cancel != nil {
 		b.cancel()
@@ -74,26 +74,26 @@ func (b *Batch) Wait() *Error {
 	return b.err
 }
 
-func (b *Batch) WaitAndGetResult() (map[string]Result, *Error) {
+func (b *Batch[T]) WaitAndGetResult() (map[string]Result[T], *Error) {
 	err := b.Wait()
 	return b.Result(), err
 }
 
-func (b *Batch) Result() map[string]Result {
+func (b *Batch[T]) Result() map[string]Result[T] {
 	b.mux.Lock()
 	defer b.mux.Unlock()
-	copy := map[string]Result{}
+	copyM := map[string]Result[T]{}
 	for k, v := range b.result {
-		copy[k] = v
+		copyM[k] = v
 	}
-	return copy
+	return copyM
 }
 
-func New(ctx context.Context, opts ...Option) (*Batch, context.Context) {
+func New[T any](ctx context.Context, opts ...Option[T]) (*Batch[T], context.Context) {
 	ctx, cancel := context.WithCancel(ctx)
 
-	b := &Batch{
+	b := &Batch[T]{
-		result: map[string]Result{},
+		result: map[string]Result[T]{},
 	}
 
 	for _, o := range opts {

common/batch/batch_test.go

@@ -11,14 +11,14 @@ import (
 )
 
 func TestBatch(t *testing.T) {
-	b, _ := New(context.Background())
+	b, _ := New[string](context.Background())
 
 	now := time.Now()
-	b.Go("foo", func() (any, error) {
+	b.Go("foo", func() (string, error) {
 		time.Sleep(time.Millisecond * 100)
 		return "foo", nil
 	})
-	b.Go("bar", func() (any, error) {
+	b.Go("bar", func() (string, error) {
 		time.Sleep(time.Millisecond * 150)
 		return "bar", nil
 	})
@@ -32,20 +32,20 @@ func TestBatch(t *testing.T) {
 
 	for k, v := range result {
 		assert.NoError(t, v.Err)
-		assert.Equal(t, k, v.Value.(string))
+		assert.Equal(t, k, v.Value)
 	}
 }
 
 func TestBatchWithConcurrencyNum(t *testing.T) {
-	b, _ := New(
+	b, _ := New[string](
 		context.Background(),
-		WithConcurrencyNum(3),
+		WithConcurrencyNum[string](3),
 	)
 
 	now := time.Now()
 	for i := 0; i < 7; i++ {
 		idx := i
-		b.Go(strconv.Itoa(idx), func() (any, error) {
+		b.Go(strconv.Itoa(idx), func() (string, error) {
 			time.Sleep(time.Millisecond * 100)
 			return strconv.Itoa(idx), nil
 		})
@@ -57,21 +57,21 @@ func TestBatchWithConcurrencyNum(t *testing.T) {
 
 	for k, v := range result {
 		assert.NoError(t, v.Err)
-		assert.Equal(t, k, v.Value.(string))
+		assert.Equal(t, k, v.Value)
 	}
 }
 
 func TestBatchContext(t *testing.T) {
-	b, ctx := New(context.Background())
+	b, ctx := New[string](context.Background())
 
-	b.Go("error", func() (any, error) {
+	b.Go("error", func() (string, error) {
 		time.Sleep(time.Millisecond * 100)
-		return nil, errors.New("test error")
+		return "", errors.New("test error")
 	})
 
-	b.Go("ctx", func() (any, error) {
+	b.Go("ctx", func() (string, error) {
 		<-ctx.Done()
-		return nil, ctx.Err()
+		return "", ctx.Err()
 	})
 
 	result, err := b.WaitAndGetResult()

common/cache/cache.go

@@ -7,50 +7,50 @@ import (
 )
 
 // Cache store element with a expired time
-type Cache struct {
+type Cache[K comparable, V any] struct {
-	*cache
+	*cache[K, V]
 }
 
-type cache struct {
+type cache[K comparable, V any] struct {
 	mapping sync.Map
-	janitor *janitor
+	janitor *janitor[K, V]
 }
 
-type element struct {
+type element[V any] struct {
 	Expired time.Time
-	Payload any
+	Payload V
 }
 
 // Put element in Cache with its ttl
-func (c *cache) Put(key any, payload any, ttl time.Duration) {
+func (c *cache[K, V]) Put(key K, payload V, ttl time.Duration) {
-	c.mapping.Store(key, &element{
+	c.mapping.Store(key, &element[V]{
 		Payload: payload,
 		Expired: time.Now().Add(ttl),
 	})
 }
 
 // Get element in Cache, and drop when it expired
-func (c *cache) Get(key any) any {
+func (c *cache[K, V]) Get(key K) V {
 	item, exist := c.mapping.Load(key)
 	if !exist {
-		return nil
+		return getZero[V]()
 	}
-	elm := item.(*element)
+	elm := item.(*element[V])
 	// expired
 	if time.Since(elm.Expired) > 0 {
 		c.mapping.Delete(key)
-		return nil
+		return getZero[V]()
 	}
 	return elm.Payload
 }
 
 // GetWithExpire element in Cache with Expire Time
-func (c *cache) GetWithExpire(key any) (payload any, expired time.Time) {
+func (c *cache[K, V]) GetWithExpire(key K) (payload V, expired time.Time) {
 	item, exist := c.mapping.Load(key)
 	if !exist {
 		return
 	}
-	elm := item.(*element)
+	elm := item.(*element[V])
 	// expired
 	if time.Since(elm.Expired) > 0 {
 		c.mapping.Delete(key)
@@ -59,10 +59,10 @@ func (c *cache) GetWithExpire(key any) (payload any, expired time.Time) {
 	return elm.Payload, elm.Expired
 }
 
-func (c *cache) cleanup() {
+func (c *cache[K, V]) cleanup() {
 	c.mapping.Range(func(k, v any) bool {
 		key := k.(string)
-		elm := v.(*element)
+		elm := v.(*element[V])
 		if time.Since(elm.Expired) > 0 {
 			c.mapping.Delete(key)
 		}
@@ -70,12 +70,12 @@ func (c *cache) cleanup() {
 	})
 }
 
-type janitor struct {
+type janitor[K comparable, V any] struct {
 	interval time.Duration
 	stop     chan struct{}
 }
 
-func (j *janitor) process(c *cache) {
+func (j *janitor[K, V]) process(c *cache[K, V]) {
 	ticker := time.NewTicker(j.interval)
 	for {
 		select {
@@ -88,19 +88,19 @@ func (j *janitor) process(c *cache) {
 	}
 }
 
-func stopJanitor(c *Cache) {
+func stopJanitor[K comparable, V any](c *Cache[K, V]) {
 	c.janitor.stop <- struct{}{}
 }
 
 // New return *Cache
-func New(interval time.Duration) *Cache {
+func New[K comparable, V any](interval time.Duration) *Cache[K, V] {
-	j := &janitor{
+	j := &janitor[K, V]{
 		interval: interval,
 		stop:     make(chan struct{}),
 	}
-	c := &cache{janitor: j}
+	c := &cache[K, V]{janitor: j}
 	go j.process(c)
-	C := &Cache{c}
+	C := &Cache[K, V]{c}
-	runtime.SetFinalizer(C, stopJanitor)
+	runtime.SetFinalizer(C, stopJanitor[K, V])
 	return C
 }

common/cache/cache_test.go

@@ -11,48 +11,50 @@ import (
 func TestCache_Basic(t *testing.T) {
 	interval := 200 * time.Millisecond
 	ttl := 20 * time.Millisecond
-	c := New(interval)
+	c := New[string, int](interval)
 	c.Put("int", 1, ttl)
-	c.Put("string", "a", ttl)
+
+	d := New[string, string](interval)
+	d.Put("string", "a", ttl)
 
 	i := c.Get("int")
-	assert.Equal(t, i.(int), 1, "should recv 1")
+	assert.Equal(t, i, 1, "should recv 1")
 
-	s := c.Get("string")
+	s := d.Get("string")
-	assert.Equal(t, s.(string), "a", "should recv 'a'")
+	assert.Equal(t, s, "a", "should recv 'a'")
 }
 
 func TestCache_TTL(t *testing.T) {
 	interval := 200 * time.Millisecond
 	ttl := 20 * time.Millisecond
 	now := time.Now()
-	c := New(interval)
+	c := New[string, int](interval)
 	c.Put("int", 1, ttl)
 	c.Put("int2", 2, ttl)
 
 	i := c.Get("int")
 	_, expired := c.GetWithExpire("int2")
-	assert.Equal(t, i.(int), 1, "should recv 1")
+	assert.Equal(t, i, 1, "should recv 1")
 	assert.True(t, now.Before(expired))
 
 	time.Sleep(ttl * 2)
 	i = c.Get("int")
 	j, _ := c.GetWithExpire("int2")
-	assert.Nil(t, i, "should recv nil")
+	assert.True(t, i == 0, "should recv 0")
-	assert.Nil(t, j, "should recv nil")
+	assert.True(t, j == 0, "should recv 0")
 }
 
 func TestCache_AutoCleanup(t *testing.T) {
 	interval := 10 * time.Millisecond
 	ttl := 15 * time.Millisecond
-	c := New(interval)
+	c := New[string, int](interval)
 	c.Put("int", 1, ttl)
 
 	time.Sleep(ttl * 2)
 	i := c.Get("int")
 	j, _ := c.GetWithExpire("int")
-	assert.Nil(t, i, "should recv nil")
+	assert.True(t, i == 0, "should recv 0")
-	assert.Nil(t, j, "should recv nil")
+	assert.True(t, j == 0, "should recv 0")
 }
 
 func TestCache_AutoGC(t *testing.T) {
@@ -60,7 +62,7 @@ func TestCache_AutoGC(t *testing.T) {
 	go func() {
 		interval := 10 * time.Millisecond
 		ttl := 15 * time.Millisecond
-		c := New(interval)
+		c := New[string, int](interval)
 		c.Put("int", 1, ttl)
 		sign <- struct{}{}
 	}()

common/cache/lrucache.go

@@ -3,49 +3,50 @@ package cache
 // Modified by https://github.com/die-net/lrucache
 
 import (
-	"container/list"
 	"sync"
 	"time"
+
+	"github.com/Dreamacro/clash/common/generics/list"
 )
 
 // Option is part of Functional Options Pattern
-type Option func(*LruCache)
+type Option[K comparable, V any] func(*LruCache[K, V])
 
 // EvictCallback is used to get a callback when a cache entry is evicted
-type EvictCallback = func(key any, value any)
+type EvictCallback[K comparable, V any] func(key K, value V)
 
 // WithEvict set the evict callback
-func WithEvict(cb EvictCallback) Option {
+func WithEvict[K comparable, V any](cb EvictCallback[K, V]) Option[K, V] {
-	return func(l *LruCache) {
+	return func(l *LruCache[K, V]) {
 		l.onEvict = cb
 	}
 }
 
 // WithUpdateAgeOnGet update expires when Get element
-func WithUpdateAgeOnGet() Option {
+func WithUpdateAgeOnGet[K comparable, V any]() Option[K, V] {
-	return func(l *LruCache) {
+	return func(l *LruCache[K, V]) {
 		l.updateAgeOnGet = true
 	}
 }
 
 // WithAge defined element max age (second)
-func WithAge(maxAge int64) Option {
+func WithAge[K comparable, V any](maxAge int64) Option[K, V] {
-	return func(l *LruCache) {
+	return func(l *LruCache[K, V]) {
 		l.maxAge = maxAge
 	}
 }
 
 // WithSize defined max length of LruCache
-func WithSize(maxSize int) Option {
+func WithSize[K comparable, V any](maxSize int) Option[K, V] {
-	return func(l *LruCache) {
+	return func(l *LruCache[K, V]) {
 		l.maxSize = maxSize
 	}
 }
 
 // WithStale decide whether Stale return is enabled.
 // If this feature is enabled, element will not get Evicted according to `WithAge`.
-func WithStale(stale bool) Option {
+func WithStale[K comparable, V any](stale bool) Option[K, V] {
-	return func(l *LruCache) {
+	return func(l *LruCache[K, V]) {
 		l.staleReturn = stale
 	}
 }
@@ -53,22 +54,22 @@ func WithStale(stale bool) Option {
 // LruCache is a thread-safe, in-memory lru-cache that evicts the
 // least recently used entries from memory when (if set) the entries are
 // older than maxAge (in seconds).  Use the New constructor to create one.
-type LruCache struct {
+type LruCache[K comparable, V any] struct {
 	maxAge         int64
 	maxSize        int
 	mu             sync.Mutex
-	cache          map[any]*list.Element
+	cache          map[K]*list.Element[*entry[K, V]]
-	lru            *list.List // Front is least-recent
+	lru            *list.List[*entry[K, V]] // Front is least-recent
 	updateAgeOnGet bool
 	staleReturn    bool
-	onEvict        EvictCallback
+	onEvict        EvictCallback[K, V]
 }
 
 // NewLRUCache creates an LruCache
-func NewLRUCache(options ...Option) *LruCache {
+func NewLRUCache[K comparable, V any](options ...Option[K, V]) *LruCache[K, V] {
-	lc := &LruCache{
+	lc := &LruCache[K, V]{
-		lru:   list.New(),
+		lru:   list.New[*entry[K, V]](),
-		cache: make(map[any]*list.Element),
+		cache: make(map[K]*list.Element[*entry[K, V]]),
 	}
 
 	for _, option := range options {
@@ -80,12 +81,12 @@ func NewLRUCache(options ...Option) *LruCache {
 
 // Get returns the any representation of a cached response and a bool
 // set to true if the key was found.
-func (c *LruCache) Get(key any) (any, bool) {
+func (c *LruCache[K, V]) Get(key K) (V, bool) {
-	entry := c.get(key)
+	el := c.get(key)
-	if entry == nil {
+	if el == nil {
-		return nil, false
+		return getZero[V](), false
 	}
-	value := entry.value
+	value := el.value
 
 	return value, true
 }
@@ -94,17 +95,17 @@ func (c *LruCache) Get(key any) (any, bool) {
 // a time.Time Give expected expires,
 // and a bool set to true if the key was found.
 // This method will NOT check the maxAge of element and will NOT update the expires.
-func (c *LruCache) GetWithExpire(key any) (any, time.Time, bool) {
+func (c *LruCache[K, V]) GetWithExpire(key K) (V, time.Time, bool) {
-	entry := c.get(key)
+	el := c.get(key)
-	if entry == nil {
+	if el == nil {
-		return nil, time.Time{}, false
+		return getZero[V](), time.Time{}, false
 	}
 
-	return entry.value, time.Unix(entry.expires, 0), true
+	return el.value, time.Unix(el.expires, 0), true
 }
 
 // Exist returns if key exist in cache but not put item to the head of linked list
-func (c *LruCache) Exist(key any) bool {
+func (c *LruCache[K, V]) Exist(key K) bool {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
@@ -113,7 +114,7 @@ func (c *LruCache) Exist(key any) bool {
 }
 
 // Set stores the any representation of a response for a given key.
-func (c *LruCache) Set(key any, value any) {
+func (c *LruCache[K, V]) Set(key K, value V) {
 	expires := int64(0)
 	if c.maxAge > 0 {
 		expires = time.Now().Unix() + c.maxAge
@@ -123,21 +124,21 @@ func (c *LruCache) Set(key any, value any) {
 
 // SetWithExpire stores the any representation of a response for a given key and given expires.
 // The expires time will round to second.
-func (c *LruCache) SetWithExpire(key any, value any, expires time.Time) {
+func (c *LruCache[K, V]) SetWithExpire(key K, value V, expires time.Time) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
 	if le, ok := c.cache[key]; ok {
 		c.lru.MoveToBack(le)
-		e := le.Value.(*entry)
+		e := le.Value
 		e.value = value
 		e.expires = expires.Unix()
 	} else {
-		e := &entry{key: key, value: value, expires: expires.Unix()}
+		e := &entry[K, V]{key: key, value: value, expires: expires.Unix()}
 		c.cache[key] = c.lru.PushBack(e)
 
 		if c.maxSize > 0 {
-			if len := c.lru.Len(); len > c.maxSize {
+			if elLen := c.lru.Len(); elLen > c.maxSize {
 				c.deleteElement(c.lru.Front())
 			}
 		}
@@ -147,23 +148,23 @@ func (c *LruCache) SetWithExpire(key any, value any, expires time.Time) {
 }
 
 // CloneTo clone and overwrite elements to another LruCache
-func (c *LruCache) CloneTo(n *LruCache) {
+func (c *LruCache[K, V]) CloneTo(n *LruCache[K, V]) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
 	n.mu.Lock()
 	defer n.mu.Unlock()
 
-	n.lru = list.New()
+	n.lru = list.New[*entry[K, V]]()
-	n.cache = make(map[any]*list.Element)
+	n.cache = make(map[K]*list.Element[*entry[K, V]])
 
 	for e := c.lru.Front(); e != nil; e = e.Next() {
-		elm := e.Value.(*entry)
+		elm := e.Value
 		n.cache[elm.key] = n.lru.PushBack(elm)
 	}
 }
 
-func (c *LruCache) get(key any) *entry {
+func (c *LruCache[K, V]) get(key K) *entry[K, V] {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
@@ -172,7 +173,7 @@ func (c *LruCache) get(key any) *entry {
 		return nil
 	}
 
-	if !c.staleReturn && c.maxAge > 0 && le.Value.(*entry).expires <= time.Now().Unix() {
+	if !c.staleReturn && c.maxAge > 0 && le.Value.expires <= time.Now().Unix() {
 		c.deleteElement(le)
 		c.maybeDeleteOldest()
 
@@ -180,15 +181,15 @@ func (c *LruCache) get(key any) *entry {
 	}
 
 	c.lru.MoveToBack(le)
-	entry := le.Value.(*entry)
+	el := le.Value
 	if c.maxAge > 0 && c.updateAgeOnGet {
-		entry.expires = time.Now().Unix() + c.maxAge
+		el.expires = time.Now().Unix() + c.maxAge
 	}
-	return entry
+	return el
 }
 
 // Delete removes the value associated with a key.
-func (c *LruCache) Delete(key any) {
+func (c *LruCache[K, V]) Delete(key K) {
 	c.mu.Lock()
 
 	if le, ok := c.cache[key]; ok {
@@ -198,35 +199,40 @@ func (c *LruCache) Delete(key any) {
 	c.mu.Unlock()
 }
 
-func (c *LruCache) maybeDeleteOldest() {
+func (c *LruCache[K, V]) maybeDeleteOldest() {
 	if !c.staleReturn && c.maxAge > 0 {
 		now := time.Now().Unix()
-		for le := c.lru.Front(); le != nil && le.Value.(*entry).expires <= now; le = c.lru.Front() {
+		for le := c.lru.Front(); le != nil && le.Value.expires <= now; le = c.lru.Front() {
 			c.deleteElement(le)
 		}
 	}
 }
 
-func (c *LruCache) deleteElement(le *list.Element) {
+func (c *LruCache[K, V]) deleteElement(le *list.Element[*entry[K, V]]) {
 	c.lru.Remove(le)
-	e := le.Value.(*entry)
+	e := le.Value
 	delete(c.cache, e.key)
 	if c.onEvict != nil {
 		c.onEvict(e.key, e.value)
 	}
 }
 
-func (c *LruCache) Clear() error {
+func (c *LruCache[K, V]) Clear() error {
 	c.mu.Lock()
 
-	c.cache = make(map[any]*list.Element)
+	c.cache = make(map[K]*list.Element[*entry[K, V]])
 
 	c.mu.Unlock()
 	return nil
 }
 
-type entry struct {
+type entry[K comparable, V any] struct {
-	key     any
+	key     K
-	value   any
+	value   V
 	expires int64
 }
+
+func getZero[T any]() T {
+	var result T
+	return result
+}

common/cache/lrucache_test.go

@@ -19,7 +19,7 @@ var entries = []struct {
 }
 
 func TestLRUCache(t *testing.T) {
-	c := NewLRUCache()
+	c := NewLRUCache[string, string]()
 
 	for _, e := range entries {
 		c.Set(e.key, e.value)
@@ -32,7 +32,7 @@ func TestLRUCache(t *testing.T) {
 	for _, e := range entries {
 		value, ok := c.Get(e.key)
 		if assert.True(t, ok) {
-			assert.Equal(t, e.value, value.(string))
+			assert.Equal(t, e.value, value)
 		}
 	}
 
@@ -45,25 +45,25 @@ func TestLRUCache(t *testing.T) {
 }
 
 func TestLRUMaxAge(t *testing.T) {
-	c := NewLRUCache(WithAge(86400))
+	c := NewLRUCache[string, string](WithAge[string, string](86400))
 
 	now := time.Now().Unix()
 	expected := now + 86400
 
 	// Add one expired entry
 	c.Set("foo", "bar")
-	c.lru.Back().Value.(*entry).expires = now
+	c.lru.Back().Value.expires = now
 
 	// Reset
 	c.Set("foo", "bar")
-	e := c.lru.Back().Value.(*entry)
+	e := c.lru.Back().Value
 	assert.True(t, e.expires >= now)
-	c.lru.Back().Value.(*entry).expires = now
+	c.lru.Back().Value.expires = now
 
 	// Set a few and verify expiration times
 	for _, s := range entries {
 		c.Set(s.key, s.value)
-		e := c.lru.Back().Value.(*entry)
+		e := c.lru.Back().Value
 		assert.True(t, e.expires >= expected && e.expires <= expected+10)
 	}
 
@@ -77,7 +77,7 @@ func TestLRUMaxAge(t *testing.T) {
 	for _, s := range entries {
 		le, ok := c.cache[s.key]
 		if assert.True(t, ok) {
-			le.Value.(*entry).expires = now
+			le.Value.expires = now
 		}
 	}
 
@@ -88,22 +88,22 @@ func TestLRUMaxAge(t *testing.T) {
 }
 
 func TestLRUpdateOnGet(t *testing.T) {
-	c := NewLRUCache(WithAge(86400), WithUpdateAgeOnGet())
+	c := NewLRUCache[string, string](WithAge[string, string](86400), WithUpdateAgeOnGet[string, string]())
 
 	now := time.Now().Unix()
 	expires := now + 86400/2
 
 	// Add one expired entry
 	c.Set("foo", "bar")
-	c.lru.Back().Value.(*entry).expires = expires
+	c.lru.Back().Value.expires = expires
 
 	_, ok := c.Get("foo")
 	assert.True(t, ok)
-	assert.True(t, c.lru.Back().Value.(*entry).expires > expires)
+	assert.True(t, c.lru.Back().Value.expires > expires)
 }
 
 func TestMaxSize(t *testing.T) {
-	c := NewLRUCache(WithSize(2))
+	c := NewLRUCache[string, string](WithSize[string, string](2))
 	// Add one expired entry
 	c.Set("foo", "bar")
 	_, ok := c.Get("foo")
@@ -117,7 +117,7 @@ func TestMaxSize(t *testing.T) {
 }
 
 func TestExist(t *testing.T) {
-	c := NewLRUCache(WithSize(1))
+	c := NewLRUCache[int, int](WithSize[int, int](1))
 	c.Set(1, 2)
 	assert.True(t, c.Exist(1))
 	c.Set(2, 3)
@@ -126,11 +126,11 @@ func TestExist(t *testing.T) {
 
 func TestEvict(t *testing.T) {
 	temp := 0
-	evict := func(key any, value any) {
+	evict := func(key int, value int) {
-		temp = key.(int) + value.(int)
+		temp = key + value
 	}
 
-	c := NewLRUCache(WithEvict(evict), WithSize(1))
+	c := NewLRUCache[int, int](WithEvict[int, int](evict), WithSize[int, int](1))
 	c.Set(1, 2)
 	c.Set(2, 3)
 
@@ -138,21 +138,22 @@ func TestEvict(t *testing.T) {
 }
 
 func TestSetWithExpire(t *testing.T) {
-	c := NewLRUCache(WithAge(1))
+	c := NewLRUCache[int, *struct{}](WithAge[int, *struct{}](1))
 	now := time.Now().Unix()
 
 	tenSecBefore := time.Unix(now-10, 0)
-	c.SetWithExpire(1, 2, tenSecBefore)
+	c.SetWithExpire(1, &struct{}{}, tenSecBefore)
 
 	// res is expected not to exist, and expires should be empty time.Time
 	res, expires, exist := c.GetWithExpire(1)
-	assert.Equal(t, nil, res)
+
+	assert.True(t, nil == res)
 	assert.Equal(t, time.Time{}, expires)
 	assert.Equal(t, false, exist)
 }
 
 func TestStale(t *testing.T) {
-	c := NewLRUCache(WithAge(1), WithStale(true))
+	c := NewLRUCache[int, int](WithAge[int, int](1), WithStale[int, int](true))
 	now := time.Now().Unix()
 
 	tenSecBefore := time.Unix(now-10, 0)
@@ -165,11 +166,11 @@ func TestStale(t *testing.T) {
 }
 
 func TestCloneTo(t *testing.T) {
-	o := NewLRUCache(WithSize(10))
+	o := NewLRUCache[string, int](WithSize[string, int](10))
 	o.Set("1", 1)
 	o.Set("2", 2)
 
-	n := NewLRUCache(WithSize(2))
+	n := NewLRUCache[string, int](WithSize[string, int](2))
 	n.Set("3", 3)
 	n.Set("4", 4)
 

common/generics/list/list.go

@@ -0,0 +1,235 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package list implements a doubly linked list.
+//
+// To iterate over a list (where l is a *List):
+//	for e := l.Front(); e != nil; e = e.Next() {
+//		// do something with e.Value
+//	}
+//
+package list
+
+// Element is an element of a linked list.
+type Element[T any] struct {
+	// Next and previous pointers in the doubly-linked list of elements.
+	// To simplify the implementation, internally a list l is implemented
+	// as a ring, such that &l.root is both the next element of the last
+	// list element (l.Back()) and the previous element of the first list
+	// element (l.Front()).
+	next, prev *Element[T]
+
+	// The list to which this element belongs.
+	list *List[T]
+
+	// The value stored with this element.
+	Value T
+}
+
+// Next returns the next list element or nil.
+func (e *Element[T]) Next() *Element[T] {
+	if p := e.next; e.list != nil && p != &e.list.root {
+		return p
+	}
+	return nil
+}
+
+// Prev returns the previous list element or nil.
+func (e *Element[T]) Prev() *Element[T] {
+	if p := e.prev; e.list != nil && p != &e.list.root {
+		return p
+	}
+	return nil
+}
+
+// List represents a doubly linked list.
+// The zero value for List is an empty list ready to use.
+type List[T any] struct {
+	root Element[T] // sentinel list element, only &root, root.prev, and root.next are used
+	len  int        // current list length excluding (this) sentinel element
+}
+
+// Init initializes or clears list l.
+func (l *List[T]) Init() *List[T] {
+	l.root.next = &l.root
+	l.root.prev = &l.root
+	l.len = 0
+	return l
+}
+
+// New returns an initialized list.
+func New[T any]() *List[T] { return new(List[T]).Init() }
+
+// Len returns the number of elements of list l.
+// The complexity is O(1).
+func (l *List[T]) Len() int { return l.len }
+
+// Front returns the first element of list l or nil if the list is empty.
+func (l *List[T]) Front() *Element[T] {
+	if l.len == 0 {
+		return nil
+	}
+	return l.root.next
+}
+
+// Back returns the last element of list l or nil if the list is empty.
+func (l *List[T]) Back() *Element[T] {
+	if l.len == 0 {
+		return nil
+	}
+	return l.root.prev
+}
+
+// lazyInit lazily initializes a zero List value.
+func (l *List[T]) lazyInit() {
+	if l.root.next == nil {
+		l.Init()
+	}
+}
+
+// insert inserts e after at, increments l.len, and returns e.
+func (l *List[T]) insert(e, at *Element[T]) *Element[T] {
+	e.prev = at
+	e.next = at.next
+	e.prev.next = e
+	e.next.prev = e
+	e.list = l
+	l.len++
+	return e
+}
+
+// insertValue is a convenience wrapper for insert(&Element{Value: v}, at).
+func (l *List[T]) insertValue(v T, at *Element[T]) *Element[T] {
+	return l.insert(&Element[T]{Value: v}, at)
+}
+
+// remove removes e from its list, decrements l.len
+func (l *List[T]) remove(e *Element[T]) {
+	e.prev.next = e.next
+	e.next.prev = e.prev
+	e.next = nil // avoid memory leaks
+	e.prev = nil // avoid memory leaks
+	e.list = nil
+	l.len--
+}
+
+// move moves e to next to at.
+func (l *List[T]) move(e, at *Element[T]) {
+	if e == at {
+		return
+	}
+	e.prev.next = e.next
+	e.next.prev = e.prev
+
+	e.prev = at
+	e.next = at.next
+	e.prev.next = e
+	e.next.prev = e
+}
+
+// Remove removes e from l if e is an element of list l.
+// It returns the element value e.Value.
+// The element must not be nil.
+func (l *List[T]) Remove(e *Element[T]) T {
+	if e.list == l {
+		// if e.list == l, l must have been initialized when e was inserted
+		// in l or l == nil (e is a zero Element) and l.remove will crash
+		l.remove(e)
+	}
+	return e.Value
+}
+
+// PushFront inserts a new element e with value v at the front of list l and returns e.
+func (l *List[T]) PushFront(v T) *Element[T] {
+	l.lazyInit()
+	return l.insertValue(v, &l.root)
+}
+
+// PushBack inserts a new element e with value v at the back of list l and returns e.
+func (l *List[T]) PushBack(v T) *Element[T] {
+	l.lazyInit()
+	return l.insertValue(v, l.root.prev)
+}
+
+// InsertBefore inserts a new element e with value v immediately before mark and returns e.
+// If mark is not an element of l, the list is not modified.
+// The mark must not be nil.
+func (l *List[T]) InsertBefore(v T, mark *Element[T]) *Element[T] {
+	if mark.list != l {
+		return nil
+	}
+	// see comment in List.Remove about initialization of l
+	return l.insertValue(v, mark.prev)
+}
+
+// InsertAfter inserts a new element e with value v immediately after mark and returns e.
+// If mark is not an element of l, the list is not modified.
+// The mark must not be nil.
+func (l *List[T]) InsertAfter(v T, mark *Element[T]) *Element[T] {
+	if mark.list != l {
+		return nil
+	}
+	// see comment in List.Remove about initialization of l
+	return l.insertValue(v, mark)
+}
+
+// MoveToFront moves element e to the front of list l.
+// If e is not an element of l, the list is not modified.
+// The element must not be nil.
+func (l *List[T]) MoveToFront(e *Element[T]) {
+	if e.list != l || l.root.next == e {
+		return
+	}
+	// see comment in List.Remove about initialization of l
+	l.move(e, &l.root)
+}
+
+// MoveToBack moves element e to the back of list l.
+// If e is not an element of l, the list is not modified.
+// The element must not be nil.
+func (l *List[T]) MoveToBack(e *Element[T]) {
+	if e.list != l || l.root.prev == e {
+		return
+	}
+	// see comment in List.Remove about initialization of l
+	l.move(e, l.root.prev)
+}
+
+// MoveBefore moves element e to its new position before mark.
+// If e or mark is not an element of l, or e == mark, the list is not modified.
+// The element and mark must not be nil.
+func (l *List[T]) MoveBefore(e, mark *Element[T]) {
+	if e.list != l || e == mark || mark.list != l {
+		return
+	}
+	l.move(e, mark.prev)
+}
+
+// MoveAfter moves element e to its new position after mark.
+// If e or mark is not an element of l, or e == mark, the list is not modified.
+// The element and mark must not be nil.
+func (l *List[T]) MoveAfter(e, mark *Element[T]) {
+	if e.list != l || e == mark || mark.list != l {
+		return
+	}
+	l.move(e, mark)
+}
+
+// PushBackList inserts a copy of another list at the back of list l.
+// The lists l and other may be the same. They must not be nil.
+func (l *List[T]) PushBackList(other *List[T]) {
+	l.lazyInit()
+	for i, e := other.Len(), other.Front(); i > 0; i, e = i-1, e.Next() {
+		l.insertValue(e.Value, l.root.prev)
+	}
+}
+
+// PushFrontList inserts a copy of another list at the front of list l.
+// The lists l and other may be the same. They must not be nil.
+func (l *List[T]) PushFrontList(other *List[T]) {
+	l.lazyInit()
+	for i, e := other.Len(), other.Back(); i > 0; i, e = i-1, e.Prev() {
+		l.insertValue(e.Value, &l.root)
+	}
+}

common/net/relay.go

@@ -0,0 +1,30 @@
+package net
+
+import (
+	"io"
+	"net"
+	"time"
+
+	"github.com/Dreamacro/clash/common/pool"
+)
+
+// Relay copies between left and right bidirectionally.
+func Relay(leftConn, rightConn net.Conn) {
+	ch := make(chan error)
+
+	go func() {
+		buf := pool.Get(pool.RelayBufferSize)
+		// Wrapping to avoid using *net.TCPConn.(ReadFrom)
+		// See also https://github.com/Dreamacro/clash/pull/1209
+		_, err := io.CopyBuffer(WriteOnlyWriter{Writer: leftConn}, ReadOnlyReader{Reader: rightConn}, buf)
+		pool.Put(buf)
+		leftConn.SetReadDeadline(time.Now())
+		ch <- err
+	}()
+
+	buf := pool.Get(pool.RelayBufferSize)
+	io.CopyBuffer(WriteOnlyWriter{Writer: rightConn}, ReadOnlyReader{Reader: leftConn}, buf)
+	pool.Put(buf)
+	rightConn.SetReadDeadline(time.Now())
+	<-ch
+}

common/nnip/netip.go

@@ -0,0 +1,53 @@
+package nnip
+
+import (
+	"encoding/binary"
+	"net"
+	"net/netip"
+)
+
+// IpToAddr converts the net.IP to netip.Addr.
+// If slice's length is not 4 or 16, IpToAddr returns netip.Addr{}
+func IpToAddr(slice net.IP) netip.Addr {
+	ip := slice
+	if len(ip) != 4 {
+		if ip = slice.To4(); ip == nil {
+			ip = slice
+		}
+	}
+
+	if addr, ok := netip.AddrFromSlice(ip); ok {
+		return addr
+	}
+	return netip.Addr{}
+}
+
+// UnMasked returns p's last IP address.
+// If p is invalid, UnMasked returns netip.Addr{}
+func UnMasked(p netip.Prefix) netip.Addr {
+	if !p.IsValid() {
+		return netip.Addr{}
+	}
+
+	buf := p.Addr().As16()
+
+	hi := binary.BigEndian.Uint64(buf[:8])
+	lo := binary.BigEndian.Uint64(buf[8:])
+
+	bits := p.Bits()
+	if bits <= 32 {
+		bits += 96
+	}
+
+	hi = hi | ^uint64(0)>>bits
+	lo = lo | ^(^uint64(0) << (128 - bits))
+
+	binary.BigEndian.PutUint64(buf[:8], hi)
+	binary.BigEndian.PutUint64(buf[8:], lo)
+
+	addr := netip.AddrFrom16(buf)
+	if p.Addr().Is4() {
+		return addr.Unmap()
+	}
+	return addr
+}

common/observable/iterable.go

@@ -1,3 +1,3 @@
 package observable
 
-type Iterable <-chan any
+type Iterable[T any] <-chan T

common/observable/observable.go

@@ -5,14 +5,14 @@ import (
 	"sync"
 )
 
-type Observable struct {
+type Observable[T any] struct {
-	iterable Iterable
+	iterable Iterable[T]
-	listener map[Subscription]*Subscriber
+	listener map[Subscription[T]]*Subscriber[T]
 	mux      sync.Mutex
 	done     bool
 }
 
-func (o *Observable) process() {
+func (o *Observable[T]) process() {
 	for item := range o.iterable {
 		o.mux.Lock()
 		for _, sub := range o.listener {
@@ -23,7 +23,7 @@ func (o *Observable) process() {
 	o.close()
 }
 
-func (o *Observable) close() {
+func (o *Observable[T]) close() {
 	o.mux.Lock()
 	defer o.mux.Unlock()
 
@@ -33,18 +33,18 @@ func (o *Observable) close() {
 	}
 }
 
-func (o *Observable) Subscribe() (Subscription, error) {
+func (o *Observable[T]) Subscribe() (Subscription[T], error) {
 	o.mux.Lock()
 	defer o.mux.Unlock()
 	if o.done {
-		return nil, errors.New("Observable is closed")
+		return nil, errors.New("observable is closed")
 	}
-	subscriber := newSubscriber()
+	subscriber := newSubscriber[T]()
 	o.listener[subscriber.Out()] = subscriber
 	return subscriber.Out(), nil
 }
 
-func (o *Observable) UnSubscribe(sub Subscription) {
+func (o *Observable[T]) UnSubscribe(sub Subscription[T]) {
 	o.mux.Lock()
 	defer o.mux.Unlock()
 	subscriber, exist := o.listener[sub]
@@ -55,10 +55,10 @@ func (o *Observable) UnSubscribe(sub Subscription) {
 	subscriber.Close()
 }
 
-func NewObservable(any Iterable) *Observable {
+func NewObservable[T any](iter Iterable[T]) *Observable[T] {
-	observable := &Observable{
+	observable := &Observable[T]{
-		iterable: any,
+		iterable: iter,
-		listener: map[Subscription]*Subscriber{},
+		listener: map[Subscription[T]]*Subscriber[T]{},
 	}
 	go observable.process()
 	return observable

common/observable/observable_test.go

@@ -9,8 +9,8 @@ import (
 	"go.uber.org/atomic"
 )
 
-func iterator(item []any) chan any {
+func iterator[T any](item []T) chan T {
-	ch := make(chan any)
+	ch := make(chan T)
 	go func() {
 		time.Sleep(100 * time.Millisecond)
 		for _, elm := range item {
@@ -22,8 +22,8 @@ func iterator(item []any) chan any {
 }
 
 func TestObservable(t *testing.T) {
-	iter := iterator([]any{1, 2, 3, 4, 5})
+	iter := iterator[int]([]int{1, 2, 3, 4, 5})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	data, err := src.Subscribe()
 	assert.Nil(t, err)
 	count := 0
@@ -34,15 +34,15 @@ func TestObservable(t *testing.T) {
 }
 
 func TestObservable_MultiSubscribe(t *testing.T) {
-	iter := iterator([]any{1, 2, 3, 4, 5})
+	iter := iterator[int]([]int{1, 2, 3, 4, 5})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	ch1, _ := src.Subscribe()
 	ch2, _ := src.Subscribe()
 	count := atomic.NewInt32(0)
 
 	var wg sync.WaitGroup
 	wg.Add(2)
-	waitCh := func(ch <-chan any) {
+	waitCh := func(ch <-chan int) {
 		for range ch {
 			count.Inc()
 		}
@@ -55,8 +55,8 @@ func TestObservable_MultiSubscribe(t *testing.T) {
 }
 
 func TestObservable_UnSubscribe(t *testing.T) {
-	iter := iterator([]any{1, 2, 3, 4, 5})
+	iter := iterator[int]([]int{1, 2, 3, 4, 5})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	data, err := src.Subscribe()
 	assert.Nil(t, err)
 	src.UnSubscribe(data)
@@ -65,8 +65,8 @@ func TestObservable_UnSubscribe(t *testing.T) {
 }
 
 func TestObservable_SubscribeClosedSource(t *testing.T) {
-	iter := iterator([]any{1})
+	iter := iterator[int]([]int{1})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	data, _ := src.Subscribe()
 	<-data
 
@@ -75,18 +75,18 @@ func TestObservable_SubscribeClosedSource(t *testing.T) {
 }
 
 func TestObservable_UnSubscribeWithNotExistSubscription(t *testing.T) {
-	sub := Subscription(make(chan any))
+	sub := Subscription[int](make(chan int))
-	iter := iterator([]any{1})
+	iter := iterator[int]([]int{1})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	src.UnSubscribe(sub)
 }
 
 func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
-	iter := iterator([]any{1, 2, 3, 4, 5})
+	iter := iterator[int]([]int{1, 2, 3, 4, 5})
-	src := NewObservable(iter)
+	src := NewObservable[int](iter)
 	max := 100
 
-	var list []Subscription
+	var list []Subscription[int]
 	for i := 0; i < max; i++ {
 		ch, _ := src.Subscribe()
 		list = append(list, ch)
@@ -94,7 +94,7 @@ func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
 
 	var wg sync.WaitGroup
 	wg.Add(max)
-	waitCh := func(ch <-chan any) {
+	waitCh := func(ch <-chan int) {
 		for range ch {
 		}
 		wg.Done()
@@ -115,11 +115,11 @@ func TestObservable_SubscribeGoroutineLeak(t *testing.T) {
 }
 
 func Benchmark_Observable_1000(b *testing.B) {
-	ch := make(chan any)
+	ch := make(chan int)
-	o := NewObservable(ch)
+	o := NewObservable[int](ch)
 	num := 1000
 
-	subs := []Subscription{}
+	subs := []Subscription[int]{}
 	for i := 0; i < num; i++ {
 		sub, _ := o.Subscribe()
 		subs = append(subs, sub)
@@ -130,7 +130,7 @@ func Benchmark_Observable_1000(b *testing.B) {
 
 	b.ResetTimer()
 	for _, sub := range subs {
-		go func(s Subscription) {
+		go func(s Subscription[int]) {
 			for range s {
 			}
 			wg.Done()

common/observable/subscriber.go

@@ -4,30 +4,30 @@ import (
 	"sync"
 )
 
-type Subscription <-chan any
+type Subscription[T any] <-chan T
 
-type Subscriber struct {
+type Subscriber[T any] struct {
-	buffer chan any
+	buffer chan T
 	once   sync.Once
 }
 
-func (s *Subscriber) Emit(item any) {
+func (s *Subscriber[T]) Emit(item T) {
 	s.buffer <- item
 }
 
-func (s *Subscriber) Out() Subscription {
+func (s *Subscriber[T]) Out() Subscription[T] {
 	return s.buffer
 }
 
-func (s *Subscriber) Close() {
+func (s *Subscriber[T]) Close() {
 	s.once.Do(func() {
 		close(s.buffer)
 	})
 }
 
-func newSubscriber() *Subscriber {
+func newSubscriber[T any]() *Subscriber[T] {
-	sub := &Subscriber{
+	sub := &Subscriber[T]{
-		buffer: make(chan any, 200),
+		buffer: make(chan T, 200),
 	}
 	return sub
 }

common/picker/picker.go

@@ -9,7 +9,7 @@ import (
 // Picker provides synchronization, and Context cancelation
 // for groups of goroutines working on subtasks of a common task.
 // Inspired by errGroup
-type Picker struct {
+type Picker[T any] struct {
 	ctx    context.Context
 	cancel func()
 
@@ -17,12 +17,12 @@ type Picker struct {
 
 	once    sync.Once
 	errOnce sync.Once
-	result  any
+	result  T
 	err     error
 }
 
-func newPicker(ctx context.Context, cancel func()) *Picker {
+func newPicker[T any](ctx context.Context, cancel func()) *Picker[T] {
-	return &Picker{
+	return &Picker[T]{
 		ctx:    ctx,
 		cancel: cancel,
 	}
@@ -30,20 +30,20 @@ func newPicker(ctx context.Context, cancel func()) *Picker {
 
 // WithContext returns a new Picker and an associated Context derived from ctx.
 // and cancel when first element return.
-func WithContext(ctx context.Context) (*Picker, context.Context) {
+func WithContext[T any](ctx context.Context) (*Picker[T], context.Context) {
 	ctx, cancel := context.WithCancel(ctx)
-	return newPicker(ctx, cancel), ctx
+	return newPicker[T](ctx, cancel), ctx
 }
 
 // WithTimeout returns a new Picker and an associated Context derived from ctx with timeout.
-func WithTimeout(ctx context.Context, timeout time.Duration) (*Picker, context.Context) {
+func WithTimeout[T any](ctx context.Context, timeout time.Duration) (*Picker[T], context.Context) {
 	ctx, cancel := context.WithTimeout(ctx, timeout)
-	return newPicker(ctx, cancel), ctx
+	return newPicker[T](ctx, cancel), ctx
 }
 
 // Wait blocks until all function calls from the Go method have returned,
 // then returns the first nil error result (if any) from them.
-func (p *Picker) Wait() any {
+func (p *Picker[T]) Wait() T {
 	p.wg.Wait()
 	if p.cancel != nil {
 		p.cancel()
@@ -52,13 +52,13 @@ func (p *Picker) Wait() any {
 }
 
 // Error return the first error (if all success return nil)
-func (p *Picker) Error() error {
+func (p *Picker[T]) Error() error {
 	return p.err
 }
 
 // Go calls the given function in a new goroutine.
 // The first call to return a nil error cancels the group; its result will be returned by Wait.
-func (p *Picker) Go(f func() (any, error)) {
+func (p *Picker[T]) Go(f func() (T, error)) {
 	p.wg.Add(1)
 
 	go func() {

common/picker/picker_test.go

@@ -8,33 +8,38 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func sleepAndSend(ctx context.Context, delay int, input any) func() (any, error) {
+func sleepAndSend[T any](ctx context.Context, delay int, input T) func() (T, error) {
-	return func() (any, error) {
+	return func() (T, error) {
 		timer := time.NewTimer(time.Millisecond * time.Duration(delay))
 		select {
 		case <-timer.C:
 			return input, nil
 		case <-ctx.Done():
-			return nil, ctx.Err()
+			return getZero[T](), ctx.Err()
 		}
 	}
 }
 
 func TestPicker_Basic(t *testing.T) {
-	picker, ctx := WithContext(context.Background())
+	picker, ctx := WithContext[int](context.Background())
 	picker.Go(sleepAndSend(ctx, 30, 2))
 	picker.Go(sleepAndSend(ctx, 20, 1))
 
 	number := picker.Wait()
 	assert.NotNil(t, number)
-	assert.Equal(t, number.(int), 1)
+	assert.Equal(t, number, 1)
 }
 
 func TestPicker_Timeout(t *testing.T) {
-	picker, ctx := WithTimeout(context.Background(), time.Millisecond*5)
+	picker, ctx := WithTimeout[int](context.Background(), time.Millisecond*5)
 	picker.Go(sleepAndSend(ctx, 20, 1))
 
 	number := picker.Wait()
-	assert.Nil(t, number)
+	assert.Equal(t, number, getZero[int]())
 	assert.NotNil(t, picker.Error())
 }
+
+func getZero[T any]() T {
+	var result T
+	return result
+}

common/queue/queue.go

@@ -5,13 +5,13 @@ import (
 )
 
 // Queue is a simple concurrent safe queue
-type Queue struct {
+type Queue[T any] struct {
-	items []any
+	items []T
 	lock  sync.RWMutex
 }
 
 // Put add the item to the queue.
-func (q *Queue) Put(items ...any) {
+func (q *Queue[T]) Put(items ...T) {
 	if len(items) == 0 {
 		return
 	}
@@ -22,9 +22,9 @@ func (q *Queue) Put(items ...any) {
 }
 
 // Pop returns the head of items.
-func (q *Queue) Pop() any {
+func (q *Queue[T]) Pop() T {
 	if len(q.items) == 0 {
-		return nil
+		return GetZero[T]()
 	}
 
 	q.lock.Lock()
@@ -35,9 +35,9 @@ func (q *Queue) Pop() any {
 }
 
 // Last returns the last of item.
-func (q *Queue) Last() any {
+func (q *Queue[T]) Last() T {
 	if len(q.items) == 0 {
-		return nil
+		return GetZero[T]()
 	}
 
 	q.lock.RLock()
@@ -47,8 +47,8 @@ func (q *Queue) Last() any {
 }
 
 // Copy get the copy of queue.
-func (q *Queue) Copy() []any {
+func (q *Queue[T]) Copy() []T {
-	items := []any{}
+	items := []T{}
 	q.lock.RLock()
 	items = append(items, q.items...)
 	q.lock.RUnlock()
@@ -56,7 +56,7 @@ func (q *Queue) Copy() []any {
 }
 
 // Len returns the number of items in this queue.
-func (q *Queue) Len() int64 {
+func (q *Queue[T]) Len() int64 {
 	q.lock.Lock()
 	defer q.lock.Unlock()
 
@@ -64,8 +64,13 @@ func (q *Queue) Len() int64 {
 }
 
 // New is a constructor for a new concurrent safe queue.
-func New(hint int64) *Queue {
+func New[T any](hint int64) *Queue[T] {
-	return &Queue{
+	return &Queue[T]{
-		items: make([]any, 0, hint),
+		items: make([]T, 0, hint),
 	}
 }
+
+func GetZero[T any]() T {
+	var result T
+	return result
+}

common/singledo/singledo.go

@@ -5,28 +5,28 @@ import (
 	"time"
 )
 
-type call struct {
+type call[T any] struct {
 	wg  sync.WaitGroup
-	val any
+	val T
 	err error
 }
 
-type Single struct {
+type Single[T any] struct {
 	mux    sync.Mutex
 	last   time.Time
 	wait   time.Duration
-	call   *call
+	call   *call[T]
-	result *Result
+	result *Result[T]
 }
 
-type Result struct {
+type Result[T any] struct {
-	Val any
+	Val T
 	Err error
 }
 
 // Do single.Do likes sync.singleFlight
 //lint:ignore ST1008 it likes sync.singleFlight
-func (s *Single) Do(fn func() (any, error)) (v any, err error, shared bool) {
+func (s *Single[T]) Do(fn func() (T, error)) (v T, err error, shared bool) {
 	s.mux.Lock()
 	now := time.Now()
 	if now.Before(s.last.Add(s.wait)) {
@@ -34,31 +34,31 @@ func (s *Single) Do(fn func() (any, error)) (v any, err error, shared bool) {
 		return s.result.Val, s.result.Err, true
 	}
 
-	if call := s.call; call != nil {
+	if callM := s.call; callM != nil {
 		s.mux.Unlock()
-		call.wg.Wait()
+		callM.wg.Wait()
-		return call.val, call.err, true
+		return callM.val, callM.err, true
 	}
 
-	call := &call{}
+	callM := &call[T]{}
-	call.wg.Add(1)
+	callM.wg.Add(1)
-	s.call = call
+	s.call = callM
 	s.mux.Unlock()
-	call.val, call.err = fn()
+	callM.val, callM.err = fn()
-	call.wg.Done()
+	callM.wg.Done()
 
 	s.mux.Lock()
 	s.call = nil
-	s.result = &Result{call.val, call.err}
+	s.result = &Result[T]{callM.val, callM.err}
 	s.last = now
 	s.mux.Unlock()
-	return call.val, call.err, false
+	return callM.val, callM.err, false
 }
 
-func (s *Single) Reset() {
+func (s *Single[T]) Reset() {
 	s.last = time.Time{}
 }
 
-func NewSingle(wait time.Duration) *Single {
+func NewSingle[T any](wait time.Duration) *Single[T] {
-	return &Single{wait: wait}
+	return &Single[T]{wait: wait}
 }

common/singledo/singledo_test.go

@@ -10,13 +10,13 @@ import (
 )
 
 func TestBasic(t *testing.T) {
-	single := NewSingle(time.Millisecond * 30)
+	single := NewSingle[int](time.Millisecond * 30)
 	foo := 0
 	shardCount := atomic.NewInt32(0)
-	call := func() (any, error) {
+	call := func() (int, error) {
 		foo++
 		time.Sleep(time.Millisecond * 5)
-		return nil, nil
+		return 0, nil
 	}
 
 	var wg sync.WaitGroup
@@ -38,32 +38,32 @@ func TestBasic(t *testing.T) {
 }
 
 func TestTimer(t *testing.T) {
-	single := NewSingle(time.Millisecond * 30)
+	single := NewSingle[int](time.Millisecond * 30)
 	foo := 0
-	call := func() (any, error) {
+	callM := func() (int, error) {
 		foo++
-		return nil, nil
+		return 0, nil
 	}
 
-	single.Do(call)
+	_, _, _ = single.Do(callM)
 	time.Sleep(10 * time.Millisecond)
-	_, _, shard := single.Do(call)
+	_, _, shard := single.Do(callM)
 
 	assert.Equal(t, 1, foo)
 	assert.True(t, shard)
 }
 
 func TestReset(t *testing.T) {
-	single := NewSingle(time.Millisecond * 30)
+	single := NewSingle[int](time.Millisecond * 30)
 	foo := 0
-	call := func() (any, error) {
+	callM := func() (int, error) {
 		foo++
-		return nil, nil
+		return 0, nil
 	}
 
-	single.Do(call)
+	_, _, _ = single.Do(callM)
 	single.Reset()
-	single.Do(call)
+	_, _, _ = single.Do(callM)
 
 	assert.Equal(t, 2, foo)
 }

common/structure/structure.go

@@ -31,7 +31,7 @@ func NewDecoder(option Option) *Decoder {
 // Decode transform a map[string]any to a struct
 func (d *Decoder) Decode(src map[string]any, dst any) error {
 	if reflect.TypeOf(dst).Kind() != reflect.Ptr {
-		return fmt.Errorf("Decode must recive a ptr struct")
+		return fmt.Errorf("decode must recive a ptr struct")
 	}
 	t := reflect.TypeOf(dst).Elem()
 	v := reflect.ValueOf(dst).Elem()
@@ -291,7 +291,7 @@ func (d *Decoder) decodeStructFromMap(name string, dataVal, val reflect.Value) e
 		field reflect.StructField
 		val   reflect.Value
 	}
-	fields := []field{}
+	var fields []field
 	for len(structs) > 0 {
 		structVal := structs[0]
 		structs = structs[1:]

common/utils/range.go

@@ -0,0 +1,44 @@
+package utils
+
+import (
+	"golang.org/x/exp/constraints"
+)
+
+type Range[T constraints.Ordered] struct {
+	start T
+	end   T
+}
+
+func NewRange[T constraints.Ordered](start, end T) *Range[T] {
+	if start > end {
+		return &Range[T]{
+			start: end,
+			end:   start,
+		}
+	}
+
+	return &Range[T]{
+		start: start,
+		end:   end,
+	}
+}
+
+func (r *Range[T]) Contains(t T) bool {
+	return t >= r.start && t <= r.end
+}
+
+func (r *Range[T]) LeftContains(t T) bool {
+	return t >= r.start && t < r.end
+}
+
+func (r *Range[T]) RightContains(t T) bool {
+	return t > r.start && t <= r.end
+}
+
+func (r *Range[T]) Start() T {
+	return r.start
+}
+
+func (r *Range[T]) End() T {
+	return r.end
+}

component/dhcp/dhcp.go

@@ -4,7 +4,9 @@ import (
 	"context"
 	"errors"
 	"net"
+	"net/netip"
 
+	"github.com/Dreamacro/clash/common/nnip"
 	"github.com/Dreamacro/clash/component/iface"
 
 	"github.com/insomniacslk/dhcp/dhcpv4"
@@ -15,14 +17,16 @@ var (
 	ErrNotFound      = errors.New("DNS option not found")
 )
 
-func ResolveDNSFromDHCP(context context.Context, ifaceName string) ([]net.IP, error) {
+func ResolveDNSFromDHCP(context context.Context, ifaceName string) ([]netip.Addr, error) {
 	conn, err := ListenDHCPClient(context, ifaceName)
 	if err != nil {
 		return nil, err
 	}
-	defer conn.Close()
+	defer func() {
+		_ = conn.Close()
+	}()
 
-	result := make(chan []net.IP, 1)
+	result := make(chan []netip.Addr, 1)
 
 	ifaceObj, err := iface.ResolveInterface(ifaceName)
 	if err != nil {
@@ -52,7 +56,7 @@ func ResolveDNSFromDHCP(context context.Context, ifaceName string) ([]net.IP, er
 	}
 }
 
-func receiveOffer(conn net.PacketConn, id dhcpv4.TransactionID, result chan<- []net.IP) {
+func receiveOffer(conn net.PacketConn, id dhcpv4.TransactionID, result chan<- []netip.Addr) {
 	defer close(result)
 
 	buf := make([]byte, dhcpv4.MaxMessageSize)
@@ -77,11 +81,17 @@ func receiveOffer(conn net.PacketConn, id dhcpv4.TransactionID, result chan<- []
 		}
 
 		dns := pkt.DNS()
-		if len(dns) == 0 {
+		l := len(dns)
+		if l == 0 {
 			return
 		}
 
-		result <- dns
+		dnsAddr := make([]netip.Addr, l)
+		for i := 0; i < l; i++ {
+			dnsAddr[i] = nnip.IpToAddr(dns[i])
+		}
+
+		result <- dnsAddr
 
 		return
 	}

component/dialer/bind_darwin.go

@@ -2,6 +2,7 @@ package dialer
 
 import (
 	"net"
+	"net/netip"
 	"syscall"
 
 	"github.com/Dreamacro/clash/component/iface"
@@ -19,13 +20,10 @@ func bindControl(ifaceIdx int, chain controlFn) controlFn {
 			}
 		}()
 
-		ipStr, _, err := net.SplitHostPort(address)
+		addrPort, err := netip.ParseAddrPort(address)
-		if err == nil {
+		if err == nil && !addrPort.Addr().IsGlobalUnicast() {
-			ip := net.ParseIP(ipStr)
-			if ip != nil && !ip.IsGlobalUnicast() {
 			return
 		}
-		}
 
 		var innerErr error
 		err = c.Control(func(fd uintptr) {
@@ -45,7 +43,7 @@ func bindControl(ifaceIdx int, chain controlFn) controlFn {
 	}
 }
 
-func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, _ string, _ net.IP) error {
+func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, _ string, _ netip.Addr) error {
 	ifaceObj, err := iface.ResolveInterface(ifaceName)
 	if err != nil {
 		return err

component/dialer/bind_linux.go

@@ -2,6 +2,7 @@ package dialer
 
 import (
 	"net"
+	"net/netip"
 	"syscall"
 
 	"golang.org/x/sys/unix"
@@ -17,13 +18,10 @@ func bindControl(ifaceName string, chain controlFn) controlFn {
 			}
 		}()
 
-		ipStr, _, err := net.SplitHostPort(address)
+		addrPort, err := netip.ParseAddrPort(address)
-		if err == nil {
+		if err == nil && !addrPort.Addr().IsGlobalUnicast() {
-			ip := net.ParseIP(ipStr)
-			if ip != nil && !ip.IsGlobalUnicast() {
 			return
 		}
-		}
 
 		var innerErr error
 		err = c.Control(func(fd uintptr) {
@@ -38,7 +36,7 @@ func bindControl(ifaceName string, chain controlFn) controlFn {
 	}
 }
 
-func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, _ string, _ net.IP) error {
+func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, _ string, _ netip.Addr) error {
 	dialer.Control = bindControl(ifaceName, dialer.Control)
 
 	return nil

component/dialer/bind_others.go

@@ -4,27 +4,28 @@ package dialer
 
 import (
 	"net"
+	"net/netip"
 	"strconv"
 	"strings"
 
 	"github.com/Dreamacro/clash/component/iface"
 )
 
-func lookupLocalAddr(ifaceName string, network string, destination net.IP, port int) (net.Addr, error) {
+func lookupLocalAddr(ifaceName string, network string, destination netip.Addr, port int) (net.Addr, error) {
 	ifaceObj, err := iface.ResolveInterface(ifaceName)
 	if err != nil {
 		return nil, err
 	}
 
-	var addr *net.IPNet
+	var addr *netip.Prefix
 	switch network {
 	case "udp4", "tcp4":
 		addr, err = ifaceObj.PickIPv4Addr(destination)
 	case "tcp6", "udp6":
 		addr, err = ifaceObj.PickIPv6Addr(destination)
 	default:
-		if destination != nil {
+		if destination.IsValid() {
-			if destination.To4() != nil {
+			if destination.Is4() {
 				addr, err = ifaceObj.PickIPv4Addr(destination)
 			} else {
 				addr, err = ifaceObj.PickIPv6Addr(destination)
@@ -39,12 +40,12 @@ func lookupLocalAddr(ifaceName string, network string, destination net.IP, port
 
 	if strings.HasPrefix(network, "tcp") {
 		return &net.TCPAddr{
-			IP:   addr.IP,
+			IP:   addr.Addr().AsSlice(),
 			Port: port,
 		}, nil
 	} else if strings.HasPrefix(network, "udp") {
 		return &net.UDPAddr{
-			IP:   addr.IP,
+			IP:   addr.Addr().AsSlice(),
 			Port: port,
 		}, nil
 	}
@@ -52,7 +53,7 @@ func lookupLocalAddr(ifaceName string, network string, destination net.IP, port
 	return nil, iface.ErrAddrNotFound
 }
 
-func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, network string, destination net.IP) error {
+func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, network string, destination netip.Addr) error {
 	if !destination.IsGlobalUnicast() {
 		return nil
 	}
@@ -83,7 +84,7 @@ func bindIfaceToListenConfig(ifaceName string, _ *net.ListenConfig, network, add
 
 	local, _ := strconv.ParseUint(port, 10, 16)
 
-	addr, err := lookupLocalAddr(ifaceName, network, nil, int(local))
+	addr, err := lookupLocalAddr(ifaceName, network, netip.Addr{}, int(local))
 	if err != nil {
 		return "", err
 	}

component/dialer/dialer.go

@@ -3,11 +3,21 @@ package dialer
 import (
 	"context"
 	"errors"
+	"fmt"
 	"net"
+	"net/netip"
+	"sync"
 
 	"github.com/Dreamacro/clash/component/resolver"
 )
 
+var (
+	dialMux                    sync.Mutex
+	actualSingleDialContext    = singleDialContext
+	actualDualStackDialContext = dualStackDialContext
+	DisableIPv6                = false
+)
+
 func DialContext(ctx context.Context, network, address string, options ...Option) (net.Conn, error) {
 	opt := &option{
 		interfaceName: DefaultInterface.Load(),
@@ -24,33 +34,9 @@ func DialContext(ctx context.Context, network, address string, options ...Option
 
 	switch network {
 	case "tcp4", "tcp6", "udp4", "udp6":
-		host, port, err := net.SplitHostPort(address)
+		return actualSingleDialContext(ctx, network, address, opt)
-		if err != nil {
-			return nil, err
-		}
-
-		var ip net.IP
-		switch network {
-		case "tcp4", "udp4":
-			if !opt.direct {
-				ip, err = resolver.ResolveIPv4ProxyServerHost(host)
-			} else {
-				ip, err = resolver.ResolveIPv4(host)
-			}
-		default:
-			if !opt.direct {
-				ip, err = resolver.ResolveIPv6ProxyServerHost(host)
-			} else {
-				ip, err = resolver.ResolveIPv6(host)
-			}
-		}
-		if err != nil {
-			return nil, err
-		}
-
-		return dialContext(ctx, network, ip, port, opt)
 	case "tcp", "udp":
-		return dualStackDialContext(ctx, network, address, opt)
+		return actualDualStackDialContext(ctx, network, address, opt)
 	default:
 		return nil, errors.New("network invalid")
 	}
@@ -88,7 +74,20 @@ func ListenPacket(ctx context.Context, network, address string, options ...Optio
 	return lc.ListenPacket(ctx, network, address)
 }
 
-func dialContext(ctx context.Context, network string, destination net.IP, port string, opt *option) (net.Conn, error) {
+func SetDial(concurrent bool) {
+	dialMux.Lock()
+	if concurrent {
+		actualSingleDialContext = concurrentSingleDialContext
+		actualDualStackDialContext = concurrentDualStackDialContext
+	} else {
+		actualSingleDialContext = singleDialContext
+		actualDualStackDialContext = concurrentDualStackDialContext
+	}
+
+	dialMux.Unlock()
+}
+
+func dialContext(ctx context.Context, network string, destination netip.Addr, port string, opt *option) (net.Conn, error) {
 	dialer := &net.Dialer{}
 	if opt.interfaceName != "" {
 		if err := bindIfaceToDialer(opt.interfaceName, dialer, network, destination); err != nil {
@@ -99,6 +98,10 @@ func dialContext(ctx context.Context, network string, destination net.IP, port s
 		bindMarkToDialer(opt.routingMark, dialer, network, destination)
 	}
 
+	if DisableIPv6 && destination.Is6() {
+		return nil, fmt.Errorf("IPv6 is diabled, dialer cancel")
+	}
+
 	return dialer.DialContext(ctx, network, net.JoinHostPort(destination.String(), port))
 }
 
@@ -128,12 +131,12 @@ func dualStackDialContext(ctx context.Context, network, address string, opt *opt
 			case results <- result:
 			case <-returned:
 				if result.Conn != nil {
-					result.Conn.Close()
+					_ = result.Conn.Close()
 				}
 			}
 		}()
 
-		var ip net.IP
+		var ip netip.Addr
 		if ipv6 {
 			if !direct {
 				ip, result.error = resolver.ResolveIPv6ProxyServerHost(host)
@@ -182,3 +185,130 @@ func dualStackDialContext(ctx context.Context, network, address string, opt *opt
 
 	return nil, errors.New("never touched")
 }
+
+func concurrentDualStackDialContext(ctx context.Context, network, address string, opt *option) (net.Conn, error) {
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+
+	var ips []netip.Addr
+
+	if opt.direct {
+		ips, err = resolver.ResolveAllIP(host)
+	} else {
+		ips, err = resolver.ResolveAllIPProxyServerHost(host)
+	}
+
+	return concurrentDialContext(ctx, network, ips, port, opt)
+}
+
+func concurrentDialContext(ctx context.Context, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error) {
+	returned := make(chan struct{})
+	defer close(returned)
+
+	type dialResult struct {
+		ip netip.Addr
+		net.Conn
+		error
+		resolved bool
+	}
+
+	results := make(chan dialResult)
+
+	tcpRacer := func(ctx context.Context, ip netip.Addr) {
+		result := dialResult{ip: ip}
+
+		defer func() {
+			select {
+			case results <- result:
+			case <-returned:
+				if result.Conn != nil {
+					result.Conn.Close()
+				}
+			}
+		}()
+
+		v := "4"
+		if ip.Is6() {
+			v = "6"
+		}
+
+		result.Conn, result.error = dialContext(ctx, network+v, ip, port, opt)
+	}
+
+	for _, ip := range ips {
+		go tcpRacer(ctx, ip)
+	}
+
+	connCount := len(ips)
+	for res := range results {
+		connCount--
+		if res.error == nil {
+			return res.Conn, nil
+		}
+
+		if connCount == 0 {
+			break
+		}
+	}
+
+	return nil, errors.New("all ip tcp shake hands failed")
+}
+
+func singleDialContext(ctx context.Context, network string, address string, opt *option) (net.Conn, error) {
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+
+	var ip netip.Addr
+	switch network {
+	case "tcp4", "udp4":
+		if !opt.direct {
+			ip, err = resolver.ResolveIPv4ProxyServerHost(host)
+		} else {
+			ip, err = resolver.ResolveIPv4(host)
+		}
+	default:
+		if !opt.direct {
+			ip, err = resolver.ResolveIPv6ProxyServerHost(host)
+		} else {
+			ip, err = resolver.ResolveIPv6(host)
+		}
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return dialContext(ctx, network, ip, port, opt)
+}
+
+func concurrentSingleDialContext(ctx context.Context, network string, address string, opt *option) (net.Conn, error) {
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+
+	var ips []netip.Addr
+	switch network {
+	case "tcp4", "udp4":
+		if !opt.direct {
+			ips, err = resolver.ResolveAllIPv4ProxyServerHost(host)
+		} else {
+			ips, err = resolver.ResolveAllIPv4(host)
+		}
+	default:
+		if !opt.direct {
+			ips, err = resolver.ResolveAllIPv6ProxyServerHost(host)
+		} else {
+			ips, err = resolver.ResolveAllIPv6(host)
+		}
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	return concurrentDialContext(ctx, network, ips, port, opt)
+}

component/dialer/mark_linux.go

@@ -4,14 +4,15 @@ package dialer
 
 import (
 	"net"
+	"net/netip"
 	"syscall"
 )
 
-func bindMarkToDialer(mark int, dialer *net.Dialer, _ string, _ net.IP) {
+func bindMarkToDialer(mark int, dialer *net.Dialer, _ string, _ netip.Addr) {
 	dialer.Control = bindMarkToControl(mark, dialer.Control)
 }
 
-func bindMarkToListenConfig(mark int, lc *net.ListenConfig, _, address string) {
+func bindMarkToListenConfig(mark int, lc *net.ListenConfig, _, _ string) {
 	lc.Control = bindMarkToControl(mark, lc.Control)
 }
 
@@ -23,20 +24,17 @@ func bindMarkToControl(mark int, chain controlFn) controlFn {
 			}
 		}()
 
-		ipStr, _, err := net.SplitHostPort(address)
+		addrPort, err := netip.ParseAddrPort(address)
-		if err == nil {
+		if err == nil && !addrPort.Addr().IsGlobalUnicast() {
-			ip := net.ParseIP(ipStr)
-			if ip != nil && !ip.IsGlobalUnicast() {
 			return
 		}
-		}
 
 		return c.Control(func(fd uintptr) {
 			switch network {
 			case "tcp4", "udp4":
-				syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, mark)
+				_ = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, mark)
 			case "tcp6", "udp6":
-				syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, mark)
+				_ = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, mark)
 			}
 		})
 	}

component/dialer/mark_nonlinux.go

@@ -4,6 +4,7 @@ package dialer
 
 import (
 	"net"
+	"net/netip"
 	"sync"
 
 	"github.com/Dreamacro/clash/log"
@@ -17,10 +18,10 @@ func printMarkWarn() {
 	})
 }
 
-func bindMarkToDialer(mark int, dialer *net.Dialer, _ string, _ net.IP) {
+func bindMarkToDialer(mark int, dialer *net.Dialer, _ string, _ netip.Addr) {
 	printMarkWarn()
 }
 
-func bindMarkToListenConfig(mark int, lc *net.ListenConfig, _, address string) {
+func bindMarkToListenConfig(mark int, lc *net.ListenConfig, _, _ string) {
 	printMarkWarn()
 }

component/dialer/resolver.go

@@ -3,6 +3,7 @@ package dialer
 import (
 	"context"
 	"net"
+	"net/netip"
 )
 
 func init() {
@@ -18,9 +19,9 @@ func resolverDialContext(ctx context.Context, network, address string) (net.Conn
 	interfaceName := DefaultInterface.Load()
 
 	if interfaceName != "" {
-		dstIP := net.ParseIP(address)
+		dstIP, err := netip.ParseAddr(address)
-		if dstIP != nil {
+		if err == nil {
-			bindIfaceToDialer(interfaceName, d, network, dstIP)
+			_ = bindIfaceToDialer(interfaceName, d, network, dstIP)
 		}
 	}
 

component/fakeip/cachefile.go

@@ -1,7 +1,7 @@
 package fakeip
 
 import (
-	"net"
+	"net/netip"
 
 	"github.com/Dreamacro/clash/component/profile/cachefile"
 )
@@ -11,22 +11,27 @@ type cachefileStore struct {
 }
 
 // GetByHost implements store.GetByHost
-func (c *cachefileStore) GetByHost(host string) (net.IP, bool) {
+func (c *cachefileStore) GetByHost(host string) (netip.Addr, bool) {
 	elm := c.cache.GetFakeip([]byte(host))
 	if elm == nil {
-		return nil, false
+		return netip.Addr{}, false
+	}
+
+	if len(elm) == 4 {
+		return netip.AddrFrom4(*(*[4]byte)(elm)), true
+	} else {
+		return netip.AddrFrom16(*(*[16]byte)(elm)), true
 	}
-	return net.IP(elm), true
 }
 
 // PutByHost implements store.PutByHost
-func (c *cachefileStore) PutByHost(host string, ip net.IP) {
+func (c *cachefileStore) PutByHost(host string, ip netip.Addr) {
-	c.cache.PutFakeip([]byte(host), ip)
+	c.cache.PutFakeip([]byte(host), ip.AsSlice())
 }
 
 // GetByIP implements store.GetByIP
-func (c *cachefileStore) GetByIP(ip net.IP) (string, bool) {
+func (c *cachefileStore) GetByIP(ip netip.Addr) (string, bool) {
-	elm := c.cache.GetFakeip(ip.To4())
+	elm := c.cache.GetFakeip(ip.AsSlice())
 	if elm == nil {
 		return "", false
 	}
@@ -34,18 +39,18 @@ func (c *cachefileStore) GetByIP(ip net.IP) (string, bool) {
 }
 
 // PutByIP implements store.PutByIP
-func (c *cachefileStore) PutByIP(ip net.IP, host string) {
+func (c *cachefileStore) PutByIP(ip netip.Addr, host string) {
-	c.cache.PutFakeip(ip.To4(), []byte(host))
+	c.cache.PutFakeip(ip.AsSlice(), []byte(host))
 }
 
 // DelByIP implements store.DelByIP
-func (c *cachefileStore) DelByIP(ip net.IP) {
+func (c *cachefileStore) DelByIP(ip netip.Addr) {
-	ip = ip.To4()
+	addr := ip.AsSlice()
-	c.cache.DelFakeipPair(ip, c.cache.GetFakeip(ip.To4()))
+	c.cache.DelFakeipPair(addr, c.cache.GetFakeip(addr))
 }
 
 // Exist implements store.Exist
-func (c *cachefileStore) Exist(ip net.IP) bool {
+func (c *cachefileStore) Exist(ip netip.Addr) bool {
 	_, exist := c.GetByIP(ip)
 	return exist
 }

component/fakeip/memory.go

@@ -1,40 +1,37 @@
 package fakeip
 
 import (
-	"net"
+	"net/netip"
 
 	"github.com/Dreamacro/clash/common/cache"
 )
 
 type memoryStore struct {
-	cache *cache.LruCache
+	cacheIP   *cache.LruCache[string, netip.Addr]
+	cacheHost *cache.LruCache[netip.Addr, string]
 }
 
 // GetByHost implements store.GetByHost
-func (m *memoryStore) GetByHost(host string) (net.IP, bool) {
+func (m *memoryStore) GetByHost(host string) (netip.Addr, bool) {
-	if elm, exist := m.cache.Get(host); exist {
+	if ip, exist := m.cacheIP.Get(host); exist {
-		ip := elm.(net.IP)
-
 		// ensure ip --> host on head of linked list
-		m.cache.Get(ipToUint(ip.To4()))
+		m.cacheHost.Get(ip)
 		return ip, true
 	}
 
-	return nil, false
+	return netip.Addr{}, false
 }
 
 // PutByHost implements store.PutByHost
-func (m *memoryStore) PutByHost(host string, ip net.IP) {
+func (m *memoryStore) PutByHost(host string, ip netip.Addr) {
-	m.cache.Set(host, ip)
+	m.cacheIP.Set(host, ip)
 }
 
 // GetByIP implements store.GetByIP
-func (m *memoryStore) GetByIP(ip net.IP) (string, bool) {
+func (m *memoryStore) GetByIP(ip netip.Addr) (string, bool) {
-	if elm, exist := m.cache.Get(ipToUint(ip.To4())); exist {
+	if host, exist := m.cacheHost.Get(ip); exist {
-		host := elm.(string)
-
 		// ensure host --> ip on head of linked list
-		m.cache.Get(host)
+		m.cacheIP.Get(host)
 		return host, true
 	}
 
@@ -42,33 +39,41 @@ func (m *memoryStore) GetByIP(ip net.IP) (string, bool) {
 }
 
 // PutByIP implements store.PutByIP
-func (m *memoryStore) PutByIP(ip net.IP, host string) {
+func (m *memoryStore) PutByIP(ip netip.Addr, host string) {
-	m.cache.Set(ipToUint(ip.To4()), host)
+	m.cacheHost.Set(ip, host)
 }
 
 // DelByIP implements store.DelByIP
-func (m *memoryStore) DelByIP(ip net.IP) {
+func (m *memoryStore) DelByIP(ip netip.Addr) {
-	ipNum := ipToUint(ip.To4())
+	if host, exist := m.cacheHost.Get(ip); exist {
-	if elm, exist := m.cache.Get(ipNum); exist {
+		m.cacheIP.Delete(host)
-		m.cache.Delete(elm.(string))
 	}
-	m.cache.Delete(ipNum)
+	m.cacheHost.Delete(ip)
 }
 
 // Exist implements store.Exist
-func (m *memoryStore) Exist(ip net.IP) bool {
+func (m *memoryStore) Exist(ip netip.Addr) bool {
-	return m.cache.Exist(ipToUint(ip.To4()))
+	return m.cacheHost.Exist(ip)
 }
 
 // CloneTo implements store.CloneTo
 // only for memoryStore to memoryStore
 func (m *memoryStore) CloneTo(store store) {
 	if ms, ok := store.(*memoryStore); ok {
-		m.cache.CloneTo(ms.cache)
+		m.cacheIP.CloneTo(ms.cacheIP)
+		m.cacheHost.CloneTo(ms.cacheHost)
 	}
 }
 
 // FlushFakeIP implements store.FlushFakeIP
 func (m *memoryStore) FlushFakeIP() error {
-	return m.cache.Clear()
+	_ = m.cacheIP.Clear()
+	return m.cacheHost.Clear()
+}
+
+func newMemoryStore(size int) *memoryStore {
+	return &memoryStore{
+		cacheIP:   cache.NewLRUCache[string, netip.Addr](cache.WithSize[string, netip.Addr](size)),
+		cacheHost: cache.NewLRUCache[netip.Addr, string](cache.WithSize[netip.Addr, string](size)),
+	}
 }

component/fakeip/pool.go

@@ -2,40 +2,45 @@ package fakeip
 
 import (
 	"errors"
-	"net"
+	"net/netip"
 	"sync"
 
-	"github.com/Dreamacro/clash/common/cache"
+	"github.com/Dreamacro/clash/common/nnip"
 	"github.com/Dreamacro/clash/component/profile/cachefile"
 	"github.com/Dreamacro/clash/component/trie"
 )
 
+const (
+	offsetKey = "key-offset-fake-ip"
+	cycleKey  = "key-cycle-fake-ip"
+)
+
 type store interface {
-	GetByHost(host string) (net.IP, bool)
+	GetByHost(host string) (netip.Addr, bool)
-	PutByHost(host string, ip net.IP)
+	PutByHost(host string, ip netip.Addr)
-	GetByIP(ip net.IP) (string, bool)
+	GetByIP(ip netip.Addr) (string, bool)
-	PutByIP(ip net.IP, host string)
+	PutByIP(ip netip.Addr, host string)
-	DelByIP(ip net.IP)
+	DelByIP(ip netip.Addr)
-	Exist(ip net.IP) bool
+	Exist(ip netip.Addr) bool
 	CloneTo(store)
 	FlushFakeIP() error
 }
 
 // Pool is a implementation about fake ip generator without storage
 type Pool struct {
-	max       uint32
+	gateway netip.Addr
-	min       uint32
+	first   netip.Addr
-	gateway   uint32
+	last    netip.Addr
-	broadcast uint32
+	offset  netip.Addr
-	offset    uint32
+	cycle   bool
 	mux     sync.Mutex
-	host      *trie.DomainTrie
+	host    *trie.DomainTrie[bool]
-	ipnet     *net.IPNet
+	ipnet   *netip.Prefix
 	store   store
 }
 
 // Lookup return a fake ip with host
-func (p *Pool) Lookup(host string) net.IP {
+func (p *Pool) Lookup(host string) netip.Addr {
 	p.mux.Lock()
 	defer p.mux.Unlock()
 	if ip, exist := p.store.GetByHost(host); exist {
@@ -48,14 +53,10 @@ func (p *Pool) Lookup(host string) net.IP {
 }
 
 // LookBack return host with the fake ip
-func (p *Pool) LookBack(ip net.IP) (string, bool) {
+func (p *Pool) LookBack(ip netip.Addr) (string, bool) {
 	p.mux.Lock()
 	defer p.mux.Unlock()
 
-	if ip = ip.To4(); ip == nil {
-		return "", false
-	}
-
 	return p.store.GetByIP(ip)
 }
 
@@ -68,29 +69,25 @@ func (p *Pool) ShouldSkipped(domain string) bool {
 }
 
 // Exist returns if given ip exists in fake-ip pool
-func (p *Pool) Exist(ip net.IP) bool {
+func (p *Pool) Exist(ip netip.Addr) bool {
 	p.mux.Lock()
 	defer p.mux.Unlock()
 
-	if ip = ip.To4(); ip == nil {
-		return false
-	}
-
 	return p.store.Exist(ip)
 }
 
 // Gateway return gateway ip
-func (p *Pool) Gateway() net.IP {
+func (p *Pool) Gateway() netip.Addr {
-	return uintToIP(p.gateway)
+	return p.gateway
 }
 
-// Broadcast return broadcast ip
+// Broadcast return the last ip
-func (p *Pool) Broadcast() net.IP {
+func (p *Pool) Broadcast() netip.Addr {
-	return uintToIP(p.broadcast)
+	return p.last
 }
 
 // IPNet return raw ipnet
-func (p *Pool) IPNet() *net.IPNet {
+func (p *Pool) IPNet() *netip.Prefix {
 	return p.ipnet
 }
 
@@ -99,47 +96,61 @@ func (p *Pool) CloneFrom(o *Pool) {
 	o.store.CloneTo(p.store)
 }
 
-func (p *Pool) get(host string) net.IP {
+func (p *Pool) get(host string) netip.Addr {
-	current := p.offset
+	p.offset = p.offset.Next()
-	for {
+
-		p.offset = (p.offset + 1) % (p.max - p.min)
+	if !p.offset.Less(p.last) {
-		// Avoid infinite loops
+		p.cycle = true
-		if p.offset == current {
+		p.offset = p.first
-			p.offset = (p.offset + 1) % (p.max - p.min)
-			ip := uintToIP(p.min + p.offset - 1)
-			p.store.DelByIP(ip)
-			break
 	}
 
-		ip := uintToIP(p.min + p.offset - 1)
+	if p.cycle || p.store.Exist(p.offset) {
-		if !p.store.Exist(ip) {
+		p.store.DelByIP(p.offset)
-			break
 	}
-	}
+
-	ip := uintToIP(p.min + p.offset - 1)
+	p.store.PutByIP(p.offset, host)
-	p.store.PutByIP(ip, host)
+	return p.offset
-	return ip
 }
 
 func (p *Pool) FlushFakeIP() error {
-	return p.store.FlushFakeIP()
+	err := p.store.FlushFakeIP()
+	if err == nil {
+		p.cycle = false
+		p.offset = p.first.Prev()
+	}
+	return err
 }
 
-func ipToUint(ip net.IP) uint32 {
+func (p *Pool) StoreState() {
-	v := uint32(ip[0]) << 24
+	if s, ok := p.store.(*cachefileStore); ok {
-	v += uint32(ip[1]) << 16
+		s.PutByHost(offsetKey, p.offset)
-	v += uint32(ip[2]) << 8
+		if p.cycle {
-	v += uint32(ip[3])
+			s.PutByHost(cycleKey, p.offset)
-	return v
+		}
+	}
 }
 
-func uintToIP(v uint32) net.IP {
+func (p *Pool) restoreState() {
-	return net.IP{byte(v >> 24), byte(v >> 16), byte(v >> 8), byte(v)}
+	if s, ok := p.store.(*cachefileStore); ok {
+		if _, exist := s.GetByHost(cycleKey); exist {
+			p.cycle = true
+		}
+
+		if offset, exist := s.GetByHost(offsetKey); exist {
+			if p.ipnet.Contains(offset) {
+				p.offset = offset
+			} else {
+				_ = p.FlushFakeIP()
+			}
+		} else if s.Exist(p.first) {
+			_ = p.FlushFakeIP()
+		}
+	}
 }
 
 type Options struct {
-	IPNet *net.IPNet
+	IPNet *netip.Prefix
-	Host  *trie.DomainTrie
+	Host  *trie.DomainTrie[bool]
 
 	// Size sets the maximum number of entries in memory
 	// and does not work if Persistence is true
@@ -152,21 +163,23 @@ type Options struct {
 
 // New return Pool instance
 func New(options Options) (*Pool, error) {
-	min := ipToUint(options.IPNet.IP) + 3
+	var (
+		hostAddr = options.IPNet.Masked().Addr()
+		gateway  = hostAddr.Next()
+		first    = gateway.Next().Next()
+		last     = nnip.UnMasked(*options.IPNet)
+	)
 
-	ones, bits := options.IPNet.Mask.Size()
+	if !options.IPNet.IsValid() || !first.IsValid() || !first.Less(last) {
-	total := 1<<uint(bits-ones) - 4
-
-	if total <= 0 {
 		return nil, errors.New("ipnet don't have valid ip")
 	}
 
-	max := min + uint32(total) - 1
 	pool := &Pool{
-		min:       min,
+		gateway: gateway,
-		max:       max,
+		first:   first,
-		gateway:   min - 2,
+		last:    last,
-		broadcast: max + 1,
+		offset:  first.Prev(),
+		cycle:   false,
 		host:    options.Host,
 		ipnet:   options.IPNet,
 	}
@@ -175,10 +188,10 @@ func New(options Options) (*Pool, error) {
 			cache: cachefile.Cache(),
 		}
 	} else {
-		pool.store = &memoryStore{
+		pool.store = newMemoryStore(options.Size)
-			cache: cache.NewLRUCache(cache.WithSize(options.Size * 2)),
-		}
 	}
 
+	pool.restoreState()
+
 	return pool, nil
 }

component/fakeip/pool_test.go

@@ -2,7 +2,7 @@ package fakeip
 
 import (
 	"fmt"
-	"net"
+	"net/netip"
 	"os"
 	"testing"
 	"time"
@@ -49,9 +49,9 @@ func createCachefileStore(options Options) (*Pool, string, error) {
 }
 
 func TestPool_Basic(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.0/28")
+	ipnet := netip.MustParsePrefix("192.168.0.0/28")
 	pools, tempfile, err := createPools(Options{
-		IPNet: ipnet,
+		IPNet: &ipnet,
 		Size:  10,
 	})
 	assert.Nil(t, err)
@@ -62,24 +62,52 @@ func TestPool_Basic(t *testing.T) {
 		last := pool.Lookup("bar.com")
 		bar, exist := pool.LookBack(last)
 
-		assert.True(t, first.Equal(net.IP{192, 168, 0, 3}))
+		assert.True(t, first == netip.AddrFrom4([4]byte{192, 168, 0, 3}))
-		assert.Equal(t, pool.Lookup("foo.com"), net.IP{192, 168, 0, 3})
+		assert.True(t, pool.Lookup("foo.com") == netip.AddrFrom4([4]byte{192, 168, 0, 3}))
-		assert.True(t, last.Equal(net.IP{192, 168, 0, 4}))
+		assert.True(t, last == netip.AddrFrom4([4]byte{192, 168, 0, 4}))
 		assert.True(t, exist)
 		assert.Equal(t, bar, "bar.com")
-		assert.Equal(t, pool.Gateway(), net.IP{192, 168, 0, 1})
+		assert.True(t, pool.Gateway() == netip.AddrFrom4([4]byte{192, 168, 0, 1}))
-		assert.Equal(t, pool.Broadcast(), net.IP{192, 168, 0, 15})
+		assert.True(t, pool.Broadcast() == netip.AddrFrom4([4]byte{192, 168, 0, 15}))
 		assert.Equal(t, pool.IPNet().String(), ipnet.String())
-		assert.True(t, pool.Exist(net.IP{192, 168, 0, 4}))
+		assert.True(t, pool.Exist(netip.AddrFrom4([4]byte{192, 168, 0, 4})))
-		assert.False(t, pool.Exist(net.IP{192, 168, 0, 5}))
+		assert.False(t, pool.Exist(netip.AddrFrom4([4]byte{192, 168, 0, 5})))
-		assert.False(t, pool.Exist(net.ParseIP("::1")))
+		assert.False(t, pool.Exist(netip.MustParseAddr("::1")))
+	}
+}
+
+func TestPool_BasicV6(t *testing.T) {
+	ipnet := netip.MustParsePrefix("2001:4860:4860::8888/118")
+	pools, tempfile, err := createPools(Options{
+		IPNet: &ipnet,
+		Size:  10,
+	})
+	assert.Nil(t, err)
+	defer os.Remove(tempfile)
+
+	for _, pool := range pools {
+		first := pool.Lookup("foo.com")
+		last := pool.Lookup("bar.com")
+		bar, exist := pool.LookBack(last)
+
+		assert.True(t, first == netip.MustParseAddr("2001:4860:4860:0000:0000:0000:0000:8803"))
+		assert.True(t, pool.Lookup("foo.com") == netip.MustParseAddr("2001:4860:4860:0000:0000:0000:0000:8803"))
+		assert.True(t, last == netip.MustParseAddr("2001:4860:4860:0000:0000:0000:0000:8804"))
+		assert.True(t, exist)
+		assert.Equal(t, bar, "bar.com")
+		assert.True(t, pool.Gateway() == netip.MustParseAddr("2001:4860:4860:0000:0000:0000:0000:8801"))
+		assert.True(t, pool.Broadcast() == netip.MustParseAddr("2001:4860:4860:0000:0000:0000:0000:8bff"))
+		assert.Equal(t, pool.IPNet().String(), ipnet.String())
+		assert.True(t, pool.Exist(netip.MustParseAddr("2001:4860:4860:0000:0000:0000:0000:8804")))
+		assert.False(t, pool.Exist(netip.MustParseAddr("2001:4860:4860:0000:0000:0000:0000:8805")))
+		assert.False(t, pool.Exist(netip.MustParseAddr("127.0.0.1")))
 	}
 }
 
 func TestPool_CycleUsed(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.16/28")
+	ipnet := netip.MustParsePrefix("192.168.0.16/28")
 	pools, tempfile, err := createPools(Options{
-		IPNet: ipnet,
+		IPNet: &ipnet,
 		Size:  10,
 	})
 	assert.Nil(t, err)
@@ -88,22 +116,22 @@ func TestPool_CycleUsed(t *testing.T) {
 	for _, pool := range pools {
 		foo := pool.Lookup("foo.com")
 		bar := pool.Lookup("bar.com")
-		for i := 0; i < 9; i++ {
+		for i := 0; i < 10; i++ {
 			pool.Lookup(fmt.Sprintf("%d.com", i))
 		}
 		baz := pool.Lookup("baz.com")
 		next := pool.Lookup("foo.com")
-		assert.True(t, foo.Equal(baz))
+		assert.True(t, foo == baz)
-		assert.True(t, next.Equal(bar))
+		assert.True(t, next == bar)
 	}
 }
 
 func TestPool_Skip(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/29")
+	ipnet := netip.MustParsePrefix("192.168.0.1/29")
-	tree := trie.New()
+	tree := trie.New[bool]()
-	tree.Insert("example.com", tree)
+	tree.Insert("example.com", true)
 	pools, tempfile, err := createPools(Options{
-		IPNet: ipnet,
+		IPNet: &ipnet,
 		Size:  10,
 		Host:  tree,
 	})
@@ -117,9 +145,9 @@ func TestPool_Skip(t *testing.T) {
 }
 
 func TestPool_MaxCacheSize(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/24")
+	ipnet := netip.MustParsePrefix("192.168.0.1/24")
 	pool, _ := New(Options{
-		IPNet: ipnet,
+		IPNet: &ipnet,
 		Size:  2,
 	})
 
@@ -128,13 +156,13 @@ func TestPool_MaxCacheSize(t *testing.T) {
 	pool.Lookup("baz.com")
 	next := pool.Lookup("foo.com")
 
-	assert.False(t, first.Equal(next))
+	assert.False(t, first == next)
 }
 
 func TestPool_DoubleMapping(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/24")
+	ipnet := netip.MustParsePrefix("192.168.0.1/24")
 	pool, _ := New(Options{
-		IPNet: ipnet,
+		IPNet: &ipnet,
 		Size:  2,
 	})
 
@@ -158,23 +186,23 @@ func TestPool_DoubleMapping(t *testing.T) {
 	assert.False(t, bazExist)
 	assert.True(t, barExist)
 
-	assert.False(t, bazIP.Equal(newBazIP))
+	assert.False(t, bazIP == newBazIP)
 }
 
 func TestPool_Clone(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/24")
+	ipnet := netip.MustParsePrefix("192.168.0.1/24")
 	pool, _ := New(Options{
-		IPNet: ipnet,
+		IPNet: &ipnet,
 		Size:  2,
 	})
 
 	first := pool.Lookup("foo.com")
 	last := pool.Lookup("bar.com")
-	assert.True(t, first.Equal(net.IP{192, 168, 0, 3}))
+	assert.True(t, first == netip.AddrFrom4([4]byte{192, 168, 0, 3}))
-	assert.True(t, last.Equal(net.IP{192, 168, 0, 4}))
+	assert.True(t, last == netip.AddrFrom4([4]byte{192, 168, 0, 4}))
 
 	newPool, _ := New(Options{
-		IPNet: ipnet,
+		IPNet: &ipnet,
 		Size:  2,
 	})
 	newPool.CloneFrom(pool)
@@ -185,9 +213,9 @@ func TestPool_Clone(t *testing.T) {
 }
 
 func TestPool_Error(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/31")
+	ipnet := netip.MustParsePrefix("192.168.0.1/31")
 	_, err := New(Options{
-		IPNet: ipnet,
+		IPNet: &ipnet,
 		Size:  10,
 	})
 
@@ -195,9 +223,9 @@ func TestPool_Error(t *testing.T) {
 }
 
 func TestPool_FlushFileCache(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/28")
+	ipnet := netip.MustParsePrefix("192.168.0.1/28")
 	pools, tempfile, err := createPools(Options{
-		IPNet: ipnet,
+		IPNet: &ipnet,
 		Size:  10,
 	})
 	assert.Nil(t, err)
@@ -212,22 +240,24 @@ func TestPool_FlushFileCache(t *testing.T) {
 		err = pool.FlushFakeIP()
 		assert.Nil(t, err)
 
-		baz := pool.Lookup("foo.com")
 		next := pool.Lookup("baz.com")
+		baz := pool.Lookup("foo.com")
 		nero := pool.Lookup("foo.com")
 
-		assert.Equal(t, foo, fox)
+		assert.True(t, foo == fox)
-		assert.NotEqual(t, foo, baz)
+		assert.True(t, foo == next)
-		assert.Equal(t, bar, bax)
+		assert.False(t, foo == baz)
-		assert.NotEqual(t, bar, next)
+		assert.True(t, bar == bax)
-		assert.Equal(t, baz, nero)
+		assert.True(t, bar == baz)
+		assert.False(t, bar == next)
+		assert.True(t, baz == nero)
 	}
 }
 
 func TestPool_FlushMemoryCache(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/28")
+	ipnet := netip.MustParsePrefix("192.168.0.1/28")
 	pool, _ := New(Options{
-		IPNet: ipnet,
+		IPNet: &ipnet,
 		Size:  10,
 	})
 
@@ -239,13 +269,15 @@ func TestPool_FlushMemoryCache(t *testing.T) {
 	err := pool.FlushFakeIP()
 	assert.Nil(t, err)
 
-	baz := pool.Lookup("foo.com")
 	next := pool.Lookup("baz.com")
+	baz := pool.Lookup("foo.com")
 	nero := pool.Lookup("foo.com")
 
-	assert.Equal(t, foo, fox)
+	assert.True(t, foo == fox)
-	assert.NotEqual(t, foo, baz)
+	assert.True(t, foo == next)
-	assert.Equal(t, bar, bax)
+	assert.False(t, foo == baz)
-	assert.NotEqual(t, bar, next)
+	assert.True(t, bar == bax)
-	assert.Equal(t, baz, nero)
+	assert.True(t, bar == baz)
+	assert.False(t, bar == next)
+	assert.True(t, baz == nero)
 }

component/geodata/strmatcher/ac_automaton_matcher.go

@@ -1,7 +1,7 @@
 package strmatcher
 
 import (
-	"container/list"
+	"github.com/Dreamacro/clash/common/generics/list"
 )
 
 const validCharCount = 53
@@ -190,7 +190,7 @@ func (ac *ACAutomaton) Add(domain string, t Type) {
 }
 
 func (ac *ACAutomaton) Build() {
-	queue := list.New()
+	queue := list.New[Edge]()
 	for i := 0; i < validCharCount; i++ {
 		if ac.trie[0][i].nextNode != 0 {
 			queue.PushBack(ac.trie[0][i])
@@ -201,7 +201,7 @@ func (ac *ACAutomaton) Build() {
 		if front == nil {
 			break
 		} else {
-			node := front.Value.(Edge).nextNode
+			node := front.Value.nextNode
 			queue.Remove(front)
 			for i := 0; i < validCharCount; i++ {
 				if ac.trie[node][i].nextNode != 0 {

component/geodata/utils.go

@@ -15,6 +15,9 @@ func LoaderName() string {
 }
 
 func SetLoader(newLoader string) {
+	if newLoader == "memc" {
+		newLoader = "memconservative"
+	}
 	geoLoaderName = newLoader
 }
 

component/iface/iface.go

@@ -3,6 +3,7 @@ package iface
 import (
 	"errors"
 	"net"
+	"net/netip"
 	"time"
 
 	"github.com/Dreamacro/clash/common/singledo"
@@ -11,7 +12,7 @@ import (
 type Interface struct {
 	Index        int
 	Name         string
-	Addrs        []*net.IPNet
+	Addrs        []*netip.Prefix
 	HardwareAddr net.HardwareAddr
 }
 
@@ -20,10 +21,10 @@ var (
 	ErrAddrNotFound  = errors.New("addr not found")
 )
 
-var interfaces = singledo.NewSingle(time.Second * 20)
+var interfaces = singledo.NewSingle[map[string]*Interface](time.Second * 20)
 
 func ResolveInterface(name string) (*Interface, error) {
-	value, err, _ := interfaces.Do(func() (any, error) {
+	value, err, _ := interfaces.Do(func() (map[string]*Interface, error) {
 		ifaces, err := net.Interfaces()
 		if err != nil {
 			return nil, err
@@ -37,14 +38,18 @@ func ResolveInterface(name string) (*Interface, error) {
 				continue
 			}
 
-			ipNets := make([]*net.IPNet, 0, len(addrs))
+			ipNets := make([]*netip.Prefix, 0, len(addrs))
 			for _, addr := range addrs {
 				ipNet := addr.(*net.IPNet)
-				if v4 := ipNet.IP.To4(); v4 != nil {
+				ip, _ := netip.AddrFromSlice(ipNet.IP)
-					ipNet.IP = v4
+
+				ones, bits := ipNet.Mask.Size()
+				if bits == 32 {
+					ip = ip.Unmap()
 				}
 
-				ipNets = append(ipNets, ipNet)
+				pf := netip.PrefixFrom(ip, ones)
+				ipNets = append(ipNets, &pf)
 			}
 
 			r[iface.Name] = &Interface{
@@ -61,7 +66,7 @@ func ResolveInterface(name string) (*Interface, error) {
 		return nil, err
 	}
 
-	ifaces := value.(map[string]*Interface)
+	ifaces := value
 	iface, ok := ifaces[name]
 	if !ok {
 		return nil, ErrIfaceNotFound
@@ -74,35 +79,35 @@ func FlushCache() {
 	interfaces.Reset()
 }
 
-func (iface *Interface) PickIPv4Addr(destination net.IP) (*net.IPNet, error) {
+func (iface *Interface) PickIPv4Addr(destination netip.Addr) (*netip.Prefix, error) {
-	return iface.pickIPAddr(destination, func(addr *net.IPNet) bool {
+	return iface.pickIPAddr(destination, func(addr *netip.Prefix) bool {
-		return addr.IP.To4() != nil
+		return addr.Addr().Is4()
 	})
 }
 
-func (iface *Interface) PickIPv6Addr(destination net.IP) (*net.IPNet, error) {
+func (iface *Interface) PickIPv6Addr(destination netip.Addr) (*netip.Prefix, error) {
-	return iface.pickIPAddr(destination, func(addr *net.IPNet) bool {
+	return iface.pickIPAddr(destination, func(addr *netip.Prefix) bool {
-		return addr.IP.To4() == nil
+		return addr.Addr().Is6()
 	})
 }
 
-func (iface *Interface) pickIPAddr(destination net.IP, accept func(addr *net.IPNet) bool) (*net.IPNet, error) {
+func (iface *Interface) pickIPAddr(destination netip.Addr, accept func(addr *netip.Prefix) bool) (*netip.Prefix, error) {
-	var fallback *net.IPNet
+	var fallback *netip.Prefix
 
 	for _, addr := range iface.Addrs {
 		if !accept(addr) {
 			continue
 		}
 
-		if fallback == nil && !addr.IP.IsLinkLocalUnicast() {
+		if fallback == nil && !addr.Addr().IsLinkLocalUnicast() {
 			fallback = addr
 
-			if destination == nil {
+			if !destination.IsValid() {
 				break
 			}
 		}
 
-		if destination != nil && addr.Contains(destination) {
+		if destination.IsValid() && addr.Contains(destination) {
 			return addr, nil
 		}
 	}

component/pool/pool.go

@@ -6,55 +6,55 @@ import (
 	"time"
 )
 
-type Factory = func(context.Context) (any, error)
+type Factory[T any] func(context.Context) (T, error)
 
-type entry struct {
+type entry[T any] struct {
-	elm  any
+	elm  T
 	time time.Time
 }
 
-type Option func(*pool)
+type Option[T any] func(*pool[T])
 
 // WithEvict set the evict callback
-func WithEvict(cb func(any)) Option {
+func WithEvict[T any](cb func(T)) Option[T] {
-	return func(p *pool) {
+	return func(p *pool[T]) {
 		p.evict = cb
 	}
 }
 
 // WithAge defined element max age (millisecond)
-func WithAge(maxAge int64) Option {
+func WithAge[T any](maxAge int64) Option[T] {
-	return func(p *pool) {
+	return func(p *pool[T]) {
 		p.maxAge = maxAge
 	}
 }
 
 // WithSize defined max size of Pool
-func WithSize(maxSize int) Option {
+func WithSize[T any](maxSize int) Option[T] {
-	return func(p *pool) {
+	return func(p *pool[T]) {
-		p.ch = make(chan any, maxSize)
+		p.ch = make(chan *entry[T], maxSize)
 	}
 }
 
 // Pool is for GC, see New for detail
-type Pool struct {
+type Pool[T any] struct {
-	*pool
+	*pool[T]
 }
 
-type pool struct {
+type pool[T any] struct {
-	ch      chan any
+	ch      chan *entry[T]
-	factory Factory
+	factory Factory[T]
-	evict   func(any)
+	evict   func(T)
 	maxAge  int64
 }
 
-func (p *pool) GetContext(ctx context.Context) (any, error) {
+func (p *pool[T]) GetContext(ctx context.Context) (T, error) {
 	now := time.Now()
 	for {
 		select {
 		case item := <-p.ch:
-			elm := item.(*entry)
+			elm := item
-			if p.maxAge != 0 && now.Sub(item.(*entry).time).Milliseconds() > p.maxAge {
+			if p.maxAge != 0 && now.Sub(item.time).Milliseconds() > p.maxAge {
 				if p.evict != nil {
 					p.evict(elm.elm)
 				}
@@ -68,12 +68,12 @@ func (p *pool) GetContext(ctx context.Context) (any, error) {
 	}
 }
 
-func (p *pool) Get() (any, error) {
+func (p *pool[T]) Get() (T, error) {
 	return p.GetContext(context.Background())
 }
 
-func (p *pool) Put(item any) {
+func (p *pool[T]) Put(item T) {
-	e := &entry{
+	e := &entry[T]{
 		elm:  item,
 		time: time.Now(),
 	}
@@ -90,17 +90,17 @@ func (p *pool) Put(item any) {
 	}
 }
 
-func recycle(p *Pool) {
+func recycle[T any](p *Pool[T]) {
 	for item := range p.pool.ch {
 		if p.pool.evict != nil {
-			p.pool.evict(item.(*entry).elm)
+			p.pool.evict(item.elm)
 		}
 	}
 }
 
-func New(factory Factory, options ...Option) *Pool {
+func New[T any](factory Factory[T], options ...Option[T]) *Pool[T] {
-	p := &pool{
+	p := &pool[T]{
-		ch:      make(chan any, 10),
+		ch:      make(chan *entry[T], 10),
 		factory: factory,
 	}
 
@@ -108,7 +108,7 @@ func New(factory Factory, options ...Option) *Pool {
 		option(p)
 	}
 
-	P := &Pool{p}
+	P := &Pool[T]{p}
-	runtime.SetFinalizer(P, recycle)
+	runtime.SetFinalizer(P, recycle[T])
 	return P
 }

component/pool/pool_test.go

@@ -8,9 +8,9 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func lg() Factory {
+func lg() Factory[int] {
 	initial := -1
-	return func(context.Context) (any, error) {
+	return func(context.Context) (int, error) {
 		initial++
 		return initial, nil
 	}
@@ -18,23 +18,23 @@ func lg() Factory {
 
 func TestPool_Basic(t *testing.T) {
 	g := lg()
-	pool := New(g)
+	pool := New[int](g)
 
 	elm, _ := pool.Get()
-	assert.Equal(t, 0, elm.(int))
+	assert.Equal(t, 0, elm)
 	pool.Put(elm)
 	elm, _ = pool.Get()
-	assert.Equal(t, 0, elm.(int))
+	assert.Equal(t, 0, elm)
 	elm, _ = pool.Get()
-	assert.Equal(t, 1, elm.(int))
+	assert.Equal(t, 1, elm)
 }
 
 func TestPool_MaxSize(t *testing.T) {
 	g := lg()
 	size := 5
-	pool := New(g, WithSize(size))
+	pool := New[int](g, WithSize[int](size))
 
-	var items []any
+	var items []int
 
 	for i := 0; i < size; i++ {
 		item, _ := pool.Get()
@@ -42,7 +42,7 @@ func TestPool_MaxSize(t *testing.T) {
 	}
 
 	extra, _ := pool.Get()
-	assert.Equal(t, size, extra.(int))
+	assert.Equal(t, size, extra)
 
 	for _, item := range items {
 		pool.Put(item)
@@ -52,22 +52,22 @@ func TestPool_MaxSize(t *testing.T) {
 
 	for _, item := range items {
 		elm, _ := pool.Get()
-		assert.Equal(t, item.(int), elm.(int))
+		assert.Equal(t, item, elm)
 	}
 }
 
 func TestPool_MaxAge(t *testing.T) {
 	g := lg()
-	pool := New(g, WithAge(20))
+	pool := New[int](g, WithAge[int](20))
 
 	elm, _ := pool.Get()
 	pool.Put(elm)
 
 	elm, _ = pool.Get()
-	assert.Equal(t, 0, elm.(int))
+	assert.Equal(t, 0, elm)
 	pool.Put(elm)
 
 	time.Sleep(time.Millisecond * 22)
 	elm, _ = pool.Get()
-	assert.Equal(t, 1, elm.(int))
+	assert.Equal(t, 1, elm)
 }

component/process/process.go

@@ -2,9 +2,11 @@ package process
 
 import (
 	"errors"
-	"net"
+	"github.com/Dreamacro/clash/common/nnip"
-
 	C "github.com/Dreamacro/clash/constant"
+	"net"
+	"net/netip"
+	"runtime"
 )
 
 var (
@@ -18,32 +20,43 @@ const (
 	UDP = "udp"
 )
 
-func FindProcessName(network string, srcIP net.IP, srcPort int) (string, error) {
+func FindProcessName(network string, srcIP netip.Addr, srcPort int) (string, error) {
 	return findProcessName(network, srcIP, srcPort)
 }
 
+func FindUid(network string, srcIP netip.Addr, srcPort int) (int32, error) {
+	_, uid, err := resolveSocketByNetlink(network, srcIP, srcPort)
+	if err != nil {
+		return -1, err
+	}
+	return uid, nil
+}
+
 func ShouldFindProcess(metadata *C.Metadata) bool {
-	if metadata.Process != "" {
+	if runtime.GOOS == "android" {
+		return false
+	}
+	if metadata.Process != "" || metadata.ProcessPath != "" {
 		return false
 	}
 	for _, ip := range localIPs {
-		if ip.Equal(metadata.SrcIP) {
+		if ip == metadata.SrcIP {
 			return true
 		}
 	}
 	return false
 }
 
-func AppendLocalIPs(ip ...net.IP) {
+func AppendLocalIPs(ip ...netip.Addr) {
 	localIPs = append(ip, localIPs...)
 }
 
-func getLocalIPs() []net.IP {
+func getLocalIPs() []netip.Addr {
-	ips := []net.IP{net.IPv4zero, net.IPv6zero}
+	ips := []netip.Addr{netip.IPv4Unspecified(), netip.IPv6Unspecified()}
 
 	netInterfaces, err := net.Interfaces()
 	if err != nil {
-		ips = append(ips, net.IPv4(127, 0, 0, 1), net.IPv6loopback)
+		ips = append(ips, netip.AddrFrom4([4]byte{127, 0, 0, 1}), nnip.IpToAddr(net.IPv6loopback))
 		return ips
 	}
 
@@ -53,7 +66,7 @@ func getLocalIPs() []net.IP {
 
 			for _, address := range adds {
 				if ipNet, ok := address.(*net.IPNet); ok {
-					ips = append(ips, ipNet.IP)
+					ips = append(ips, nnip.IpToAddr(ipNet.IP))
 				}
 			}
 		}
@@ -62,7 +75,7 @@ func getLocalIPs() []net.IP {
 	return ips
 }
 
-var localIPs []net.IP
+var localIPs []netip.Addr
 
 func init() {
 	localIPs = getLocalIPs()

component/process/process_android.go

@@ -1,230 +0,0 @@
-package process
-
-import (
-	"bytes"
-	"encoding/binary"
-	"fmt"
-	"net"
-	"os"
-	"path"
-	"path/filepath"
-	"strings"
-	"syscall"
-	"unicode"
-	"unsafe"
-
-	"github.com/Dreamacro/clash/common/pool"
-)
-
-// from https://github.com/vishvananda/netlink/blob/bca67dfc8220b44ef582c9da4e9172bf1c9ec973/nl/nl_linux.go#L52-L62
-var nativeEndian = func() binary.ByteOrder {
-	var x uint32 = 0x01020304
-	if *(*byte)(unsafe.Pointer(&x)) == 0x01 {
-		return binary.BigEndian
-	}
-
-	return binary.LittleEndian
-}()
-
-const (
-	sizeOfSocketDiagRequest = syscall.SizeofNlMsghdr + 8 + 48
-	socketDiagByFamily      = 20
-	pathProc                = "/proc"
-)
-
-func findProcessName(network string, ip net.IP, srcPort int) (string, error) {
-	inode, uid, err := resolveSocketByNetlink(network, ip, srcPort)
-	if err != nil {
-		return "", err
-	}
-
-	return resolveProcessNameByProcSearch(inode, uid)
-}
-
-func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int32, error) {
-	var family byte
-	var protocol byte
-
-	switch network {
-	case TCP:
-		protocol = syscall.IPPROTO_TCP
-	case UDP:
-		protocol = syscall.IPPROTO_UDP
-	default:
-		return 0, 0, ErrInvalidNetwork
-	}
-
-	if ip.To4() != nil {
-		family = syscall.AF_INET
-	} else {
-		family = syscall.AF_INET6
-	}
-
-	req := packSocketDiagRequest(family, protocol, ip, uint16(srcPort))
-
-	socket, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_DGRAM, syscall.NETLINK_INET_DIAG)
-	if err != nil {
-		return 0, 0, fmt.Errorf("dial netlink: %w", err)
-	}
-	defer syscall.Close(socket)
-
-	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100})
-	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100})
-
-	if err := syscall.Connect(socket, &syscall.SockaddrNetlink{
-		Family: syscall.AF_NETLINK,
-		Pad:    0,
-		Pid:    0,
-		Groups: 0,
-	}); err != nil {
-		return 0, 0, err
-	}
-
-	if _, err := syscall.Write(socket, req); err != nil {
-		return 0, 0, fmt.Errorf("write request: %w", err)
-	}
-
-	rb := pool.Get(pool.RelayBufferSize)
-	defer pool.Put(rb)
-
-	n, err := syscall.Read(socket, rb)
-	if err != nil {
-		return 0, 0, fmt.Errorf("read response: %w", err)
-	}
-
-	messages, err := syscall.ParseNetlinkMessage(rb[:n])
-	if err != nil {
-		return 0, 0, fmt.Errorf("parse netlink message: %w", err)
-	} else if len(messages) == 0 {
-		return 0, 0, fmt.Errorf("unexcepted netlink response")
-	}
-
-	message := messages[0]
-	if message.Header.Type&syscall.NLMSG_ERROR != 0 {
-		return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR")
-	}
-
-	uid, inode := unpackSocketDiagResponse(&messages[0])
-	if uid < 0 || inode < 0 {
-		return 0, 0, fmt.Errorf("invalid uid(%d) or inode(%d)", uid, inode)
-	}
-
-	return uid, inode, nil
-}
-
-func packSocketDiagRequest(family, protocol byte, source net.IP, sourcePort uint16) []byte {
-	s := make([]byte, 16)
-
-	if v4 := source.To4(); v4 != nil {
-		copy(s, v4)
-	} else {
-		copy(s, source)
-	}
-
-	buf := make([]byte, sizeOfSocketDiagRequest)
-
-	nativeEndian.PutUint32(buf[0:4], sizeOfSocketDiagRequest)
-	nativeEndian.PutUint16(buf[4:6], socketDiagByFamily)
-	nativeEndian.PutUint16(buf[6:8], syscall.NLM_F_REQUEST|syscall.NLM_F_DUMP)
-	nativeEndian.PutUint32(buf[8:12], 0)
-	nativeEndian.PutUint32(buf[12:16], 0)
-
-	buf[16] = family
-	buf[17] = protocol
-	buf[18] = 0
-	buf[19] = 0
-	nativeEndian.PutUint32(buf[20:24], 0xFFFFFFFF)
-
-	binary.BigEndian.PutUint16(buf[24:26], sourcePort)
-	binary.BigEndian.PutUint16(buf[26:28], 0)
-
-	copy(buf[28:44], s)
-	copy(buf[44:60], net.IPv6zero)
-
-	nativeEndian.PutUint32(buf[60:64], 0)
-	nativeEndian.PutUint64(buf[64:72], 0xFFFFFFFFFFFFFFFF)
-
-	return buf
-}
-
-func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid int32) {
-	if len(msg.Data) < 72 {
-		return 0, 0
-	}
-
-	data := msg.Data
-
-	uid = int32(nativeEndian.Uint32(data[64:68]))
-	inode = int32(nativeEndian.Uint32(data[68:72]))
-
-	return
-}
-
-func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
-	files, err := os.ReadDir(pathProc)
-	if err != nil {
-		return "", err
-	}
-
-	buffer := make([]byte, syscall.PathMax)
-	socket := []byte(fmt.Sprintf("socket:[%d]", inode))
-
-	for _, f := range files {
-		if !f.IsDir() || !isPid(f.Name()) {
-			continue
-		}
-
-		info, err := f.Info()
-		if err != nil {
-			return "", err
-		}
-		if info.Sys().(*syscall.Stat_t).Uid != uint32(uid) {
-			continue
-		}
-
-		processPath := path.Join(pathProc, f.Name())
-		fdPath := path.Join(processPath, "fd")
-
-		fds, err := os.ReadDir(fdPath)
-		if err != nil {
-			continue
-		}
-
-		for _, fd := range fds {
-			n, err := syscall.Readlink(path.Join(fdPath, fd.Name()), buffer)
-			if err != nil {
-				continue
-			}
-
-			if bytes.Equal(buffer[:n], socket) {
-				cmdline, err := os.ReadFile(path.Join(processPath, "cmdline"))
-				if err != nil {
-					return "", err
-				}
-
-				return splitCmdline(cmdline), nil
-			}
-		}
-	}
-
-	return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
-}
-
-func splitCmdline(cmdline []byte) string {
-	cmdline = bytes.Trim(cmdline, " ")
-
-	idx := bytes.IndexFunc(cmdline, func(r rune) bool {
-		return unicode.IsControl(r) || unicode.IsSpace(r)
-	})
-
-	if idx == -1 {
-		return filepath.Base(string(cmdline))
-	}
-	return filepath.Base(string(cmdline[:idx]))
-}
-
-func isPid(s string) bool {
-	return strings.IndexFunc(s, func(r rune) bool {
-		return !unicode.IsDigit(r)
-	}) == -1
-}

component/process/process_darwin.go

@@ -2,10 +2,12 @@ package process
 
 import (
 	"encoding/binary"
-	"net"
+	"net/netip"
 	"syscall"
 	"unsafe"
 
+	"github.com/Dreamacro/clash/common/nnip"
+
 	"golang.org/x/sys/unix"
 )
 
@@ -15,7 +17,11 @@ const (
 	proccallnumpidinfo  = 0x2
 )
 
-func findProcessName(network string, ip net.IP, port int) (string, error) {
+func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
+	return 0, 0, ErrPlatformNotSupport
+}
+
+func findProcessName(network string, ip netip.Addr, port int) (string, error) {
 	var spath string
 	switch network {
 	case TCP:
@@ -26,7 +32,7 @@ func findProcessName(network string, ip net.IP, port int) (string, error) {
 		return "", ErrInvalidNetwork
 	}
 
-	isIPv4 := ip.To4() != nil
+	isIPv4 := ip.Is4()
 
 	value, err := syscall.Sysctl(spath)
 	if err != nil {
@@ -57,19 +63,19 @@ func findProcessName(network string, ip net.IP, port int) (string, error) {
 		// xinpcb_n.inp_vflag
 		flag := buf[inp+44]
 
-		var srcIP net.IP
+		var srcIP netip.Addr
 		switch {
 		case flag&0x1 > 0 && isIPv4:
 			// ipv4
-			srcIP = net.IP(buf[inp+76 : inp+80])
+			srcIP = nnip.IpToAddr(buf[inp+76 : inp+80])
 		case flag&0x2 > 0 && !isIPv4:
 			// ipv6
-			srcIP = net.IP(buf[inp+64 : inp+80])
+			srcIP = nnip.IpToAddr(buf[inp+64 : inp+80])
 		default:
 			continue
 		}
 
-		if !ip.Equal(srcIP) && (network == TCP || !srcIP.IsUnspecified()) {
+		if ip != srcIP && (network == TCP || !srcIP.IsUnspecified()) {
 			continue
 		}
 

component/process/process_freebsd_amd64.go

@@ -3,13 +3,14 @@ package process
 import (
 	"encoding/binary"
 	"fmt"
-	"net"
+	"net/netip"
 	"strconv"
 	"strings"
 	"sync"
 	"syscall"
 	"unsafe"
 
+	"github.com/Dreamacro/clash/common/nnip"
 	"github.com/Dreamacro/clash/log"
 )
 
@@ -20,7 +21,11 @@ var (
 	once sync.Once
 )
 
-func findProcessName(network string, ip net.IP, srcPort int) (string, error) {
+func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
+	return 0, 0, ErrPlatformNotSupport
+}
+
+func findProcessName(network string, ip netip.Addr, srcPort int) (string, error) {
 	once.Do(func() {
 		if err := initSearcher(); err != nil {
 			log.Errorln("Initialize PROCESS-NAME failed: %s", err.Error())
@@ -102,7 +107,7 @@ type searcher struct {
 	pid          int
 }
 
-func (s *searcher) Search(buf []byte, ip net.IP, port uint16, isTCP bool) (uint32, error) {
+func (s *searcher) Search(buf []byte, ip netip.Addr, port uint16, isTCP bool) (uint32, error) {
 	var itemSize int
 	var inpOffset int
 
@@ -116,7 +121,7 @@ func (s *searcher) Search(buf []byte, ip net.IP, port uint16, isTCP bool) (uint3
 		inpOffset = s.udpInpOffset
 	}
 
-	isIPv4 := ip.To4() != nil
+	isIPv4 := ip.Is4()
 	// skip the first xinpgen block
 	for i := s.headSize; i+itemSize <= len(buf); i += itemSize {
 		inp := i + inpOffset
@@ -130,19 +135,19 @@ func (s *searcher) Search(buf []byte, ip net.IP, port uint16, isTCP bool) (uint3
 		// xinpcb.inp_vflag
 		flag := buf[inp+s.vflag]
 
-		var srcIP net.IP
+		var srcIP netip.Addr
 		switch {
 		case flag&0x1 > 0 && isIPv4:
 			// ipv4
-			srcIP = net.IP(buf[inp+s.ip : inp+s.ip+4])
+			srcIP = nnip.IpToAddr(buf[inp+s.ip : inp+s.ip+4])
 		case flag&0x2 > 0 && !isIPv4:
 			// ipv6
-			srcIP = net.IP(buf[inp+s.ip-12 : inp+s.ip+4])
+			srcIP = nnip.IpToAddr(buf[inp+s.ip-12 : inp+s.ip+4])
 		default:
 			continue
 		}
 
-		if !ip.Equal(srcIP) {
+		if ip != srcIP {
 			continue
 		}
 

component/process/process_linux.go

@@ -1,5 +1,3 @@
-//go:build !android
-
 package process
 
 import (
@@ -7,6 +5,7 @@ import (
 	"encoding/binary"
 	"fmt"
 	"net"
+	"net/netip"
 	"os"
 	"path"
 	"strings"
@@ -33,16 +32,15 @@ const (
 	pathProc                = "/proc"
 )
 
-func findProcessName(network string, ip net.IP, srcPort int) (string, error) {
+func findProcessName(network string, ip netip.Addr, srcPort int) (string, error) {
 	inode, uid, err := resolveSocketByNetlink(network, ip, srcPort)
 	if err != nil {
 		return "", err
 	}
-
 	return resolveProcessNameByProcSearch(inode, uid)
 }
 
-func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int32, error) {
+func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
 	var family byte
 	var protocol byte
 
@@ -55,7 +53,7 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int3
 		return 0, 0, ErrInvalidNetwork
 	}
 
-	if ip.To4() != nil {
+	if ip.Is4() {
 		family = syscall.AF_INET
 	} else {
 		family = syscall.AF_INET6
@@ -67,10 +65,12 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int3
 	if err != nil {
 		return 0, 0, fmt.Errorf("dial netlink: %w", err)
 	}
-	defer syscall.Close(socket)
+	defer func() {
+		_ = syscall.Close(socket)
+	}()
 
-	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100})
+	_ = syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100})
-	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100})
+	_ = syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100})
 
 	if err := syscall.Connect(socket, &syscall.SockaddrNetlink{
 		Family: syscall.AF_NETLINK,
@@ -86,7 +86,9 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int3
 	}
 
 	rb := pool.Get(pool.RelayBufferSize)
-	defer pool.Put(rb)
+	defer func() {
+		_ = pool.Put(rb)
+	}()
 
 	n, err := syscall.Read(socket, rb)
 	if err != nil {
@@ -105,7 +107,7 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int3
 		return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR")
 	}
 
-	inode, uid := unpackSocketDiagResponse(&messages[0])
+	inode, uid := unpackSocketDiagResponse(&message)
 	if inode < 0 || uid < 0 {
 		return 0, 0, fmt.Errorf("invalid inode(%d) or uid(%d)", inode, uid)
 	}
@@ -113,14 +115,10 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int3
 	return inode, uid, nil
 }
 
-func packSocketDiagRequest(family, protocol byte, source net.IP, sourcePort uint16) []byte {
+func packSocketDiagRequest(family, protocol byte, source netip.Addr, sourcePort uint16) []byte {
 	s := make([]byte, 16)
 
-	if v4 := source.To4(); v4 != nil {
+	copy(s, source.AsSlice())
-		copy(s, v4)
-	} else {
-		copy(s, source)
-	}
 
 	buf := make([]byte, sizeOfSocketDiagRequest)
 

component/process/process_other.go

@@ -2,8 +2,12 @@
 
 package process
 
-import "net"
+import "net/netip"
 
-func findProcessName(network string, ip net.IP, srcPort int) (string, error) {
+func findProcessName(network string, ip netip.Addr, srcPort int) (string, error) {
 	return "", ErrPlatformNotSupport
 }
+
+func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
+	return 0, 0, ErrPlatformNotSupport
+}

component/process/process_windows.go

@@ -2,11 +2,12 @@ package process
 
 import (
 	"fmt"
-	"net"
+	"net/netip"
 	"sync"
 	"syscall"
 	"unsafe"
 
+	"github.com/Dreamacro/clash/common/nnip"
 	"github.com/Dreamacro/clash/log"
 
 	"golang.org/x/sys/windows"
@@ -28,6 +29,10 @@ var (
 	once sync.Once
 )
 
+func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
+	return 0, 0, ErrPlatformNotSupport
+}
+
 func initWin32API() error {
 	h, err := windows.LoadLibrary("iphlpapi.dll")
 	if err != nil {
@@ -57,7 +62,7 @@ func initWin32API() error {
 	return nil
 }
 
-func findProcessName(network string, ip net.IP, srcPort int) (string, error) {
+func findProcessName(network string, ip netip.Addr, srcPort int) (string, error) {
 	once.Do(func() {
 		err := initWin32API()
 		if err != nil {
@@ -67,7 +72,7 @@ func findProcessName(network string, ip net.IP, srcPort int) (string, error) {
 		}
 	})
 	family := windows.AF_INET
-	if ip.To4() == nil {
+	if ip.Is6() {
 		family = windows.AF_INET6
 	}
 
@@ -107,7 +112,7 @@ type searcher struct {
 	tcpState int
 }
 
-func (s *searcher) Search(b []byte, ip net.IP, port uint16) (uint32, error) {
+func (s *searcher) Search(b []byte, ip netip.Addr, port uint16) (uint32, error) {
 	n := int(readNativeUint32(b[:4]))
 	itemSize := s.itemSize
 	for i := 0; i < n; i++ {
@@ -131,9 +136,9 @@ func (s *searcher) Search(b []byte, ip net.IP, port uint16) (uint32, error) {
 			continue
 		}
 
-		srcIP := net.IP(row[s.ip : s.ip+s.ipSize])
+		srcIP := nnip.IpToAddr(row[s.ip : s.ip+s.ipSize])
 		// windows binds an unbound udp socket to 0.0.0.0/[::] while first sendto
-		if !ip.Equal(srcIP) && (!srcIP.IsUnspecified() || s.tcpState != -1) {
+		if ip != srcIP && (!srcIP.IsUnspecified() || s.tcpState != -1) {
 			continue
 		}
 
@@ -214,8 +219,7 @@ func getExecPathFromPID(pid uint32) (string, error) {
 		uintptr(h),
 		uintptr(1),
 		uintptr(unsafe.Pointer(&buf[0])),
-		uintptr(unsafe.Pointer(&size)),
+		uintptr(unsafe.Pointer(&size)))
-		0, 0)
 	if r1 == 0 {
 		return "", err
 	}

component/resolver/defaults.go

@@ -0,0 +1,12 @@
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+
+package resolver
+
+import _ "unsafe"
+
+//go:linkname defaultNS net.defaultNS
+var defaultNS []string
+
+func init() {
+	defaultNS = []string{"114.114.114.114:53", "8.8.8.8:53"}
+}

component/resolver/enhancer.go

@@ -1,19 +1,19 @@
 package resolver
 
-import (
+import "net/netip"
-	"net"
-)
 
 var DefaultHostMapper Enhancer
 
 type Enhancer interface {
 	FakeIPEnabled() bool
 	MappingEnabled() bool
-	IsFakeIP(net.IP) bool
+	IsFakeIP(netip.Addr) bool
-	IsFakeBroadcastIP(net.IP) bool
+	IsFakeBroadcastIP(netip.Addr) bool
-	IsExistFakeIP(net.IP) bool
+	IsExistFakeIP(netip.Addr) bool
-	FindHostByIP(net.IP) (string, bool)
+	FindHostByIP(netip.Addr) (string, bool)
 	FlushFakeIP() error
+	InsertHostByIP(netip.Addr, string)
+	StoreFakePoolState()
 }
 
 func FakeIPEnabled() bool {
@@ -32,7 +32,7 @@ func MappingEnabled() bool {
 	return false
 }
 
-func IsFakeIP(ip net.IP) bool {
+func IsFakeIP(ip netip.Addr) bool {
 	if mapper := DefaultHostMapper; mapper != nil {
 		return mapper.IsFakeIP(ip)
 	}
@@ -40,7 +40,7 @@ func IsFakeIP(ip net.IP) bool {
 	return false
 }
 
-func IsFakeBroadcastIP(ip net.IP) bool {
+func IsFakeBroadcastIP(ip netip.Addr) bool {
 	if mapper := DefaultHostMapper; mapper != nil {
 		return mapper.IsFakeBroadcastIP(ip)
 	}
@@ -48,7 +48,7 @@ func IsFakeBroadcastIP(ip net.IP) bool {
 	return false
 }
 
-func IsExistFakeIP(ip net.IP) bool {
+func IsExistFakeIP(ip netip.Addr) bool {
 	if mapper := DefaultHostMapper; mapper != nil {
 		return mapper.IsExistFakeIP(ip)
 	}
@@ -56,7 +56,13 @@ func IsExistFakeIP(ip net.IP) bool {
 	return false
 }
 
-func FindHostByIP(ip net.IP) (string, bool) {
+func InsertHostByIP(ip netip.Addr, host string) {
+	if mapper := DefaultHostMapper; mapper != nil {
+		mapper.InsertHostByIP(ip, host)
+	}
+}
+
+func FindHostByIP(ip netip.Addr) (string, bool) {
 	if mapper := DefaultHostMapper; mapper != nil {
 		return mapper.FindHostByIP(ip)
 	}
@@ -70,3 +76,9 @@ func FlushFakeIP() error {
 	}
 	return nil
 }
+
+func StoreFakePoolState() {
+	if mapper := DefaultHostMapper; mapper != nil {
+		mapper.StoreFakePoolState()
+	}
+}

component/resolver/resolver.go

@@ -5,9 +5,10 @@ import (
 	"errors"
 	"math/rand"
 	"net"
-	"strings"
+	"net/netip"
 	"time"
 
+	"github.com/Dreamacro/clash/common/nnip"
 	"github.com/Dreamacro/clash/component/trie"
 )
 
@@ -23,7 +24,7 @@ var (
 	DisableIPv6 = true
 
 	// DefaultHosts aim to resolve hosts
-	DefaultHosts = trie.New()
+	DefaultHosts = trie.New[netip.Addr]()
 
 	// DefaultDNSTimeout defined the default dns request timeout
 	DefaultDNSTimeout = time.Second * 5
@@ -36,134 +37,57 @@ var (
 )
 
 type Resolver interface {
-	ResolveIP(host string) (ip net.IP, err error)
+	ResolveIP(host string) (ip netip.Addr, err error)
-	ResolveIPv4(host string) (ip net.IP, err error)
+	ResolveIPv4(host string) (ip netip.Addr, err error)
-	ResolveIPv6(host string) (ip net.IP, err error)
+	ResolveIPv6(host string) (ip netip.Addr, err error)
+	ResolveAllIP(host string) (ip []netip.Addr, err error)
+	ResolveAllIPPrimaryIPv4(host string) (ips []netip.Addr, err error)
+	ResolveAllIPv4(host string) (ips []netip.Addr, err error)
+	ResolveAllIPv6(host string) (ips []netip.Addr, err error)
 }
 
 // ResolveIPv4 with a host, return ipv4
-func ResolveIPv4(host string) (net.IP, error) {
+func ResolveIPv4(host string) (netip.Addr, error) {
 	return ResolveIPv4WithResolver(host, DefaultResolver)
 }
 
-func ResolveIPv4WithResolver(host string, r Resolver) (net.IP, error) {
+func ResolveIPv4WithResolver(host string, r Resolver) (netip.Addr, error) {
-	if node := DefaultHosts.Search(host); node != nil {
+	if ips, err := ResolveAllIPv4WithResolver(host, r); err == nil {
-		if ip := node.Data.(net.IP).To4(); ip != nil {
+		return ips[rand.Intn(len(ips))], nil
-			return ip, nil
+	} else {
+		return netip.Addr{}, nil
 	}
 }
 
-	ip := net.ParseIP(host)
-	if ip != nil {
-		if !strings.Contains(host, ":") {
-			return ip, nil
-		}
-		return nil, ErrIPVersion
-	}
-
-	if r != nil {
-		return r.ResolveIPv4(host)
-	}
-
-	if DefaultResolver == nil {
-		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
-		defer cancel()
-		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip4", host)
-		if err != nil {
-			return nil, err
-		} else if len(ipAddrs) == 0 {
-			return nil, ErrIPNotFound
-		}
-
-		return ipAddrs[rand.Intn(len(ipAddrs))], nil
-	}
-
-	return nil, ErrIPNotFound
-}
-
 // ResolveIPv6 with a host, return ipv6
-func ResolveIPv6(host string) (net.IP, error) {
+func ResolveIPv6(host string) (netip.Addr, error) {
 	return ResolveIPv6WithResolver(host, DefaultResolver)
 }
 
-func ResolveIPv6WithResolver(host string, r Resolver) (net.IP, error) {
+func ResolveIPv6WithResolver(host string, r Resolver) (netip.Addr, error) {
-	if DisableIPv6 {
+	if ips, err := ResolveAllIPv6WithResolver(host, r); err == nil {
-		return nil, ErrIPv6Disabled
+		return ips[rand.Intn(len(ips))], nil
+	} else {
+		return netip.Addr{}, err
 	}
-
-	if node := DefaultHosts.Search(host); node != nil {
-		if ip := node.Data.(net.IP).To16(); ip != nil {
-			return ip, nil
-		}
-	}
-
-	ip := net.ParseIP(host)
-	if ip != nil {
-		if strings.Contains(host, ":") {
-			return ip, nil
-		}
-		return nil, ErrIPVersion
-	}
-
-	if r != nil {
-		return r.ResolveIPv6(host)
-	}
-
-	if DefaultResolver == nil {
-		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
-		defer cancel()
-		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip6", host)
-		if err != nil {
-			return nil, err
-		} else if len(ipAddrs) == 0 {
-			return nil, ErrIPNotFound
-		}
-
-		return ipAddrs[rand.Intn(len(ipAddrs))], nil
-	}
-
-	return nil, ErrIPNotFound
 }
 
 // ResolveIPWithResolver same as ResolveIP, but with a resolver
-func ResolveIPWithResolver(host string, r Resolver) (net.IP, error) {
+func ResolveIPWithResolver(host string, r Resolver) (netip.Addr, error) {
-	if node := DefaultHosts.Search(host); node != nil {
+	if ips, err := ResolveAllIPPrimaryIPv4WithResolver(host, r); err == nil {
-		return node.Data.(net.IP), nil
+		return ips[rand.Intn(len(ips))], nil
+	} else {
+		return netip.Addr{}, err
 	}
-
-	if r != nil {
-		if DisableIPv6 {
-			return r.ResolveIPv4(host)
-		}
-		return r.ResolveIP(host)
-	} else if DisableIPv6 {
-		return ResolveIPv4(host)
-	}
-
-	ip := net.ParseIP(host)
-	if ip != nil {
-		return ip, nil
-	}
-
-	if DefaultResolver == nil {
-		ipAddr, err := net.ResolveIPAddr("ip", host)
-		if err != nil {
-			return nil, err
-		}
-
-		return ipAddr.IP, nil
-	}
-
-	return nil, ErrIPNotFound
 }
 
 // ResolveIP with a host, return ip
-func ResolveIP(host string) (net.IP, error) {
+func ResolveIP(host string) (netip.Addr, error) {
 	return ResolveIPWithResolver(host, DefaultResolver)
 }
 
 // ResolveIPv4ProxyServerHost proxies server host only
-func ResolveIPv4ProxyServerHost(host string) (net.IP, error) {
+func ResolveIPv4ProxyServerHost(host string) (netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
 		return ResolveIPv4WithResolver(host, ProxyServerHostResolver)
 	}
@@ -171,7 +95,7 @@ func ResolveIPv4ProxyServerHost(host string) (net.IP, error) {
 }
 
 // ResolveIPv6ProxyServerHost proxies server host only
-func ResolveIPv6ProxyServerHost(host string) (net.IP, error) {
+func ResolveIPv6ProxyServerHost(host string) (netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
 		return ResolveIPv6WithResolver(host, ProxyServerHostResolver)
 	}
@@ -179,9 +103,188 @@ func ResolveIPv6ProxyServerHost(host string) (net.IP, error) {
 }
 
 // ResolveProxyServerHost proxies server host only
-func ResolveProxyServerHost(host string) (net.IP, error) {
+func ResolveProxyServerHost(host string) (netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
 		return ResolveIPWithResolver(host, ProxyServerHostResolver)
 	}
 	return ResolveIP(host)
 }
+
+func ResolveAllIPv6WithResolver(host string, r Resolver) ([]netip.Addr, error) {
+	if DisableIPv6 {
+		return []netip.Addr{}, ErrIPv6Disabled
+	}
+
+	if node := DefaultHosts.Search(host); node != nil {
+		if ip := node.Data; ip.Is6() {
+			return []netip.Addr{ip}, nil
+		}
+	}
+
+	ip, err := netip.ParseAddr(host)
+	if err == nil {
+		if ip.Is6() {
+			return []netip.Addr{ip}, nil
+		}
+		return []netip.Addr{}, ErrIPVersion
+	}
+
+	if r != nil {
+		return r.ResolveAllIPv6(host)
+	}
+
+	if DefaultResolver == nil {
+		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
+		defer cancel()
+		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip6", host)
+		if err != nil {
+			return []netip.Addr{}, err
+		} else if len(ipAddrs) == 0 {
+			return []netip.Addr{}, ErrIPNotFound
+		}
+
+		return []netip.Addr{netip.AddrFrom16(*(*[16]byte)(ipAddrs[rand.Intn(len(ipAddrs))]))}, nil
+	}
+
+	return []netip.Addr{}, ErrIPNotFound
+}
+
+func ResolveAllIPv4WithResolver(host string, r Resolver) ([]netip.Addr, error) {
+	if node := DefaultHosts.Search(host); node != nil {
+		if ip := node.Data; ip.Is4() {
+			return []netip.Addr{node.Data}, nil
+		}
+	}
+
+	ip, err := netip.ParseAddr(host)
+	if err == nil {
+		if ip.Is4() {
+			return []netip.Addr{ip}, nil
+		}
+		return []netip.Addr{}, ErrIPVersion
+	}
+
+	if r != nil {
+		return r.ResolveAllIPv4(host)
+	}
+
+	if DefaultResolver == nil {
+		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
+		defer cancel()
+		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip4", host)
+		if err != nil {
+			return []netip.Addr{}, err
+		} else if len(ipAddrs) == 0 {
+			return []netip.Addr{}, ErrIPNotFound
+		}
+
+		ip := ipAddrs[rand.Intn(len(ipAddrs))].To4()
+		if ip == nil {
+			return []netip.Addr{}, ErrIPVersion
+		}
+
+		return []netip.Addr{netip.AddrFrom4(*(*[4]byte)(ip))}, nil
+	}
+
+	return []netip.Addr{}, ErrIPNotFound
+}
+
+func ResolveAllIPWithResolver(host string, r Resolver) ([]netip.Addr, error) {
+	if node := DefaultHosts.Search(host); node != nil {
+		return []netip.Addr{node.Data}, nil
+	}
+
+	if r != nil {
+		if DisableIPv6 {
+			return r.ResolveAllIPv4(host)
+		}
+
+		return r.ResolveAllIP(host)
+	} else if DisableIPv6 {
+		return ResolveAllIPv4(host)
+	}
+
+	ip, err := netip.ParseAddr(host)
+	if err == nil {
+		return []netip.Addr{ip}, nil
+	}
+
+	if DefaultResolver == nil {
+		ipAddr, err := net.ResolveIPAddr("ip", host)
+		if err != nil {
+			return []netip.Addr{}, err
+		}
+
+		return []netip.Addr{nnip.IpToAddr(ipAddr.IP)}, nil
+	}
+
+	return []netip.Addr{}, ErrIPNotFound
+}
+
+func ResolveAllIPPrimaryIPv4WithResolver(host string, r Resolver) ([]netip.Addr, error) {
+	if node := DefaultHosts.Search(host); node != nil {
+		return []netip.Addr{node.Data}, nil
+	}
+
+	if r != nil {
+		if DisableIPv6 {
+			return r.ResolveAllIPv4(host)
+		}
+
+		return r.ResolveAllIPPrimaryIPv4(host)
+	} else if DisableIPv6 {
+		return ResolveAllIPv4(host)
+	}
+
+	ip, err := netip.ParseAddr(host)
+	if err == nil {
+		return []netip.Addr{ip}, nil
+	}
+
+	if DefaultResolver == nil {
+		ipAddr, err := net.ResolveIPAddr("ip", host)
+		if err != nil {
+			return []netip.Addr{}, err
+		}
+
+		return []netip.Addr{nnip.IpToAddr(ipAddr.IP)}, nil
+	}
+
+	return []netip.Addr{}, ErrIPNotFound
+}
+
+func ResolveAllIP(host string) ([]netip.Addr, error) {
+	return ResolveAllIPWithResolver(host, DefaultResolver)
+}
+
+func ResolveAllIPv4(host string) ([]netip.Addr, error) {
+	return ResolveAllIPv4WithResolver(host, DefaultResolver)
+}
+
+func ResolveAllIPv6(host string) ([]netip.Addr, error) {
+	return ResolveAllIPv6WithResolver(host, DefaultResolver)
+}
+
+func ResolveAllIPv6ProxyServerHost(host string) ([]netip.Addr, error) {
+	if ProxyServerHostResolver != nil {
+		return ResolveAllIPv6WithResolver(host, ProxyServerHostResolver)
+	}
+
+	return ResolveAllIPv6(host)
+}
+
+func ResolveAllIPv4ProxyServerHost(host string) ([]netip.Addr, error) {
+	if ProxyServerHostResolver != nil {
+		return ResolveAllIPv4WithResolver(host, ProxyServerHostResolver)
+	}
+
+	return ResolveAllIPv4(host)
+}
+
+func ResolveAllIPProxyServerHost(host string) ([]netip.Addr, error) {
+	if ProxyServerHostResolver != nil {
+		return ResolveAllIPWithResolver(host, ProxyServerHostResolver)
+	}
+
+	return ResolveAllIP(host)
+}

component/sniffer/dispatcher.go

@@ -0,0 +1,167 @@
+package sniffer
+
+import (
+	"errors"
+	"net"
+	"net/netip"
+	"strconv"
+	"time"
+
+	"github.com/Dreamacro/clash/component/trie"
+
+	CN "github.com/Dreamacro/clash/common/net"
+	"github.com/Dreamacro/clash/common/utils"
+	"github.com/Dreamacro/clash/component/resolver"
+	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/log"
+)
+
+var (
+	ErrorUnsupportedSniffer = errors.New("unsupported sniffer")
+	ErrorSniffFailed        = errors.New("all sniffer failed")
+)
+
+var Dispatcher SnifferDispatcher
+
+type (
+	SnifferDispatcher struct {
+		enable bool
+
+		sniffers []C.Sniffer
+
+		foreDomain *trie.DomainTrie[bool]
+		skipSNI    *trie.DomainTrie[bool]
+		portRanges *[]utils.Range[uint16]
+	}
+)
+
+func (sd *SnifferDispatcher) TCPSniff(conn net.Conn, metadata *C.Metadata) {
+	bufConn, ok := conn.(*CN.BufferedConn)
+	if !ok {
+		return
+	}
+
+	if metadata.Host == "" || sd.foreDomain.Search(metadata.Host) != nil {
+		port, err := strconv.ParseUint(metadata.DstPort, 10, 16)
+		if err != nil {
+			log.Debugln("[Sniffer] Dst port is error")
+			return
+		}
+
+		inWhitelist := false
+		for _, portRange := range *sd.portRanges {
+			if portRange.Contains(uint16(port)) {
+				inWhitelist = true
+				break
+			}
+		}
+
+		if !inWhitelist {
+			return
+		}
+
+		if host, err := sd.sniffDomain(bufConn, metadata); err != nil {
+			log.Debugln("[Sniffer] All sniffing sniff failed with from [%s:%s] to [%s:%s]", metadata.SrcIP, metadata.SrcPort, metadata.String(), metadata.DstPort)
+			return
+		} else {
+			if sd.skipSNI.Search(host) != nil {
+				log.Debugln("[Sniffer] Skip sni[%s]", host)
+				return
+			}
+
+			sd.replaceDomain(metadata, host)
+		}
+	}
+}
+
+func (sd *SnifferDispatcher) replaceDomain(metadata *C.Metadata, host string) {
+	log.Debugln("[Sniffer] Sniff TCP [%s:%s]-->[%s:%s] success, replace domain [%s]-->[%s]",
+		metadata.SrcIP, metadata.SrcPort,
+		metadata.DstIP, metadata.DstPort,
+		metadata.Host, host)
+
+	metadata.AddrType = C.AtypDomainName
+	metadata.Host = host
+	metadata.DNSMode = C.DNSMapping
+	resolver.InsertHostByIP(metadata.DstIP, host)
+	metadata.DstIP = netip.Addr{}
+}
+
+func (sd *SnifferDispatcher) Enable() bool {
+	return sd.enable
+}
+
+func (sd *SnifferDispatcher) sniffDomain(conn *CN.BufferedConn, metadata *C.Metadata) (string, error) {
+	for _, sniffer := range sd.sniffers {
+		if sniffer.SupportNetwork() == C.TCP {
+			conn.SetReadDeadline(time.Now().Add(3 * time.Second))
+			_, err := conn.Peek(1)
+			conn.SetReadDeadline(time.Time{})
+			if err != nil {
+				_, ok := err.(*net.OpError)
+				if ok {
+					log.Errorln("[Sniffer] [%s] Maybe read timeout, Consider adding skip", metadata.DstIP.String())
+					conn.Close()
+				}
+				log.Errorln("[Sniffer] %v", err)
+				return "", err
+			}
+
+			bufferedLen := conn.Buffered()
+			bytes, err := conn.Peek(bufferedLen)
+			if err != nil {
+				log.Debugln("[Sniffer] the data length not enough")
+				continue
+			}
+
+			host, err := sniffer.SniffTCP(bytes)
+			if err != nil {
+				log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP)
+				continue
+			}
+
+			return host, nil
+		}
+	}
+
+	return "", ErrorSniffFailed
+}
+
+func NewCloseSnifferDispatcher() (*SnifferDispatcher, error) {
+	dispatcher := SnifferDispatcher{
+		enable: false,
+	}
+
+	return &dispatcher, nil
+}
+
+func NewSnifferDispatcher(needSniffer []C.SnifferType, forceDomain *trie.DomainTrie[bool],
+	skipSNI *trie.DomainTrie[bool], ports *[]utils.Range[uint16]) (*SnifferDispatcher, error) {
+	dispatcher := SnifferDispatcher{
+		enable:     true,
+		foreDomain: forceDomain,
+		skipSNI:    skipSNI,
+		portRanges: ports,
+	}
+
+	for _, snifferName := range needSniffer {
+		sniffer, err := NewSniffer(snifferName)
+		if err != nil {
+			log.Errorln("Sniffer name[%s] is error", snifferName)
+			return &SnifferDispatcher{enable: false}, err
+		}
+
+		dispatcher.sniffers = append(dispatcher.sniffers, sniffer)
+	}
+
+	return &dispatcher, nil
+}
+
+func NewSniffer(name C.SnifferType) (C.Sniffer, error) {
+	switch name {
+	case C.TLS:
+		return &TLSSniffer{}, nil
+	default:
+		return nil, ErrorUnsupportedSniffer
+	}
+}

component/sniffer/sniff_test.go

@@ -0,0 +1,159 @@
+package sniffer
+
+import (
+	"testing"
+)
+
+func TestTLSHeaders(t *testing.T) {
+	cases := []struct {
+		input  []byte
+		domain string
+		err    bool
+	}{
+		{
+			input: []byte{
+				0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
+				0xc4, 0x03, 0x03, 0x1a, 0xac, 0xb2, 0xa8, 0xfe,
+				0xb4, 0x96, 0x04, 0x5b, 0xca, 0xf7, 0xc1, 0xf4,
+				0x2e, 0x53, 0x24, 0x6e, 0x34, 0x0c, 0x58, 0x36,
+				0x71, 0x97, 0x59, 0xe9, 0x41, 0x66, 0xe2, 0x43,
+				0xa0, 0x13, 0xb6, 0x00, 0x00, 0x20, 0x1a, 0x1a,
+				0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30,
+				0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13,
+				0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d,
+				0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00,
+				0x00, 0x7b, 0xba, 0xba, 0x00, 0x00, 0xff, 0x01,
+				0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x16, 0x00,
+				0x14, 0x00, 0x00, 0x11, 0x63, 0x2e, 0x73, 0x2d,
+				0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
+				0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x17, 0x00,
+				0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
+				0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04,
+				0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08,
+				0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x05, 0x00,
+				0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12,
+				0x00, 0x00, 0x00, 0x10, 0x00, 0x0e, 0x00, 0x0c,
+				0x02, 0x68, 0x32, 0x08, 0x68, 0x74, 0x74, 0x70,
+				0x2f, 0x31, 0x2e, 0x31, 0x00, 0x0b, 0x00, 0x02,
+				0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08,
+				0xaa, 0xaa, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
+				0xaa, 0xaa, 0x00, 0x01, 0x00,
+			},
+			domain: "c.s-microsoft.com",
+			err:    false,
+		},
+		{
+			input: []byte{
+				0x16, 0x03, 0x01, 0x00, 0xee, 0x01, 0x00, 0x00,
+				0xea, 0x03, 0x03, 0xe7, 0x91, 0x9e, 0x93, 0xca,
+				0x78, 0x1b, 0x3c, 0xe0, 0x65, 0x25, 0x58, 0xb5,
+				0x93, 0xe1, 0x0f, 0x85, 0xec, 0x9a, 0x66, 0x8e,
+				0x61, 0x82, 0x88, 0xc8, 0xfc, 0xae, 0x1e, 0xca,
+				0xd7, 0xa5, 0x63, 0x20, 0xbd, 0x1c, 0x00, 0x00,
+				0x8b, 0xee, 0x09, 0xe3, 0x47, 0x6a, 0x0e, 0x74,
+				0xb0, 0xbc, 0xa3, 0x02, 0xa7, 0x35, 0xe8, 0x85,
+				0x70, 0x7c, 0x7a, 0xf0, 0x00, 0xdf, 0x4a, 0xea,
+				0x87, 0x01, 0x14, 0x91, 0x00, 0x20, 0xea, 0xea,
+				0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30,
+				0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13,
+				0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d,
+				0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00,
+				0x00, 0x81, 0x9a, 0x9a, 0x00, 0x00, 0xff, 0x01,
+				0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00,
+				0x16, 0x00, 0x00, 0x13, 0x77, 0x77, 0x77, 0x30,
+				0x37, 0x2e, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x74,
+				0x61, 0x6c, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x00,
+				0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00,
+				0x0d, 0x00, 0x14, 0x00, 0x12, 0x04, 0x03, 0x08,
+				0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05,
+				0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00,
+				0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x12, 0x00, 0x00, 0x00, 0x10, 0x00, 0x0e,
+				0x00, 0x0c, 0x02, 0x68, 0x32, 0x08, 0x68, 0x74,
+				0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x75, 0x50,
+				0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
+				0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x9a, 0x9a,
+				0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x8a, 0x8a,
+				0x00, 0x01, 0x00,
+			},
+			domain: "www07.clicktale.net",
+			err:    false,
+		},
+		{
+			input: []byte{
+				0x16, 0x03, 0x01, 0x00, 0xe6, 0x01, 0x00, 0x00, 0xe2, 0x03, 0x03, 0x81, 0x47, 0xc1,
+				0x66, 0xd5, 0x1b, 0xfa, 0x4b, 0xb5, 0xe0, 0x2a, 0xe1, 0xa7, 0x87, 0x13, 0x1d, 0x11, 0xaa, 0xc6,
+				0xce, 0xfc, 0x7f, 0xab, 0x94, 0xc8, 0x62, 0xad, 0xc8, 0xab, 0x0c, 0xdd, 0xcb, 0x20, 0x6f, 0x9d,
+				0x07, 0xf1, 0x95, 0x3e, 0x99, 0xd8, 0xf3, 0x6d, 0x97, 0xee, 0x19, 0x0b, 0x06, 0x1b, 0xf4, 0x84,
+				0x0b, 0xb6, 0x8f, 0xcc, 0xde, 0xe2, 0xd0, 0x2d, 0x6b, 0x0c, 0x1f, 0x52, 0x53, 0x13, 0x00, 0x08,
+				0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00, 0x00, 0x91, 0x00, 0x00, 0x00, 0x0c,
+				0x00, 0x0a, 0x00, 0x00, 0x07, 0x64, 0x6f, 0x67, 0x66, 0x69, 0x73, 0x68, 0x00, 0x0b, 0x00, 0x04,
+				0x03, 0x00, 0x01, 0x02, 0x00, 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x1e,
+				0x00, 0x19, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00,
+				0x00, 0x0d, 0x00, 0x1e, 0x00, 0x1c, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x08, 0x07, 0x08, 0x08,
+				0x08, 0x09, 0x08, 0x0a, 0x08, 0x0b, 0x08, 0x04, 0x08, 0x05, 0x08, 0x06, 0x04, 0x01, 0x05, 0x01,
+				0x06, 0x01, 0x00, 0x2b, 0x00, 0x07, 0x06, 0x7f, 0x1c, 0x7f, 0x1b, 0x7f, 0x1a, 0x00, 0x2d, 0x00,
+				0x02, 0x01, 0x01, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x2f, 0x35, 0x0c,
+				0xb6, 0x90, 0x0a, 0xb7, 0xd5, 0xc4, 0x1b, 0x2f, 0x60, 0xaa, 0x56, 0x7b, 0x3f, 0x71, 0xc8, 0x01,
+				0x7e, 0x86, 0xd3, 0xb7, 0x0c, 0x29, 0x1a, 0x9e, 0x5b, 0x38, 0x3f, 0x01, 0x72,
+			},
+			domain: "dogfish",
+			err:    false,
+		},
+		{
+			input: []byte{
+				0x16, 0x03, 0x01, 0x01, 0x03, 0x01, 0x00, 0x00,
+				0xff, 0x03, 0x03, 0x3d, 0x89, 0x52, 0x9e, 0xee,
+				0xbe, 0x17, 0x63, 0x75, 0xef, 0x29, 0xbd, 0x14,
+				0x6a, 0x49, 0xe0, 0x2c, 0x37, 0x57, 0x71, 0x62,
+				0x82, 0x44, 0x94, 0x8f, 0x6e, 0x94, 0x08, 0x45,
+				0x7f, 0xdb, 0xc1, 0x00, 0x00, 0x3e, 0xc0, 0x2c,
+				0xc0, 0x30, 0x00, 0x9f, 0xcc, 0xa9, 0xcc, 0xa8,
+				0xcc, 0xaa, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
+				0xc0, 0x24, 0xc0, 0x28, 0x00, 0x6b, 0xc0, 0x23,
+				0xc0, 0x27, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x14,
+				0x00, 0x39, 0xc0, 0x09, 0xc0, 0x13, 0x00, 0x33,
+				0x00, 0x9d, 0x00, 0x9c, 0x13, 0x02, 0x13, 0x03,
+				0x13, 0x01, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
+				0x00, 0x2f, 0x00, 0xff, 0x01, 0x00, 0x00, 0x98,
+				0x00, 0x00, 0x00, 0x10, 0x00, 0x0e, 0x00, 0x00,
+				0x0b, 0x31, 0x30, 0x2e, 0x34, 0x32, 0x2e, 0x30,
+				0x2e, 0x32, 0x34, 0x33, 0x00, 0x0b, 0x00, 0x04,
+				0x03, 0x00, 0x01, 0x02, 0x00, 0x0a, 0x00, 0x0a,
+				0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x19,
+				0x00, 0x18, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d,
+				0x00, 0x20, 0x00, 0x1e, 0x04, 0x03, 0x05, 0x03,
+				0x06, 0x03, 0x08, 0x04, 0x08, 0x05, 0x08, 0x06,
+				0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x03,
+				0x02, 0x01, 0x02, 0x02, 0x04, 0x02, 0x05, 0x02,
+				0x06, 0x02, 0x00, 0x16, 0x00, 0x00, 0x00, 0x17,
+				0x00, 0x00, 0x00, 0x2b, 0x00, 0x09, 0x08, 0x7f,
+				0x14, 0x03, 0x03, 0x03, 0x02, 0x03, 0x01, 0x00,
+				0x2d, 0x00, 0x03, 0x02, 0x01, 0x00, 0x00, 0x28,
+				0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20,
+				0x13, 0x7c, 0x6e, 0x97, 0xc4, 0xfd, 0x09, 0x2e,
+				0x70, 0x2f, 0x73, 0x5a, 0x9b, 0x57, 0x4d, 0x5f,
+				0x2b, 0x73, 0x2c, 0xa5, 0x4a, 0x98, 0x40, 0x3d,
+				0x75, 0x6e, 0xb4, 0x76, 0xf9, 0x48, 0x8f, 0x36,
+			},
+			domain: "10.42.0.243",
+			err:    false,
+		},
+	}
+
+	for _, test := range cases {
+		domain, err := SniffTLS(test.input)
+		if test.err {
+			if err == nil {
+				t.Errorf("Exepct error but nil in test %v", test)
+			}
+		} else {
+			if err != nil {
+				t.Errorf("Expect no error but actually %s in test %v", err.Error(), test)
+			}
+			if *domain != test.domain {
+				t.Error("expect domain ", test.domain, " but got ", domain)
+			}
+		}
+	}
+}

component/sniffer/tls_sniffer.go

@@ -0,0 +1,157 @@
+package sniffer
+
+import (
+	"encoding/binary"
+	"errors"
+	"strings"
+
+	C "github.com/Dreamacro/clash/constant"
+)
+
+var (
+	errNotTLS         = errors.New("not TLS header")
+	errNotClientHello = errors.New("not client hello")
+	ErrNoClue         = errors.New("not enough information for making a decision")
+)
+
+type TLSSniffer struct {
+}
+
+func (tls *TLSSniffer) Protocol() string {
+	return "tls"
+}
+
+func (tls *TLSSniffer) SupportNetwork() C.NetWork {
+	return C.TCP
+}
+
+func (tls *TLSSniffer) SniffTCP(bytes []byte) (string, error) {
+	domain, err := SniffTLS(bytes)
+	if err == nil {
+		return *domain, nil
+	} else {
+		return "", err
+	}
+}
+
+func IsValidTLSVersion(major, minor byte) bool {
+	return major == 3
+}
+
+// ReadClientHello returns server name (if any) from TLS client hello message.
+// https://github.com/golang/go/blob/master/src/crypto/tls/handshake_messages.go#L300
+func ReadClientHello(data []byte) (*string, error) {
+	if len(data) < 42 {
+		return nil, ErrNoClue
+	}
+	sessionIDLen := int(data[38])
+	if sessionIDLen > 32 || len(data) < 39+sessionIDLen {
+		return nil, ErrNoClue
+	}
+	data = data[39+sessionIDLen:]
+	if len(data) < 2 {
+		return nil, ErrNoClue
+	}
+	// cipherSuiteLen is the number of bytes of cipher suite numbers. Since
+	// they are uint16s, the number must be even.
+	cipherSuiteLen := int(data[0])<<8 | int(data[1])
+	if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen {
+		return nil, errNotClientHello
+	}
+	data = data[2+cipherSuiteLen:]
+	if len(data) < 1 {
+		return nil, ErrNoClue
+	}
+	compressionMethodsLen := int(data[0])
+	if len(data) < 1+compressionMethodsLen {
+		return nil, ErrNoClue
+	}
+	data = data[1+compressionMethodsLen:]
+
+	if len(data) == 0 {
+		return nil, errNotClientHello
+	}
+	if len(data) < 2 {
+		return nil, errNotClientHello
+	}
+
+	extensionsLength := int(data[0])<<8 | int(data[1])
+	data = data[2:]
+	if extensionsLength != len(data) {
+		return nil, errNotClientHello
+	}
+
+	for len(data) != 0 {
+		if len(data) < 4 {
+			return nil, errNotClientHello
+		}
+		extension := uint16(data[0])<<8 | uint16(data[1])
+		length := int(data[2])<<8 | int(data[3])
+		data = data[4:]
+		if len(data) < length {
+			return nil, errNotClientHello
+		}
+
+		if extension == 0x00 { /* extensionServerName */
+			d := data[:length]
+			if len(d) < 2 {
+				return nil, errNotClientHello
+			}
+			namesLen := int(d[0])<<8 | int(d[1])
+			d = d[2:]
+			if len(d) != namesLen {
+				return nil, errNotClientHello
+			}
+			for len(d) > 0 {
+				if len(d) < 3 {
+					return nil, errNotClientHello
+				}
+				nameType := d[0]
+				nameLen := int(d[1])<<8 | int(d[2])
+				d = d[3:]
+				if len(d) < nameLen {
+					return nil, errNotClientHello
+				}
+				if nameType == 0 {
+					serverName := string(d[:nameLen])
+					// An SNI value may not include a
+					// trailing dot. See
+					// https://tools.ietf.org/html/rfc6066#section-3.
+					if strings.HasSuffix(serverName, ".") {
+						return nil, errNotClientHello
+					}
+
+					return &serverName, nil
+				}
+
+				d = d[nameLen:]
+			}
+		}
+		data = data[length:]
+	}
+
+	return nil, errNotTLS
+}
+
+func SniffTLS(b []byte) (*string, error) {
+	if len(b) < 5 {
+		return nil, ErrNoClue
+	}
+
+	if b[0] != 0x16 /* TLS Handshake */ {
+		return nil, errNotTLS
+	}
+	if !IsValidTLSVersion(b[1], b[2]) {
+		return nil, errNotTLS
+	}
+	headerLen := int(binary.BigEndian.Uint16(b[3:5]))
+	if 5+headerLen > len(b) {
+		return nil, ErrNoClue
+	}
+
+	domain, err := ReadClientHello(b[5 : 5+headerLen])
+	if err == nil {
+		return domain, nil
+	}
+	return nil, err
+}

component/trie/domain.go

@@ -17,8 +17,8 @@ var ErrInvalidDomain = errors.New("invalid domain")
 
 // DomainTrie contains the main logic for adding and searching nodes for domain segments.
 // support wildcard domain (e.g *.google.com)
-type DomainTrie struct {
+type DomainTrie[T comparable] struct {
-	root *Node
+	root *Node[T]
 }
 
 func ValidAndSplitDomain(domain string) ([]string, bool) {
@@ -51,7 +51,7 @@ func ValidAndSplitDomain(domain string) ([]string, bool) {
 // 3. subdomain.*.example.com
 // 4. .example.com
 // 5. +.example.com
-func (t *DomainTrie) Insert(domain string, data any) error {
+func (t *DomainTrie[T]) Insert(domain string, data T) error {
 	parts, valid := ValidAndSplitDomain(domain)
 	if !valid {
 		return ErrInvalidDomain
@@ -68,13 +68,13 @@ func (t *DomainTrie) Insert(domain string, data any) error {
 	return nil
 }
 
-func (t *DomainTrie) insert(parts []string, data any) {
+func (t *DomainTrie[T]) insert(parts []string, data T) {
 	node := t.root
 	// reverse storage domain part to save space
 	for i := len(parts) - 1; i >= 0; i-- {
 		part := parts[i]
 		if !node.hasChild(part) {
-			node.addChild(part, newNode(nil))
+			node.addChild(part, newNode(getZero[T]()))
 		}
 
 		node = node.getChild(part)
@@ -88,7 +88,7 @@ func (t *DomainTrie) insert(parts []string, data any) {
 // 1. static part
 // 2. wildcard domain
 // 2. dot wildcard domain
-func (t *DomainTrie) Search(domain string) *Node {
+func (t *DomainTrie[T]) Search(domain string) *Node[T] {
 	parts, valid := ValidAndSplitDomain(domain)
 	if !valid || parts[0] == "" {
 		return nil
@@ -96,26 +96,26 @@ func (t *DomainTrie) Search(domain string) *Node {
 
 	n := t.search(t.root, parts)
 
-	if n == nil || n.Data == nil {
+	if n == nil || n.Data == getZero[T]() {
 		return nil
 	}
 
 	return n
 }
 
-func (t *DomainTrie) search(node *Node, parts []string) *Node {
+func (t *DomainTrie[T]) search(node *Node[T], parts []string) *Node[T] {
 	if len(parts) == 0 {
 		return node
 	}
 
 	if c := node.getChild(parts[len(parts)-1]); c != nil {
-		if n := t.search(c, parts[:len(parts)-1]); n != nil && n.Data != nil {
+		if n := t.search(c, parts[:len(parts)-1]); n != nil && n.Data != getZero[T]() {
 			return n
 		}
 	}
 
 	if c := node.getChild(wildcard); c != nil {
-		if n := t.search(c, parts[:len(parts)-1]); n != nil && n.Data != nil {
+		if n := t.search(c, parts[:len(parts)-1]); n != nil && n.Data != getZero[T]() {
 			return n
 		}
 	}
@@ -124,6 +124,6 @@ func (t *DomainTrie) search(node *Node, parts []string) *Node {
 }
 
 // New returns a new, empty Trie.
-func New() *DomainTrie {
+func New[T comparable]() *DomainTrie[T] {
-	return &DomainTrie{root: newNode(nil)}
+	return &DomainTrie[T]{root: newNode[T](getZero[T]())}
 }

component/trie/domain_test.go

@@ -1,16 +1,16 @@
 package trie
 
 import (
-	"net"
+	"net/netip"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 )
 
-var localIP = net.IP{127, 0, 0, 1}
+var localIP = netip.AddrFrom4([4]byte{127, 0, 0, 1})
 
 func TestTrie_Basic(t *testing.T) {
-	tree := New()
+	tree := New[netip.Addr]()
 	domains := []string{
 		"example.com",
 		"google.com",
@@ -23,7 +23,7 @@ func TestTrie_Basic(t *testing.T) {
 
 	node := tree.Search("example.com")
 	assert.NotNil(t, node)
-	assert.True(t, node.Data.(net.IP).Equal(localIP))
+	assert.True(t, node.Data == localIP)
 	assert.NotNil(t, tree.Insert("", localIP))
 	assert.Nil(t, tree.Search(""))
 	assert.NotNil(t, tree.Search("localhost"))
@@ -31,7 +31,7 @@ func TestTrie_Basic(t *testing.T) {
 }
 
 func TestTrie_Wildcard(t *testing.T) {
-	tree := New()
+	tree := New[netip.Addr]()
 	domains := []string{
 		"*.example.com",
 		"sub.*.example.com",
@@ -64,7 +64,7 @@ func TestTrie_Wildcard(t *testing.T) {
 }
 
 func TestTrie_Priority(t *testing.T) {
-	tree := New()
+	tree := New[int]()
 	domains := []string{
 		".dev",
 		"example.dev",
@@ -79,18 +79,18 @@ func TestTrie_Priority(t *testing.T) {
 	}
 
 	for idx, domain := range domains {
-		tree.Insert(domain, idx)
+		tree.Insert(domain, idx+1)
 	}
 
-	assertFn("test.dev", 0)
+	assertFn("test.dev", 1)
-	assertFn("foo.bar.dev", 0)
+	assertFn("foo.bar.dev", 1)
-	assertFn("example.dev", 1)
+	assertFn("example.dev", 2)
-	assertFn("foo.example.dev", 2)
+	assertFn("foo.example.dev", 3)
-	assertFn("test.example.dev", 3)
+	assertFn("test.example.dev", 4)
 }
 
 func TestTrie_Boundary(t *testing.T) {
-	tree := New()
+	tree := New[netip.Addr]()
 	tree.Insert("*.dev", localIP)
 
 	assert.NotNil(t, tree.Insert(".", localIP))
@@ -99,7 +99,7 @@ func TestTrie_Boundary(t *testing.T) {
 }
 
 func TestTrie_WildcardBoundary(t *testing.T) {
-	tree := New()
+	tree := New[netip.Addr]()
 	tree.Insert("+.*", localIP)
 	tree.Insert("stun.*.*.*", localIP)
 

component/trie/node.go

@@ -1,26 +1,31 @@
 package trie
 
 // Node is the trie's node
-type Node struct {
+type Node[T comparable] struct {
-	children map[string]*Node
+	children map[string]*Node[T]
-	Data     any
+	Data     T
 }
 
-func (n *Node) getChild(s string) *Node {
+func (n *Node[T]) getChild(s string) *Node[T] {
 	return n.children[s]
 }
 
-func (n *Node) hasChild(s string) bool {
+func (n *Node[T]) hasChild(s string) bool {
 	return n.getChild(s) != nil
 }
 
-func (n *Node) addChild(s string, child *Node) {
+func (n *Node[T]) addChild(s string, child *Node[T]) {
 	n.children[s] = child
 }
 
-func newNode(data any) *Node {
+func newNode[T comparable](data T) *Node[T] {
-	return &Node{
+	return &Node[T]{
 		Data:     data,
-		children: map[string]*Node{},
+		children: map[string]*Node[T]{},
 	}
 }
+
+func getZero[T comparable]() T {
+	var result T
+	return result
+}

config/config.go

@@ -4,16 +4,20 @@ import (
 	"container/list"
 	"errors"
 	"fmt"
-	R "github.com/Dreamacro/clash/rule"
+	"github.com/Dreamacro/clash/listener/tun/ipstack/commons"
-	RP "github.com/Dreamacro/clash/rule/provider"
 	"net"
 	"net/netip"
 	"net/url"
 	"os"
 	"runtime"
+	"strconv"
 	"strings"
 	"time"
 
+	"github.com/Dreamacro/clash/common/utils"
+	R "github.com/Dreamacro/clash/rule"
+	RP "github.com/Dreamacro/clash/rule/provider"
+
 	"github.com/Dreamacro/clash/adapter"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/adapter/outboundgroup"
@@ -27,7 +31,6 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 	providerTypes "github.com/Dreamacro/clash/constant/provider"
 	"github.com/Dreamacro/clash/dns"
-	"github.com/Dreamacro/clash/listener/tun/ipstack/commons"
 	"github.com/Dreamacro/clash/log"
 	T "github.com/Dreamacro/clash/tunnel"
 
@@ -46,6 +49,7 @@ type General struct {
 	RoutingMark   int          `json:"-"`
 	GeodataMode   bool         `json:"geodata-mode"`
 	GeodataLoader string       `json:"geodata-loader"`
+	TCPConcurrent bool         `json:"tcp-concurrent"`
 }
 
 // Inbound config
@@ -78,7 +82,7 @@ type DNS struct {
 	EnhancedMode          C.DNSMode        `yaml:"enhanced-mode"`
 	DefaultNameserver     []dns.NameServer `yaml:"default-nameserver"`
 	FakeIPRange           *fakeip.Pool
-	Hosts                 *trie.DomainTrie
+	Hosts                 *trie.DomainTrie[netip.Addr]
 	NameServerPolicy      map[string]dns.NameServer
 	ProxyServerNameserver []dns.NameServer
 }
@@ -87,7 +91,7 @@ type DNS struct {
 type FallbackFilter struct {
 	GeoIP     bool                    `yaml:"geoip"`
 	GeoIPCode string                  `yaml:"geoip-code"`
-	IPCIDR    []*net.IPNet            `yaml:"ipcidr"`
+	IPCIDR    []*netip.Prefix         `yaml:"ipcidr"`
 	Domain    []string                `yaml:"domain"`
 	GeoSite   []*router.DomainMatcher `yaml:"geosite"`
 }
@@ -111,12 +115,7 @@ type Tun struct {
 	Stack               C.TUNStack       `yaml:"stack" json:"stack"`
 	DNSHijack           []netip.AddrPort `yaml:"dns-hijack" json:"dns-hijack"`
 	AutoRoute           bool             `yaml:"auto-route" json:"auto-route"`
-}
+	AutoDetectInterface bool             `yaml:"auto-detect-interface" json:"auto-detect-interface"`
-
-// Script config
-type Script struct {
-	MainCode      string            `yaml:"code" json:"code"`
-	ShortcutsCode map[string]string `yaml:"shortcuts" json:"shortcuts"`
 }
 
 // IPTables config
@@ -126,6 +125,16 @@ type IPTables struct {
 	Bypass           []string `yaml:"bypass" json:"bypass"`
 }
 
+type Sniffer struct {
+	Enable      bool
+	Force       bool
+	Sniffers    []C.SnifferType
+	Reverses    *trie.DomainTrie[bool]
+	ForceDomain *trie.DomainTrie[bool]
+	SkipSNI     *trie.DomainTrie[bool]
+	Ports       *[]utils.Range[uint16]
+}
+
 // Experimental config
 type Experimental struct{}
 
@@ -136,13 +145,14 @@ type Config struct {
 	IPTables      *IPTables
 	DNS           *DNS
 	Experimental  *Experimental
-	Hosts         *trie.DomainTrie
+	Hosts         *trie.DomainTrie[netip.Addr]
 	Profile       *Profile
 	Rules         []C.Rule
 	Users         []auth.AuthUser
 	Proxies       map[string]C.Proxy
 	Providers     map[string]providerTypes.ProxyProvider
-	RuleProviders map[string]*providerTypes.RuleProvider
+	RuleProviders map[string]providerTypes.RuleProvider
+	Sniffer       *Sniffer
 }
 
 type RawDNS struct {
@@ -175,6 +185,7 @@ type RawTun struct {
 	Stack               C.TUNStack `yaml:"stack" json:"stack"`
 	DNSHijack           []string   `yaml:"dns-hijack" json:"dns-hijack"`
 	AutoRoute           bool       `yaml:"auto-route" json:"auto-route"`
+	AutoDetectInterface bool       `yaml:"auto-detect-interface"`
 }
 
 type RawConfig struct {
@@ -197,7 +208,9 @@ type RawConfig struct {
 	RoutingMark        int          `yaml:"routing-mark"`
 	GeodataMode        bool         `yaml:"geodata-mode"`
 	GeodataLoader      string       `yaml:"geodata-loader"`
+	TCPConcurrent      bool         `yaml:"tcp-concurrent" json:"tcp-concurrent"`
 
+	Sniffer       SnifferRaw                `yaml:"sniffer"`
 	ProxyProvider map[string]map[string]any `yaml:"proxy-providers"`
 	RuleProvider  map[string]map[string]any `yaml:"rule-providers"`
 	Hosts         map[string]string         `yaml:"hosts"`
@@ -211,6 +224,16 @@ type RawConfig struct {
 	Rule          []string                  `yaml:"rules"`
 }
 
+type SnifferRaw struct {
+	Enable      bool     `yaml:"enable" json:"enable"`
+	Sniffing    []string `yaml:"sniffing" json:"sniffing"`
+	Force       bool     `yaml:"force" json:"force"`
+	Reverse     []string `yaml:"reverses" json:"reverses"`
+	ForceDomain []string `yaml:"force-domain" json:"force-domain"`
+	SkipSNI     []string `yaml:"skip-sni" json:"skip-sni"`
+	Ports       []string `yaml:"port-whitelist" json:"port-whitelist"`
+}
+
 // Parse config
 func Parse(buf []byte) (*Config, error) {
 	rawCfg, err := UnmarshalRawConfig(buf)
@@ -236,9 +259,11 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 		Rule:           []string{},
 		Proxy:          []map[string]any{},
 		ProxyGroup:     []map[string]any{},
+		TCPConcurrent:  false,
 		Tun: RawTun{
 			Enable:              false,
 			Device:              "",
+			AutoDetectInterface: true,
 			Stack:               C.TunGvisor,
 			DNSHijack:           []string{"0.0.0.0:53"}, // default hijack all dns query
 			AutoRoute:           true,
@@ -275,6 +300,15 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 				"www.msftconnecttest.com",
 			},
 		},
+		Sniffer: SnifferRaw{
+			Enable:      false,
+			Force:       false,
+			Sniffing:    []string{},
+			Reverse:     []string{},
+			ForceDomain: []string{},
+			SkipSNI:     []string{},
+			Ports:       []string{},
+		},
 		Profile: Profile{
 			StoreSelected: true,
 		},
@@ -337,6 +371,11 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 
 	config.Users = parseAuthentication(rawCfg.Authentication)
 
+	config.Sniffer, err = parseSniffer(rawCfg.Sniffer)
+	if err != nil {
+		return nil, err
+	}
+
 	elapsedTime := time.Since(startTime) / time.Millisecond                     // duration in ms
 	log.Infoln("Initial configuration complete, total time: %dms", elapsedTime) //Segment finished in xxm
 	return config, nil
@@ -377,6 +416,7 @@ func parseGeneral(cfg *RawConfig) (*General, error) {
 		RoutingMark:   cfg.RoutingMark,
 		GeodataMode:   cfg.GeodataMode,
 		GeodataLoader: cfg.GeodataLoader,
+		TCPConcurrent: cfg.TCPConcurrent,
 	}, nil
 }
 
@@ -483,8 +523,8 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 	return proxies, providersMap, nil
 }
 
-func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[string]*providerTypes.RuleProvider, error) {
+func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[string]providerTypes.RuleProvider, error) {
-	ruleProviders := map[string]*providerTypes.RuleProvider{}
+	ruleProviders := map[string]providerTypes.RuleProvider{}
 	log.Infoln("Geodata Loader mode: %s", geodata.LoaderName())
 	// parse rule provider
 	for name, mapping := range cfg.RuleProvider {
@@ -493,7 +533,7 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
 			return nil, nil, err
 		}
 
-		ruleProviders[name] = &rp
+		ruleProviders[name] = rp
 		RP.SetRuleProvider(rp)
 	}
 
@@ -538,7 +578,7 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
 			params = rule[l:]
 		}
 
-		if _, ok := proxies[target]; mode != T.Script && !ok {
+		if _, ok := proxies[target]; !ok {
 			return nil, nil, fmt.Errorf("rules[%d] [%s] error: proxy [%s] not found", idx, line, target)
 		}
 
@@ -555,28 +595,26 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
 			return nil, nil, fmt.Errorf("rules[%d] [%s] error: %s", idx, line, parseErr.Error())
 		}
 
-		if mode != T.Script {
 		rules = append(rules, parsed)
 	}
-	}
 
 	runtime.GC()
 
 	return rules, ruleProviders, nil
 }
 
-func parseHosts(cfg *RawConfig) (*trie.DomainTrie, error) {
+func parseHosts(cfg *RawConfig) (*trie.DomainTrie[netip.Addr], error) {
-	tree := trie.New()
+	tree := trie.New[netip.Addr]()
 
 	// add default hosts
-	if err := tree.Insert("localhost", net.IP{127, 0, 0, 1}); err != nil {
+	if err := tree.Insert("localhost", netip.AddrFrom4([4]byte{127, 0, 0, 1})); err != nil {
 		log.Errorln("insert localhost to host error: %s", err.Error())
 	}
 
 	if len(cfg.Hosts) != 0 {
 		for domain, ipStr := range cfg.Hosts {
-			ip := net.ParseIP(ipStr)
+			ip, err := netip.ParseAddr(ipStr)
-			if ip == nil {
+			if err != nil {
 				return nil, fmt.Errorf("%s is not a valid IP", ipStr)
 			}
 			_ = tree.Insert(domain, ip)
@@ -651,7 +689,7 @@ func parseNameServer(servers []string) ([]dns.NameServer, error) {
 				Net:          dnsNetType,
 				Addr:         addr,
 				ProxyAdapter: u.Fragment,
-				Interface:    dialer.DefaultInterface.Load(),
+				Interface:    dialer.DefaultInterface,
 			},
 		)
 	}
@@ -675,15 +713,15 @@ func parseNameServerPolicy(nsPolicy map[string]string) (map[string]dns.NameServe
 	return policy, nil
 }
 
-func parseFallbackIPCIDR(ips []string) ([]*net.IPNet, error) {
+func parseFallbackIPCIDR(ips []string) ([]*netip.Prefix, error) {
-	var ipNets []*net.IPNet
+	var ipNets []*netip.Prefix
 
 	for idx, ip := range ips {
-		_, ipnet, err := net.ParseCIDR(ip)
+		ipnet, err := netip.ParsePrefix(ip)
 		if err != nil {
 			return nil, fmt.Errorf("DNS FallbackIP[%d] format error: %s", idx, err.Error())
 		}
-		ipNets = append(ipNets, ipnet)
+		ipNets = append(ipNets, &ipnet)
 	}
 
 	return ipNets, nil
@@ -724,7 +762,7 @@ func parseFallbackGeoSite(countries []string, rules []C.Rule) ([]*router.DomainM
 	return sites, nil
 }
 
-func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie, rules []C.Rule) (*DNS, error) {
+func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie[netip.Addr], rules []C.Rule) (*DNS, error) {
 	cfg := rawCfg.DNS
 	if cfg.Enable && len(cfg.NameServer) == 0 {
 		return nil, fmt.Errorf("if DNS configuration is turned on, NameServer cannot be empty")
@@ -736,7 +774,7 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie, rules []C.Rule) (*DNS,
 		IPv6:         cfg.IPv6,
 		EnhancedMode: cfg.EnhancedMode,
 		FallbackFilter: FallbackFilter{
-			IPCIDR:  []*net.IPNet{},
+			IPCIDR:  []*netip.Prefix{},
 			GeoSite: []*router.DomainMatcher{},
 		},
 	}
@@ -767,20 +805,23 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie, rules []C.Rule) (*DNS,
 	for _, ns := range dnsCfg.DefaultNameserver {
 		host, _, err := net.SplitHostPort(ns.Addr)
 		if err != nil || net.ParseIP(host) == nil {
+			u, err := url.Parse(ns.Addr)
+			if err != nil || net.ParseIP(u.Host) == nil {
 				return nil, errors.New("default nameserver should be pure IP")
 			}
 		}
+	}
 
 	if cfg.EnhancedMode == C.DNSFakeIP {
-		_, ipnet, err := net.ParseCIDR(cfg.FakeIPRange)
+		ipnet, err := netip.ParsePrefix(cfg.FakeIPRange)
 		if err != nil {
 			return nil, err
 		}
 
-		var host *trie.DomainTrie
+		var host *trie.DomainTrie[bool]
 		// fake ip skip host filter
 		if len(cfg.FakeIPFilter) != 0 {
-			host = trie.New()
+			host = trie.New[bool]()
 			for _, domain := range cfg.FakeIPFilter {
 				_ = host.Insert(domain, true)
 			}
@@ -788,7 +829,7 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie, rules []C.Rule) (*DNS,
 
 		if len(dnsCfg.Fallback) != 0 {
 			if host == nil {
-				host = trie.New()
+				host = trie.New[bool]()
 			}
 			for _, fb := range dnsCfg.Fallback {
 				if net.ParseIP(fb.Addr) != nil {
@@ -799,7 +840,7 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie, rules []C.Rule) (*DNS,
 		}
 
 		pool, err := fakeip.New(fakeip.Options{
-			IPNet:       ipnet,
+			IPNet:       &ipnet,
 			Size:        1000,
 			Host:        host,
 			Persistence: rawCfg.Profile.StoreFakeIP,
@@ -843,9 +884,9 @@ func parseAuthentication(rawRecords []string) []auth.AuthUser {
 }
 
 func parseTun(rawTun RawTun, general *General) (*Tun, error) {
-	if (rawTun.Enable || general.TProxyPort != 0) && general.Interface == "" {
+	if rawTun.Enable && rawTun.AutoDetectInterface {
 		autoDetectInterfaceName, err := commons.GetAutoDetectInterface()
-		if err != nil || autoDetectInterfaceName == "" {
+		if err != nil {
 			log.Warnln("Can not find auto detect interface.[%s]", err)
 		} else {
 			log.Warnln("Auto detect interface: %s", autoDetectInterfaceName)
@@ -860,7 +901,7 @@ func parseTun(rawTun RawTun, general *General) (*Tun, error) {
 		if _, after, ok := strings.Cut(d, "://"); ok {
 			d = after
 		}
-
+		d = strings.Replace(d, "any", "0.0.0.0", 1)
 		addrPort, err := netip.ParseAddrPort(d)
 		if err != nil {
 			return nil, fmt.Errorf("parse dns-hijack url error: %w", err)
@@ -875,5 +916,101 @@ func parseTun(rawTun RawTun, general *General) (*Tun, error) {
 		Stack:               rawTun.Stack,
 		DNSHijack:           dnsHijack,
 		AutoRoute:           rawTun.AutoRoute,
+		AutoDetectInterface: rawTun.AutoDetectInterface,
 	}, nil
 }
+
+func parseSniffer(snifferRaw SnifferRaw) (*Sniffer, error) {
+	sniffer := &Sniffer{
+		Enable: snifferRaw.Enable,
+		Force:  snifferRaw.Force,
+	}
+
+	var ports []utils.Range[uint16]
+	if len(snifferRaw.Ports) == 0 {
+		ports = append(ports, *utils.NewRange[uint16](0, 65535))
+	} else {
+		for _, portRange := range snifferRaw.Ports {
+			portRaws := strings.Split(portRange, "-")
+			p, err := strconv.ParseUint(portRaws[0], 10, 16)
+			if err != nil {
+				return nil, fmt.Errorf("%s format error", portRange)
+			}
+
+			start := uint16(p)
+			if len(portRaws) > 1 {
+				p, err = strconv.ParseUint(portRaws[1], 10, 16)
+				if err != nil {
+					return nil, fmt.Errorf("%s format error", portRange)
+				}
+
+				end := uint16(p)
+				ports = append(ports, *utils.NewRange(start, end))
+			} else {
+				ports = append(ports, *utils.NewRange(start, start))
+			}
+		}
+	}
+
+	sniffer.Ports = &ports
+
+	loadSniffer := make(map[C.SnifferType]struct{})
+
+	for _, snifferName := range snifferRaw.Sniffing {
+		find := false
+		for _, snifferType := range C.SnifferList {
+			if snifferType.String() == strings.ToUpper(snifferName) {
+				find = true
+				loadSniffer[snifferType] = struct{}{}
+			}
+		}
+
+		if !find {
+			return nil, fmt.Errorf("not find the sniffer[%s]", snifferName)
+		}
+	}
+
+	for st := range loadSniffer {
+		sniffer.Sniffers = append(sniffer.Sniffers, st)
+	}
+
+	sniffer.ForceDomain = trie.New[bool]()
+	for _, domain := range snifferRaw.ForceDomain {
+		err := sniffer.ForceDomain.Insert(domain, true)
+		if err != nil {
+			return nil, fmt.Errorf("error domian[%s] in force-domain, error:%v", domain, err)
+		}
+	}
+
+	sniffer.SkipSNI = trie.New[bool]()
+	for _, domain := range snifferRaw.SkipSNI {
+		err := sniffer.SkipSNI.Insert(domain, true)
+		if err != nil {
+			return nil, fmt.Errorf("error domian[%s] in force-domain, error:%v", domain, err)
+		}
+	}
+
+	// Compatibility, remove it when release
+	if strings.Contains(C.Version, "alpha") || strings.Contains(C.Version, "develop") || strings.Contains(C.Version, "1.10.0") {
+		log.Warnln("Sniffer param force and reverses deprecated, will be removed in the release version, see https://github.com/MetaCubeX/Clash.Meta/commit/48a01adb7a4f38974b9d9639f931d0d245aebf28")
+		if snifferRaw.Force {
+			// match all domain
+			sniffer.ForceDomain.Insert("+", true)
+			for _, domain := range snifferRaw.Reverse {
+				err := sniffer.SkipSNI.Insert(domain, true)
+				if err != nil {
+					return nil, fmt.Errorf("error domian[%s], error:%v", domain, err)
+				}
+			}
+		} else {
+			for _, domain := range snifferRaw.Reverse {
+				err := sniffer.ForceDomain.Insert(domain, true)
+				if err != nil {
+					return nil, fmt.Errorf("error domian[%s], error:%v", domain, err)
+				}
+			}
+		}
+	}
+
+	return sniffer, nil
+}

constant/adapters.go

@@ -99,6 +99,10 @@ type ProxyAdapter interface {
 	DialContext(ctx context.Context, metadata *Metadata, opts ...dialer.Option) (Conn, error)
 	ListenPacketContext(ctx context.Context, metadata *Metadata, opts ...dialer.Option) (PacketConn, error)
 
+	// SupportUOT return UDP over TCP support
+	SupportUOT() bool
+	ListenPacketOnStreamConn(c net.Conn, metadata *Metadata) (PacketConn, error)
+
 	// Unwrap extracts the proxy from a proxy-group. It returns nil when nothing to extract.
 	Unwrap(metadata *Metadata) Proxy
 }

constant/metadata.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net"
+	"net/netip"
 	"strconv"
 )
 
@@ -75,13 +76,14 @@ func (t Type) MarshalJSON() ([]byte, error) {
 type Metadata struct {
 	NetWork     NetWork    `json:"network"`
 	Type        Type       `json:"type"`
-	SrcIP       net.IP  `json:"sourceIP"`
+	SrcIP       netip.Addr `json:"sourceIP"`
-	DstIP       net.IP  `json:"destinationIP"`
+	DstIP       netip.Addr `json:"destinationIP"`
 	SrcPort     string     `json:"sourcePort"`
 	DstPort     string     `json:"destinationPort"`
 	AddrType    int        `json:"-"`
 	Host        string     `json:"host"`
 	DNSMode     DNSMode    `json:"dnsMode"`
+	Uid         *int32     `json:"uid"`
 	Process     string     `json:"process"`
 	ProcessPath string     `json:"processPath"`
 }
@@ -95,45 +97,49 @@ func (m *Metadata) SourceAddress() string {
 }
 
 func (m *Metadata) SourceDetail() string {
-	if m.Process != "" {
-		return fmt.Sprintf("%s(%s)", m.SourceAddress(), m.Process)
-	} else {
 	if m.Type == INNER {
-			return fmt.Sprintf("[Clash]")
+		return fmt.Sprintf("[%s]", ClashName)
 	}
 
+	if m.Process != "" && m.Uid != nil {
+		return fmt.Sprintf("%s(%s, uid=%d)", m.SourceAddress(), m.Process, *m.Uid)
+	} else if m.Uid != nil {
+		return fmt.Sprintf("%s(%d)", m.SourceAddress(), *m.Uid)
+	} else if m.Process != "" {
+		return fmt.Sprintf("%s(%s)", m.SourceAddress(), m.Process)
+	} else {
 		return fmt.Sprintf("%s", m.SourceAddress())
 	}
 }
 
 func (m *Metadata) Resolved() bool {
-	return m.DstIP != nil
+	return m.DstIP.IsValid()
 }
 
 // Pure is used to solve unexpected behavior
 // when dialing proxy connection in DNSMapping mode.
 func (m *Metadata) Pure() *Metadata {
-	if m.DNSMode == DNSMapping && m.DstIP != nil {
+	if m.DNSMode == DNSMapping && m.DstIP.IsValid() {
-		copy := *m
+		copyM := *m
-		copy.Host = ""
+		copyM.Host = ""
-		if copy.DstIP.To4() != nil {
+		if copyM.DstIP.Is4() {
-			copy.AddrType = AtypIPv4
+			copyM.AddrType = AtypIPv4
 		} else {
-			copy.AddrType = AtypIPv6
+			copyM.AddrType = AtypIPv6
 		}
-		return &copy
+		return &copyM
 	}
 
 	return m
 }
 
 func (m *Metadata) UDPAddr() *net.UDPAddr {
-	if m.NetWork != UDP || m.DstIP == nil {
+	if m.NetWork != UDP || !m.DstIP.IsValid() {
 		return nil
 	}
 	port, _ := strconv.ParseUint(m.DstPort, 10, 16)
 	return &net.UDPAddr{
-		IP:   m.DstIP,
+		IP:   m.DstIP.AsSlice(),
 		Port: int(port),
 	}
 }
@@ -141,7 +147,7 @@ func (m *Metadata) UDPAddr() *net.UDPAddr {
 func (m *Metadata) String() string {
 	if m.Host != "" {
 		return m.Host
-	} else if m.DstIP != nil {
+	} else if m.DstIP.IsValid() {
 		return m.DstIP.String()
 	} else {
 		return "<nil>"
@@ -149,5 +155,5 @@ func (m *Metadata) String() string {
 }
 
 func (m *Metadata) Valid() bool {
-	return m.Host != "" || m.DstIP != nil
+	return m.Host != "" || m.DstIP.IsValid()
 }

constant/provider/interface.go

@@ -70,6 +70,7 @@ type ProxyProvider interface {
 	// Commonly used in DialContext and DialPacketConn
 	ProxiesWithTouch() []constant.Proxy
 	HealthCheck()
+	Version() uint
 }
 
 // Rule Type

constant/rule.go

@@ -16,6 +16,7 @@ const (
 	Script
 	RuleSet
 	Network
+	Uid
 	MATCH
 	AND
 	OR
@@ -56,6 +57,8 @@ func (rt RuleType) String() string {
 		return "RuleSet"
 	case Network:
 		return "Network"
+	case Uid:
+		return "Uid"
 	case AND:
 		return "AND"
 	case OR:

constant/rule_extra.go

@@ -1,7 +1,7 @@
 package constant
 
 import (
-	"net"
+	"net/netip"
 	"strings"
 
 	"github.com/Dreamacro/clash/component/geodata/router"
@@ -9,7 +9,7 @@ import (
 
 type RuleExtra struct {
 	Network      NetWork
-	SourceIPs    []*net.IPNet
+	SourceIPs    []*netip.Prefix
 	ProcessNames []string
 }
 
@@ -17,7 +17,7 @@ func (re *RuleExtra) NotMatchNetwork(network NetWork) bool {
 	return re.Network != ALLNet && re.Network != network
 }
 
-func (re *RuleExtra) NotMatchSourceIP(srcIP net.IP) bool {
+func (re *RuleExtra) NotMatchSourceIP(srcIP netip.Addr) bool {
 	if re.SourceIPs == nil {
 		return false
 	}

constant/sniffer.go

@@ -0,0 +1,26 @@
+package constant
+
+type Sniffer interface {
+	SupportNetwork() NetWork
+	SniffTCP(bytes []byte) (string, error)
+	Protocol() string
+}
+
+const (
+	TLS SnifferType = iota
+)
+
+var (
+	SnifferList = []SnifferType{TLS}
+)
+
+type SnifferType int
+
+func (rt SnifferType) String() string {
+	switch rt {
+	case TLS:
+		return "TLS"
+	default:
+		return "Unknown"
+	}
+}

context/conn.go

@@ -3,8 +3,8 @@ package context
 import (
 	"net"
 
+	CN "github.com/Dreamacro/clash/common/net"
 	C "github.com/Dreamacro/clash/constant"
-
 	"github.com/gofrs/uuid"
 )
 
@@ -19,7 +19,7 @@ func NewConnContext(conn net.Conn, metadata *C.Metadata) *ConnContext {
 	return &ConnContext{
 		id:       id,
 		metadata: metadata,
-		conn:     conn,
+		conn:     CN.NewBufferedConn(conn),
 	}
 }
 

dns/client.go

@@ -4,7 +4,9 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	"go.uber.org/atomic"
 	"net"
+	"net/netip"
 	"strings"
 
 	"github.com/Dreamacro/clash/component/dialer"
@@ -18,7 +20,7 @@ type client struct {
 	r            *Resolver
 	port         string
 	host         string
-	iface        string
+	iface        *atomic.String
 	proxyAdapter string
 }
 
@@ -28,10 +30,10 @@ func (c *client) Exchange(m *D.Msg) (*D.Msg, error) {
 
 func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (*D.Msg, error) {
 	var (
-		ip  net.IP
+		ip  netip.Addr
 		err error
 	)
-	if ip = net.ParseIP(c.host); ip == nil {
+	if ip, err = netip.ParseAddr(c.host); err != nil {
 		if c.r == nil {
 			return nil, fmt.Errorf("dns %s not a valid ip", c.host)
 		} else {
@@ -48,8 +50,8 @@ func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (*D.Msg, error)
 	}
 
 	options := []dialer.Option{}
-	if c.iface != "" {
+	if c.iface != nil && c.iface.Load() != "" {
-		options = append(options, dialer.WithInterface(c.iface))
+		options = append(options, dialer.WithInterface(c.iface.Load()))
 	}
 
 	var conn net.Conn
@@ -62,7 +64,9 @@ func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (*D.Msg, error)
 	if err != nil {
 		return nil, err
 	}
-	defer conn.Close()
+	defer func() {
+		_ = conn.Close()
+	}()
 
 	// miekg/dns ExchangeContext doesn't respond to context cancel.
 	// this is a workaround

dns/dhcp.go

@@ -1,9 +1,10 @@
 package dns
 
 import (
-	"bytes"
 	"context"
+	"go.uber.org/atomic"
 	"net"
+	"net/netip"
 	"sync"
 	"time"
 
@@ -27,7 +28,7 @@ type dhcpClient struct {
 	ifaceInvalidate time.Time
 	dnsInvalidate   time.Time
 
-	ifaceAddr *net.IPNet
+	ifaceAddr *netip.Prefix
 	done      chan struct{}
 	resolver  *Resolver
 	err       error
@@ -71,7 +72,7 @@ func (d *dhcpClient) resolve(ctx context.Context) (*Resolver, error) {
 				for _, item := range dns {
 					nameserver = append(nameserver, NameServer{
 						Addr:      net.JoinHostPort(item.String(), "53"),
-						Interface: d.ifaceName,
+						Interface: atomic.NewString(d.ifaceName),
 					})
 				}
 
@@ -127,12 +128,12 @@ func (d *dhcpClient) invalidate() (bool, error) {
 		return false, err
 	}
 
-	addr, err := ifaceObj.PickIPv4Addr(nil)
+	addr, err := ifaceObj.PickIPv4Addr(netip.Addr{})
 	if err != nil {
 		return false, err
 	}
 
-	if time.Now().Before(d.dnsInvalidate) && d.ifaceAddr.IP.Equal(addr.IP) && bytes.Equal(d.ifaceAddr.Mask, addr.Mask) {
+	if time.Now().Before(d.dnsInvalidate) && d.ifaceAddr == addr {
 		return false, nil
 	}
 

dns/doq.go

@@ -5,6 +5,10 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/resolver"
+	"net"
+	"strconv"
 	"sync"
 	"time"
 
@@ -19,10 +23,20 @@ var bytesPool = sync.Pool{New: func() interface{} { return &bytes.Buffer{} }}
 
 type quicClient struct {
 	addr         string
-	session      quic.Session
+	r            *Resolver
+	session      quic.Connection
+	proxyAdapter string
 	sync.RWMutex // protects session and bytesPool
 }
 
+func newDOQ(r *Resolver, addr, proxyAdapter string) *quicClient {
+	return &quicClient{
+		addr:         addr,
+		r:            r,
+		proxyAdapter: proxyAdapter,
+	}
+}
+
 func (dc *quicClient) Exchange(m *D.Msg) (msg *D.Msg, err error) {
 	return dc.ExchangeContext(context.Background(), m)
 }
@@ -67,7 +81,7 @@ func (dc *quicClient) ExchangeContext(ctx context.Context, m *D.Msg) (msg *D.Msg
 	return reply, nil
 }
 
-func isActive(s quic.Session) bool {
+func isActive(s quic.Connection) bool {
 	select {
 	case <-s.Context().Done():
 		return false
@@ -76,11 +90,11 @@ func isActive(s quic.Session) bool {
 	}
 }
 
-// getSession - opens or returns an existing quic.Session
+// getSession - opens or returns an existing quic.Connection
 // useCached - if true and cached session exists, return it right away
 // otherwise - forcibly creates a new session
-func (dc *quicClient) getSession() (quic.Session, error) {
+func (dc *quicClient) getSession() (quic.Connection, error) {
-	var session quic.Session
+	var session quic.Connection
 	dc.RLock()
 	session = dc.session
 	if session != nil && isActive(session) {
@@ -113,7 +127,7 @@ func (dc *quicClient) getSession() (quic.Session, error) {
 	return session, nil
 }
 
-func (dc *quicClient) openSession() (quic.Session, error) {
+func (dc *quicClient) openSession() (quic.Connection, error) {
 	tlsConfig := &tls.Config{
 		InsecureSkipVerify: true,
 		NextProtos: []string{
@@ -127,7 +141,44 @@ func (dc *quicClient) openSession() (quic.Session, error) {
 	}
 
 	log.Debugln("opening session to %s", dc.addr)
-	session, err := quic.DialAddrContext(context.Background(), dc.addr, tlsConfig, quicConfig)
+	var (
+		udp net.PacketConn
+		err error
+	)
+
+	host, port, err := net.SplitHostPort(dc.addr)
+	if err != nil {
+		return nil, err
+	}
+
+	ip, err := resolver.ResolveIPv4WithResolver(host, dc.r)
+	if err != nil {
+		return nil, err
+	}
+
+	p, err := strconv.Atoi(port)
+	udpAddr := net.UDPAddr{IP: ip.AsSlice(), Port: p}
+
+	if dc.proxyAdapter == "" {
+		udp, err = dialer.ListenPacket(context.Background(), "udp", "")
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		conn, err := dialContextWithProxyAdapter(context.Background(), dc.proxyAdapter, "udp", ip, port)
+		if err != nil {
+			return nil, err
+		}
+
+		wrapConn, ok := conn.(*wrapPacketConn)
+		if !ok {
+			return nil, fmt.Errorf("quio create packet failed")
+		}
+
+		udp = wrapConn.PacketConn
+	}
+
+	session, err := quic.Dial(udp, &udpAddr, host, tlsConfig, quicConfig)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open QUIC session: %w", err)
 	}

dns/enhancer.go

@@ -1,7 +1,7 @@
 package dns
 
 import (
-	"net"
+	"net/netip"
 
 	"github.com/Dreamacro/clash/common/cache"
 	"github.com/Dreamacro/clash/component/fakeip"
@@ -11,7 +11,7 @@ import (
 type ResolverEnhancer struct {
 	mode     C.DNSMode
 	fakePool *fakeip.Pool
-	mapping  *cache.LruCache
+	mapping  *cache.LruCache[netip.Addr, string]
 }
 
 func (h *ResolverEnhancer) FakeIPEnabled() bool {
@@ -22,7 +22,7 @@ func (h *ResolverEnhancer) MappingEnabled() bool {
 	return h.mode == C.DNSFakeIP || h.mode == C.DNSMapping
 }
 
-func (h *ResolverEnhancer) IsExistFakeIP(ip net.IP) bool {
+func (h *ResolverEnhancer) IsExistFakeIP(ip netip.Addr) bool {
 	if !h.FakeIPEnabled() {
 		return false
 	}
@@ -34,31 +34,31 @@ func (h *ResolverEnhancer) IsExistFakeIP(ip net.IP) bool {
 	return false
 }
 
-func (h *ResolverEnhancer) IsFakeIP(ip net.IP) bool {
+func (h *ResolverEnhancer) IsFakeIP(ip netip.Addr) bool {
 	if !h.FakeIPEnabled() {
 		return false
 	}
 
 	if pool := h.fakePool; pool != nil {
-		return pool.IPNet().Contains(ip) && !pool.Gateway().Equal(ip) && !pool.Broadcast().Equal(ip)
+		return pool.IPNet().Contains(ip) && ip != pool.Gateway() && ip != pool.Broadcast()
 	}
 
 	return false
 }
 
-func (h *ResolverEnhancer) IsFakeBroadcastIP(ip net.IP) bool {
+func (h *ResolverEnhancer) IsFakeBroadcastIP(ip netip.Addr) bool {
 	if !h.FakeIPEnabled() {
 		return false
 	}
 
 	if pool := h.fakePool; pool != nil {
-		return pool.Broadcast().Equal(ip)
+		return pool.Broadcast() == ip
 	}
 
 	return false
 }
 
-func (h *ResolverEnhancer) FindHostByIP(ip net.IP) (string, bool) {
+func (h *ResolverEnhancer) FindHostByIP(ip netip.Addr) (string, bool) {
 	if pool := h.fakePool; pool != nil {
 		if host, existed := pool.LookBack(ip); existed {
 			return host, true
@@ -66,14 +66,27 @@ func (h *ResolverEnhancer) FindHostByIP(ip net.IP) (string, bool) {
 	}
 
 	if mapping := h.mapping; mapping != nil {
-		if host, existed := h.mapping.Get(ip.String()); existed {
+		if host, existed := h.mapping.Get(ip); existed {
-			return host.(string), true
+			return host, true
 		}
 	}
 
 	return "", false
 }
 
+func (h *ResolverEnhancer) InsertHostByIP(ip netip.Addr, host string) {
+	if mapping := h.mapping; mapping != nil {
+		h.mapping.Set(ip, host)
+	}
+}
+
+func (h *ResolverEnhancer) FlushFakeIP() error {
+	if h.fakePool != nil {
+		return h.fakePool.FlushFakeIP()
+	}
+	return nil
+}
+
 func (h *ResolverEnhancer) PatchFrom(o *ResolverEnhancer) {
 	if h.mapping != nil && o.mapping != nil {
 		o.mapping.CloneTo(h.mapping)
@@ -84,20 +97,19 @@ func (h *ResolverEnhancer) PatchFrom(o *ResolverEnhancer) {
 	}
 }
 
-func (h *ResolverEnhancer) FlushFakeIP() error {
+func (h *ResolverEnhancer) StoreFakePoolState() {
 	if h.fakePool != nil {
-		return h.fakePool.FlushFakeIP()
+		h.fakePool.StoreState()
 	}
-	return nil
 }
 
 func NewEnhancer(cfg Config) *ResolverEnhancer {
 	var fakePool *fakeip.Pool
-	var mapping *cache.LruCache
+	var mapping *cache.LruCache[netip.Addr, string]
 
 	if cfg.EnhancedMode != C.DNSNormal {
 		fakePool = cfg.Pool
-		mapping = cache.NewLRUCache(cache.WithSize(4096), cache.WithStale(true))
+		mapping = cache.NewLRUCache[netip.Addr, string](cache.WithSize[netip.Addr, string](4096), cache.WithStale[netip.Addr, string](true))
 	}
 
 	return &ResolverEnhancer{

dns/filters.go

@@ -1,18 +1,19 @@
 package dns
 
 import (
+	"net/netip"
+
 	"github.com/Dreamacro/clash/component/geodata"
 	"github.com/Dreamacro/clash/component/geodata/router"
 	"github.com/Dreamacro/clash/component/mmdb"
 	"github.com/Dreamacro/clash/component/trie"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
-	"net"
 	"strings"
 )
 
 type fallbackIPFilter interface {
-	Match(net.IP) bool
+	Match(netip.Addr) bool
 }
 
 type geoipFilter struct {
@@ -21,9 +22,9 @@ type geoipFilter struct {
 
 var geoIPMatcher *router.GeoIPMatcher
 
-func (gf *geoipFilter) Match(ip net.IP) bool {
+func (gf *geoipFilter) Match(ip netip.Addr) bool {
 	if !C.GeodataMode {
-		record, _ := mmdb.Instance().Country(ip)
+		record, _ := mmdb.Instance().Country(ip.AsSlice())
 		return !strings.EqualFold(record.Country.IsoCode, gf.code) && !ip.IsPrivate()
 	}
 
@@ -54,14 +55,14 @@ func (gf *geoipFilter) Match(ip net.IP) bool {
 			return false
 		}
 	}
-	return !geoIPMatcher.Match(ip)
+	return !geoIPMatcher.Match(ip.AsSlice())
 }
 
 type ipnetFilter struct {
-	ipnet *net.IPNet
+	ipnet *netip.Prefix
 }
 
-func (inf *ipnetFilter) Match(ip net.IP) bool {
+func (inf *ipnetFilter) Match(ip netip.Addr) bool {
 	return inf.ipnet.Contains(ip)
 }
 
@@ -70,13 +71,13 @@ type fallbackDomainFilter interface {
 }
 
 type domainFilter struct {
-	tree *trie.DomainTrie
+	tree *trie.DomainTrie[bool]
 }
 
 func NewDomainFilter(domains []string) *domainFilter {
-	df := domainFilter{tree: trie.New()}
+	df := domainFilter{tree: trie.New[bool]()}
 	for _, domain := range domains {
-		df.tree.Insert(domain, "")
+		_ = df.tree.Insert(domain, true)
 	}
 	return &df
 }

dns/middleware.go

@@ -1,11 +1,12 @@
 package dns
 
 import (
-	"net"
+	"net/netip"
 	"strings"
 	"time"
 
 	"github.com/Dreamacro/clash/common/cache"
+	"github.com/Dreamacro/clash/common/nnip"
 	"github.com/Dreamacro/clash/component/fakeip"
 	"github.com/Dreamacro/clash/component/trie"
 	C "github.com/Dreamacro/clash/constant"
@@ -20,7 +21,7 @@ type (
 	middleware func(next handler) handler
 )
 
-func withHosts(hosts *trie.DomainTrie) middleware {
+func withHosts(hosts *trie.DomainTrie[netip.Addr], mapping *cache.LruCache[netip.Addr, string]) middleware {
 	return func(next handler) handler {
 		return func(ctx *context.DNSContext, r *D.Msg) (*D.Msg, error) {
 			q := r.Question[0]
@@ -29,30 +30,36 @@ func withHosts(hosts *trie.DomainTrie) middleware {
 				return next(ctx, r)
 			}
 
-			record := hosts.Search(strings.TrimRight(q.Name, "."))
+			host := strings.TrimRight(q.Name, ".")
+
+			record := hosts.Search(host)
 			if record == nil {
 				return next(ctx, r)
 			}
 
-			ip := record.Data.(net.IP)
+			ip := record.Data
 			msg := r.Copy()
 
-			if v4 := ip.To4(); v4 != nil && q.Qtype == D.TypeA {
+			if ip.Is4() && q.Qtype == D.TypeA {
 				rr := &D.A{}
-				rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeA, Class: D.ClassINET, Ttl: dnsDefaultTTL}
+				rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeA, Class: D.ClassINET, Ttl: 10}
-				rr.A = v4
+				rr.A = ip.AsSlice()
 
 				msg.Answer = []D.RR{rr}
-			} else if v6 := ip.To16(); v6 != nil && q.Qtype == D.TypeAAAA {
+			} else if ip.Is6() && q.Qtype == D.TypeAAAA {
 				rr := &D.AAAA{}
-				rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeAAAA, Class: D.ClassINET, Ttl: dnsDefaultTTL}
+				rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeAAAA, Class: D.ClassINET, Ttl: 10}
-				rr.AAAA = v6
+				rr.AAAA = ip.AsSlice()
 
 				msg.Answer = []D.RR{rr}
 			} else {
 				return next(ctx, r)
 			}
 
+			if mapping != nil {
+				mapping.SetWithExpire(ip, host, time.Now().Add(time.Second*10))
+			}
+
 			ctx.SetType(context.DNSTypeHost)
 			msg.SetRcode(r, D.RcodeSuccess)
 			msg.Authoritative = true
@@ -63,7 +70,7 @@ func withHosts(hosts *trie.DomainTrie) middleware {
 	}
 }
 
-func withMapping(mapping *cache.LruCache) middleware {
+func withMapping(mapping *cache.LruCache[netip.Addr, string]) middleware {
 	return func(next handler) handler {
 		return func(ctx *context.DNSContext, r *D.Msg) (*D.Msg, error) {
 			q := r.Question[0]
@@ -80,21 +87,21 @@ func withMapping(mapping *cache.LruCache) middleware {
 			host := strings.TrimRight(q.Name, ".")
 
 			for _, ans := range msg.Answer {
-				var ip net.IP
+				var ip netip.Addr
 				var ttl uint32
 
 				switch a := ans.(type) {
 				case *D.A:
-					ip = a.A
+					ip = nnip.IpToAddr(a.A)
 					ttl = a.Hdr.Ttl
 				case *D.AAAA:
-					ip = a.AAAA
+					ip = nnip.IpToAddr(a.AAAA)
 					ttl = a.Hdr.Ttl
 				default:
 					continue
 				}
 
-				mapping.SetWithExpire(ip.String(), host, time.Now().Add(time.Second*time.Duration(ttl)))
+				mapping.SetWithExpire(ip, host, time.Now().Add(time.Second*time.Duration(ttl)))
 			}
 
 			return msg, nil
@@ -124,7 +131,7 @@ func withFakeIP(fakePool *fakeip.Pool) middleware {
 			rr := &D.A{}
 			rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeA, Class: D.ClassINET, Ttl: dnsDefaultTTL}
 			ip := fakePool.Lookup(host)
-			rr.A = ip
+			rr.A = ip.AsSlice()
 			msg := r.Copy()
 			msg.Answer = []D.RR{rr}
 
@@ -176,7 +183,7 @@ func NewHandler(resolver *Resolver, mapper *ResolverEnhancer) handler {
 	middlewares := []middleware{}
 
 	if resolver.hosts != nil {
-		middlewares = append(middlewares, withHosts(resolver.hosts))
+		middlewares = append(middlewares, withHosts(resolver.hosts, mapper.mapping))
 	}
 
 	if mapper.mode == C.DNSFakeIP {

dns/patch.go

@@ -1,16 +0,0 @@
-package dns
-
-import D "github.com/miekg/dns"
-
-type LocalServer struct {
-	handler handler
-}
-
-// ServeMsg implement resolver.LocalServer ResolveMsg
-func (s *LocalServer) ServeMsg(msg *D.Msg) (*D.Msg, error) {
-	return handlerWithContext(s.handler, msg)
-}
-
-func NewLocalServer(resolver *Resolver, mapper *ResolverEnhancer) *LocalServer {
-	return &LocalServer{handler: NewHandler(resolver, mapper)}
-}

dns/policy.go

@@ -0,0 +1,30 @@
+package dns
+
+type Policy struct {
+	data []dnsClient
+}
+
+func (p *Policy) GetData() []dnsClient {
+	return p.data
+}
+
+func (p *Policy) Compare(p2 *Policy) int {
+	if p2 == nil {
+		return 1
+	}
+	l1 := len(p.data)
+	l2 := len(p2.data)
+	if l1 == l2 {
+		return 0
+	}
+	if l1 > l2 {
+		return 1
+	}
+	return -1
+}
+
+func NewPolicy(data []dnsClient) *Policy {
+	return &Policy{
+		data: data,
+	}
+}

dns/resolver.go

@@ -4,8 +4,9 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"go.uber.org/atomic"
 	"math/rand"
-	"net"
+	"net/netip"
 	"strings"
 	"time"
 
@@ -33,20 +34,19 @@ type result struct {
 
 type Resolver struct {
 	ipv6                  bool
-	hosts                 *trie.DomainTrie
+	hosts                 *trie.DomainTrie[netip.Addr]
 	main                  []dnsClient
 	fallback              []dnsClient
 	fallbackDomainFilters []fallbackDomainFilter
 	fallbackIPFilters     []fallbackIPFilter
 	group                 singleflight.Group
-	lruCache              *cache.LruCache
+	lruCache              *cache.LruCache[string, *D.Msg]
-	policy                *trie.DomainTrie
+	policy                *trie.DomainTrie[*Policy]
 	proxyServer           []dnsClient
 }
 
-// ResolveIP request with TypeA and TypeAAAA, priority return TypeA
+func (r *Resolver) ResolveAllIPPrimaryIPv4(host string) (ips []netip.Addr, err error) {
-func (r *Resolver) ResolveIP(host string) (ip net.IP, err error) {
+	ch := make(chan []netip.Addr, 1)
-	ch := make(chan net.IP, 1)
 	go func() {
 		defer close(ch)
 		ip, err := r.resolveIP(host, D.TypeAAAA)
@@ -56,7 +56,7 @@ func (r *Resolver) ResolveIP(host string) (ip net.IP, err error) {
 		ch <- ip
 	}()
 
-	ip, err = r.resolveIP(host, D.TypeA)
+	ips, err = r.resolveIP(host, D.TypeA)
 	if err == nil {
 		return
 	}
@@ -69,17 +69,65 @@ func (r *Resolver) ResolveIP(host string) (ip net.IP, err error) {
 	return ip, nil
 }
 
-// ResolveIPv4 request with TypeA
+func (r *Resolver) ResolveAllIP(host string) (ips []netip.Addr, err error) {
-func (r *Resolver) ResolveIPv4(host string) (ip net.IP, err error) {
+	ch := make(chan []netip.Addr, 1)
+	go func() {
+		defer close(ch)
+		ip, err := r.resolveIP(host, D.TypeAAAA)
+		if err != nil {
+			return
+		}
+
+		ch <- ip
+	}()
+
+	ips, err = r.resolveIP(host, D.TypeA)
+
+	ipv6s, open := <-ch
+	if !open && err != nil {
+		return nil, resolver.ErrIPNotFound
+	}
+
+	ips = append(ips, ipv6s...)
+	return ips, nil
+}
+
+func (r *Resolver) ResolveAllIPv4(host string) (ips []netip.Addr, err error) {
 	return r.resolveIP(host, D.TypeA)
 }
 
-// ResolveIPv6 request with TypeAAAA
+func (r *Resolver) ResolveAllIPv6(host string) (ips []netip.Addr, err error) {
-func (r *Resolver) ResolveIPv6(host string) (ip net.IP, err error) {
 	return r.resolveIP(host, D.TypeAAAA)
 }
 
-func (r *Resolver) shouldIPFallback(ip net.IP) bool {
+// ResolveIP request with TypeA and TypeAAAA, priority return TypeA
+func (r *Resolver) ResolveIP(host string) (ip netip.Addr, err error) {
+	if ips, err := r.ResolveAllIPPrimaryIPv4(host); err == nil {
+		return ips[rand.Intn(len(ips))], nil
+	} else {
+		return netip.Addr{}, err
+	}
+}
+
+// ResolveIPv4 request with TypeA
+func (r *Resolver) ResolveIPv4(host string) (ip netip.Addr, err error) {
+	if ips, err := r.ResolveAllIPv4(host); err == nil {
+		return ips[rand.Intn(len(ips))], nil
+	} else {
+		return netip.Addr{}, err
+	}
+}
+
+// ResolveIPv6 request with TypeAAAA
+func (r *Resolver) ResolveIPv6(host string) (ip netip.Addr, err error) {
+	if ips, err := r.ResolveAllIPv6(host); err == nil {
+		return ips[rand.Intn(len(ips))], nil
+	} else {
+		return netip.Addr{}, err
+	}
+}
+
+func (r *Resolver) shouldIPFallback(ip netip.Addr) bool {
 	for _, filter := range r.fallbackIPFilters {
 		if filter.Match(ip) {
 			return true
@@ -100,10 +148,10 @@ func (r *Resolver) ExchangeContext(ctx context.Context, m *D.Msg) (msg *D.Msg, e
 	}
 
 	q := m.Question[0]
-	cache, expireTime, hit := r.lruCache.GetWithExpire(q.String())
+	cacheM, expireTime, hit := r.lruCache.GetWithExpire(q.String())
 	if hit {
 		now := time.Now()
-		msg = cache.(*D.Msg).Copy()
+		msg = cacheM.Copy()
 		if expireTime.Before(now) {
 			setMsgTTL(msg, uint32(1)) // Continue fetch
 			go r.exchangeWithoutCache(ctx, m)
@@ -152,10 +200,10 @@ func (r *Resolver) exchangeWithoutCache(ctx context.Context, m *D.Msg) (msg *D.M
 }
 
 func (r *Resolver) batchExchange(ctx context.Context, clients []dnsClient, m *D.Msg) (msg *D.Msg, err error) {
-	fast, ctx := picker.WithTimeout(ctx, resolver.DefaultDNSTimeout)
+	fast, ctx := picker.WithTimeout[*D.Msg](ctx, resolver.DefaultDNSTimeout)
 	for _, client := range clients {
 		r := client
-		fast.Go(func() (any, error) {
+		fast.Go(func() (*D.Msg, error) {
 			m, err := r.ExchangeContext(ctx, m)
 			if err != nil {
 				return nil, err
@@ -175,7 +223,7 @@ func (r *Resolver) batchExchange(ctx context.Context, clients []dnsClient, m *D.
 		return nil, err
 	}
 
-	msg = elm.(*D.Msg)
+	msg = elm
 	return
 }
 
@@ -194,7 +242,8 @@ func (r *Resolver) matchPolicy(m *D.Msg) []dnsClient {
 		return nil
 	}
 
-	return record.Data.([]dnsClient)
+	p := record.Data
+	return p.GetData()
 }
 
 func (r *Resolver) shouldOnlyQueryFallback(m *D.Msg) bool {
@@ -253,16 +302,16 @@ func (r *Resolver) ipExchange(ctx context.Context, m *D.Msg) (msg *D.Msg, err er
 	return
 }
 
-func (r *Resolver) resolveIP(host string, dnsType uint16) (ip net.IP, err error) {
+func (r *Resolver) resolveIP(host string, dnsType uint16) (ips []netip.Addr, err error) {
-	ip = net.ParseIP(host)
+	ip, err := netip.ParseAddr(host)
-	if ip != nil {
+	if err == nil {
-		isIPv4 := ip.To4() != nil
+		isIPv4 := ip.Is4()
 		if dnsType == D.TypeAAAA && !isIPv4 {
-			return ip, nil
+			return []netip.Addr{ip}, nil
 		} else if dnsType == D.TypeA && isIPv4 {
-			return ip, nil
+			return []netip.Addr{ip}, nil
 		} else {
-			return nil, resolver.ErrIPVersion
+			return []netip.Addr{}, resolver.ErrIPVersion
 		}
 	}
 
@@ -271,16 +320,15 @@ func (r *Resolver) resolveIP(host string, dnsType uint16) (ip net.IP, err error)
 
 	msg, err := r.Exchange(query)
 	if err != nil {
-		return nil, err
+		return []netip.Addr{}, err
 	}
 
-	ips := msgToIP(msg)
+	ips = msgToIP(msg)
 	ipLength := len(ips)
 	if ipLength == 0 {
-		return nil, resolver.ErrIPNotFound
+		return []netip.Addr{}, resolver.ErrIPNotFound
 	}
 
-	ip = ips[rand.Intn(ipLength)]
 	return
 }
 
@@ -309,14 +357,14 @@ func (r *Resolver) HasProxyServer() bool {
 type NameServer struct {
 	Net          string
 	Addr         string
-	Interface    string
+	Interface    *atomic.String
 	ProxyAdapter string
 }
 
 type FallbackFilter struct {
 	GeoIP     bool
 	GeoIPCode string
-	IPCIDR    []*net.IPNet
+	IPCIDR    []*netip.Prefix
 	Domain    []string
 	GeoSite   []*router.DomainMatcher
 }
@@ -329,20 +377,20 @@ type Config struct {
 	EnhancedMode   C.DNSMode
 	FallbackFilter FallbackFilter
 	Pool           *fakeip.Pool
-	Hosts          *trie.DomainTrie
+	Hosts          *trie.DomainTrie[netip.Addr]
 	Policy         map[string]NameServer
 }
 
 func NewResolver(config Config) *Resolver {
 	defaultResolver := &Resolver{
 		main:     transform(config.Default, nil),
-		lruCache: cache.NewLRUCache(cache.WithSize(4096), cache.WithStale(true)),
+		lruCache: cache.NewLRUCache[string, *D.Msg](cache.WithSize[string, *D.Msg](4096), cache.WithStale[string, *D.Msg](true)),
 	}
 
 	r := &Resolver{
 		ipv6:     config.IPv6,
 		main:     transform(config.Main, defaultResolver),
-		lruCache: cache.NewLRUCache(cache.WithSize(4096), cache.WithStale(true)),
+		lruCache: cache.NewLRUCache[string, *D.Msg](cache.WithSize[string, *D.Msg](4096), cache.WithStale[string, *D.Msg](true)),
 		hosts:    config.Hosts,
 	}
 
@@ -355,9 +403,9 @@ func NewResolver(config Config) *Resolver {
 	}
 
 	if len(config.Policy) != 0 {
-		r.policy = trie.New()
+		r.policy = trie.New[*Policy]()
 		for domain, nameserver := range config.Policy {
-			r.policy.Insert(domain, transform([]NameServer{nameserver}, defaultResolver))
+			_ = r.policy.Insert(domain, NewPolicy(transform([]NameServer{nameserver}, defaultResolver)))
 		}
 	}