Feature: add path to script config

script: path: ./script.star
Feature: add match_provider to script shortcuts
2022-06-06 05:20:59 +08:00 · 2022-06-06 04:35:52 +08:00 · 2022-06-06 04:28:54 +08:00 · 2022-06-06 03:22:48 +08:00 · 2022-06-06 03:13:10 +08:00 · 2022-06-06 02:37:10 +08:00
263 changed files with 7966 additions and 10188 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -0,0 +1,76 @@
 name: Bug report
 description: Create a report to help us improve
 title: "[Bug] "
 body:
  - type: checkboxes
    id: ensure
    attributes:
      label: Verify steps
      description: "
 在提交之前，请确认
 Please verify that you've followed these steps
 "
      options:
        - label: "
 如果你可以自己 debug 并解决的话，提交 PR 吧
 Is this something you can **debug and fix**? Send a pull request! Bug fixes and documentation fixes are welcome.
 "
          required: true
        - label: "
 我已经在 [Issue Tracker](……/) 中找过我要提出的问题
 I have searched on the [issue tracker](……/) for a related issue.
 "
          required: true
        - label: "
 我已经使用 dev 分支版本测试过，问题依旧存在
 I have tested using the dev branch, and the issue still exists.
 "
          required: true
        - label: "
 我已经仔细看过 [Documentation](https://github.com/Dreamacro/clash/wiki/) 并无法自行解决问题
 I have read the [documentation](https://github.com/Dreamacro/clash/wiki/) and was unable to solve the issue.
 "
          required: true
        - label: "
 这是 Clash 核心的问题，并非我所使用的 Clash 衍生版本（如 OpenClash、KoolClash 等）的特定问题
 This is an issue of the Clash core *per se*, not to the derivatives of Clash, like OpenClash or KoolClash.
 "
          required: true
  - type: input
    attributes:
      label: Clash version
    validations:
      required: true
  - type: dropdown
    id: os
    attributes:
      label: What OS are you seeing the problem on?
      multiple: true
      options:
        - macOS
        - Windows
        - Linux
        - OpenBSD/FreeBSD
  - type: textarea
    attributes:
      render: yaml
      label: "Clash config"
      description: "
 在下方附上 Clash core 脱敏后配置文件的内容
 Paste the Clash core configuration below.
 "
    validations:
      required: true
  - type: textarea
    attributes:
      render: shell
      label: Clash log
      description: "
 在下方附上 Clash Core 的日志，log level 使用 DEBUG
 Paste the Clash core log below with the log level set to `DEBUG`.
 "
  - type: textarea
    attributes:
      label: Description
    validations:
      required: true
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1,6 @@
 blank_issues_enabled: false
 contact_links:
  - name: Get help in GitHub Discussions
    url: https://github.com/Dreamacro/clash/discussions
    about: Have a question? Not sure if your issue affects everyone reproducibly? The quickest way to get help is on Clash's GitHub Discussions!
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@ -0,0 +1,36 @@
 name: Feature request
 description: Suggest an idea for this project
 title: "[Feature] "
 body:
  - type: checkboxes
    id: ensure
    attributes:
      label: Verify steps
      description: "
 在提交之前，请确认
 Please verify that you've followed these steps
 "
      options:
        - label: "
 我已经在 [Issue Tracker](……/) 中找过我要提出的请求
 I have searched on the [issue tracker](……/) for a related feature request.
 "
          required: true
        - label: "
 我已经仔细看过 [Documentation](https://github.com/Dreamacro/clash/wiki/) 并无法自行解决问题
 I have read the [documentation](https://github.com/Dreamacro/clash/wiki/) and was unable to solve the issue.
 "
          required: true
  - type: textarea
    attributes:
      label: Description
      description: 请详细、清晰地表达你要提出的论述，例如这个问题如何影响到你？你想实现什么功能？目前 Clash Core 的行为是什麽？
    validations:
      required: true
  - type: textarea
    attributes:
      label: Possible Solution
      description: "
 此项非必须，但是如果你有想法的话欢迎提出。
 Not obligatory, but suggest a fix/reason for the bug, or ideas how to implement the addition or change
 "
--- a/.github/workflows/build-windows-amd.yml
+++ b/.github/workflows/build-windows-amd.yml
@ -0,0 +1,142 @@
 name: Build-Windows
 on: [push]
 jobs:
  build:
    runs-on: windows-latest
    steps:
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.18.x
      - name: Check out code into the Go module directory
        uses: actions/checkout@v3
      - name: Go cache paths
        id: go-cache-paths
        run: |
          echo "::set-output name=go-build::$(go env GOCACHE)"
          echo "::set-output name=go-mod::$(go env GOMODCACHE)"
      - name: Cache go module
        uses: actions/cache@v2
        with:
          path: |
            ${{ steps.go-cache-paths.outputs.go-mod }}
            ${{ steps.go-cache-paths.outputs.go-build }}
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Setup Python
        uses: actions/setup-python@v3
        with:
          python-version: '3.9'
          architecture: 'x64'
      - name: Get dependencies, run test
        id: test
        run: |
          cmd /c mklink /J D:\python-amd64 $env:pythonLocation
          echo "::set-output name=file_sha::$(git describe --tags --always)"
          echo "::set-output name=file_date::$(Get-Date -Format 'yyyyMMdd')"
          ((Get-Content -path constant/version.go -Raw) -replace 'unknown version',$(Get-Date -Format 'yyyy.MM.dd')) | Set-Content -Path constant/version.go
          ((Get-Content -path constant/version.go -Raw) -replace 'unknown time',$(Get-Date)) | Set-Content -Path constant/version.go
          # go test
          go test -tags build_actions ./...
      - name: Build
        #if: startsWith(github.ref, 'refs/tags/')
        run: |
          $env:CGO_ENABLED=1; go build -tags build_actions -trimpath -ldflags '-w -s -buildid=' -o bin/clash-plus-pro-windows-amd64.exe
          $env:GOAMD64="v3"; $env:CGO_ENABLED=1; go build -tags build_actions -trimpath -ldflags '-w -s -buildid=' -o bin/clash-plus-pro-windows-amd64-v3.exe
          $version = Get-Date -Format 'yyyy.MM.dd'
          cd bin/
          Compress-Archive -Path clash-plus-pro-windows-amd64.exe -DestinationPath clash-plus-pro-windows-amd64-$version.zip
          Compress-Archive -Path clash-plus-pro-windows-amd64-v3.exe -DestinationPath clash-plus-pro-windows-amd64-v3-$version.zip
          Remove-Item -Force clash-plus-pro-windows-amd64.exe
          Remove-Item -Force clash-plus-pro-windows-amd64-v3.exe
          "$version" | Out-File version.txt -NoNewLine
      - name: Upload files to tag
        if: startsWith(github.ref, 'refs/tags/') == false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          $version = Get-Date -Format 'yyyy.MM.dd'
          $plus_pro = curl `
            -H "Accept: application/vnd.github.v3+json" `
            -H "Authorization: token $env:GITHUB_TOKEN" `
            https://api.github.com/repos/yaling888/clash/releases/tags/plus_pro | ConvertFrom-Json
          $plus_pro_url = $plus_pro.url
          $upload_url = $plus_pro.upload_url
          $plus_pro_upload_url = $upload_url.Substring(0,$upload_url.Length-13)
          curl `
            -X PATCH `
            -H "Accept: application/vnd.github.v3+json" `
            -H "Authorization: token $env:GITHUB_TOKEN" `
            "$plus_pro_url" `
            -d "{`"name`":`"Plus Pro $version`",`"draft`":true}" | Out-Null
          foreach ($asset in $plus_pro.assets)
          {
            curl `
              -X DELETE `
              -H "Accept: application/vnd.github.v3+json" `
              -H "Authorization: token $env:GITHUB_TOKEN" `
              "$($asset.url)" | Out-Null
          }
          curl `
            -X POST `
            -H "Content-Type: application/zip" `
            -T "bin/clash-plus-pro-windows-amd64-$version.zip" `
            -H "Accept: application/vnd.github.v3+json" `
            -H "Authorization: token $env:GITHUB_TOKEN" `
            "$plus_pro_upload_url?name=clash-plus-pro-windows-amd64-$version.zip" | Out-Null
          curl `
            -X POST `
            -H "Content-Type: application/zip" `
            -T "bin/clash-plus-pro-windows-amd64-v3-$version.zip" `
            -H "Accept: application/vnd.github.v3+json" `
            -H "Authorization: token $env:GITHUB_TOKEN" `
            "$plus_pro_upload_url?name=clash-plus-pro-windows-amd64-v3-$version.zip" | Out-Null
          curl `
            -X POST `
            -H "Content-Type: text/plain" `
            -T "bin/version.txt" `
            -H "Accept: application/vnd.github.v3+json" `
            -H "Authorization: token $env:GITHUB_TOKEN" `
            "$plus_pro_upload_url?name=version.txt" | Out-Null
      #- name: Upload files to Artifacts
      #  uses: actions/upload-artifact@v2
      #  with:
      #    name: clash-windows-amd64-${{ steps.test.outputs.file_sha }}-${{ steps.test.outputs.file_date }}
      #    path: |
      #      bin/*
      - name: Upload Release
        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
          files: bin/*
          draft: true
          prerelease: false
          generate_release_notes: false
      #- name: Delete workflow runs
      #  uses: GitRML/delete-workflow-runs@main
      #  with:
      #    retain_days: 1
      #    keep_minimum_runs: 2
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -1,20 +0,0 @@
 name: Build All
 on:
  workflow_dispatch:
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Set up Go
        uses: actions/setup-go@v1
        with:
          go-version: 1.18
      - name: Check out code
        uses: actions/checkout@v1
      - name: Build
        run: make all
      - name: Release
        uses: softprops/action-gh-release@v1
        with:
          files: bin/*
          draft: true
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -0,0 +1,29 @@
 name: CodeQL
 on:
  push:
    branches: [ rm ]
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        language: ['go']
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}
    - name: Autobuild
      uses: github/codeql-action/autobuild@v1
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@ -1,61 +0,0 @@
 name: Docker
 on:
  push:
    branches:
      - Beta
    tags:
      - "v*"
 env:
  REGISTRY: docker.io
 jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      - name: Setup Docker buildx
        uses: docker/setup-buildx-action@v1
        with:
          version: latest
      # Extract metadata (tags, labels) for Docker
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v3
        with:
          images: ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_ACCOUNT }}/${{secrets.DOCKERHUB_REPO}}
      - name: Log into registry
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v1
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
      # Build and push Docker image with Buildx (don't push on PR)
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
        id: build-and-push
        uses: docker/build-push-action@v2
        with:
          context: .
          file: ./Dockerfile
          push: ${{ github.event_name != 'pull_request' }}
          platforms: |
            linux/386
            linux/amd64
            linux/arm64/v8
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -0,0 +1,79 @@
 name: Publish Docker Image
 on:
  push:
    branches:
      - rm
 jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
        with:
          platforms: all
      - name: Set up docker buildx
        id: buildx
        uses: docker/setup-buildx-action@v1
        with:
          version: latest
      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Login to Github Package
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: Dreamacro
          password: ${{ secrets.PACKAGE_TOKEN }}
      - name: Build dev branch and push
        if: github.ref == 'refs/heads/dev'
        uses: docker/build-push-action@v2
        with:
          context: .
          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
          push: true
          tags: 'dreamacro/clash:dev,ghcr.io/dreamacro/clash:dev'
          cache-from: type=gha
          cache-to: type=gha,mode=max
      - name: Get all docker tags
        if: startsWith(github.ref, 'refs/tags/')
        uses: actions/github-script@v6
        id: tags
        with:
          script: |
            const ref = context.payload.ref.replace(/\/?refs\/tags\//, '')
            const tags = [
              'dreamacro/clash:latest',
              `dreamacro/clash:${ref}`,
              'ghcr.io/dreamacro/clash:latest',
              `ghcr.io/dreamacro/clash:${ref}`
            ]
            return tags.join(',')
          result-encoding: string
      - name: Build release and push
        if: startsWith(github.ref, 'refs/tags/')
        uses: docker/build-push-action@v2
        with:
          context: .
          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
          push: true
          tags: ${{steps.tags.outputs.result}}
          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@ -0,0 +1,23 @@
 name: Linter
 on: [push, pull_request]
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Get latest go version
        id: version
        run: |
          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ steps.version.outputs.go_version }}
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
          version: latest
          args: --build-tags=build_local
--- a/.github/workflows/prerelease.yml
+++ b/.github/workflows/prerelease.yml
@ -1,70 +0,0 @@
 name: Prerelease
 on:
  push:
    branches:
      - Alpha
      - Beta
  pull_request:
    branches:
      - Alpha
      - Beta
 jobs:
  Build:
    runs-on: ubuntu-latest
    steps:
      - name: Get latest go version
        id: version
        run: |
          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ steps.version.outputs.go_version }}
      - name: Check out code into the Go module directory
        uses: actions/checkout@v3
      - name: Cache go module
        uses: actions/cache@v2
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Test
        if: ${{github.ref_name=='Beta'}}
        run: |
          go test ./...
      - name: Build
        if: success()
        env:
          NAME: Clash.Meta
          BINDIR: bin
        run: make -j$(($(nproc) + 1)) releases
      - name: Delete current release assets
        uses: andreaswilli/delete-release-assets-action@v2.0.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          tag: Prerelease-${{ github.ref_name }}
          deleteOnlyFromDrafts: false
      - name: Tag Repo
        uses: richardsimko/update-tag@v1
        with:
          tag_name: Prerelease-${{ github.ref_name }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Upload Alpha
        uses: softprops/action-gh-release@v1
        if: ${{  success() }}
        with:
          tag: ${{ github.ref_name }}
          tag_name: Prerelease-${{ github.ref_name }}
          files: bin/*
          prerelease: true
          generate_release_notes: true
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -1,44 +0,0 @@
 name: Release
 on:
  push:
    tags:
      - "v*"
 jobs:
  Build:
    runs-on: ubuntu-latest
    steps:
      - name: Get latest go version
        id: version
        run: |
          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ steps.version.outputs.go_version }}
      - name: Check out code into the Go module directory
        uses: actions/checkout@v3
      - name: Cache go module
        uses: actions/cache@v2
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Test
        run: |
          go test ./...
      - name: Build
        if: success()
        env:
          NAME: Clash.Meta
          BINDIR: bin
        run: make -j$(($(nproc) + 1)) releases
      - name: Upload Release
        uses: softprops/action-gh-release@v1
        if: ${{ success() && startsWith(github.ref, 'refs/tags/')}}
        with:
          tag: ${{ github.ref }}
          files: bin/*
          generate_release_notes: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -0,0 +1,120 @@
 name: Release
 on:
  push:
    branches:
      - rm
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Get latest go version
        id: version
        run: |
          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ steps.version.outputs.go_version }}
      - name: Check out code into the Go module directory
        uses: actions/checkout@v3
      - name: Go cache paths
        id: go-cache-paths
        run: |
          echo "::set-output name=go-build::$(go env GOCACHE)"
          echo "::set-output name=go-mod::$(go env GOMODCACHE)"
      - name: Cache go module
        uses: actions/cache@v2
        with:
          path: |
            ${{ steps.go-cache-paths.outputs.go-mod }}
            ${{ steps.go-cache-paths.outputs.go-build }}
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Setup Python
        uses: actions/setup-python@v2
        with:
          python-version: '3.9'
      - name: Get dependencies, run test
        run: |
          # fetch python cross compile source files
          mkdir -p bin/python/
          cd bin/python/
          curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-darwin-amd64.tar.xz
          curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-darwin-arm64.tar.xz
          curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-windows-amd64.tar.xz
          curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-windows-386.tar.xz
          #curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-linux-amd64.tar.xz
          #curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-linux-arm64.tar.xz
          #curl -LO https://raw.githubusercontent.com/yaling888/snack/main/python-3.9.7-linux-386.tar.xz
          tar -Jxf python-3.9.7-darwin-amd64.tar.xz
          tar -Jxf python-3.9.7-darwin-arm64.tar.xz
          tar -Jxf python-3.9.7-windows-amd64.tar.xz
          tar -Jxf python-3.9.7-windows-386.tar.xz
          #tar -Jxf python-3.9.7-linux-amd64.tar.xz
          #tar -Jxf python-3.9.7-linux-arm64.tar.xz
          #tar -Jxf python-3.9.7-linux-386.tar.xz
          rm python-3.9.7-*.tar.xz
          cd ../../
          # go test
          go test -tags build_local ./...
          # init xgo
          docker pull techknowlogick/xgo:latest
          go install src.techknowlogick.com/xgo@latest
      - name: Build
        #if: startsWith(github.ref, 'refs/tags/')
        env:
          NAME: clash
          BINDIR: bin
        run: |
          make -j releases
          #ls -lahF bin/python/
      - name: Prepare upload
        if: startsWith(github.ref, 'refs/tags/') == false
        run: |
          rm -rf bin/python/
          echo "FILE_DATE=_$(date +"%Y%m%d%H%M")" >> $GITHUB_ENV
          echo "FILE_SHA=$(git describe --tags --always 2>/dev/null)" >> $GITHUB_ENV
      - name: Upload files to Artifacts
        uses: actions/upload-artifact@v2
        if: startsWith(github.ref, 'refs/tags/') == false
        with:
          name: clash_${{ env.FILE_SHA }}${{ env.FILE_DATE }}
          path: |
            bin/*
      - name: Upload Release
        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
          files: bin/*
          draft: true
          prerelease: true
          generate_release_notes: true
      #- name: Delete workflow runs
      #  uses: GitRML/delete-workflow-runs@main
      #  with:
      #    retain_days: 1
      #    keep_minimum_runs: 2
      - name: Remove old Releases
        uses: dev-drprasad/delete-older-releases@v0.2.0
        if: startsWith(github.ref, 'refs/tags/') && !cancelled()
        with:
          keep_latest: 1
          delete_tags: true
          delete_tag_pattern: plus-pro
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -0,0 +1,19 @@
 name: Mark stale issues and pull requests
 on:
  push:
    branches:
      - rm
 jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v5
        with:
          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days'
          days-before-stale: 60
          days-before-close: 5
--- a/.gitignore
+++ b/.gitignore
@ -23,5 +23,3 @@ vendor
 # test suite
 test/config/cache*
 /output
 /.vscode
--- a/28
+++ b/28
@ -1,26 +1,18 @@
 FROM golang:alpine as builder
 RUN apk add --no-cache make git && \
-    mkdir /clash-config && \
+    wget -O /Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb
    wget -O /clash-config/Country.mmdb https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb && \
    wget -O /clash-config/geosite.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat && \
    wget -O /clash-config/geoip.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
 COPY . /clash-src
 WORKDIR /clash-src
-RUN go mod download &&\
+COPY --from=tonistiigi/xx:golang / /
-    make docker &&\
+COPY . /clash-src
-    mv ./bin/Clash.Meta-docker /clash
+RUN go mod download && \
    make docker && \
    mv ./bin/clash-docker /clash
 FROM alpine:latest
-LABEL org.opencontainers.image.source="https://github.com/MetaCubeX/Clash.Meta"
+LABEL org.opencontainers.image.source="https://github.com/Dreamacro/clash"
 RUN apk add --no-cache ca-certificates tzdata
-
+COPY --from=builder /Country.mmdb /root/.config/clash/
-VOLUME ["/root/.config/clash/"]
+COPY --from=builder /clash /
-
+ENTRYPOINT ["/clash"]
 COPY --from=builder /clash-config/ /root/.config/clash/
 COPY --from=builder /clash /clash
 RUN chmod +x /clash
 ENTRYPOINT [ "/clash" ]
--- a/152
+++ b/152
@ -1,129 +1,70 @@
-NAME=Clash.Meta
+GOCMD=go
-BINDIR=bin
+XGOCMD=xgo -go=go-1.18.x
-BRANCH=$(shell git branch --show-current)
+GOBUILD=CGO_ENABLED=1 $(GOCMD) build -trimpath
-ifeq ($(BRANCH),Alpha)
+GOCLEAN=$(GOCMD) clean
-VERSION=alpha-$(shell git rev-parse --short HEAD)
+NAME=clash
-else ifeq ($(BRANCH),Beta)
+BINDIR=$(shell pwd)/bin
-VERSION=beta-$(shell git rev-parse --short HEAD)
+VERSION=$(shell git describe --tags --always 2>/dev/null ||  date +%F)
 else ifeq ($(BRANCH),)
 VERSION=$(shell git describe --tags)
 else
 VERSION=$(shell git rev-parse --short HEAD)
 endif
 BUILDTIME=$(shell date -u)
-GOBUILD=CGO_ENABLED=0 go build -trimpath -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
+BUILD_PACKAGE=.
 RELEASE_LDFLAGS='-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
                		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
                		-w -s -buildid='
 STATIC_LDFLAGS='-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
               		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
               		-extldflags "-static" \
               		-w -s -buildid='
 PLATFORM_LIST = \
 	darwin-amd64 \
 	darwin-arm64 \
-	linux-amd64-compatible \
+	linux-amd64
-	linux-amd64 \
+#	linux-arm64
-	linux-armv5 \
+#	linux-386
 	linux-armv6 \
 	linux-armv7 \
 	linux-arm64 \
 	linux-mips64 \
 	linux-mips64le \
 	linux-mips-softfloat \
 	linux-mips-hardfloat \
 	linux-mipsle-softfloat \
 	linux-mipsle-hardfloat \
 	android-arm64 \
 	freebsd-386 \
 	freebsd-amd64 \
 	freebsd-arm64
 WINDOWS_ARCH_LIST = \
 	windows-386 \
 	windows-amd64-compatible \
 	windows-amd64 \
-	windows-arm64 \
+	windows-386
-    windows-arm32v7
+#	windows-arm64
-all:linux-amd64 linux-arm64\
+all: linux-amd64 darwin-amd64 windows-amd64 # Most used
 	darwin-amd64 darwin-arm64\
 	windows-amd64 windows-arm64\
-docker:
+local:
-	GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	$(GOBUILD) -ldflags $(RELEASE_LDFLAGS) -tags build_local -o $(BINDIR)/$(NAME)-$@
 local-v3:
 	 GOAMD64=v3 $(GOBUILD) -ldflags $(RELEASE_LDFLAGS) -tags build_local -o $(BINDIR)/$(NAME)-$@
 darwin-amd64:
-	GOARCH=amd64 GOOS=darwin GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(RELEASE_LDFLAGS) -targets=darwin-10.12/amd64 $(BUILD_PACKAGE) && \
-
+	mv $(BINDIR)/$(NAME)-darwin-10.12-amd64 $(BINDIR)/$(NAME)-darwin-amd64
 darwin-amd64-compatible:
 	GOARCH=amd64 GOOS=darwin GOAMD64=v2 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 darwin-arm64:
-	GOARCH=arm64 GOOS=darwin $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(RELEASE_LDFLAGS) -targets=darwin-11.1/arm64 $(BUILD_PACKAGE) && \
 	mv $(BINDIR)/$(NAME)-darwin-11.1-arm64 $(BINDIR)/$(NAME)-darwin-arm64
 linux-386:
-	GOARCH=386 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(STATIC_LDFLAGS) -targets=linux/386 $(BUILD_PACKAGE)
 linux-amd64:
-	GOARCH=amd64 GOOS=linux GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	$(GOBUILD) -ldflags $(RELEASE_LDFLAGS) -o $(BINDIR)/$(NAME)-$@
-
+	#GOARCH=amd64 GOOS=linux $(GOBUILD) -ldflags $(RELEASE_LDFLAGS) -o $(BINDIR)/$(NAME)-$@
-linux-amd64-compatible:
+	#$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(STATIC_LDFLAGS) -targets=linux/amd64 $(BUILD_PACKAGE)
 	GOARCH=amd64 GOOS=linux GOAMD64=v2 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-arm64:
-	GOARCH=arm64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(STATIC_LDFLAGS) -targets=linux/arm64 $(BUILD_PACKAGE)
 linux-armv5:
 	GOARCH=arm GOOS=linux GOARM=5 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-armv6:
 	GOARCH=arm GOOS=linux GOARM=6 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-armv7:
 	GOARCH=arm GOOS=linux GOARM=7 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mips-softfloat:
 	GOARCH=mips GOMIPS=softfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mips-hardfloat:
 	GOARCH=mips GOMIPS=hardfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mipsle-softfloat:
 	GOARCH=mipsle GOMIPS=softfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mipsle-hardfloat:
 	GOARCH=mipsle GOMIPS=hardfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mips64:
 	GOARCH=mips64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 linux-mips64le:
 	GOARCH=mips64le GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 android-arm64:
 	GOARCH=arm64 GOOS=android $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 freebsd-386:
 	GOARCH=386 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 freebsd-amd64:
 	GOARCH=amd64 GOOS=freebsd GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 freebsd-arm64:
 	GOARCH=arm64 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 windows-386:
-	GOARCH=386 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(RELEASE_LDFLAGS) -targets=windows-6.0/386 $(BUILD_PACKAGE) && \
 	mv $(BINDIR)/$(NAME)-windows-6.0-386.exe $(BINDIR)/$(NAME)-windows-386.exe
 windows-amd64:
-	GOARCH=amd64 GOOS=windows GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(RELEASE_LDFLAGS) -targets=windows-6.0/amd64 $(BUILD_PACKAGE) && \
 	mv $(BINDIR)/$(NAME)-windows-6.0-amd64.exe $(BINDIR)/$(NAME)-windows-amd64.exe
-windows-amd64-compatible:
+#windows-arm64:
-	GOARCH=amd64 GOOS=windows GOAMD64=v2 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+#	$(XGOCMD) -dest=$(BINDIR) -out=$(NAME) -trimpath=true -ldflags=$(RELEASE_LDFLAGS) -targets=windows/arm64 $(BUILD_PACKAGE)
-
+#	mv $(NAME)-windows-4.0-arm64.exe $(NAME)-windows-arm64.exe
 windows-arm64:
 	GOARCH=arm64 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
 windows-arm32v7:
 	GOARCH=arm GOOS=windows GOARM=7 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
 gz_releases=$(addsuffix .gz, $(PLATFORM_LIST))
 zip_releases=$(addsuffix .zip, $(WINDOWS_ARCH_LIST))
@ -140,10 +81,17 @@ all-arch: $(PLATFORM_LIST) $(WINDOWS_ARCH_LIST)
 releases: $(gz_releases) $(zip_releases)
 vet:
-	go test ./...
+	$(GOCMD) test -tags build_local ./...
 lint:
-	golangci-lint run ./...
+	golangci-lint run --build-tags=build_local ./...
 clean:
-	rm $(BINDIR)/*
+	rm -rf $(BINDIR)/
 	mkdir -p $(BINDIR)
 cleancache:
 	# go build cache may need to cleanup if changing C source code
 	$(GOCLEAN) -cache
 	rm -rf $(BINDIR)/
 	mkdir -p $(BINDIR)
--- a/Meta.png
+++ b/Meta.png
--- a/README.md
+++ b/README.md
@ -1,20 +1,23 @@
 <h1 align="center">
-  <img src="Meta.png" alt="Meta Kennel" width="200">
+  <img src="https://github.com/Dreamacro/clash/raw/master/docs/logo.png" alt="Clash" width="200">
-  <br>Meta Kernel<br>
+  <br>Clash<br>
 </h1>
-<h3 align="center">Another Clash Kernel.</h3>
+<h4 align="center">A rule-based tunnel in Go.</h4>
 <p align="center">
-  <a href="https://goreportcard.com/report/github.com/Clash-Mini/Clash.Meta">
+  <a href="https://github.com/Dreamacro/clash/actions">
-    <img src="https://goreportcard.com/badge/github.com/Clash-Mini/Clash.Meta?style=flat-square">
+    <img src="https://img.shields.io/github/workflow/status/Dreamacro/clash/Go?style=flat-square" alt="Github Actions">
  </a>
  <a href="https://goreportcard.com/report/github.com/Dreamacro/clash">
    <img src="https://goreportcard.com/badge/github.com/Dreamacro/clash?style=flat-square">
  </a>
  <img src="https://img.shields.io/github/go-mod/go-version/Dreamacro/clash?style=flat-square">
-  <a href="https://github.com/Clash-Mini/Clash.Meta/releases">
+  <a href="https://github.com/Dreamacro/clash/releases">
-    <img src="https://img.shields.io/github/release/Clash-Mini/Clash.Meta/all.svg?style=flat-square">
+    <img src="https://img.shields.io/github/release/Dreamacro/clash/all.svg?style=flat-square">
  </a>
-  <a href="https://github.com/Clash-Mini/Clash.Meta">
+  <a href="https://github.com/Dreamacro/clash/releases/tag/premium">
-    <img src="https://img.shields.io/badge/release-Meta-00b4f0?style=flat-square">
+    <img src="https://img.shields.io/badge/release-Premium-00b4f0?style=flat-square">
  </a>
 </p>
@ -33,32 +36,80 @@
 Documentations are now moved to [GitHub Wiki](https://github.com/Dreamacro/clash/wiki).
 ## Advanced usage for this branch
 ### Build
 This branch requires cgo and Python3.9, so make sure you set up Python3.9 before building.
 For example, build on macOS:
 ```sh
 brew update
 brew install python@3.9
 export PKG_CONFIG_PATH=$(find /usr/local/Cellar -name 'pkgconfig' -type d | grep lib/pkgconfig | tr '\n' ':' | sed s/.$//)
 git clone -b plus-pro https://github.com/yaling888/clash.git
 cd clash
 # build
 make local
 # or make local-v3
 ls bin/
 # run
 sudo bin/clash-local
 ```
 ### General configuration
 ```yaml
 sniffing: true # Sniff TLS SNI
 force-cert-verify: true # force verify TLS Certificate, prevent machine-in-the-middle attacks
 ```
 ### MITM configuration
 A root CA certificate is required, the 
 MITM proxy server will generate a CA certificate file and a CA private key file in your Clash home directory, you can use your own certificate replace it. 
 Need to install and trust the CA certificate on the client device, open this URL [http://mitm.clash/cert.crt](http://mitm.clash/cert.crt) by the web browser to install the CA certificate, the host name 'mitm.clash' was always been hijacked.
 NOTE: this feature cannot work on tls pinning
 WARNING: DO NOT USE THIS FEATURE TO BREAK LOCAL LAWS
 ```yaml
 # Port of MITM proxy server on the local end
 mitm-port: 7894
 # Man-In-The-Middle attack
 mitm:
  hosts: # use for others proxy type. E.g: TUN, socks
    - +.example.com
  rules: # rewrite rules
    - '^https?://www\.example\.com/1 url reject' # The "reject" returns HTTP status code 404 with no content.
    - '^https?://www\.example\.com/2 url reject-200' # The "reject-200" returns HTTP status code 200 with no content.
    - '^https?://www\.example\.com/3 url reject-img' # The "reject-img" returns HTTP status code 200 with content of 1px png.
    - '^https?://www\.example\.com/4 url reject-dict' # The "reject-dict" returns HTTP status code 200 with content of empty json object.
    - '^https?://www\.example\.com/5 url reject-array' # The "reject-array" returns HTTP status code 200 with content of empty json array.
    - '^https?://www\.example\.com/(6) url 302 https://www.example.com/new-$1'
    - '^https?://www\.(example)\.com/7 url 307 https://www.$1.com/new-7'
    - '^https?://www\.example\.com/8 url request-header (\r\n)User-Agent:.+(\r\n) request-header $1User-Agent: haha-wriohoh$2' # The "request-header" works for all the http headers not just one single header, so you can match two or more headers including CRLF in one regular expression.
    - '^https?://www\.example\.com/9 url request-body "pos_2":\[.*\],"pos_3" request-body "pos_2":[{"xx": "xx"}],"pos_3"'
    - '^https?://www\.example\.com/10 url response-header (\r\n)Tracecode:.+(\r\n) response-header $1Tracecode: 88888888888$2'
    - '^https?://www\.example\.com/11 url response-body "errmsg":"ok" response-body "errmsg":"not-ok"'
 ```
 ### DNS configuration
 Support resolve ip with a proxy tunnel or interface.
 Support `geosite` with `fallback-filter`.
-Restore `Redir remote resolution`.
+Use `curl -X POST controllerip:port/cache/fakeip/flush` to flush persistence fakeip
-
+ ```yaml
-Support resolve ip with a `Proxy Tunnel`.
+ dns:
 ```yaml
 proxy-groups:
  - name: DNS
    type: url-test
    use:
      - HK
    url: http://cp.cloudflare.com
    interval: 180
    lazy: true
 ```
 ```yaml
 dns:
   enable: true
   use-hosts: true
   ipv6: false
-  enhanced-mode: redir-host
+   enhanced-mode: fake-ip
   fake-ip-range: 198.18.0.1/16
   listen: 127.0.0.1:6868
   default-nameserver:
@ -68,50 +119,111 @@ dns:
     - https://doh.pub/dns-query
     - tls://223.5.5.5:853
   fallback:
-    - 'https://1.0.0.1/dns-query#DNS'  # append the proxy adapter name or group name to the end of DNS URL with '#' prefix.
+     - 'tls://8.8.4.4:853#proxy or interface'
-    - 'tls://8.8.4.4:853#DNS'
+     - 'https://1.0.0.1/dns-query#Proxy'  # append the proxy adapter name to the end of DNS URL with '#' prefix.
   fallback-filter:
     geoip: false
     geosite:
-      - gfw  # `geosite` filter only use fallback server to resolve ip, prevent DNS leaks to unsafe DNS providers.
+       - gfw  # `geosite` filter only use fallback server to resolve ip, prevent DNS leaks to untrusted DNS providers.
     domain:
       - +.example.com
     ipcidr:
       - 0.0.0.0/32
-```
+ ```
 ### TUN configuration
 Simply add the following to the main configuration:
-Supports macOS, Linux and Windows.
+#### NOTE:
-
+> auto-route and auto-detect-interface only available on macOS, Windows and Linux, receive IPv4 traffic
 Built-in [Wintun](https://www.wintun.net) driver.
 ```yaml
 # Enable the TUN listener
 tun:
  enable: true
-  stack: gvisor #  only gvisor
+  stack: system # or gvisor
-  dns-hijack: 
+  # device: tun://utun8 # or fd://xxx, it's optional
-    - 0.0.0.0:53 # additional dns server listen on TUN
+  # dns-hijack:
  #   - 8.8.8.8:53
  #   - tcp://8.8.8.8:53
  #   - any:53
  #   - tcp://any:53
  auto-route: true # auto set global route
  auto-detect-interface: true # conflict with interface-name
 ```
 or
 ```yaml
 interface-name: en0
 tun:
  enable: true
  stack: system # or gvisor
  # dns-hijack:
  #   - 8.8.8.8:53
  #   - tcp://8.8.8.8:53
  auto-route: true # auto set global route
 ```
 It's recommended to use fake-ip mode for the DNS server.
 Clash needs elevated permission to create TUN device:
 ```sh
 $ sudo ./clash
 ```
 Then manually create the default route and DNS server. If your device already has some TUN device, Clash TUN might not work. In this case, fake-ip-filter may helpful.
 Enjoy! :)
 #### For Windows:
 ```yaml
 tun:
  enable: true
  stack: gvisor # or system
  dns-hijack:
    - 198.18.0.2:53 # when `fake-ip-range` is 198.18.0.1/16, should hijack 198.18.0.2:53
  auto-route: true # auto set global route for Windows
  # It is recommended to use `interface-name`
  auto-detect-interface: true # auto detect interface, conflict with `interface-name`
 ```
 Finally, open the Clash
 ### Rules configuration
 - Support rule `GEOSITE`.
- Support rule-providers `RULE-SET`.
+- Support rule `USER-AGENT`.
 - Support `multiport` condition for rule `SRC-PORT` and `DST-PORT`.
 - Support `network` condition for all rules.
 - Support `process` condition for all rules.
 - Support source IPCIDR condition for all rules, just append to the end.
 - The `GEOSITE` databases via https://github.com/Loyalsoldier/v2ray-rules-dat.
 ```yaml
 rules:
-  # network(tcp/udp) condition for all rules
+The `GEOIP` databases via [https://github.com/Loyalsoldier/geoip](https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb).
-  - DOMAIN-SUFFIX,bilibili.com,DIRECT,tcp
+
-  - DOMAIN-SUFFIX,bilibili.com,REJECT,udp
+The `GEOSITE` databases via [https://github.com/Loyalsoldier/v2ray-rules-dat](https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat).
 ```yaml
 mode: rule
 script:
  shortcuts:
    quic: 'network == "udp" and dst_port == 443'
    privacy: '"analytics" in host or "adservice" in host or "firebase" in host or "safebrowsing" in host or "doubleclick" in host'
    BilibiliUdp: |
      network == "udp" and match_provider("geosite:bilibili")
 rules:
  # rule SCRIPT shortcuts
  - SCRIPT,quic,REJECT # Disable QUIC, same as rule "DST-PORT,443,REJECT,udp"
  - SCRIPT,privacy,REJECT
  - SCRIPT,BilibiliUdp,REJECT # same as rule "GEOSITE,bilibili,REJECT,udp"
  # network condition for all rules
  - DOMAIN-SUFFIX,example.com,DIRECT,tcp
  - DOMAIN-SUFFIX,example.com,REJECT,udp
  # process condition for all rules (add 'P:' prefix)
  - DOMAIN-SUFFIX,example.com,REJECT,P:Google Chrome Helper
  # multiport condition for rules SRC-PORT and DST-PORT
  - DST-PORT,123/136/137-139,DIRECT,udp
  # USER-AGENT payload cannot include the comma character, '*' meaning any character.
  - USER-AGENT,*example*,PROXY
  # rule GEOSITE
  - GEOSITE,category-ads-all,REJECT
  - GEOSITE,icloud@cn,DIRECT
@ -127,89 +239,178 @@ rules:
  #- GEOSITE,geolocation-!cn,REJECT,192.168.1.88/32,192.168.1.99/32
  - GEOIP,telegram,PROXY,no-resolve
-  - GEOIP,private,DIRECT,no-resolve
+  - GEOIP,lan,DIRECT,no-resolve
  - GEOIP,cn,DIRECT
  - MATCH,PROXY
 ```
-
+### Script configuration
-### Proxies configuration
+Script enables users to programmatically select a policy for the packets with more flexibility.
 Active health detection `urltest / fallback` (based on tcp handshake, multiple failures within a limited time will actively trigger health detection to use the node)
 Support `Policy Group Filter`
 ```yaml
-proxy-groups:
+mode: script
-  - name: 🚀 HK Group
+script:
-    type: select
+  # path: ./script.star
-    use:
+  code: |
-      - ALL
+    def main(ctx, metadata):
-    filter: 'HK'
+      if metadata["process_name"] == 'apsd':
        return "DIRECT"
-  - name: 🚀 US Group
+      if metadata["network"] == 'udp' and metadata["dst_port"] == 443:
-    type: select
+        return "REJECT"
    use:
      - ALL
    filter: 'US'
-proxy-providers:
+      host = metadata["host"]
-  ALL:
+      for kw in ['analytics', 'adservice', 'firebase', 'bugly', 'safebrowsing', 'doubleclick']:
-    type: http
+        if kw in host:
-    url: "xxxxx"
+          return "REJECT"
    interval: 3600
    path: "xxxxx"
    health-check:
      enable: true
      interval: 600
      url: http://www.gstatic.com/generate_204
      now = time.now()
      if (now.hour < 8 or now.hour > 17) and metadata["src_ip"] == '192.168.1.99':
        return "REJECT"
      if ctx.rule_providers["geosite:category-ads-all"].match(metadata):
        return "REJECT"
      if ctx.rule_providers["geosite:youtube"].match(metadata):
        ctx.log('[Script] domain %s matched youtube' % host)
        return "Proxy"
      if ctx.rule_providers["geosite:geolocation-cn"].match(metadata):
        ctx.log('[Script] domain %s matched geolocation-cn' % host)
        return "DIRECT"
      ip = metadata["dst_ip"] 
      if host != "":
        ip = ctx.resolve_ip(host)
        if ip == "":
          return "Proxy"
      code = ctx.geoip(ip)
      if code == "LAN" or code == "CN":
        return "DIRECT"
      return "Proxy" # default policy for requests which are not matched by any other script
 ```
 the context and metadata
 ```ts
 interface Metadata {
  type: string // socks5、http
  network: string // tcp
  host: string
  process_name: string
  process_path: string
  src_ip: string
  src_port: int
  dst_ip: string
  dst_port: int
 }
 interface Context {
  resolve_ip: (host: string) => string // ip string
  geoip: (ip: string) => string // country code
  log: (log: string) => void
  rule_providers: Record<string, { match: (metadata: Metadata) => boolean }>
 }
 ```
 ### Proxies configuration
 Support outbound protocol `VLESS`.
 Support `Trojan` with XTLS.
-Support outbound transport protocol `VLESS`.
+Support relay `UDP` traffic.
-The XTLS support (TCP/UDP) transport by the XRAY-CORE.
+Support filtering proxy providers in proxy groups.
 Support custom http request header, prefix name and V2Ray subscription URL in proxy providers.
 ```yaml
 proxies:
-  - name: "vless"
+  # VLESS
  - name: "vless-tls"
    type: vless
    server: server
    port: 443
    uuid: uuid
-    servername: example.com # AKA SNI
+    network: tcp
-    # flow: xtls-rprx-direct # xtls-rprx-origin  # enable XTLS
+    servername: example.com
    udp: true
    # skip-cert-verify: true
  - name: "vless-xtls"
    type: vless
    server: server
    port: 443
    uuid: uuid
    network: tcp
    servername: example.com
    flow: xtls-rprx-direct # or xtls-rprx-origin
    # flow-show: true # print the XTLS direction log
    # udp: true
    # skip-cert-verify: true
-  - name: "vless-ws"
+  # Trojan
-    type: vless
+  - name: "trojan-xtls"
    type: trojan
    server: server
    port: 443
-    uuid: uuid
+    password: yourpsk
-    tls: true
+    network: tcp
-    udp: true
+    flow: xtls-rprx-direct # or xtls-rprx-origin
-    network: ws
+    # flow-show: true # print the XTLS direction log
-    servername: example.com # priority over wss host
+    # udp: true
    # sni: example.com # aka server name
    # skip-cert-verify: true
    ws-opts:
      path: /path
      headers: { Host: example.com, Edge: "12a00c4.fm.huawei.com:82897" }
-  - name: "vless-grpc"
+proxy-groups:
-    type: vless
+  # Relay chains the proxies. proxies shall not contain a relay.
-    server: server
+  # Support relay UDP traffic.
-    port: 443
+  # Traffic: clash <-> ss1 <-> trojan <-> vmess <-> ss2 <-> Internet
-    uuid: uuid
+  - name: "relay-udp-over-tcp"
-    tls: true
+    type: relay
-    udp: true
+    proxies:
-    network: grpc
+      - ss1
-    servername: example.com # priority over wss host
+      - trojan
-    # skip-cert-verify: true
+      - vmess
-    grpc-opts: 
+      - ss2
-      grpc-service-name: grpcname
+
  - name: "relay-raw-udp"
    type: relay
    proxies:
      - ss1
      - ss2
      - ss3
  - name: "filtering-proxy-providers"
    type: url-test
    url: "http://www.gstatic.com/generate_204"
    interval: 300
    tolerance: 200
    # lazy: true
    filter: "XXX" # a regular expression
    use:
      - provider1
 proxy-providers:
  provider1:
    type: http
    url: "url" # support V2Ray subscription URL
    interval: 3600
    path: ./providers/provider1.yaml
    # filter: "xxx"
    # prefix-name: "XXX-"
    header:  # custom http request header
      User-Agent:
        - "Clash/v1.10.6"
    #   Accept:
    #     - 'application/vnd.github.v3.raw'
    #   Authorization:
    #     - ' token xxxxxxxxxxx'
    health-check:
      enable: false
      interval: 1200
      # lazy: false # default value is true
      url: http://www.gstatic.com/generate_204
 ```
 ### IPTABLES configuration
@ -223,73 +424,61 @@ iptables:
  enable: true # default is false
  inbound-interface: eth0 # detect the inbound interface, default is 'lo'
 ```
 Run Clash as a daemon.
-
+Create the systemd configuration file at /etc/systemd/system/clash.service:
-### General installation guide for Linux  
+```sh
 + Create user given name `clash-meta`
 + Download and decompress pre-built binaries from [releases](https://github.com/MetaCubeX/Clash.Meta/releases)  
 + Rename executable file to `Clash-Meta` and move to `/usr/local/bin/` 
 + Create folder `/etc/Clash-Meta/` as working directory 
 Run Meta Kernel by user `clash-meta` as a daemon.
 Create the systemd configuration file at `/etc/systemd/system/Clash-Meta.service`:
 ```
 [Unit]
-Description=Clash-Meta Daemon, Another Clash Kernel.
+Description=Clash daemon, A rule-based proxy in Go.
-After=network.target NetworkManager.service systemd-networkd.service iwd.service
+After=network.target
 [Service]
 Type=simple
-User=clash-meta
+CapabilityBoundingSet=cap_net_admin
 Group=clash-meta
 LimitNPROC=500
 LimitNOFILE=1000000
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE
 Restart=always
-ExecStartPre=/usr/bin/sleep 1s
+ExecStart=/usr/local/bin/clash -d /etc/clash
 ExecStart=/usr/local/bin/Clash-Meta -d /etc/Clash-Meta
 [Install]
 WantedBy=multi-user.target
 ```
 Launch clashd on system startup with:
-```shell
+```sh
-$ systemctl enable Clash-Meta
+$ systemctl enable clash
 ```
 Launch clashd immediately with:
-
+```sh
-```shell
+$ systemctl start clash
 $ systemctl start Clash-Meta
 ```
 ### Display Process name
 To display process name online by click [http://yacd.clash-plus.cf](http://yacd.clash-plus.cf) for local API by Safari or [https://yacd.clash-plus.cf](https://yacd.clash-plus.cf) for local API by Chrome.
-Clash add field `Process` to `Metadata` and prepare to get process name for Restful API `GET /connections`.
+You can download the [Dashboard](https://github.com/yaling888/yacd/archive/gh-pages.zip) into Clash home directory:
 ```sh
 $ cd ~/.config/clash
 $ curl -LJ https://github.com/yaling888/yacd/archive/gh-pages.zip -o yacd-gh-pages.zip
 $ unzip yacd-gh-pages.zip
 $ mv yacd-gh-pages dashboard
 ```
-To display process name in GUI please use [Dashboard For Meta](https://github.com/MetaCubeX/clash-dashboard).
+Add to config file:
 ```yaml
 external-controller: 127.0.0.1:9090
 external-ui: dashboard
 ```
 Open [http://127.0.0.1:9090/ui/](http://127.0.0.1:9090/ui/) by web browser.
-![img.png](https://github.com/Clash-Mini/Dashboard/raw/master/View/Dashboard-Process.png)
+## Plus Pro Release
 [Release](https://github.com/yaling888/clash/releases/tag/plus_pro)
 ## Development
-
+If you want to build an application that uses clash as a library, check out the the [GitHub Wiki](https://github.com/Dreamacro/clash/wiki/use-clash-as-a-library)
 If you want to build an application that uses clash as a library, check out the
 the [GitHub Wiki](https://github.com/Dreamacro/clash/wiki/use-clash-as-a-library)
 ## Credits
 * [Dreamacro/clash](https://github.com/Dreamacro/clash)
 * [riobard/go-shadowsocks2](https://github.com/riobard/go-shadowsocks2)
 * [v2ray/v2ray-core](https://github.com/v2ray/v2ray-core)
 * [WireGuard/wireguard-go](https://github.com/WireGuard/wireguard-go)
 * [yaling888/clash-plus-pro](https://github.com/yaling888/clash)
 ## License
--- a/adapter/adapter.go
+++ b/adapter/adapter.go
@ -4,21 +4,19 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"github.com/Dreamacro/clash/common/queue"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"net"
 	"net/http"
 	"net/netip"
 	"net/url"
 	"strings"
 	"time"
 	"github.com/Dreamacro/clash/common/queue"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"go.uber.org/atomic"
 )
 var UnifiedDelay = atomic.NewBool(false)
 type Proxy struct {
 	C.ProxyAdapter
 	history *queue.Queue[C.DelayHistory]
@ -40,11 +38,7 @@ func (p *Proxy) Dial(metadata *C.Metadata) (C.Conn, error) {
 // DialContext implements C.ProxyAdapter
 func (p *Proxy) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	conn, err := p.ProxyAdapter.DialContext(ctx, metadata, opts...)
-	wasCancel := false
+	p.alive.Store(err == nil)
 	if err != nil {
 		wasCancel = strings.Contains(err.Error(), "operation was canceled")
 	}
 	p.alive.Store(err == nil || wasCancel)
 	return conn, err
 }
@ -117,8 +111,6 @@ func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 		}
 	}()
 	unifiedDelay := UnifiedDelay.Load()
 	addr, err := urlToMetadata(url)
 	if err != nil {
 		return
@ -151,32 +143,18 @@ func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 	}
 	client := http.Client{
 		Timeout:   30 * time.Second,
 		Transport: transport,
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {
 			return http.ErrUseLastResponse
 		},
 	}
 	defer client.CloseIdleConnections()
 	resp, err := client.Do(req)
 	if err != nil {
 		return
 	}
 	_ = resp.Body.Close()
 	if unifiedDelay {
 		second := time.Now()
 		resp, err = client.Do(req)
 		if err == nil {
 			_ = resp.Body.Close()
 			start = second
 		}
 	}
 	t = uint16(time.Since(start) / time.Millisecond)
 	return
 }
--- a/adapter/inbound/https.go
+++ b/adapter/inbound/https.go
@ -11,7 +11,7 @@ import (
 // NewHTTPS receive CONNECT request and return ConnContext
 func NewHTTPS(request *http.Request, conn net.Conn) *context.ConnContext {
 	metadata := parseHTTPAddr(request)
-	metadata.Type = C.HTTPS
+	metadata.Type = C.HTTPCONNECT
 	if ip, port, err := parseAddr(conn.RemoteAddr().String()); err == nil {
 		metadata.SrcIP = ip
 		metadata.SrcPort = port
--- a/adapter/inbound/mitm.go
+++ b/adapter/inbound/mitm.go
@ -0,0 +1,22 @@
 package inbound
 import (
 	"net"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/context"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 // NewMitm receive mitm request and return MitmContext
 func NewMitm(target socks5.Addr, source net.Addr, userAgent string, conn net.Conn) *context.ConnContext {
 	metadata := parseSocksAddr(target)
 	metadata.NetWork = C.TCP
 	metadata.Type = C.MITM
 	metadata.UserAgent = userAgent
 	if ip, port, err := parseAddr(source.String()); err == nil {
 		metadata.SrcIP = ip
 		metadata.SrcPort = port
 	}
 	return context.NewConnContext(conn, metadata)
 }
--- a/adapter/inbound/socket.go
+++ b/adapter/inbound/socket.go
@ -2,7 +2,6 @@ package inbound
 import (
 	"net"
 	"net/netip"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/context"
@ -14,38 +13,10 @@ func NewSocket(target socks5.Addr, conn net.Conn, source C.Type) *context.ConnCo
 	metadata := parseSocksAddr(target)
 	metadata.NetWork = C.TCP
 	metadata.Type = source
-	remoteAddr := conn.RemoteAddr()
+	if ip, port, err := parseAddr(conn.RemoteAddr().String()); err == nil {
 	// Filter when net.Addr interface is nil
 	if remoteAddr != nil {
 		if ip, port, err := parseAddr(remoteAddr.String()); err == nil {
 		metadata.SrcIP = ip
 		metadata.SrcPort = port
 	}
 	}
 	return context.NewConnContext(conn, metadata)
 }
 func NewInner(conn net.Conn, dst string, host string) *context.ConnContext {
 	metadata := &C.Metadata{}
 	metadata.NetWork = C.TCP
 	metadata.Type = C.INNER
 	metadata.DNSMode = C.DNSMapping
 	metadata.Host = host
 	metadata.AddrType = C.AtypDomainName
 	metadata.Process = C.ClashName
 	if h, port, err := net.SplitHostPort(dst); err == nil {
 		metadata.DstPort = port
 		if host == "" {
 			if ip, err := netip.ParseAddr(h); err == nil {
 				metadata.DstIP = ip
 				metadata.AddrType = C.AtypIPv4
 				if ip.Is6() {
 					metadata.AddrType = C.AtypIPv6
 				}
 			}
 		}
 	}
 	return context.NewConnContext(conn, metadata)
 }
--- a/adapter/outbound/base.go
+++ b/adapter/outbound/base.go
@ -4,9 +4,8 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
-	"github.com/gofrs/uuid"
+	"io"
 	"net"
 	"strings"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
@ -19,7 +18,6 @@ type Base struct {
 	tp    C.AdapterType
 	udp   bool
 	rmark int
 	id    string
 }
 // Name implements C.ProxyAdapter
@ -27,49 +25,26 @@ func (b *Base) Name() string {
 	return b.name
 }
 // Id implements C.ProxyAdapter
 func (b *Base) Id() string {
 	if b.id == "" {
 		id, err := uuid.NewV6()
 		if err != nil {
 			b.id = b.name
 		} else {
 			b.id = id.String()
 		}
 	}
 	return b.id
 }
 // Type implements C.ProxyAdapter
 func (b *Base) Type() C.AdapterType {
 	return b.tp
 }
 // StreamConn implements C.ProxyAdapter
-func (b *Base) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+func (b *Base) StreamConn(c net.Conn, _ *C.Metadata) (net.Conn, error) {
 	return c, errors.New("no support")
 }
-func (b *Base) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
+// StreamPacketConn implements C.ProxyAdapter
-	return nil, errors.New("no support")
+func (b *Base) StreamPacketConn(c net.Conn, _ *C.Metadata) (net.Conn, error) {
 	return c, errors.New("no support")
 }
 // ListenPacketContext implements C.ProxyAdapter
-func (b *Base) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
+func (b *Base) ListenPacketContext(_ context.Context, _ *C.Metadata, _ ...dialer.Option) (C.PacketConn, error) {
 	return nil, errors.New("no support")
 }
 // ListenPacketOnStreamConn implements C.ProxyAdapter
 func (b *Base) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	return nil, errors.New("no support")
 }
 // SupportUOT implements C.ProxyAdapter
 func (b *Base) SupportUOT() bool {
 	return false
 }
 // SupportUDP implements C.ProxyAdapter
 func (b *Base) SupportUDP() bool {
 	return b.udp
@ -79,7 +54,6 @@ func (b *Base) SupportUDP() bool {
 func (b *Base) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
 		"type": b.Type().String(),
 		"id":   b.Id(),
 	})
 }
@ -89,7 +63,7 @@ func (b *Base) Addr() string {
 }
 // Unwrap implements C.ProxyAdapter
-func (b *Base) Unwrap(metadata *C.Metadata) C.Proxy {
+func (b *Base) Unwrap(_ *C.Metadata) C.Proxy {
 	return nil
 }
@ -134,11 +108,6 @@ func NewBase(opt BaseOption) *Base {
 type conn struct {
 	net.Conn
 	chain C.Chain
 	actualRemoteDestination string
 }
 func (c *conn) RemoteDestination() string {
 	return c.actualRemoteDestination
 }
 // Chains implements C.Connection
@ -152,17 +121,12 @@ func (c *conn) AppendToChains(a C.ProxyAdapter) {
 }
 func NewConn(c net.Conn, a C.ProxyAdapter) C.Conn {
-	return &conn{c, []string{a.Name()}, parseRemoteDestination(a.Addr())}
+	return &conn{c, []string{a.Name()}}
 }
 type packetConn struct {
 	net.PacketConn
 	chain C.Chain
 	actualRemoteDestination string
 }
 func (c *packetConn) RemoteDestination() string {
 	return c.actualRemoteDestination
 }
 // Chains implements C.Connection
@ -175,18 +139,40 @@ func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
-func newPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
+func NewPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
-	return &packetConn{pc, []string{a.Name()}, parseRemoteDestination(a.Addr())}
+	return &packetConn{pc, []string{a.Name()}}
 }
-func parseRemoteDestination(addr string) string {
+type wrapConn struct {
-	if dst, _, err := net.SplitHostPort(addr); err == nil {
+	net.PacketConn
-		return dst
+}
-	} else {
+
-		if addrError, ok := err.(*net.AddrError); ok && strings.Contains(addrError.Err, "missing port") {
+func (*wrapConn) Read([]byte) (int, error) {
-			return dst
+	return 0, io.EOF
-		} else {
+}
-			return ""
+
-		}
+func (*wrapConn) Write([]byte) (int, error) {
 	return 0, io.EOF
 }
 func (*wrapConn) RemoteAddr() net.Addr {
 	return nil
 }
 func WrapConn(packetConn net.PacketConn) net.Conn {
 	return &wrapConn{
 		PacketConn: packetConn,
 	}
 }
 func IsPacketConn(c net.Conn) bool {
 	if _, ok := c.(net.PacketConn); !ok {
 		return false
 	}
 	if ua, ok := c.LocalAddr().(*net.UnixAddr); ok {
 		return ua.Net == "unixgram"
 	}
 	return true
 }
--- a/adapter/outbound/direct.go
+++ b/adapter/outbound/direct.go
@ -3,6 +3,7 @@ package outbound
 import (
 	"context"
 	"net"
 	"net/netip"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
@ -19,18 +20,26 @@ func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata, opts ...
 	if err != nil {
 		return nil, err
 	}
 	tcpKeepAlive(c)
 	if !metadata.DstIP.IsValid() && c.RemoteAddr() != nil {
 		if h, _, err := net.SplitHostPort(c.RemoteAddr().String()); err == nil {
 			metadata.DstIP = netip.MustParseAddr(h)
 		}
 	}
 	return NewConn(c, d), nil
 }
 // ListenPacketContext implements C.ProxyAdapter
-func (d *Direct) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
+func (d *Direct) ListenPacketContext(ctx context.Context, _ *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	opts = append(opts, dialer.WithDirect())
 	pc, err := dialer.ListenPacket(ctx, "udp", "", d.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
 	}
-	return newPacketConn(&directPacketConn{pc}, d), nil
+	return NewPacketConn(&directPacketConn{pc}, d), nil
 }
 type directPacketConn struct {
@ -46,13 +55,3 @@ func NewDirect() *Direct {
 		},
 	}
 }
 func NewCompatible() *Direct {
 	return &Direct{
 		Base: &Base{
 			name: "COMPATIBLE",
 			tp:   C.Compatible,
 			udp:  true,
 		},
 	}
 }
--- a/adapter/outbound/http.go
+++ b/adapter/outbound/http.go
@ -22,7 +22,6 @@ type Http struct {
 	user      string
 	pass      string
 	tlsConfig *tls.Config
 	option    *HttpOption
 }
 type HttpOption struct {
@ -35,7 +34,6 @@ type HttpOption struct {
 	TLS            bool   `proxy:"tls,omitempty"`
 	SNI            string `proxy:"sni,omitempty"`
 	SkipCertVerify bool   `proxy:"skip-cert-verify,omitempty"`
 	Headers        map[string]string `proxy:"headers,omitempty"`
 }
 // StreamConn implements C.ProxyAdapter
@ -86,18 +84,15 @@ func (h *Http) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
 		},
 	}
 	//增加headers
 	if len(h.option.Headers) != 0 {
 		for key, value := range h.option.Headers {
 			req.Header.Add(key, value)
 		}
 	}
 	if h.user != "" && h.pass != "" {
 		auth := h.user + ":" + h.pass
 		req.Header.Add("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(auth)))
 	}
 	if metadata.Type == C.MITM {
 		req.Header.Set("Origin-Request-Source-Address", metadata.SourceAddress())
 	}
 	if err := req.Write(rw); err != nil {
 		return err
 	}
@ -150,6 +145,5 @@ func NewHttp(option HttpOption) *Http {
 		user:      option.UserName,
 		pass:      option.Password,
 		tlsConfig: tlsConfig,
 		option:    &option,
 	}
 }
--- a/adapter/outbound/hysteria.go
+++ b/adapter/outbound/hysteria.go
@ -1,276 +0,0 @@
 package outbound
 import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"regexp"
 	"strconv"
 	"time"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 	"github.com/lucas-clemente/quic-go"
 	"github.com/lucas-clemente/quic-go/congestion"
 	M "github.com/sagernet/sing/common/metadata"
 	hyCongestion "github.com/tobyxdd/hysteria/pkg/congestion"
 	"github.com/tobyxdd/hysteria/pkg/core"
 	"github.com/tobyxdd/hysteria/pkg/obfs"
 	"github.com/tobyxdd/hysteria/pkg/pmtud_fix"
 	"github.com/tobyxdd/hysteria/pkg/transport"
 )
 const (
 	mbpsToBps   = 125000
 	minSpeedBPS = 16384
 	DefaultStreamReceiveWindow     = 15728640 // 15 MB/s
 	DefaultConnectionReceiveWindow = 67108864 // 64 MB/s
 	DefaultMaxIncomingStreams      = 1024
 	DefaultALPN     = "hysteria"
 	DefaultProtocol = "udp"
 )
 var rateStringRegexp = regexp.MustCompile(`^(\d+)\s*([KMGT]?)([Bb])ps$`)
 type Hysteria struct {
 	*Base
 	client *core.Client
 }
 func (h *Hysteria) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	hdc := hyDialerWithContext{
 		ctx: ctx,
 		hyDialer: func() (net.PacketConn, error) {
 			return dialer.ListenPacket(ctx, "udp", "", h.Base.DialOptions(opts...)...)
 		},
 	}
 	tcpConn, err := h.client.DialTCP(metadata.RemoteAddress(), &hdc)
 	if err != nil {
 		return nil, err
 	}
 	return NewConn(tcpConn, h), nil
 }
 func (h *Hysteria) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	hdc := hyDialerWithContext{
 		ctx: ctx,
 		hyDialer: func() (net.PacketConn, error) {
 			return dialer.ListenPacket(ctx, "udp", "", h.Base.DialOptions(opts...)...)
 		},
 	}
 	udpConn, err := h.client.DialUDP(&hdc)
 	if err != nil {
 		return nil, err
 	}
 	return newPacketConn(&hyPacketConn{udpConn}, h), nil
 }
 type HysteriaOption struct {
 	BasicOption
 	Name                string `proxy:"name"`
 	Server              string `proxy:"server"`
 	Port                int    `proxy:"port"`
 	Protocol            string `proxy:"protocol,omitempty"`
 	Up                  string `proxy:"up"`
 	Down                string `proxy:"down"`
 	AuthString          string `proxy:"auth_str,omitempty"`
 	Obfs                string `proxy:"obfs,omitempty"`
 	SNI                 string `proxy:"sni,omitempty"`
 	SkipCertVerify      bool   `proxy:"skip-cert-verify,omitempty"`
 	ALPN                string `proxy:"alpn,omitempty"`
 	CustomCA            string `proxy:"ca,omitempty"`
 	CustomCAString      string `proxy:"ca_str,omitempty"`
 	ReceiveWindowConn   int    `proxy:"recv_window_conn,omitempty"`
 	ReceiveWindow       int    `proxy:"recv_window,omitempty"`
 	DisableMTUDiscovery bool   `proxy:"disable_mtu_discovery,omitempty"`
 }
 func (c *HysteriaOption) Speed() (uint64, uint64, error) {
 	var up, down uint64
 	up = stringToBps(c.Up)
 	if up == 0 {
 		return 0, 0, fmt.Errorf("invaild upload speed: %s", c.Up)
 	}
 	down = stringToBps(c.Down)
 	if down == 0 {
 		return 0, 0, fmt.Errorf("invaild download speed: %s", c.Down)
 	}
 	return up, down, nil
 }
 func NewHysteria(option HysteriaOption) (*Hysteria, error) {
 	clientTransport := &transport.ClientTransport{
 		Dialer: &net.Dialer{
 			Timeout: 8 * time.Second,
 		},
 	}
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	serverName := option.Server
 	if option.SNI != "" {
 		serverName = option.SNI
 	}
 	tlsConfig := &tls.Config{
 		ServerName:         serverName,
 		InsecureSkipVerify: option.SkipCertVerify,
 		MinVersion:         tls.VersionTLS13,
 	}
 	if len(option.ALPN) > 0 {
 		tlsConfig.NextProtos = []string{option.ALPN}
 	} else {
 		tlsConfig.NextProtos = []string{DefaultALPN}
 	}
 	if len(option.CustomCA) > 0 {
 		bs, err := ioutil.ReadFile(option.CustomCA)
 		if err != nil {
 			return nil, fmt.Errorf("hysteria %s load ca error: %w", addr, err)
 		}
 		cp := x509.NewCertPool()
 		if !cp.AppendCertsFromPEM(bs) {
 			return nil, fmt.Errorf("hysteria %s failed to parse ca_str", addr)
 		}
 		tlsConfig.RootCAs = cp
 	} else if option.CustomCAString != "" {
 		cp := x509.NewCertPool()
 		if !cp.AppendCertsFromPEM([]byte(option.CustomCAString)) {
 			return nil, fmt.Errorf("hysteria %s failed to parse ca_str", addr)
 		}
 		tlsConfig.RootCAs = cp
 	}
 	quicConfig := &quic.Config{
 		InitialStreamReceiveWindow:     uint64(option.ReceiveWindowConn),
 		MaxStreamReceiveWindow:         uint64(option.ReceiveWindowConn),
 		InitialConnectionReceiveWindow: uint64(option.ReceiveWindow),
 		MaxConnectionReceiveWindow:     uint64(option.ReceiveWindow),
 		KeepAlive:                      true,
 		DisablePathMTUDiscovery:        option.DisableMTUDiscovery,
 		EnableDatagrams:                true,
 	}
 	if option.Protocol == "" {
 		option.Protocol = DefaultProtocol
 	}
 	if option.ReceiveWindowConn == 0 {
 		quicConfig.InitialStreamReceiveWindow = DefaultStreamReceiveWindow
 		quicConfig.MaxStreamReceiveWindow = DefaultStreamReceiveWindow
 	}
 	if option.ReceiveWindow == 0 {
 		quicConfig.InitialConnectionReceiveWindow = DefaultConnectionReceiveWindow
 		quicConfig.MaxConnectionReceiveWindow = DefaultConnectionReceiveWindow
 	}
 	if !quicConfig.DisablePathMTUDiscovery && pmtud_fix.DisablePathMTUDiscovery {
 		log.Infoln("hysteria: Path MTU Discovery is not yet supported on this platform")
 	}
 	var auth = []byte(option.AuthString)
 	var obfuscator obfs.Obfuscator
 	if len(option.Obfs) > 0 {
 		obfuscator = obfs.NewXPlusObfuscator([]byte(option.Obfs))
 	}
 	up, down, err := option.Speed()
 	if err != nil {
 		return nil, err
 	}
 	client, err := core.NewClient(
 		addr, option.Protocol, auth, tlsConfig, quicConfig, clientTransport, up, down, func(refBPS uint64) congestion.CongestionControl {
 			return hyCongestion.NewBrutalSender(congestion.ByteCount(refBPS))
 		}, obfuscator,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("hysteria %s create error: %w", addr, err)
 	}
 	return &Hysteria{
 		Base: &Base{
 			name:  option.Name,
 			addr:  addr,
 			tp:    C.Hysteria,
 			udp:   true,
 			iface: option.Interface,
 			rmark: option.RoutingMark,
 		},
 		client: client,
 	}, nil
 }
 func stringToBps(s string) uint64 {
 	if s == "" {
 		return 0
 	}
 	// when have not unit, use Mbps
 	if v, err := strconv.Atoi(s); err == nil {
 		return stringToBps(fmt.Sprintf("%d Mbps", v))
 	}
 	m := rateStringRegexp.FindStringSubmatch(s)
 	if m == nil {
 		return 0
 	}
 	var n uint64
 	switch m[2] {
 	case "K":
 		n = 1 << 10
 	case "M":
 		n = 1 << 20
 	case "G":
 		n = 1 << 30
 	case "T":
 		n = 1 << 40
 	default:
 		n = 1
 	}
 	v, _ := strconv.ParseUint(m[1], 10, 64)
 	n = v * n
 	if m[3] == "b" {
 		// Bits, need to convert to bytes
 		n = n >> 3
 	}
 	return n
 }
 type hyPacketConn struct {
 	core.UDPConn
 }
 func (c *hyPacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
 	b, addrStr, err := c.UDPConn.ReadFrom()
 	if err != nil {
 		return
 	}
 	n = copy(p, b)
 	addr = M.ParseSocksaddr(addrStr).UDPAddr()
 	return
 }
 func (c *hyPacketConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
 	err = c.UDPConn.WriteTo(p, M.SocksaddrFromNet(addr).String())
 	if err != nil {
 		return
 	}
 	n = len(p)
 	return
 }
 type hyDialerWithContext struct {
 	hyDialer func() (net.PacketConn, error)
 	ctx      context.Context
 }
 func (h *hyDialerWithContext) ListenPacket() (net.PacketConn, error) {
 	return h.hyDialer()
 }
 func (h *hyDialerWithContext) Context() context.Context {
 	return h.ctx
 }
--- a/adapter/outbound/mitm.go
+++ b/adapter/outbound/mitm.go
@ -0,0 +1,49 @@
 package outbound
 import (
 	"context"
 	"net"
 	"time"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 )
 type Mitm struct {
 	*Base
 	serverAddr      *net.TCPAddr
 	httpProxyClient *Http
 }
 // DialContext implements C.ProxyAdapter
 func (m *Mitm) DialContext(_ context.Context, metadata *C.Metadata, _ ...dialer.Option) (C.Conn, error) {
 	c, err := net.DialTCP("tcp", nil, m.serverAddr)
 	if err != nil {
 		return nil, err
 	}
 	_ = c.SetKeepAlive(true)
 	_ = c.SetKeepAlivePeriod(60 * time.Second)
 	metadata.Type = C.MITM
 	hc, err := m.httpProxyClient.StreamConn(c, metadata)
 	if err != nil {
 		_ = c.Close()
 		return nil, err
 	}
 	return NewConn(hc, m), nil
 }
 func NewMitm(serverAddr string) *Mitm {
 	tcpAddr, _ := net.ResolveTCPAddr("tcp", serverAddr)
 	return &Mitm{
 		Base: &Base{
 			name: "Mitm",
 			tp:   C.Mitm,
 		},
 		serverAddr:      tcpAddr,
 		httpProxyClient: NewHttp(HttpOption{}),
 	}
 }
--- a/adapter/outbound/reject.go
+++ b/adapter/outbound/reject.go
@ -6,22 +6,49 @@ import (
 	"net"
 	"time"
 	"github.com/Dreamacro/clash/common/cache"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 )
 const (
 	rejectCountLimit = 50
 	rejectDelay      = time.Second * 35
 )
 var rejectCounter = cache.NewLRUCache[string, int](cache.WithAge[string, int](15), cache.WithStale[string, int](false), cache.WithSize[string, int](512))
 type Reject struct {
 	*Base
 }
 // DialContext implements C.ProxyAdapter
 func (r *Reject) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	key := metadata.RemoteAddress()
 	count, existed := rejectCounter.Get(key)
 	if !existed {
 		count = 0
 	}
 	count = count + 1
 	rejectCounter.Set(key, count)
 	if count > rejectCountLimit {
 		c, _ := net.Pipe()
 		_ = c.SetDeadline(time.Now().Add(rejectDelay))
 		return NewConn(c, r), nil
 	}
 	return NewConn(&nopConn{}, r), nil
 }
 // ListenPacketContext implements C.ProxyAdapter
 func (r *Reject) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
-	return newPacketConn(&nopPacketConn{}, r), nil
+	return NewPacketConn(&nopPacketConn{}, r), nil
 }
 func NewReject() *Reject {
@ -34,16 +61,6 @@ func NewReject() *Reject {
 	}
 }
 func NewPass() *Reject {
 	return &Reject{
 		Base: &Base{
 			name: "PASS",
 			tp:   C.Pass,
 			udp:  true,
 		},
 	}
 }
 type nopConn struct{}
 func (rw *nopConn) Read(b []byte) (int, error) {
--- a/adapter/outbound/shadowsocks.go
+++ b/adapter/outbound/shadowsocks.go
@ -7,30 +7,19 @@ import (
 	"net"
 	"strconv"
 	"github.com/Dreamacro/clash/common/pool"
 	"github.com/Dreamacro/clash/common/structure"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/shadowsocks/core"
 	obfs "github.com/Dreamacro/clash/transport/simple-obfs"
 	"github.com/Dreamacro/clash/transport/socks5"
 	v2rayObfs "github.com/Dreamacro/clash/transport/v2ray-plugin"
 	"github.com/sagernet/sing-shadowsocks"
 	"github.com/sagernet/sing-shadowsocks/shadowimpl"
 	"github.com/sagernet/sing/common/buf"
 	"github.com/sagernet/sing/common/bufio"
 	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/uot"
 )
 func init() {
 	buf.DefaultAllocator = pool.DefaultAllocator
 }
 type ShadowSocks struct {
 	*Base
-	method shadowsocks.Method
+	cipher core.Cipher
 	option *ShadowSocksOption
 	// obfs
 	obfsMode    string
 	obfsOption  *simpleObfsOption
@ -47,7 +36,6 @@ type ShadowSocksOption struct {
 	UDP        bool           `proxy:"udp,omitempty"`
 	Plugin     string         `proxy:"plugin,omitempty"`
 	PluginOpts map[string]any `proxy:"plugin-opts,omitempty"`
 	UDPOverTCP bool           `proxy:"udp-over-tcp,omitempty"`
 }
 type simpleObfsOption struct {
@ -80,11 +68,24 @@ func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, e
 			return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
 		}
 	}
-	if metadata.NetWork == C.UDP && ss.option.UDPOverTCP {
+	c = ss.cipher.StreamConn(c)
-		metadata.Host = uot.UOTMagicAddress
+	_, err := c.Write(serializesSocksAddr(metadata))
-		metadata.DstPort = "443"
+	return c, err
 }
 // StreamPacketConn implements C.ProxyAdapter
 func (ss *ShadowSocks) StreamPacketConn(c net.Conn, _ *C.Metadata) (net.Conn, error) {
 	if !IsPacketConn(c) {
 		return c, fmt.Errorf("%s connect error: can not convert net.Conn to net.PacketConn", ss.addr)
 	}
-	return ss.method.DialConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
+
 	addr, err := resolveUDPAddr("udp", ss.addr)
 	if err != nil {
 		return c, err
 	}
 	pc := ss.cipher.PacketConn(c.(net.PacketConn))
 	return WrapConn(&ssPacketConn{PacketConn: pc, rAddr: addr}), nil
 }
 // DialContext implements C.ProxyAdapter
@ -103,43 +104,25 @@ func (ss *ShadowSocks) DialContext(ctx context.Context, metadata *C.Metadata, op
 // ListenPacketContext implements C.ProxyAdapter
 func (ss *ShadowSocks) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
 	if ss.option.UDPOverTCP {
 		tcpConn, err := ss.DialContext(ctx, metadata, opts...)
 		if err != nil {
 			return nil, err
 		}
 		return newPacketConn(uot.NewClientConn(tcpConn), ss), nil
 	}
 	pc, err := dialer.ListenPacket(ctx, "udp", "", ss.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
 	}
-	addr, err := resolveUDPAddr("udp", ss.addr)
+	c, err := ss.StreamPacketConn(WrapConn(pc), metadata)
 	if err != nil {
-		pc.Close()
+		_ = pc.Close()
 		return nil, err
 	}
 	pc = ss.method.DialPacketConn(&bufio.BindPacketConn{PacketConn: pc, Addr: addr})
 	return newPacketConn(pc, ss), nil
 }
-// ListenPacketOnStreamConn implements C.ProxyAdapter
+	return NewPacketConn(c.(net.PacketConn), ss), nil
 func (ss *ShadowSocks) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	if ss.option.UDPOverTCP {
 		return newPacketConn(uot.NewClientConn(c), ss), nil
 	}
 	return nil, errors.New("no support")
 }
 // SupportUOT implements C.ProxyAdapter
 func (ss *ShadowSocks) SupportUOT() bool {
 	return ss.option.UDPOverTCP
 }
 func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
-	method, err := shadowimpl.FetchMethod(option.Cipher, option.Password)
+	cipher := option.Cipher
 	password := option.Password
 	ciph, err := core.PickCipher(cipher, nil, password)
 	if err != nil {
 		return nil, fmt.Errorf("ss %s initialize error: %w", addr, err)
 	}
@ -192,9 +175,8 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 			iface: option.Interface,
 			rmark: option.RoutingMark,
 		},
-		method: method,
+		cipher: ciph,
 		option:      &option,
 		obfsMode:    obfsMode,
 		v2rayOption: v2rayOption,
 		obfsOption:  obfsOption,
--- a/adapter/outbound/shadowsocksr.go
+++ b/adapter/outbound/shadowsocksr.go
@ -58,6 +58,22 @@ func (ssr *ShadowSocksR) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn,
 	return c, err
 }
 // StreamPacketConn implements C.ProxyAdapter
 func (ssr *ShadowSocksR) StreamPacketConn(c net.Conn, _ *C.Metadata) (net.Conn, error) {
 	if !IsPacketConn(c) {
 		return c, fmt.Errorf("%s connect error: can not convert net.Conn to net.PacketConn", ssr.addr)
 	}
 	addr, err := resolveUDPAddr("udp", ssr.addr)
 	if err != nil {
 		return c, err
 	}
 	pc := ssr.cipher.PacketConn(c.(net.PacketConn))
 	pc = ssr.protocol.PacketConn(pc)
 	return WrapConn(&ssPacketConn{PacketConn: pc, rAddr: addr}), nil
 }
 // DialContext implements C.ProxyAdapter
 func (ssr *ShadowSocksR) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	c, err := dialer.DialContext(ctx, "tcp", ssr.addr, ssr.Base.DialOptions(opts...)...)
@ -79,15 +95,13 @@ func (ssr *ShadowSocksR) ListenPacketContext(ctx context.Context, metadata *C.Me
 		return nil, err
 	}
-	addr, err := resolveUDPAddr("udp", ssr.addr)
+	c, err := ssr.StreamPacketConn(WrapConn(pc), metadata)
 	if err != nil {
-		pc.Close()
+		_ = pc.Close()
 		return nil, err
 	}
-	pc = ssr.cipher.PacketConn(pc)
+	return NewPacketConn(c.(net.PacketConn), ssr), nil
 	pc = ssr.protocol.PacketConn(pc)
 	return newPacketConn(&ssPacketConn{PacketConn: pc, rAddr: addr}, ssr), nil
 }
 func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
--- a/adapter/outbound/snell.go
+++ b/adapter/outbound/snell.go
@ -53,15 +53,23 @@ func streamConn(c net.Conn, option streamOption) *snell.Snell {
 // StreamConn implements C.ProxyAdapter
 func (s *Snell) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
 	if metadata.NetWork == C.UDP {
 		err := snell.WriteUDPHeader(c, s.version)
 		return c, err
 	}
 	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
 	err := snell.WriteHeader(c, metadata.String(), uint(port), s.version)
 	return c, err
 }
 // StreamPacketConn implements C.ProxyAdapter
 func (s *Snell) StreamPacketConn(c net.Conn, _ *C.Metadata) (net.Conn, error) {
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
 	err := snell.WriteUDPHeader(c, s.version)
 	if err != nil {
 		return c, err
 	}
 	return WrapConn(snell.PacketConn(c)), nil
 }
 // DialContext implements C.ProxyAdapter
 func (s *Snell) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	if s.version == snell.Version2 && len(opts) == 0 {
@ -72,7 +80,7 @@ func (s *Snell) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 		port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
 		if err = snell.WriteHeader(c, metadata.String(), uint(port), s.version); err != nil {
-			c.Close()
+			_ = c.Close()
 			return nil, err
 		}
 		return NewConn(c, s), err
@ -97,26 +105,14 @@ func (s *Snell) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 		return nil, err
 	}
 	tcpKeepAlive(c)
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
-	err = snell.WriteUDPHeader(c, s.version)
+	pc, err := s.StreamPacketConn(c, metadata)
 	if err != nil {
 		_ = c.Close()
 		return nil, err
 	}
-	pc := snell.PacketConn(c)
+	return NewPacketConn(pc.(net.PacketConn), s), nil
 	return newPacketConn(pc, s), nil
 }
 // ListenPacketOnStreamConn implements C.ProxyAdapter
 func (s *Snell) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	pc := snell.PacketConn(c)
 	return newPacketConn(pc, s), nil
 }
 // SupportUOT implements C.ProxyAdapter
 func (s *Snell) SupportUOT() bool {
 	return true
 }
 func NewSnell(option SnellOption) (*Snell, error) {
--- a/adapter/outbound/socks5.go
+++ b/adapter/outbound/socks5.go
@ -37,12 +37,59 @@ type Socks5Option struct {
 // StreamConn implements C.ProxyAdapter
 func (ss *Socks5) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	c, _, err = ss.streamConn(c, metadata)
 	return c, err
 }
 func (ss *Socks5) StreamSocks5PacketConn(c net.Conn, pc net.PacketConn, metadata *C.Metadata) (net.PacketConn, error) {
 	if c == nil {
 		return pc, fmt.Errorf("%s connect error: parameter net.Conn is nil", ss.addr)
 	}
 	if pc == nil {
 		return pc, fmt.Errorf("%s connect error: parameter net.PacketConn is nil", ss.addr)
 	}
 	cc, bindAddr, err := ss.streamConn(c, metadata)
 	if err != nil {
 		return pc, err
 	}
 	c = cc
 	go func() {
 		_, _ = io.Copy(io.Discard, c)
 		_ = c.Close()
 		// A UDP association terminates when the TCP connection that the UDP
 		// ASSOCIATE request arrived on terminates. RFC1928
 		_ = pc.Close()
 	}()
 	// Support unspecified UDP bind address.
 	bindUDPAddr := bindAddr.UDPAddr()
 	if bindUDPAddr == nil {
 		return pc, errors.New("invalid UDP bind address")
 	} else if bindUDPAddr.IP.IsUnspecified() {
 		serverAddr, err := resolveUDPAddr("udp", ss.Addr())
 		if err != nil {
 			return pc, err
 		}
 		bindUDPAddr.IP = serverAddr.IP
 	}
 	return &socksPacketConn{PacketConn: pc, rAddr: bindUDPAddr, tcpConn: c}, nil
 }
 func (ss *Socks5) streamConn(c net.Conn, metadata *C.Metadata) (_ net.Conn, bindAddr socks5.Addr, err error) {
 	if ss.tls {
 		cc := tls.Client(c, ss.tlsConfig)
 		err := cc.Handshake()
 		c = cc
 		if err != nil {
-			return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
+			return c, nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
 		}
 	}
@ -53,10 +100,14 @@ func (ss *Socks5) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 			Password: ss.pass,
 		}
 	}
-	if _, err := socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdConnect, user); err != nil {
+
-		return nil, err
+	if metadata.NetWork == C.UDP {
 		bindAddr, err = socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdUDPAssociate, user)
 	} else {
 		bindAddr, err = socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdConnect, user)
 	}
-	return c, nil
+
 	return c, bindAddr, err
 }
 // DialContext implements C.ProxyAdapter
@ -81,61 +132,24 @@ func (ss *Socks5) DialContext(ctx context.Context, metadata *C.Metadata, opts ..
 func (ss *Socks5) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
 	c, err := dialer.DialContext(ctx, "tcp", ss.addr, ss.Base.DialOptions(opts...)...)
 	if err != nil {
-		err = fmt.Errorf("%s connect error: %w", ss.addr, err)
+		return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
 		return
 	}
 	if ss.tls {
 		cc := tls.Client(c, ss.tlsConfig)
 		err = cc.Handshake()
 		c = cc
 	}
 	defer safeConnClose(c, err)
 	tcpKeepAlive(c)
 	var user *socks5.User
 	if ss.user != "" {
 		user = &socks5.User{
 			Username: ss.user,
 			Password: ss.pass,
 		}
 	}
 	bindAddr, err := socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdUDPAssociate, user)
 	if err != nil {
 		err = fmt.Errorf("client hanshake error: %w", err)
 		return
 	}
 	pc, err := dialer.ListenPacket(ctx, "udp", "", ss.Base.DialOptions(opts...)...)
 	if err != nil {
 		return
 	}
-	go func() {
+	tcpKeepAlive(c)
 		io.Copy(io.Discard, c)
 		c.Close()
 		// A UDP association terminates when the TCP connection that the UDP
 		// ASSOCIATE request arrived on terminates. RFC1928
 		pc.Close()
 	}()
-	// Support unspecified UDP bind address.
+	pc, err = ss.StreamSocks5PacketConn(c, pc, metadata)
 	bindUDPAddr := bindAddr.UDPAddr()
 	if bindUDPAddr == nil {
 		err = errors.New("invalid UDP bind address")
 		return
 	} else if bindUDPAddr.IP.IsUnspecified() {
 		serverAddr, err := resolveUDPAddr("udp", ss.Addr())
 	if err != nil {
-			return nil, err
+		return
 	}
-		bindUDPAddr.IP = serverAddr.IP
+	return NewPacketConn(pc, ss), nil
 	}
 	return newPacketConn(&socksPacketConn{PacketConn: pc, rAddr: bindUDPAddr, tcpConn: c}, ss), nil
 }
 func NewSocks5(option Socks5Option) *Socks5 {
@ -199,6 +213,6 @@ func (uc *socksPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 }
 func (uc *socksPacketConn) Close() error {
-	uc.tcpConn.Close()
+	_ = uc.tcpConn.Close()
 	return uc.PacketConn.Close()
 }
--- a/adapter/outbound/trojan.go
+++ b/adapter/outbound/trojan.go
@ -13,6 +13,8 @@ import (
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/trojan"
 	"github.com/Dreamacro/clash/transport/vless"
 	"golang.org/x/net/http2"
 )
 type Trojan struct {
@ -23,7 +25,7 @@ type Trojan struct {
 	// for gun mux
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
-	transport    *gun.TransportWrap
+	transport    *http2.Transport
 }
 type TrojanOption struct {
@ -70,8 +72,7 @@ func (t *Trojan) plainStream(c net.Conn) (net.Conn, error) {
 	return t.instance.StreamConn(c)
 }
-// StreamConn implements C.ProxyAdapter
+func (t *Trojan) trojanStream(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	if t.transport != nil {
 		c, err = gun.StreamGunWithConn(c, t.gunTLSConfig, t.gunConfig)
@ -83,43 +84,63 @@ func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
-	c, err = t.instance.PresetXTLSConn(c)
+	c, err = t.instance.PrepareXTLSConn(c)
 	if err != nil {
-		return nil, err
+		return c, err
 	}
 	if metadata.NetWork == C.UDP {
 		err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
 		return c, err
 	}
 	err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata))
 	return c, err
 }
 // StreamConn implements C.ProxyAdapter
 func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	return t.trojanStream(c, metadata)
 }
 // StreamPacketConn implements C.ProxyAdapter
 func (t *Trojan) StreamPacketConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	c, err = t.trojanStream(c, metadata)
 	if err != nil {
 		return c, err
 	}
 	pc := t.instance.PacketConn(c)
 	return WrapConn(pc), nil
 }
 // DialContext implements C.ProxyAdapter
 func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	var c net.Conn
 	// gun transport
 	if t.transport != nil && len(opts) == 0 {
-		c, err := gun.StreamGunWithTransport(t.transport, t.gunConfig)
+		c, err = gun.StreamGunWithTransport(t.transport, t.gunConfig)
 		if err != nil {
 			return nil, err
 		}
-		c, err = t.instance.PresetXTLSConn(c)
+		defer safeConnClose(c, err)
 		c, err = t.instance.PrepareXTLSConn(c)
 		if err != nil {
 			c.Close()
 			return nil, err
 		}
 		if err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata)); err != nil {
 			c.Close()
 			return nil, err
 		}
 		return NewConn(c, t), nil
 	}
-	c, err := dialer.DialContext(ctx, "tcp", t.addr, t.Base.DialOptions(opts...)...)
+	c, err = dialer.DialContext(ctx, "tcp", t.addr, t.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
@ -139,44 +160,44 @@ func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata, opts ...
 func (t *Trojan) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
 	var c net.Conn
-	// grpc transport
+	// gun transport
 	if t.transport != nil && len(opts) == 0 {
 		c, err = gun.StreamGunWithTransport(t.transport, t.gunConfig)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 		}
 		defer safeConnClose(c, err)
 	} else {
 		c, err = dialer.DialContext(ctx, "tcp", t.addr, t.Base.DialOptions(opts...)...)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 		}
 		defer safeConnClose(c, err)
 		tcpKeepAlive(c)
 		c, err = t.plainStream(c)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 		}
 	}
 	err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
 		if err != nil {
 			return nil, err
 		}
-	pc := t.instance.PacketConn(c)
+		defer safeConnClose(c, err)
 	return newPacketConn(pc, t), err
 }
-// ListenPacketOnStreamConn implements C.ProxyAdapter
+		c, err = t.instance.PrepareXTLSConn(c)
-func (t *Trojan) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
+		if err != nil {
-	pc := t.instance.PacketConn(c)
+			return nil, err
-	return newPacketConn(pc, t), err
+		}
 }
-// SupportUOT implements C.ProxyAdapter
+		if err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata)); err != nil {
-func (t *Trojan) SupportUOT() bool {
+			return nil, err
-	return true
+		}
 		pc := t.instance.PacketConn(c)
 		return NewPacketConn(pc, t), nil
 	}
 	c, err = dialer.DialContext(ctx, "tcp", t.addr, t.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
 	tcpKeepAlive(c)
 	defer safeConnClose(c, err)
 	c, err = t.StreamPacketConn(c, metadata)
 	if err != nil {
 		return nil, err
 	}
 	return NewPacketConn(c.(net.PacketConn), t), nil
 }
 func NewTrojan(option TrojanOption) (*Trojan, error) {
--- a/adapter/outbound/util.go
+++ b/adapter/outbound/util.go
@ -2,11 +2,8 @@ package outbound
 import (
 	"bytes"
 	"crypto/tls"
 	xtls "github.com/xtls/go"
 	"net"
 	"strconv"
 	"sync"
 	"time"
 	"github.com/Dreamacro/clash/component/resolver"
@ -14,12 +11,6 @@ import (
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 var (
 	globalClientSessionCache  tls.ClientSessionCache
 	globalClientXSessionCache xtls.ClientSessionCache
 	once                      sync.Once
 )
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
 		_ = tcp.SetKeepAlive(true)
@ -27,20 +18,6 @@ func tcpKeepAlive(c net.Conn) {
 	}
 }
 func getClientSessionCache() tls.ClientSessionCache {
 	once.Do(func() {
 		globalClientSessionCache = tls.NewLRUClientSessionCache(128)
 	})
 	return globalClientSessionCache
 }
 func getClientXSessionCache() xtls.ClientSessionCache {
 	once.Do(func() {
 		globalClientXSessionCache = xtls.NewLRUClientSessionCache(128)
 	})
 	return globalClientXSessionCache
 }
 func serializesSocksAddr(metadata *C.Metadata) []byte {
 	var buf [][]byte
 	aType := uint8(metadata.AddrType)
@ -75,7 +52,7 @@ func resolveUDPAddr(network, address string) (*net.UDPAddr, error) {
 }
 func safeConnClose(c net.Conn, err error) {
-	if err != nil {
+	if err != nil && c != nil {
 		_ = c.Close()
 	}
 }
--- a/adapter/outbound/vless.go
+++ b/adapter/outbound/vless.go
@ -6,7 +6,6 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"github.com/Dreamacro/clash/common/convert"
 	"io"
 	"net"
 	"net/http"
@ -19,6 +18,8 @@ import (
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/vless"
 	"github.com/Dreamacro/clash/transport/vmess"
 	"golang.org/x/net/http2"
 )
 const (
@ -34,7 +35,7 @@ type Vless struct {
 	// for gun mux
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
-	transport    *gun.TransportWrap
+	transport    *http2.Transport
 }
 type VlessOption struct {
@ -45,7 +46,6 @@ type VlessOption struct {
 	UUID           string            `proxy:"uuid"`
 	Flow           string            `proxy:"flow,omitempty"`
 	FlowShow       bool              `proxy:"flow-show,omitempty"`
 	TLS            bool              `proxy:"tls,omitempty"`
 	UDP            bool              `proxy:"udp,omitempty"`
 	Network        string            `proxy:"network,omitempty"`
 	HTTPOpts       HTTPOptions       `proxy:"http-opts,omitempty"`
@ -58,10 +58,17 @@ type VlessOption struct {
 	ServerName     string            `proxy:"servername,omitempty"`
 }
 // StreamConn implements C.ProxyAdapter
 func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	switch v.option.Network {
 	case "ws":
 		if v.option.WSOpts.Path == "" {
 			v.option.WSOpts.Path = v.option.WSPath
 		}
 		if len(v.option.WSOpts.Headers) == 0 {
 			v.option.WSOpts.Headers = v.option.WSHeaders
 		}
 		host, port, _ := net.SplitHostPort(v.addr)
 		wsOpts := &vmess.WebsocketConfig{
@ -70,15 +77,16 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			Path:                v.option.WSOpts.Path,
 			MaxEarlyData:        v.option.WSOpts.MaxEarlyData,
 			EarlyDataHeaderName: v.option.WSOpts.EarlyDataHeaderName,
 			Headers:             http.Header{},
 		}
 		if len(v.option.WSOpts.Headers) != 0 {
 			header := http.Header{}
 			for key, value := range v.option.WSOpts.Headers {
-				wsOpts.Headers.Add(key, value)
+				header.Add(key, value)
 			}
 			wsOpts.Headers = header
 		}
-		if v.option.TLS {
+
 		wsOpts.TLS = true
 		wsOpts.TLSConfig = &tls.Config{
 			MinVersion:         tls.VersionTLS12,
@ -91,12 +99,7 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 		} else if host := wsOpts.Headers.Get("Host"); host != "" {
 			wsOpts.TLSConfig.ServerName = host
 		}
-		} else {
+
 			if host := wsOpts.Headers.Get("Host"); host == "" {
 				wsOpts.Headers.Set("Host", convert.RandHost())
 				convert.SetUserAgent(wsOpts.Headers)
 			}
 		}
 		c, err = vmess.StreamWebsocketConn(c, wsOpts)
 	case "http":
 		// readability first, so just copy default TLS logic
@ -145,6 +148,26 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	return v.client.StreamConn(c, parseVlessAddr(metadata))
 }
 // StreamPacketConn implements C.ProxyAdapter
 func (v *Vless) StreamPacketConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	// vmess use stream-oriented udp with a special address, so we needs a net.UDPAddr
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(metadata.Host)
 		if err != nil {
 			return nil, errors.New("can't resolve ip")
 		}
 		metadata.DstIP = ip
 	}
 	var err error
 	c, err = v.StreamConn(c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("new vmess client error: %v", err)
 	}
 	return WrapConn(&vlessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}), nil
 }
 func (v *Vless) streamTLSOrXTLSConn(conn net.Conn, isH2 bool) (net.Conn, error) {
 	host, _, _ := net.SplitHostPort(v.addr)
@ -164,7 +187,7 @@ func (v *Vless) streamTLSOrXTLSConn(conn net.Conn, isH2 bool) (net.Conn, error)
 		return vless.StreamXTLSConn(conn, &xtlsOpts)
-	} else if v.option.TLS {
+	} else {
 		tlsOpts := vmess.TLSConfig{
 			Host:           host,
 			SkipCertVerify: v.option.SkipCertVerify,
@ -180,8 +203,6 @@ func (v *Vless) streamTLSOrXTLSConn(conn net.Conn, isH2 bool) (net.Conn, error)
 		return vmess.StreamTLSConn(conn, &tlsOpts)
 	}
 	return conn, nil
 }
 func (v *Vless) isXTLSEnabled() bool {
@ -219,6 +240,9 @@ func (v *Vless) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 // ListenPacketContext implements C.ProxyAdapter
 func (v *Vless) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
 	var c net.Conn
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
 		// vless use stream-oriented udp with a special address, so we needs a net.UDPAddr
 		if !metadata.Resolved() {
 			ip, err := resolver.ResolveIP(metadata.Host)
@ -228,9 +252,6 @@ func (v *Vless) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 			metadata.DstIP = ip
 		}
 	var c net.Conn
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
 		c, err = gun.StreamGunWithTransport(v.transport, v.gunConfig)
 		if err != nil {
 			return nil, err
@ -238,32 +259,27 @@ func (v *Vless) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 		defer safeConnClose(c, err)
 		c, err = v.client.StreamConn(c, parseVlessAddr(metadata))
 	} else {
 		c, err = dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 		}
 		tcpKeepAlive(c)
 		defer safeConnClose(c, err)
 		c, err = v.StreamConn(c, metadata)
 	}
 		if err != nil {
 			return nil, fmt.Errorf("new vless client error: %v", err)
 		}
-	return v.ListenPacketOnStreamConn(c, metadata)
+		return NewPacketConn(&vlessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
-}
+	}
-// ListenPacketOnStreamConn implements C.ProxyAdapter
+	c, err = dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
-func (v *Vless) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	if err != nil {
-	return newPacketConn(&vlessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
+		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
-}
+	}
-// SupportUOT implements C.ProxyAdapter
+	tcpKeepAlive(c)
-func (v *Vless) SupportUOT() bool {
+	defer safeConnClose(c, err)
-	return true
+
 	c, err = v.StreamPacketConn(c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("new vless client error: %v", err)
 	}
 	return NewPacketConn(c.(net.PacketConn), v), nil
 }
 func parseVlessAddr(metadata *C.Metadata) *vless.DstAddr {
@ -271,18 +287,18 @@ func parseVlessAddr(metadata *C.Metadata) *vless.DstAddr {
 	var addr []byte
 	switch metadata.AddrType {
 	case C.AtypIPv4:
-		addrType = vless.AtypIPv4
+		addrType = byte(vless.AtypIPv4)
 		addr = make([]byte, net.IPv4len)
 		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypIPv6:
-		addrType = vless.AtypIPv6
+		addrType = byte(vless.AtypIPv6)
 		addr = make([]byte, net.IPv6len)
 		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypDomainName:
-		addrType = vless.AtypDomainName
+		addrType = byte(vless.AtypDomainName)
 		addr = make([]byte, len(metadata.Host)+1)
 		addr[0] = byte(len(metadata.Host))
-		copy(addr[1:], metadata.Host)
+		copy(addr[1:], []byte(metadata.Host))
 	}
 	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
@ -297,40 +313,29 @@ func parseVlessAddr(metadata *C.Metadata) *vless.DstAddr {
 type vlessPacketConn struct {
 	net.Conn
 	rAddr  net.Addr
 	cache  [2]byte
 	remain int
 	mux    sync.Mutex
 	cache  [2]byte
 }
-func (c *vlessPacketConn) writePacket(payload []byte) (int, error) {
+func (vc *vlessPacketConn) WriteTo(b []byte, _ net.Addr) (int, error) {
 	binary.BigEndian.PutUint16(c.cache[:], uint16(len(payload)))
 	if _, err := c.Conn.Write(c.cache[:]); err != nil {
 		return 0, err
 	}
 	return c.Conn.Write(payload)
 }
 func (c *vlessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
 	total := len(b)
 	if total == 0 {
 		return 0, nil
 	}
-	if total <= maxLength {
+	if total < maxLength {
-		return c.writePacket(b)
+		return vc.writePacket(b)
 	}
 	offset := 0
-
+	for {
 	for offset < total {
 		cursor := offset + maxLength
 		if cursor > total {
 			cursor = total
 		}
-		n, err := c.writePacket(b[offset:cursor])
+		n, err := vc.writePacket(b[offset:cursor])
 		if err != nil {
 			return offset + n, err
 		}
@ -344,32 +349,33 @@ func (c *vlessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
 	return total, nil
 }
-func (c *vlessPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
+func (vc *vlessPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
-	c.mux.Lock()
+	vc.mux.Lock()
-	defer c.mux.Unlock()
+	defer vc.mux.Unlock()
-	if c.remain > 0 {
+	if vc.remain != 0 {
 		length := len(b)
-		if c.remain < length {
+		if length > vc.remain {
-			length = c.remain
+			length = vc.remain
 		}
-		n, err := c.Conn.Read(b[:length])
+		n, err := vc.Conn.Read(b[:length])
 		if err != nil {
-			return 0, c.rAddr, err
+			return 0, vc.rAddr, err
 		}
-		c.remain -= n
+		vc.remain -= n
-		return n, c.rAddr, nil
+
 		return n, vc.rAddr, nil
 	}
-	if _, err := c.Conn.Read(b[:2]); err != nil {
+	if _, err := vc.Conn.Read(b[:2]); err != nil {
-		return 0, c.rAddr, err
+		return 0, vc.rAddr, err
 	}
 	total := int(binary.BigEndian.Uint16(b[:2]))
 	if total == 0 {
-		return 0, c.rAddr, nil
+		return 0, vc.rAddr, nil
 	}
 	length := len(b)
@ -377,13 +383,23 @@ func (c *vlessPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
 		length = total
 	}
-	if _, err := io.ReadFull(c.Conn, b[:length]); err != nil {
+	if _, err := io.ReadFull(vc.Conn, b[:length]); err != nil {
-		return 0, c.rAddr, errors.New("read packet error")
+		return 0, vc.rAddr, errors.New("read packet error")
 	}
-	c.remain = total - length
+	vc.remain = total - length
-	return length, c.rAddr, nil
+	return length, vc.rAddr, nil
 }
 func (vc *vlessPacketConn) writePacket(payload []byte) (int, error) {
 	binary.BigEndian.PutUint16(vc.cache[:], uint16(len(payload)))
 	if _, err := vc.Conn.Write(vc.cache[:]); err != nil {
 		return 0, err
 	}
 	return vc.Conn.Write(payload)
 }
 func NewVless(option VlessOption) (*Vless, error) {
--- a/adapter/outbound/vmess.go
+++ b/adapter/outbound/vmess.go
@ -3,23 +3,20 @@ package outbound
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"strconv"
 	"strings"
 	"sync"
 	"github.com/Dreamacro/clash/common/convert"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
-	clashVMess "github.com/Dreamacro/clash/transport/vmess"
+	"github.com/Dreamacro/clash/transport/vmess"
-	"github.com/sagernet/sing-vmess"
+
-	"github.com/sagernet/sing-vmess/packetaddr"
+	"golang.org/x/net/http2"
 	M "github.com/sagernet/sing/common/metadata"
 )
 type Vmess struct {
@ -30,7 +27,7 @@ type Vmess struct {
 	// for gun mux
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
-	transport    *gun.TransportWrap
+	transport    *http2.Transport
 }
 type VmessOption struct {
@ -50,8 +47,10 @@ type VmessOption struct {
 	HTTP2Opts      HTTP2Options `proxy:"h2-opts,omitempty"`
 	GrpcOpts       GrpcOptions  `proxy:"grpc-opts,omitempty"`
 	WSOpts         WSOptions    `proxy:"ws-opts,omitempty"`
-	PacketAddr          bool         `proxy:"packet-addr,omitempty"`
+
-	AuthenticatedLength bool         `proxy:"authenticated-length,omitempty"`
+	// TODO: compatible with VMESS WS older version configurations
 	WSHeaders map[string]string `proxy:"ws-headers,omitempty"`
 	WSPath    string            `proxy:"ws-path,omitempty"`
 }
 type HTTPOptions struct {
@ -81,21 +80,28 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	switch v.option.Network {
 	case "ws":
 		if v.option.WSOpts.Path == "" {
 			v.option.WSOpts.Path = v.option.WSPath
 		}
 		if len(v.option.WSOpts.Headers) == 0 {
 			v.option.WSOpts.Headers = v.option.WSHeaders
 		}
 		host, port, _ := net.SplitHostPort(v.addr)
-		wsOpts := &clashVMess.WebsocketConfig{
+		wsOpts := &vmess.WebsocketConfig{
 			Host:                host,
 			Port:                port,
 			Path:                v.option.WSOpts.Path,
 			MaxEarlyData:        v.option.WSOpts.MaxEarlyData,
 			EarlyDataHeaderName: v.option.WSOpts.EarlyDataHeaderName,
 			Headers:             http.Header{},
 		}
 		if len(v.option.WSOpts.Headers) != 0 {
 			header := http.Header{}
 			for key, value := range v.option.WSOpts.Headers {
-				wsOpts.Headers.Add(key, value)
+				header.Add(key, value)
 			}
 			wsOpts.Headers = header
 		}
 		if v.option.TLS {
@ -111,17 +117,15 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				wsOpts.TLSConfig.ServerName = host
 			}
 		} else {
 			if host := wsOpts.Headers.Get("Host"); host == "" {
 			wsOpts.Headers.Set("Host", convert.RandHost())
 			convert.SetUserAgent(wsOpts.Headers)
 		}
-		}
+		c, err = vmess.StreamWebsocketConn(c, wsOpts)
 		c, err = clashVMess.StreamWebsocketConn(c, wsOpts)
 	case "http":
 		// readability first, so just copy default TLS logic
 		if v.option.TLS {
 			host, _, _ := net.SplitHostPort(v.addr)
-			tlsOpts := &clashVMess.TLSConfig{
+			tlsOpts := &vmess.TLSConfig{
 				Host:           host,
 				SkipCertVerify: v.option.SkipCertVerify,
 			}
@ -130,24 +134,27 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				tlsOpts.Host = v.option.ServerName
 			}
-			c, err = clashVMess.StreamTLSConn(c, tlsOpts)
+			c, err = vmess.StreamTLSConn(c, tlsOpts)
 			if err != nil {
 				return nil, err
 			}
 		} else {
 			http.Header(v.option.HTTPOpts.Headers).Set("Host", convert.RandHost())
 			convert.SetUserAgent(v.option.HTTPOpts.Headers)
 		}
 		host, _, _ := net.SplitHostPort(v.addr)
-		httpOpts := &clashVMess.HTTPConfig{
+		httpOpts := &vmess.HTTPConfig{
 			Host:    host,
 			Method:  v.option.HTTPOpts.Method,
 			Path:    v.option.HTTPOpts.Path,
 			Headers: v.option.HTTPOpts.Headers,
 		}
-		c = clashVMess.StreamHTTPConn(c, httpOpts)
+		c = vmess.StreamHTTPConn(c, httpOpts)
 	case "h2":
 		host, _, _ := net.SplitHostPort(v.addr)
-		tlsOpts := clashVMess.TLSConfig{
+		tlsOpts := vmess.TLSConfig{
 			Host:           host,
 			SkipCertVerify: v.option.SkipCertVerify,
 			NextProtos:     []string{"h2"},
@ -157,24 +164,24 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			tlsOpts.Host = v.option.ServerName
 		}
-		c, err = clashVMess.StreamTLSConn(c, &tlsOpts)
+		c, err = vmess.StreamTLSConn(c, &tlsOpts)
 		if err != nil {
 			return nil, err
 		}
-		h2Opts := &clashVMess.H2Config{
+		h2Opts := &vmess.H2Config{
 			Hosts: v.option.HTTP2Opts.Host,
 			Path:  v.option.HTTP2Opts.Path,
 		}
-		c, err = clashVMess.StreamH2Conn(c, h2Opts)
+		c, err = vmess.StreamH2Conn(c, h2Opts)
 	case "grpc":
 		c, err = gun.StreamGunWithConn(c, v.gunTLSConfig, v.gunConfig)
 	default:
 		// handle TLS
 		if v.option.TLS {
 			host, _, _ := net.SplitHostPort(v.addr)
-			tlsOpts := &clashVMess.TLSConfig{
+			tlsOpts := &vmess.TLSConfig{
 				Host:           host,
 				SkipCertVerify: v.option.SkipCertVerify,
 			}
@ -183,18 +190,35 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				tlsOpts.Host = v.option.ServerName
 			}
-			c, err = clashVMess.StreamTLSConn(c, tlsOpts)
+			c, err = vmess.StreamTLSConn(c, tlsOpts)
 		}
 	}
 	if err != nil {
 		return nil, err
 	}
-	if metadata.NetWork == C.UDP {
+
-		return v.client.DialPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
+	return v.client.StreamConn(c, parseVmessAddr(metadata))
-	} else {
+}
-		return v.client.DialConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
+
 // StreamPacketConn implements C.ProxyAdapter
 func (v *Vmess) StreamPacketConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	// vmess use stream-oriented udp with a special address, so we needs a net.UDPAddr
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(metadata.Host)
 		if err != nil {
 			return c, fmt.Errorf("can't resolve ip: %w", err)
 		}
 		metadata.DstIP = ip
 	}
 	var err error
 	c, err = v.StreamConn(c, metadata)
 	if err != nil {
 		return c, fmt.Errorf("new vmess client error: %v", err)
 	}
 	return WrapConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}), nil
 }
 // DialContext implements C.ProxyAdapter
@ -207,7 +231,7 @@ func (v *Vmess) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 		}
 		defer safeConnClose(c, err)
-		c, err = v.client.DialConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
+		c, err = v.client.StreamConn(c, parseVmessAddr(metadata))
 		if err != nil {
 			return nil, err
 		}
@ -228,75 +252,58 @@ func (v *Vmess) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 // ListenPacketContext implements C.ProxyAdapter
 func (v *Vmess) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
 	var c net.Conn
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
 		// vmess use stream-oriented udp with a special address, so we needs a net.UDPAddr
 		if !metadata.Resolved() {
 			ip, err := resolver.ResolveIP(metadata.Host)
 			if err != nil {
-			return nil, errors.New("can't resolve ip")
+				return nil, fmt.Errorf("can't resolve ip: %w", err)
 			}
 			metadata.DstIP = ip
 		}
 	if v.option.PacketAddr {
 		metadata.Host = packetaddr.SeqPacketMagicAddress
 		metadata.DstPort = "443"
 	}
 	var c net.Conn
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
 		c, err = gun.StreamGunWithTransport(v.transport, v.gunConfig)
 		if err != nil {
 			return nil, err
 		}
 		defer safeConnClose(c, err)
-		c, err = v.client.DialPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
+		c, err = v.client.StreamConn(c, parseVmessAddr(metadata))
 	} else {
 		c, err = dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 		}
 		tcpKeepAlive(c)
 		defer safeConnClose(c, err)
 		c, err = v.StreamConn(c, metadata)
 	}
 		if err != nil {
 			return nil, fmt.Errorf("new vmess client error: %v", err)
 		}
-	if v.option.PacketAddr {
+		return NewPacketConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 		return newPacketConn(&threadSafePacketConn{PacketConn: packetaddr.NewBindClient(c)}, v), nil
 	} else if pc, ok := c.(net.PacketConn); ok {
 		return newPacketConn(&threadSafePacketConn{PacketConn: pc}, v), nil
 	}
 	return newPacketConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }
-// ListenPacketOnStreamConn implements C.ProxyAdapter
+	c, err = dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
-func (v *Vmess) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	if err != nil {
-	if v.option.PacketAddr {
+		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 		return newPacketConn(&threadSafePacketConn{PacketConn: packetaddr.NewBindClient(c)}, v), nil
 	} else if pc, ok := c.(net.PacketConn); ok {
 		return newPacketConn(&threadSafePacketConn{PacketConn: pc}, v), nil
 	}
 	return newPacketConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }
-// SupportUOT implements C.ProxyAdapter
+	tcpKeepAlive(c)
-func (v *Vmess) SupportUOT() bool {
+	defer safeConnClose(c, err)
-	return true
+
 	c, err = v.StreamPacketConn(c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("new vmess client error: %v", err)
 	}
 	return NewPacketConn(c.(net.PacketConn), v), nil
 }
 func NewVmess(option VmessOption) (*Vmess, error) {
 	security := strings.ToLower(option.Cipher)
-	var options []vmess.ClientOption
+	client, err := vmess.NewClient(vmess.Config{
-	if option.AuthenticatedLength {
+		UUID:     option.UUID,
-		options = append(options, vmess.ClientWithAuthenticatedLength())
+		AlterID:  uint16(option.AlterID),
-	}
+		Security: security,
-	client, err := vmess.NewClient(option.UUID, security, option.AlterID, options...)
+		HostName: option.Server,
 		Port:     strconv.Itoa(option.Port),
 		IsAead:   option.AlterID == 0,
 	})
 	if err != nil {
 		return nil, err
 	}
@ -355,29 +362,44 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 		v.gunConfig = gunConfig
 		v.transport = gun.NewHTTP2Client(dialFn, tlsConfig)
 	}
 	return v, nil
 }
-type threadSafePacketConn struct {
+func parseVmessAddr(metadata *C.Metadata) *vmess.DstAddr {
-	net.PacketConn
+	var addrType byte
-	access sync.Mutex
+	var addr []byte
-}
+	switch metadata.AddrType {
 	case C.AtypIPv4:
 		addrType = byte(vmess.AtypIPv4)
 		addr = make([]byte, net.IPv4len)
 		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypIPv6:
 		addrType = byte(vmess.AtypIPv6)
 		addr = make([]byte, net.IPv6len)
 		copy(addr[:], metadata.DstIP.AsSlice())
 	case C.AtypDomainName:
 		addrType = byte(vmess.AtypDomainName)
 		addr = make([]byte, len(metadata.Host)+1)
 		addr[0] = byte(len(metadata.Host))
 		copy(addr[1:], []byte(metadata.Host))
 	}
-func (c *threadSafePacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
-	c.access.Lock()
+	return &vmess.DstAddr{
-	defer c.access.Unlock()
+		UDP:      metadata.NetWork == C.UDP,
-	return c.PacketConn.WriteTo(b, addr)
+		AddrType: addrType,
 		Addr:     addr,
 		Port:     uint(port),
 	}
 }
 type vmessPacketConn struct {
 	net.Conn
 	rAddr net.Addr
 	access sync.Mutex
 }
-func (uc *vmessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+func (uc *vmessPacketConn) WriteTo(b []byte, _ net.Addr) (int, error) {
 	uc.access.Lock()
 	defer uc.access.Unlock()
 	return uc.Conn.Write(b)
 }
--- a/adapter/outboundgroup/common.go
+++ b/adapter/outboundgroup/common.go
@ -0,0 +1,24 @@
 package outboundgroup
 import (
 	"time"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 const (
 	defaultGetProxiesDuration = time.Second * 5
 )
 func getProvidersProxies(providers []provider.ProxyProvider, touch bool) []C.Proxy {
 	proxies := []C.Proxy{}
 	for _, provider := range providers {
 		if touch {
 			proxies = append(proxies, provider.ProxiesWithTouch()...)
 		} else {
 			proxies = append(proxies, provider.Proxies()...)
 		}
 	}
 	return proxies
 }
--- a/adapter/outboundgroup/fallback.go
+++ b/adapter/outboundgroup/fallback.go
@ -3,19 +3,19 @@ package outboundgroup
 import (
 	"context"
 	"encoding/json"
-	"errors"
+
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 	"time"
 )
 type Fallback struct {
-	*GroupBase
+	*outbound.Base
 	disableUDP bool
-	testUrl    string
+	single     *singledo.Single[[]C.Proxy]
-	selected   string
+	providers  []provider.ProxyProvider
 }
 func (f *Fallback) Now() string {
@ -29,11 +29,7 @@ func (f *Fallback) DialContext(ctx context.Context, metadata *C.Metadata, opts .
 	c, err := proxy.DialContext(ctx, metadata, f.Base.DialOptions(opts...)...)
 	if err == nil {
 		c.AppendToChains(f)
 		f.onDialSuccess()
 	} else {
 		f.onDialFailed()
 	}
 	return c, err
 }
@ -44,7 +40,6 @@ func (f *Fallback) ListenPacketContext(ctx context.Context, metadata *C.Metadata
 	if err == nil {
 		pc.AppendToChains(f)
 	}
 	return pc, err
 }
@ -60,8 +55,8 @@ func (f *Fallback) SupportUDP() bool {
 // MarshalJSON implements C.ProxyAdapter
 func (f *Fallback) MarshalJSON() ([]byte, error) {
-	all := []string{}
+	var all []string
-	for _, proxy := range f.GetProxies(false) {
+	for _, proxy := range f.proxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
@ -77,57 +72,35 @@ func (f *Fallback) Unwrap(metadata *C.Metadata) C.Proxy {
 	return proxy
 }
-func (f *Fallback) findAliveProxy(touch bool) C.Proxy {
+func (f *Fallback) proxies(touch bool) []C.Proxy {
-	proxies := f.GetProxies(touch)
+	elm, _, _ := f.single.Do(func() ([]C.Proxy, error) {
-	al := proxies[0]
+		return getProvidersProxies(f.providers, touch), nil
-	for i := len(proxies) - 1; i > -1; i-- {
+	})
-		proxy := proxies[i]
+
-		if proxy.Name() == f.selected && proxy.Alive() {
+	return elm
 			return proxy
 		}
 		if proxy.Alive() {
 			al = proxy
 		}
 	}
 	return al
 }
-func (f *Fallback) Set(name string) error {
+func (f *Fallback) findAliveProxy(touch bool) C.Proxy {
-	var p C.Proxy
+	proxies := f.proxies(touch)
-	for _, proxy := range f.GetProxies(false) {
+	for _, proxy := range proxies {
-		if proxy.Name() == name {
+		if proxy.Alive() {
-			p = proxy
+			return proxy
 			break
 		}
 	}
-	if p == nil {
+	return proxies[0]
 		return errors.New("proxy not exist")
 	}
 	f.selected = name
 	if !p.Alive() {
 		ctx, cancel := context.WithTimeout(context.Background(), time.Millisecond*time.Duration(5000))
 		defer cancel()
 		_, _ = p.URLTest(ctx, f.testUrl)
 	}
 	return nil
 }
 func NewFallback(option *GroupCommonOption, providers []provider.ProxyProvider) *Fallback {
 	return &Fallback{
-		GroupBase: NewGroupBase(GroupBaseOption{
+		Base: outbound.NewBase(outbound.BaseOption{
 			outbound.BaseOption{
 			Name:        option.Name,
 			Type:        C.Fallback,
 			Interface:   option.Interface,
 			RoutingMark: option.RoutingMark,
 			},
 			option.Filter,
 			providers,
 		}),
 		single:     singledo.NewSingle[[]C.Proxy](defaultGetProxiesDuration),
 		providers:  providers,
 		disableUDP: option.DisableUDP,
 		testUrl:    option.URL,
 	}
 }
--- a/adapter/outboundgroup/groupbase.go
+++ b/adapter/outboundgroup/groupbase.go
@ -1,188 +0,0 @@
 package outboundgroup
 import (
 	"context"
 	"fmt"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 	types "github.com/Dreamacro/clash/constant/provider"
 	"github.com/Dreamacro/clash/log"
 	"github.com/Dreamacro/clash/tunnel"
 	"github.com/dlclark/regexp2"
 	"go.uber.org/atomic"
 	"sync"
 	"time"
 )
 type GroupBase struct {
 	*outbound.Base
 	filter        *regexp2.Regexp
 	providers     []provider.ProxyProvider
 	versions      sync.Map // map[string]uint
 	proxies       sync.Map // map[string][]C.Proxy
 	failedTestMux sync.Mutex
 	failedTimes   int
 	failedTime    time.Time
 	failedTesting *atomic.Bool
 }
 type GroupBaseOption struct {
 	outbound.BaseOption
 	filter    string
 	providers []provider.ProxyProvider
 }
 func NewGroupBase(opt GroupBaseOption) *GroupBase {
 	var filter *regexp2.Regexp = nil
 	if opt.filter != "" {
 		filter = regexp2.MustCompile(opt.filter, 0)
 	}
 	return &GroupBase{
 		Base:          outbound.NewBase(opt.BaseOption),
 		filter:        filter,
 		providers:     opt.providers,
 		failedTesting: atomic.NewBool(false),
 	}
 }
 func (gb *GroupBase) GetProxies(touch bool) []C.Proxy {
 	if gb.filter == nil {
 		var proxies []C.Proxy
 		for _, pd := range gb.providers {
 			if touch {
 				pd.Touch()
 			}
 			proxies = append(proxies, pd.Proxies()...)
 		}
 		if len(proxies) == 0 {
 			return append(proxies, tunnel.Proxies()["COMPATIBLE"])
 		}
 		return proxies
 	}
 	for _, pd := range gb.providers {
 		if touch {
 			pd.Touch()
 		}
 		if pd.VehicleType() == types.Compatible {
 			gb.proxies.Store(pd.Name(), pd.Proxies())
 			gb.versions.Store(pd.Name(), pd.Version())
 			continue
 		}
 		if version, ok := gb.versions.Load(pd.Name()); !ok || version != pd.Version() {
 			var (
 				proxies    []C.Proxy
 				newProxies []C.Proxy
 			)
 			proxies = pd.Proxies()
 			for _, p := range proxies {
 				if mat, _ := gb.filter.FindStringMatch(p.Name()); mat != nil {
 					newProxies = append(newProxies, p)
 				}
 			}
 			gb.proxies.Store(pd.Name(), newProxies)
 			gb.versions.Store(pd.Name(), pd.Version())
 		}
 	}
 	var proxies []C.Proxy
 	gb.proxies.Range(func(key, value any) bool {
 		proxies = append(proxies, value.([]C.Proxy)...)
 		return true
 	})
 	if len(proxies) == 0 {
 		return append(proxies, tunnel.Proxies()["COMPATIBLE"])
 	}
 	return proxies
 }
 func (gb *GroupBase) URLTest(ctx context.Context, url string) (map[string]uint16, error) {
 	var wg sync.WaitGroup
 	var lock sync.Mutex
 	mp := map[string]uint16{}
 	proxies := gb.GetProxies(false)
 	for _, proxy := range proxies {
 		proxy := proxy
 		wg.Add(1)
 		go func() {
 			delay, err := proxy.URLTest(ctx, url)
 			if err == nil {
 				lock.Lock()
 				mp[proxy.Name()] = delay
 				lock.Unlock()
 			}
 			wg.Done()
 		}()
 	}
 	wg.Wait()
 	if len(mp) == 0 {
 		return mp, fmt.Errorf("get delay: all proxies timeout")
 	} else {
 		return mp, nil
 	}
 }
 func (gb *GroupBase) onDialFailed() {
 	if gb.failedTesting.Load() {
 		return
 	}
 	go func() {
 		gb.failedTestMux.Lock()
 		defer gb.failedTestMux.Unlock()
 		gb.failedTimes++
 		if gb.failedTimes == 1 {
 			log.Debugln("ProxyGroup: %s first failed", gb.Name())
 			gb.failedTime = time.Now()
 		} else {
 			if time.Since(gb.failedTime) > gb.failedTimeoutInterval() {
 				return
 			}
 			log.Debugln("ProxyGroup: %s failed count: %d", gb.Name(), gb.failedTimes)
 			if gb.failedTimes >= gb.maxFailedTimes() {
 				gb.failedTesting.Store(true)
 				log.Warnln("because %s failed multiple times, active health check", gb.Name())
 				wg := sync.WaitGroup{}
 				for _, proxyProvider := range gb.providers {
 					wg.Add(1)
 					proxyProvider := proxyProvider
 					go func() {
 						defer wg.Done()
 						proxyProvider.HealthCheck()
 					}()
 				}
 				wg.Wait()
 				gb.failedTesting.Store(false)
 				gb.failedTimes = 0
 			}
 		}
 	}()
 }
 func (gb *GroupBase) failedIntervalTime() int64 {
 	return 5 * time.Second.Milliseconds()
 }
 func (gb *GroupBase) onDialSuccess() {
 	if !gb.failedTesting.Load() {
 		gb.failedTimes = 0
 	}
 }
 func (gb *GroupBase) maxFailedTimes() int {
 	return 5
 }
 func (gb *GroupBase) failedTimeoutInterval() time.Duration {
 	return 5 * time.Second
 }
--- a/adapter/outboundgroup/loadbalance.go
+++ b/adapter/outboundgroup/loadbalance.go
@ -5,12 +5,11 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"github.com/Dreamacro/clash/common/cache"
 	"net"
 	"time"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/murmur3"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
@ -21,8 +20,10 @@ import (
 type strategyFn = func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy
 type LoadBalance struct {
-	*GroupBase
+	*outbound.Base
 	disableUDP bool
 	single     *singledo.Single[[]C.Proxy]
 	providers  []provider.ProxyProvider
 	strategyFn strategyFn
 }
@ -38,10 +39,6 @@ func parseStrategy(config map[string]any) string {
 }
 func getKey(metadata *C.Metadata) string {
 	if metadata == nil {
 		return ""
 	}
 	if metadata.Host != "" {
 		// ip host
 		if ip := net.ParseIP(metadata.Host); ip != nil {
@ -60,16 +57,6 @@ func getKey(metadata *C.Metadata) string {
 	return metadata.DstIP.String()
 }
 func getKeyWithSrcAndDst(metadata *C.Metadata) string {
 	dst := getKey(metadata)
 	src := ""
 	if metadata != nil {
 		src = metadata.SrcIP.String()
 	}
 	return fmt.Sprintf("%s%s", src, dst)
 }
 func jumpHash(key uint64, buckets int32) int32 {
 	var b, j int64
@ -87,9 +74,6 @@ func (lb *LoadBalance) DialContext(ctx context.Context, metadata *C.Metadata, op
 	defer func() {
 		if err == nil {
 			c.AppendToChains(lb)
 			lb.onDialSuccess()
 		} else {
 			lb.onDialFailed()
 		}
 	}()
@ -149,51 +133,24 @@ func strategyConsistentHashing() strategyFn {
 	}
 }
 func strategyStickySessions() strategyFn {
 	ttl := time.Minute * 10
 	maxRetry := 5
 	lruCache := cache.NewLRUCache[uint64, int](
 		cache.WithAge[uint64, int](int64(ttl.Seconds())),
 		cache.WithSize[uint64, int](1000))
 	return func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy {
 		key := uint64(murmur3.Sum32([]byte(getKeyWithSrcAndDst(metadata))))
 		length := len(proxies)
 		idx, has := lruCache.Get(key)
 		if !has {
 			idx = int(jumpHash(key+uint64(time.Now().UnixNano()), int32(length)))
 		}
 		nowIdx := idx
 		for i := 1; i < maxRetry; i++ {
 			proxy := proxies[nowIdx]
 			if proxy.Alive() {
 				if nowIdx != idx {
 					lruCache.Delete(key)
 					lruCache.Set(key, nowIdx)
 				}
 				return proxy
 			} else {
 				nowIdx = int(jumpHash(key+uint64(time.Now().UnixNano()), int32(length)))
 			}
 		}
 		lruCache.Delete(key)
 		lruCache.Set(key, 0)
 		return proxies[0]
 	}
 }
 // Unwrap implements C.ProxyAdapter
 func (lb *LoadBalance) Unwrap(metadata *C.Metadata) C.Proxy {
-	proxies := lb.GetProxies(true)
+	proxies := lb.proxies(true)
 	return lb.strategyFn(proxies, metadata)
 }
 func (lb *LoadBalance) proxies(touch bool) []C.Proxy {
 	elm, _, _ := lb.single.Do(func() ([]C.Proxy, error) {
 		return getProvidersProxies(lb.providers, touch), nil
 	})
 	return elm
 }
 // MarshalJSON implements C.ProxyAdapter
 func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
 	var all []string
-	for _, proxy := range lb.GetProxies(false) {
+	for _, proxy := range lb.proxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
@ -209,22 +166,18 @@ func NewLoadBalance(option *GroupCommonOption, providers []provider.ProxyProvide
 		strategyFn = strategyConsistentHashing()
 	case "round-robin":
 		strategyFn = strategyRoundRobin()
 	case "sticky-sessions":
 		strategyFn = strategyStickySessions()
 	default:
 		return nil, fmt.Errorf("%w: %s", errStrategy, strategy)
 	}
 	return &LoadBalance{
-		GroupBase: NewGroupBase(GroupBaseOption{
+		Base: outbound.NewBase(outbound.BaseOption{
 			outbound.BaseOption{
 			Name:        option.Name,
 			Type:        C.LoadBalance,
 			Interface:   option.Interface,
 			RoutingMark: option.RoutingMark,
 			},
 			option.Filter,
 			providers,
 		}),
 		single:     singledo.NewSingle[[]C.Proxy](defaultGetProxiesDuration),
 		providers:  providers,
 		strategyFn: strategyFn,
 		disableUDP: option.DisableUDP,
 	}, nil
--- a/adapter/outboundgroup/parser.go
+++ b/adapter/outboundgroup/parser.go
@ -3,6 +3,7 @@ package outboundgroup
 import (
 	"errors"
 	"fmt"
 	"regexp"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/adapter/provider"
@ -38,10 +39,23 @@ func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, provide
 	groupOption := &GroupCommonOption{
 		Lazy: true,
 	}
-	if err := decoder.Decode(config, groupOption); err != nil {
+
 	var (
 		filterRegx *regexp.Regexp
 		err        error
 	)
 	if err = decoder.Decode(config, groupOption); err != nil {
 		return nil, errFormat
 	}
 	if groupOption.Filter != "" {
 		filterRegx, err = regexp.Compile(groupOption.Filter)
 		if err != nil {
 			return nil, fmt.Errorf("invalid filter regex: %w", err)
 		}
 	}
 	if groupOption.Type == "" || groupOption.Name == "" {
 		return nil, errFormat
 	}
@ -75,12 +89,8 @@ func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, provide
 			providers = append(providers, pd)
 			providersMap[groupName] = pd
 		} else {
-			if groupOption.URL == "" {
+			if groupOption.URL == "" || groupOption.Interval == 0 {
-				groupOption.URL = "http://www.gstatic.com/generate_204"
+				return nil, errMissHealthCheck
 			}
 			if groupOption.Interval == 0 {
 				groupOption.Interval = 300
 			}
 			hc := provider.NewHealthCheck(ps, groupOption.URL, uint(groupOption.Interval), groupOption.Lazy)
@ -95,13 +105,11 @@ func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, provide
 	}
 	if len(groupOption.Use) != 0 {
-		list, err := getProviders(providersMap, groupOption.Use)
+		list, err := getProviders(providersMap, groupOption, filterRegx)
 		if err != nil {
 			return nil, err
 		}
 		providers = append(providers, list...)
 	} else {
 		groupOption.Filter = ""
 	}
 	var group C.ProxyAdapter
@ -137,8 +145,13 @@ func getProxies(mapping map[string]C.Proxy, list []string) ([]C.Proxy, error) {
 	return ps, nil
 }
-func getProviders(mapping map[string]types.ProxyProvider, list []string) ([]types.ProxyProvider, error) {
+func getProviders(mapping map[string]types.ProxyProvider, groupOption *GroupCommonOption, filterRegx *regexp.Regexp) ([]types.ProxyProvider, error) {
-	var ps []types.ProxyProvider
+	var (
 		ps        []types.ProxyProvider
 		list      = groupOption.Use
 		groupName = groupOption.Name
 	)
 	for _, name := range list {
 		p, ok := mapping[name]
 		if !ok {
@ -148,6 +161,27 @@ func getProviders(mapping map[string]types.ProxyProvider, list []string) ([]type
 		if p.VehicleType() == types.Compatible {
 			return nil, fmt.Errorf("proxy group %s can't contains in `use`", name)
 		}
 		if filterRegx != nil {
 			var hc *provider.HealthCheck
 			if groupOption.Type == "select" || groupOption.Type == "relay" {
 				hc = provider.NewHealthCheck([]C.Proxy{}, "", 0, true)
 			} else {
 				if groupOption.URL == "" || groupOption.Interval == 0 {
 					return nil, errMissHealthCheck
 				}
 				hc = provider.NewHealthCheck([]C.Proxy{}, groupOption.URL, uint(groupOption.Interval), groupOption.Lazy)
 			}
 			if _, ok = mapping[groupName]; ok {
 				groupName += "->" + p.Name()
 			}
 			pd := p.(*provider.ProxySetProvider)
 			p = provider.NewProxyFilterProvider(groupName, pd, hc, filterRegx)
 			pd.RegisterProvidersInUse(p)
 		}
 		ps = append(ps, p)
 	}
 	return ps, nil
--- a/adapter/outboundgroup/relay.go
+++ b/adapter/outboundgroup/relay.go
@ -4,20 +4,32 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"net"
 	"net/netip"
 	"github.com/Dreamacro/clash/adapter"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 type Relay struct {
-	*GroupBase
+	*outbound.Base
 	single    *singledo.Single[[]C.Proxy]
 	providers []provider.ProxyProvider
 }
 // DialContext implements C.ProxyAdapter
 func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
-	proxies, chainProxies := r.proxies(metadata, true)
+	var proxies []C.Proxy
 	for _, proxy := range r.proxies(metadata, true) {
 		if proxy.Type() != C.Direct {
 			proxies = append(proxies, proxy)
 		}
 	}
 	switch len(proxies) {
 	case 0:
@ -26,115 +38,165 @@ func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 		return proxies[0].DialContext(ctx, metadata, r.Base.DialOptions(opts...)...)
 	}
-	first := proxies[0]
+	c, err := r.streamContext(ctx, proxies, r.Base.DialOptions(opts...)...)
 	last := proxies[len(proxies)-1]
 	c, err := dialer.DialContext(ctx, "tcp", first.Addr(), r.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 	}
 	tcpKeepAlive(c)
 	var currentMeta *C.Metadata
 	for _, proxy := range proxies[1:] {
 		currentMeta, err = addrToMetadata(proxy.Addr())
 	if err != nil {
 		return nil, err
 	}
-		c, err = first.StreamConn(c, currentMeta)
+	last := proxies[len(proxies)-1]
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 		}
 		first = proxy
 	}
 	c, err = last.StreamConn(c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", last.Addr(), err)
 	}
-	conn := outbound.NewConn(c, last)
+	return outbound.NewConn(c, r), nil
 	for i := len(chainProxies) - 2; i >= 0; i-- {
 		conn.AppendToChains(chainProxies[i])
 	}
 	conn.AppendToChains(r)
 	return conn, nil
 }
 // ListenPacketContext implements C.ProxyAdapter
-func (r *Relay) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
+func (r *Relay) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
-	proxies, chainProxies := r.proxies(metadata, true)
+	var proxies []C.Proxy
 	for _, proxy := range r.proxies(metadata, true) {
 		if proxy.Type() != C.Direct {
 			proxies = append(proxies, proxy)
 		}
 	}
-	switch len(proxies) {
+	length := len(proxies)
 	switch length {
 	case 0:
 		return outbound.NewDirect().ListenPacketContext(ctx, metadata, r.Base.DialOptions(opts...)...)
 	case 1:
-		return proxies[0].ListenPacketContext(ctx, metadata, r.Base.DialOptions(opts...)...)
+		proxy := proxies[0]
 		if !proxy.SupportUDP() {
 			return nil, fmt.Errorf("%s connect error: proxy [%s] UDP is not supported", proxy.Addr(), proxy.Name())
 		}
 		return proxy.ListenPacketContext(ctx, metadata, r.Base.DialOptions(opts...)...)
 	}
-	first := proxies[0]
+	var (
-	last := proxies[len(proxies)-1]
+		firstIndex          = 0
 		nextIndex           = 1
 		lastUDPOverTCPIndex = -1
 		rawUDPRelay         = false
 		first = proxies[firstIndex]
 		last  = proxies[length-1]
 		c           net.Conn
 		cc          net.Conn
 		err         error
 		currentMeta *C.Metadata
 	)
 	if !last.SupportUDP() {
 		return nil, fmt.Errorf("%s connect error: proxy [%s] UDP is not supported in relay chains", last.Addr(), last.Name())
 	}
 	rawUDPRelay, lastUDPOverTCPIndex = isRawUDPRelay(proxies)
 	if first.Type() == C.Socks5 {
 		cc1, err1 := dialer.DialContext(ctx, "tcp", first.Addr(), r.Base.DialOptions(opts...)...)
 		if err1 != nil {
 			return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 		}
 		cc = cc1
 		tcpKeepAlive(cc)
 		var pc net.PacketConn
 		pc, err = dialer.ListenPacket(ctx, "udp", "", r.Base.DialOptions(opts...)...)
 		c = outbound.WrapConn(pc)
 	} else if rawUDPRelay {
 		var pc net.PacketConn
 		pc, err = dialer.ListenPacket(ctx, "udp", "", r.Base.DialOptions(opts...)...)
 		c = outbound.WrapConn(pc)
 	} else {
 		firstIndex = lastUDPOverTCPIndex
 		nextIndex = firstIndex + 1
 		first = proxies[firstIndex]
 		c, err = r.streamContext(ctx, proxies[:nextIndex], r.Base.DialOptions(opts...)...)
 	}
 	c, err := dialer.DialContext(ctx, "tcp", first.Addr(), r.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 	}
 	tcpKeepAlive(c)
-	var currentMeta *C.Metadata
+	if nextIndex < length {
-	for _, proxy := range proxies[1:] {
+		for i, proxy := range proxies[nextIndex:] { // raw udp in loop
 			currentMeta, err = addrToMetadata(proxy.Addr())
 			if err != nil {
 				return nil, err
 			}
 			currentMeta.NetWork = C.UDP
 			if !isRawUDP(first) && !first.SupportUDP() {
 				return nil, fmt.Errorf("%s connect error: proxy [%s] UDP is not supported in relay chains", first.Addr(), first.Name())
 			}
 			if needResolveIP(first, currentMeta) {
 				var ip netip.Addr
 				ip, err = resolver.ResolveProxyServerHost(currentMeta.Host)
 				if err != nil {
 					return nil, fmt.Errorf("can't resolve ip: %w", err)
 				}
 				currentMeta.DstIP = ip
 			}
 			if cc != nil { // socks5
 				c, err = streamSocks5PacketConn(first, cc, c, currentMeta)
 				cc = nil
 			} else {
 				c, err = first.StreamPacketConn(c, currentMeta)
 			}
 		c, err = first.StreamConn(c, currentMeta)
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 			}
 			if proxy.Type() == C.Socks5 {
 				endIndex := nextIndex + i + 1
 				cc, err = r.streamContext(ctx, proxies[:endIndex], r.Base.DialOptions(opts...)...)
 				if err != nil {
 					return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 				}
 			}
 			first = proxy
 		}
 	}
 	if cc != nil {
 		c, err = streamSocks5PacketConn(last, cc, c, metadata)
 	} else {
 		c, err = last.StreamPacketConn(c, metadata)
 	}
 	c, err = last.StreamConn(c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", last.Addr(), err)
 	}
-	var pc C.PacketConn
+	return outbound.NewPacketConn(c.(net.PacketConn), r), nil
 	pc, err = last.ListenPacketOnStreamConn(c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 	}
 	for i := len(chainProxies) - 2; i >= 0; i-- {
 		pc.AppendToChains(chainProxies[i])
 	}
 	pc.AppendToChains(r)
 	return pc, nil
 }
 // SupportUDP implements C.ProxyAdapter
 func (r *Relay) SupportUDP() bool {
-	proxies, _ := r.proxies(nil, false)
+	proxies := r.rawProxies(true)
-	if len(proxies) == 0 { // C.Direct
+
 	l := len(proxies)
 	if l == 0 {
 		return true
 	}
-	last := proxies[len(proxies)-1]
+
-	return last.SupportUDP() && last.SupportUOT()
+	last := proxies[l-1]
 	return isRawUDP(last) || last.SupportUDP()
 }
 // MarshalJSON implements C.ProxyAdapter
 func (r *Relay) MarshalJSON() ([]byte, error) {
-	all := []string{}
+	var all []string
-	for _, proxy := range r.GetProxies(false) {
+	for _, proxy := range r.rawProxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
@ -143,49 +205,114 @@ func (r *Relay) MarshalJSON() ([]byte, error) {
 	})
 }
-func (r *Relay) proxies(metadata *C.Metadata, touch bool) ([]C.Proxy, []C.Proxy) {
+func (r *Relay) rawProxies(touch bool) []C.Proxy {
-	rawProxies := r.GetProxies(touch)
+	elm, _, _ := r.single.Do(func() ([]C.Proxy, error) {
 		return getProvidersProxies(r.providers, touch), nil
 	})
-	var proxies []C.Proxy
+	return elm
-	var chainProxies []C.Proxy
+}
 	var targetProxies []C.Proxy
-	for n, proxy := range rawProxies {
+func (r *Relay) proxies(metadata *C.Metadata, touch bool) []C.Proxy {
-		proxies = append(proxies, proxy)
+	proxies := r.rawProxies(touch)
-		chainProxies = append(chainProxies, proxy)
+
 	for n, proxy := range proxies {
 		subproxy := proxy.Unwrap(metadata)
 		for subproxy != nil {
 			chainProxies = append(chainProxies, subproxy)
 			proxies[n] = subproxy
 			subproxy = subproxy.Unwrap(metadata)
 		}
 	}
-	for _, proxy := range proxies {
+	return proxies
 		if proxy.Type() != C.Direct && proxy.Type() != C.Compatible {
 			targetProxies = append(targetProxies, proxy)
 		}
 	}
 	return targetProxies, chainProxies
 }
-func (r *Relay) Addr() string {
+func (r *Relay) streamContext(ctx context.Context, proxies []C.Proxy, opts ...dialer.Option) (net.Conn, error) {
-	proxies, _ := r.proxies(nil, true)
+	first := proxies[0]
-	return proxies[len(proxies)-1].Addr()
+
 	c, err := dialer.DialContext(ctx, "tcp", first.Addr(), opts...)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 	}
 	tcpKeepAlive(c)
 	if len(proxies) > 1 {
 		var currentMeta *C.Metadata
 		for _, proxy := range proxies[1:] {
 			currentMeta, err = addrToMetadata(proxy.Addr())
 			if err != nil {
 				return nil, err
 			}
 			c, err = first.StreamConn(c, currentMeta)
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %w", first.Addr(), err)
 			}
 			first = proxy
 		}
 	}
 	return c, nil
 }
 func streamSocks5PacketConn(proxy C.Proxy, cc, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	pc, err := proxy.(*adapter.Proxy).ProxyAdapter.(*outbound.Socks5).StreamSocks5PacketConn(cc, c.(net.PacketConn), metadata)
 	return outbound.WrapConn(pc), err
 }
 func isRawUDPRelay(proxies []C.Proxy) (bool, int) {
 	var (
 		lastIndex           = len(proxies) - 1
 		last                = proxies[lastIndex]
 		isLastRawUDP        = isRawUDP(last)
 		isUDPOverTCP        = false
 		lastUDPOverTCPIndex = -1
 	)
 	for i := lastIndex; i >= 0; i-- {
 		p := proxies[i]
 		isUDPOverTCP = isUDPOverTCP || !isRawUDP(p)
 		if isLastRawUDP && isUDPOverTCP && lastUDPOverTCPIndex == -1 {
 			lastUDPOverTCPIndex = i
 		}
 	}
 	if !isLastRawUDP {
 		lastUDPOverTCPIndex = lastIndex
 	}
 	return !isUDPOverTCP, lastUDPOverTCPIndex
 }
 func isRawUDP(proxy C.ProxyAdapter) bool {
 	if proxy.Type() == C.Shadowsocks || proxy.Type() == C.ShadowsocksR || proxy.Type() == C.Socks5 {
 		return true
 	}
 	return false
 }
 func needResolveIP(proxy C.ProxyAdapter, metadata *C.Metadata) bool {
 	if metadata.Resolved() {
 		return false
 	}
 	if proxy.Type() != C.Vmess && proxy.Type() != C.Vless {
 		return false
 	}
 	return true
 }
 func NewRelay(option *GroupCommonOption, providers []provider.ProxyProvider) *Relay {
 	return &Relay{
-		GroupBase: NewGroupBase(GroupBaseOption{
+		Base: outbound.NewBase(outbound.BaseOption{
 			outbound.BaseOption{
 			Name:        option.Name,
 			Type:        C.Relay,
 			Interface:   option.Interface,
 			RoutingMark: option.RoutingMark,
 			},
 			"",
 			providers,
 		}),
 		single:    singledo.NewSingle[[]C.Proxy](defaultGetProxiesDuration),
 		providers: providers,
 	}
 }
--- a/adapter/outboundgroup/selector.go
+++ b/adapter/outboundgroup/selector.go
@ -6,15 +6,18 @@ import (
 	"errors"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
 type Selector struct {
-	*GroupBase
+	*outbound.Base
 	disableUDP bool
 	single     *singledo.Single[C.Proxy]
 	selected   string
 	providers  []provider.ProxyProvider
 }
 // DialContext implements C.ProxyAdapter
@ -46,8 +49,8 @@ func (s *Selector) SupportUDP() bool {
 // MarshalJSON implements C.ProxyAdapter
 func (s *Selector) MarshalJSON() ([]byte, error) {
-	all := []string{}
+	var all []string
-	for _, proxy := range s.GetProxies(false) {
+	for _, proxy := range getProvidersProxies(s.providers, false) {
 		all = append(all, proxy.Name())
 	}
@ -63,9 +66,10 @@ func (s *Selector) Now() string {
 }
 func (s *Selector) Set(name string) error {
-	for _, proxy := range s.GetProxies(false) {
+	for _, proxy := range getProvidersProxies(s.providers, false) {
 		if proxy.Name() == name {
 			s.selected = name
 			s.single.Reset()
 			return nil
 		}
 	}
@ -74,34 +78,37 @@ func (s *Selector) Set(name string) error {
 }
 // Unwrap implements C.ProxyAdapter
-func (s *Selector) Unwrap(*C.Metadata) C.Proxy {
+func (s *Selector) Unwrap(metadata *C.Metadata) C.Proxy {
 	return s.selectedProxy(true)
 }
 func (s *Selector) selectedProxy(touch bool) C.Proxy {
-	proxies := s.GetProxies(touch)
+	elm, _, _ := s.single.Do(func() (C.Proxy, error) {
 		proxies := getProvidersProxies(s.providers, touch)
 		for _, proxy := range proxies {
 			if proxy.Name() == s.selected {
-			return proxy
+				return proxy, nil
 			}
 		}
-	return proxies[0]
+		return proxies[0], nil
 	})
 	return elm
 }
 func NewSelector(option *GroupCommonOption, providers []provider.ProxyProvider) *Selector {
 	selected := providers[0].Proxies()[0].Name()
 	return &Selector{
-		GroupBase: NewGroupBase(GroupBaseOption{
+		Base: outbound.NewBase(outbound.BaseOption{
 			outbound.BaseOption{
 			Name:        option.Name,
 			Type:        C.Selector,
 			Interface:   option.Interface,
 			RoutingMark: option.RoutingMark,
 			},
 			option.Filter,
 			providers,
 		}),
-		selected:   "COMPATIBLE",
+		single:     singledo.NewSingle[C.Proxy](defaultGetProxiesDuration),
 		providers:  providers,
 		selected:   selected,
 		disableUDP: option.DisableUDP,
 	}
 }
--- a/adapter/outboundgroup/urltest.go
+++ b/adapter/outboundgroup/urltest.go
@ -21,11 +21,13 @@ func urlTestWithTolerance(tolerance uint16) urlTestOption {
 }
 type URLTest struct {
-	*GroupBase
+	*outbound.Base
 	tolerance  uint16
 	disableUDP bool
 	fastNode   C.Proxy
 	single     *singledo.Single[[]C.Proxy]
 	fastSingle *singledo.Single[C.Proxy]
 	providers  []provider.ProxyProvider
 }
 func (u *URLTest) Now() string {
@ -37,9 +39,6 @@ func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata, opts ..
 	c, err = u.fast(true).DialContext(ctx, metadata, u.Base.DialOptions(opts...)...)
 	if err == nil {
 		c.AppendToChains(u)
 		u.onDialSuccess()
 	} else {
 		u.onDialFailed()
 	}
 	return c, err
 }
@ -50,18 +49,25 @@ func (u *URLTest) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 	if err == nil {
 		pc.AppendToChains(u)
 	}
 	return pc, err
 }
 // Unwrap implements C.ProxyAdapter
-func (u *URLTest) Unwrap(*C.Metadata) C.Proxy {
+func (u *URLTest) Unwrap(metadata *C.Metadata) C.Proxy {
 	return u.fast(true)
 }
 func (u *URLTest) proxies(touch bool) []C.Proxy {
 	elm, _, _ := u.single.Do(func() ([]C.Proxy, error) {
 		return getProvidersProxies(u.providers, touch), nil
 	})
 	return elm
 }
 func (u *URLTest) fast(touch bool) C.Proxy {
 	elm, _, _ := u.fastSingle.Do(func() (C.Proxy, error) {
-		proxies := u.GetProxies(touch)
+		proxies := u.proxies(touch)
 		fast := proxies[0]
 		min := fast.LastDelay()
 		fastNotExist := true
@ -104,8 +110,8 @@ func (u *URLTest) SupportUDP() bool {
 // MarshalJSON implements C.ProxyAdapter
 func (u *URLTest) MarshalJSON() ([]byte, error) {
-	all := []string{}
+	var all []string
-	for _, proxy := range u.GetProxies(false) {
+	for _, proxy := range u.proxies(false) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
@ -130,18 +136,15 @@ func parseURLTestOption(config map[string]any) []urlTestOption {
 func NewURLTest(option *GroupCommonOption, providers []provider.ProxyProvider, options ...urlTestOption) *URLTest {
 	urlTest := &URLTest{
-		GroupBase: NewGroupBase(GroupBaseOption{
+		Base: outbound.NewBase(outbound.BaseOption{
 			outbound.BaseOption{
 			Name:        option.Name,
 			Type:        C.URLTest,
 			Interface:   option.Interface,
 			RoutingMark: option.RoutingMark,
 			},
 			option.Filter,
 			providers,
 		}),
 		single:     singledo.NewSingle[[]C.Proxy](defaultGetProxiesDuration),
 		fastSingle: singledo.NewSingle[C.Proxy](time.Second * 10),
 		providers:  providers,
 		disableUDP: option.DisableUDP,
 	}
--- a/adapter/outboundgroup/util.go
+++ b/adapter/outboundgroup/util.go
@ -24,8 +24,7 @@ func addrToMetadata(rawAddress string) (addr *C.Metadata, err error) {
 			DstIP:    netip.Addr{},
 			DstPort:  port,
 		}
-		err = nil
+		return addr, nil
 		return
 	} else if ip.Is4() {
 		addr = &C.Metadata{
 			AddrType: C.AtypIPv4,
@ -51,7 +50,3 @@ func tcpKeepAlive(c net.Conn) {
 		_ = tcp.SetKeepAlivePeriod(30 * time.Second)
 	}
 }
 type SelectAble interface {
 	Set(string) error
 }
--- a/adapter/parser.go
+++ b/adapter/parser.go
@ -8,7 +8,7 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 )
-func ParseProxy(mapping map[string]any) (C.Proxy, error) {
+func ParseProxy(mapping map[string]any, forceCertVerify bool) (C.Proxy, error) {
 	decoder := structure.NewDecoder(structure.Option{TagName: "proxy", WeaklyTypedInput: true})
 	proxyType, existType := mapping["type"].(string)
 	if !existType {
@ -40,6 +40,9 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		if err != nil {
 			break
 		}
 		if forceCertVerify {
 			socksOption.SkipCertVerify = false
 		}
 		proxy = outbound.NewSocks5(*socksOption)
 	case "http":
 		httpOption := &outbound.HttpOption{}
@ -47,6 +50,9 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		if err != nil {
 			break
 		}
 		if forceCertVerify {
 			httpOption.SkipCertVerify = false
 		}
 		proxy = outbound.NewHttp(*httpOption)
 	case "vmess":
 		vmessOption := &outbound.VmessOption{
@ -59,6 +65,9 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		if err != nil {
 			break
 		}
 		if forceCertVerify {
 			vmessOption.SkipCertVerify = false
 		}
 		proxy, err = outbound.NewVmess(*vmessOption)
 	case "vless":
 		vlessOption := &outbound.VlessOption{}
@ -66,6 +75,9 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		if err != nil {
 			break
 		}
 		if forceCertVerify {
 			vlessOption.SkipCertVerify = false
 		}
 		proxy, err = outbound.NewVless(*vlessOption)
 	case "snell":
 		snellOption := &outbound.SnellOption{}
@ -80,14 +92,10 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		if err != nil {
 			break
 		}
-		proxy, err = outbound.NewTrojan(*trojanOption)
+		if forceCertVerify {
-	case "hysteria":
+			trojanOption.SkipCertVerify = false
 		hyOption := &outbound.HysteriaOption{}
 		err = decoder.Decode(mapping, hyOption)
 		if err != nil {
 			break
 		}
-		proxy, err = outbound.NewHysteria(*hyOption)
+		proxy, err = outbound.NewTrojan(*trojanOption)
 	default:
 		return nil, fmt.Errorf("unsupport proxy type: %s", proxyType)
 	}
--- a/adapter/provider/fetcher.go
+++ b/adapter/provider/fetcher.go
@ -26,7 +26,6 @@ type fetcher[V any] struct {
 	done      chan struct{}
 	hash      [16]byte
 	parser    parser[V]
 	interval  time.Duration
 	onUpdate  func(V)
 }
@ -43,18 +42,12 @@ func (f *fetcher[V]) Initial() (V, error) {
 		buf     []byte
 		err     error
 		isLocal bool
 		forceUpdate bool
 	)
 	if stat, fErr := os.Stat(f.vehicle.Path()); fErr == nil {
 		buf, err = os.ReadFile(f.vehicle.Path())
 		modTime := stat.ModTime()
 		f.updatedAt = &modTime
 		isLocal = true
 		if f.interval != 0 && modTime.Add(f.interval).Before(time.Now()) {
 			log.Infoln("[Provider] %s not updated for a long time, force refresh", f.Name())
 			forceUpdate = true
 		}
 	} else {
 		buf, err = f.vehicle.Read()
 	}
@ -63,21 +56,7 @@ func (f *fetcher[V]) Initial() (V, error) {
 		return getZero[V](), err
 	}
-	var proxies V
+	proxies, err := f.parser(buf)
 	if forceUpdate {
 		var forceBuf []byte
 		if forceBuf, err = f.vehicle.Read(); err == nil {
 			if proxies, err = f.parser(forceBuf); err == nil {
 				isLocal = false
 				buf = forceBuf
 			}
 		}
 	}
 	if err != nil || !forceUpdate {
 		proxies, err = f.parser(buf)
 	}
 	if err != nil {
 		if !isLocal {
 			return getZero[V](), err
@ -123,7 +102,7 @@ func (f *fetcher[V]) Update() (V, bool, error) {
 	hash := md5.Sum(buf)
 	if bytes.Equal(f.hash[:], hash[:]) {
 		f.updatedAt = &now
-		os.Chtimes(f.vehicle.Path(), now, now)
+		_ = os.Chtimes(f.vehicle.Path(), now, now)
 		return getZero[V](), true, nil
 	}
@ -202,7 +181,6 @@ func newFetcher[V any](name string, interval time.Duration, vehicle types.Vehicl
 		parser:   parser,
 		done:     make(chan struct{}, 1),
 		onUpdate: onUpdate,
 		interval: interval,
 	}
 }
--- a/adapter/provider/healthcheck.go
+++ b/adapter/provider/healthcheck.go
@ -2,7 +2,6 @@ package provider
 import (
 	"context"
 	"github.com/Dreamacro/clash/common/singledo"
 	"time"
 	"github.com/Dreamacro/clash/common/batch"
@ -27,14 +26,15 @@ type HealthCheck struct {
 	lazy      bool
 	lastTouch *atomic.Int64
 	done      chan struct{}
 	singleDo  *singledo.Single[struct{}]
 }
 func (hc *HealthCheck) process() {
 	ticker := time.NewTicker(time.Duration(hc.interval) * time.Second)
 	go func() {
-		time.Sleep(30 * time.Second)
+		t := time.NewTicker(30 * time.Second)
 		<-t.C
 		t.Stop()
 		hc.check()
 	}()
@ -65,9 +65,13 @@ func (hc *HealthCheck) touch() {
 }
 func (hc *HealthCheck) check() {
-	_, _, _ = hc.singleDo.Do(func() (struct{}, error) {
+	proxies := hc.proxies
 	if len(proxies) == 0 {
 		return
 	}
 	b, _ := batch.New[bool](context.Background(), batch.WithConcurrencyNum[bool](10))
-		for _, proxy := range hc.proxies {
+	for _, proxy := range proxies {
 		p := proxy
 		b.Go(p.Name(), func() (bool, error) {
 			ctx, cancel := context.WithTimeout(context.Background(), defaultURLTestTimeout)
@ -76,10 +80,7 @@ func (hc *HealthCheck) check() {
 			return false, nil
 		})
 	}
 	b.Wait()
 		return struct{}{}, nil
 	})
 }
 func (hc *HealthCheck) close() {
@ -94,6 +95,5 @@ func NewHealthCheck(proxies []C.Proxy, url string, interval uint, lazy bool) *He
 		lazy:      lazy,
 		lastTouch: atomic.NewInt64(0),
 		done:      make(chan struct{}, 1),
 		singleDo:  singledo.NewSingle[struct{}](time.Second),
 	}
 }
--- a/adapter/provider/parser.go
+++ b/adapter/provider/parser.go
@ -26,9 +26,12 @@ type proxyProviderSchema struct {
 	Interval        int                 `provider:"interval,omitempty"`
 	Filter          string              `provider:"filter,omitempty"`
 	HealthCheck     healthCheckSchema   `provider:"health-check,omitempty"`
 	ForceCertVerify bool                `provider:"force-cert-verify,omitempty"`
 	PrefixName      string              `provider:"prefix-name,omitempty"`
 	Header          map[string][]string `provider:"header,omitempty"`
 }
-func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvider, error) {
+func ParseProxyProvider(name string, mapping map[string]any, forceCertVerify bool) (types.ProxyProvider, error) {
 	decoder := structure.NewDecoder(structure.Option{TagName: "provider", WeaklyTypedInput: true})
 	schema := &proxyProviderSchema{
@ -36,6 +39,11 @@ func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvide
 			Lazy: true,
 		},
 	}
 	if forceCertVerify {
 		schema.ForceCertVerify = true
 	}
 	if err := decoder.Decode(mapping, schema); err != nil {
 		return nil, err
 	}
@ -53,12 +61,12 @@ func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvide
 	case "file":
 		vehicle = NewFileVehicle(path)
 	case "http":
-		vehicle = NewHTTPVehicle(schema.URL, path)
+		vehicle = NewHTTPVehicle(schema.URL, path, schema.Header)
 	default:
 		return nil, fmt.Errorf("%w: %s", errVehicleType, schema.Type)
 	}
 	interval := time.Duration(uint(schema.Interval)) * time.Second
 	filter := schema.Filter
-	return NewProxySetProvider(name, interval, filter, vehicle, hc)
+	return NewProxySetProvider(name, interval, filter, vehicle, hc, schema.ForceCertVerify, schema.PrefixName)
 }
--- a/adapter/provider/provider.go
+++ b/adapter/provider/provider.go
@ -4,13 +4,12 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/Dreamacro/clash/common/convert"
+	"regexp"
 	"github.com/dlclark/regexp2"
 	"math"
 	"runtime"
 	"time"
 	"github.com/Dreamacro/clash/adapter"
 	"github.com/Dreamacro/clash/common/convert"
 	C "github.com/Dreamacro/clash/constant"
 	types "github.com/Dreamacro/clash/constant/provider"
@ -34,7 +33,7 @@ type proxySetProvider struct {
 	*fetcher[[]C.Proxy]
 	proxies        []C.Proxy
 	healthCheck    *HealthCheck
-	version     uint
+	providersInUse []types.ProxyProvider
 }
 func (pp *proxySetProvider) MarshalJSON() ([]byte, error) {
@ -47,10 +46,6 @@ func (pp *proxySetProvider) MarshalJSON() ([]byte, error) {
 	})
 }
 func (pp *proxySetProvider) Version() uint {
 	return pp.version
 }
 func (pp *proxySetProvider) Name() string {
 	return pp.name
 }
@ -72,6 +67,7 @@ func (pp *proxySetProvider) Initial() error {
 	if err != nil {
 		return err
 	}
 	pp.onUpdate(elm)
 	return nil
 }
@ -84,25 +80,31 @@ func (pp *proxySetProvider) Proxies() []C.Proxy {
 	return pp.proxies
 }
-func (pp *proxySetProvider) Touch() {
+func (pp *proxySetProvider) ProxiesWithTouch() []C.Proxy {
 	pp.healthCheck.touch()
 	return pp.Proxies()
 }
 func (pp *proxySetProvider) setProxies(proxies []C.Proxy) {
 	pp.proxies = proxies
 	pp.healthCheck.setProxy(proxies)
-	if pp.healthCheck.auto() {
+
-		defer func() { go pp.healthCheck.check() }()
+	for _, use := range pp.providersInUse {
 		_ = use.Update()
 	}
 }
 func (pp *proxySetProvider) RegisterProvidersInUse(providers ...types.ProxyProvider) {
 	pp.providersInUse = append(pp.providersInUse, providers...)
 }
 func stopProxyProvider(pd *ProxySetProvider) {
 	pd.healthCheck.close()
 	_ = pd.fetcher.Destroy()
 }
-func NewProxySetProvider(name string, interval time.Duration, filter string, vehicle types.Vehicle, hc *HealthCheck) (*ProxySetProvider, error) {
+func NewProxySetProvider(name string, interval time.Duration, filter string, vehicle types.Vehicle, hc *HealthCheck, forceCertVerify bool, prefixName string) (*ProxySetProvider, error) {
-	filterReg, err := regexp2.Compile(filter, 0)
+	filterReg, err := regexp.Compile(filter)
 	if err != nil {
 		return nil, fmt.Errorf("invalid filter regex: %w", err)
 	}
@ -116,7 +118,7 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, veh
 		healthCheck: hc,
 	}
-	fetcher := newFetcher[[]C.Proxy](name, interval, vehicle, proxiesParseAndFilter(filter, filterReg), proxiesOnUpdate(pd))
+	fetcher := newFetcher[[]C.Proxy](name, interval, vehicle, proxiesParseAndFilter(filter, filterReg, forceCertVerify, prefixName), proxiesOnUpdate(pd))
 	pd.fetcher = fetcher
 	wrapper := &ProxySetProvider{pd}
@ -133,7 +135,6 @@ type compatibleProvider struct {
 	name        string
 	healthCheck *HealthCheck
 	proxies     []C.Proxy
 	version     uint
 }
 func (cp *compatibleProvider) MarshalJSON() ([]byte, error) {
@ -145,10 +146,6 @@ func (cp *compatibleProvider) MarshalJSON() ([]byte, error) {
 	})
 }
 func (cp *compatibleProvider) Version() uint {
 	return cp.version
 }
 func (cp *compatibleProvider) Name() string {
 	return cp.name
 }
@ -177,8 +174,9 @@ func (cp *compatibleProvider) Proxies() []C.Proxy {
 	return cp.proxies
 }
-func (cp *compatibleProvider) Touch() {
+func (cp *compatibleProvider) ProxiesWithTouch() []C.Proxy {
 	cp.healthCheck.touch()
 	return cp.Proxies()
 }
 func stopCompatibleProvider(pd *CompatibleProvider) {
@ -205,25 +203,112 @@ func NewCompatibleProvider(name string, proxies []C.Proxy, hc *HealthCheck) (*Co
 	return wrapper, nil
 }
 // ProxyFilterProvider for filter provider
 type ProxyFilterProvider struct {
 	*proxyFilterProvider
 }
 type proxyFilterProvider struct {
 	name        string
 	psd         *ProxySetProvider
 	proxies     []C.Proxy
 	filter      *regexp.Regexp
 	healthCheck *HealthCheck
 }
 func (pf *proxyFilterProvider) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]any{
 		"name":        pf.Name(),
 		"type":        pf.Type().String(),
 		"vehicleType": pf.VehicleType().String(),
 		"proxies":     pf.Proxies(),
 	})
 }
 func (pf *proxyFilterProvider) Name() string {
 	return pf.name
 }
 func (pf *proxyFilterProvider) HealthCheck() {
 	pf.healthCheck.check()
 }
 func (pf *proxyFilterProvider) Update() error {
 	var proxies []C.Proxy
 	if pf.filter != nil {
 		for _, proxy := range pf.psd.Proxies() {
 			if !pf.filter.MatchString(proxy.Name()) {
 				continue
 			}
 			proxies = append(proxies, proxy)
 		}
 	} else {
 		proxies = pf.psd.Proxies()
 	}
 	pf.proxies = proxies
 	pf.healthCheck.setProxy(proxies)
 	return nil
 }
 func (pf *proxyFilterProvider) Initial() error {
 	return nil
 }
 func (pf *proxyFilterProvider) VehicleType() types.VehicleType {
 	return pf.psd.VehicleType()
 }
 func (pf *proxyFilterProvider) Type() types.ProviderType {
 	return types.Proxy
 }
 func (pf *proxyFilterProvider) Proxies() []C.Proxy {
 	return pf.proxies
 }
 func (pf *proxyFilterProvider) ProxiesWithTouch() []C.Proxy {
 	pf.healthCheck.touch()
 	return pf.Proxies()
 }
 func stopProxyFilterProvider(pf *ProxyFilterProvider) {
 	pf.healthCheck.close()
 }
 func NewProxyFilterProvider(name string, psd *ProxySetProvider, hc *HealthCheck, filterRegx *regexp.Regexp) *ProxyFilterProvider {
 	pd := &proxyFilterProvider{
 		psd:         psd,
 		name:        name,
 		healthCheck: hc,
 		filter:      filterRegx,
 	}
 	_ = pd.Update()
 	if hc.auto() {
 		go hc.process()
 	}
 	wrapper := &ProxyFilterProvider{pd}
 	runtime.SetFinalizer(wrapper, stopProxyFilterProvider)
 	return wrapper
 }
 func proxiesOnUpdate(pd *proxySetProvider) func([]C.Proxy) {
 	return func(elm []C.Proxy) {
 		pd.setProxies(elm)
 		if pd.version == math.MaxUint {
 			pd.version = 0
 		} else {
 			pd.version++
 		}
 	}
 }
-func proxiesParseAndFilter(filter string, filterReg *regexp2.Regexp) parser[[]C.Proxy] {
+func proxiesParseAndFilter(filter string, filterReg *regexp.Regexp, forceCertVerify bool, prefixName string) parser[[]C.Proxy] {
 	return func(buf []byte) ([]C.Proxy, error) {
 		schema := &ProxySchema{}
 		if err := yaml.Unmarshal(buf, schema); err != nil {
 			proxies, err1 := convert.ConvertsV2Ray(buf)
 			if err1 != nil {
-				return nil, fmt.Errorf("%s, %w", err.Error(), err1)
+				return nil, fmt.Errorf("%w, %s", err, err1.Error())
 			}
 			schema.Proxies = proxies
 		}
@ -234,12 +319,15 @@ func proxiesParseAndFilter(filter string, filterReg *regexp2.Regexp) parser[[]C.
 		proxies := []C.Proxy{}
 		for idx, mapping := range schema.Proxies {
-			name, ok := mapping["name"]
+			if name, ok := mapping["name"]; ok && len(filter) > 0 && !filterReg.MatchString(name.(string)) {
 			mat, _ := filterReg.FindStringMatch(name.(string))
 			if ok && len(filter) > 0 && mat == nil {
 				continue
 			}
-			proxy, err := adapter.ParseProxy(mapping)
+
 			if prefixName != "" {
 				mapping["name"] = prefixName + mapping["name"].(string)
 			}
 			proxy, err := adapter.ParseProxy(mapping, forceCertVerify)
 			if err != nil {
 				return nil, fmt.Errorf("proxy %d error: %w", idx, err)
 			}
--- a/adapter/provider/vehicle.go
+++ b/adapter/provider/vehicle.go
@ -2,12 +2,17 @@ package provider
 import (
 	"context"
 	netHttp "github.com/Dreamacro/clash/component/http"
 	types "github.com/Dreamacro/clash/constant/provider"
 	"io"
 	"net"
 	"net/http"
 	"net/url"
 	"os"
 	"time"
 	"github.com/Dreamacro/clash/common/convert"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	types "github.com/Dreamacro/clash/constant/provider"
 )
 type FileVehicle struct {
@ -33,6 +38,7 @@ func NewFileVehicle(path string) *FileVehicle {
 type HTTPVehicle struct {
 	url    string
 	path   string
 	header http.Header
 }
 func (h *HTTPVehicle) Type() types.VehicleType {
@ -46,19 +52,63 @@ func (h *HTTPVehicle) Path() string {
 func (h *HTTPVehicle) Read() ([]byte, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second*20)
 	defer cancel()
-	resp, err := netHttp.HttpRequest(ctx, h.url, http.MethodGet, nil, nil)
+
 	uri, err := url.Parse(h.url)
 	if err != nil {
 		return nil, err
 	}
-	defer resp.Body.Close()
+	req, err := http.NewRequest(http.MethodGet, uri.String(), nil)
 	if err != nil {
 		return nil, err
 	}
 	if h.header != nil {
 		req.Header = h.header
 	}
 	if user := uri.User; user != nil {
 		password, _ := user.Password()
 		req.SetBasicAuth(user.Username(), password)
 	}
 	convert.SetUserAgent(req.Header)
 	req = req.WithContext(ctx)
 	transport := &http.Transport{
 		// from http.DefaultTransport
 		MaxIdleConns:          100,
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		DialContext: func(ctx context.Context, network, address string) (conn net.Conn, err error) {
 			conn, err = dialer.DialContext(ctx, network, address) // with direct
 			if err != nil {
 				// fallback to tun if tun enabled
 				conn, err = (&net.Dialer{Timeout: C.DefaultTCPTimeout}).Dial(network, address)
 			}
 			return
 		},
 	}
 	client := http.Client{Transport: transport}
 	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
 	}
 	defer func() {
 		_ = resp.Body.Close()
 	}()
 	buf, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
 	return buf, nil
 }
-func NewHTTPVehicle(url string, path string) *HTTPVehicle {
+func NewHTTPVehicle(url string, path string, header http.Header) *HTTPVehicle {
-	return &HTTPVehicle{url, path}
+	return &HTTPVehicle{url, path, header}
 }
--- a/check_amd64.sh
+++ b/check_amd64.sh
@ -1,28 +0,0 @@
 #!/bin/sh
 flags=$(grep '^flags\b' </proc/cpuinfo | head -n 1)
 flags=" ${flags#*:} "
 has_flags () {
  for flag; do
    case "$flags" in
      *" $flag "*) :;;
      *) return 1;;
    esac
  done
 }
 determine_level () {
  level=0
  has_flags lm cmov cx8 fpu fxsr mmx syscall sse2 || return 0
  level=1
  has_flags cx16 lahf_lm popcnt sse4_1 sse4_2 ssse3 || return 0
  level=2
  has_flags avx avx2 bmi1 bmi2 f16c fma abm movbe xsave || return 0
  level=3
  has_flags avx512f avx512bw avx512cd avx512dq avx512vl || return 0
  level=4
 }
 determine_level
 echo "Your CPU supports amd64-v$level"
 return $level
--- a/common/cache/cache.go
+++ b/common/cache/cache.go
@ -61,7 +61,7 @@ func (c *cache[K, V]) GetWithExpire(key K) (payload V, expired time.Time) {
 func (c *cache[K, V]) cleanup() {
 	c.mapping.Range(func(k, v any) bool {
-		key := k.(string)
+		key := k
 		elm := v.(*element[V])
 		if time.Since(elm.Expired) > 0 {
 			c.mapping.Delete(key)
--- a/common/cert/cert.go
+++ b/common/cert/cert.go
@ -0,0 +1,303 @@
 package cert
 import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"math/big"
 	"net"
 	"os"
 	"strings"
 	"sync/atomic"
 	"time"
 )
 var currentSerialNumber = time.Now().Unix()
 type Config struct {
 	ca           *x509.Certificate
 	caPrivateKey *rsa.PrivateKey
 	roots *x509.CertPool
 	privateKey *rsa.PrivateKey
 	validity     time.Duration
 	keyID        []byte
 	organization string
 	certsStorage CertsStorage
 }
 type CertsStorage interface {
 	Get(key string) (*tls.Certificate, bool)
 	Set(key string, cert *tls.Certificate)
 }
 func NewAuthority(name, organization string, validity time.Duration) (*x509.Certificate, *rsa.PrivateKey, error) {
 	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return nil, nil, err
 	}
 	pub := privateKey.Public()
 	pkixPub, err := x509.MarshalPKIXPublicKey(pub)
 	if err != nil {
 		return nil, nil, err
 	}
 	h := sha1.New()
 	_, err = h.Write(pkixPub)
 	if err != nil {
 		return nil, nil, err
 	}
 	keyID := h.Sum(nil)
 	serial := atomic.AddInt64(&currentSerialNumber, 1)
 	tmpl := &x509.Certificate{
 		SerialNumber: big.NewInt(serial),
 		Subject: pkix.Name{
 			CommonName:   name,
 			Organization: []string{organization},
 		},
 		SubjectKeyId:          keyID,
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		NotBefore:             time.Now().Add(-validity),
 		NotAfter:              time.Now().Add(validity),
 		DNSNames:              []string{name},
 		IsCA:                  true,
 	}
 	raw, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, pub, privateKey)
 	if err != nil {
 		return nil, nil, err
 	}
 	x509c, err := x509.ParseCertificate(raw)
 	if err != nil {
 		return nil, nil, err
 	}
 	return x509c, privateKey, nil
 }
 func NewConfig(ca *x509.Certificate, caPrivateKey *rsa.PrivateKey) (*Config, error) {
 	roots := x509.NewCertPool()
 	roots.AddCert(ca)
 	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return nil, err
 	}
 	pub := privateKey.Public()
 	pkixPub, err := x509.MarshalPKIXPublicKey(pub)
 	if err != nil {
 		return nil, err
 	}
 	h := sha1.New()
 	_, err = h.Write(pkixPub)
 	if err != nil {
 		return nil, err
 	}
 	keyID := h.Sum(nil)
 	return &Config{
 		ca:           ca,
 		caPrivateKey: caPrivateKey,
 		privateKey:   privateKey,
 		keyID:        keyID,
 		validity:     time.Hour,
 		organization: "Clash",
 		certsStorage: NewDomainTrieCertsStorage(),
 		roots:        roots,
 	}, nil
 }
 func (c *Config) GetCA() *x509.Certificate {
 	return c.ca
 }
 func (c *Config) SetOrganization(organization string) {
 	c.organization = organization
 }
 func (c *Config) SetValidity(validity time.Duration) {
 	c.validity = validity
 }
 func (c *Config) NewTLSConfigForHost(hostname string) *tls.Config {
 	tlsConfig := &tls.Config{
 		GetCertificate: func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 			host := clientHello.ServerName
 			if host == "" {
 				host = hostname
 			}
 			return c.GetOrCreateCert(host)
 		},
 		NextProtos: []string{"http/1.1"},
 	}
 	tlsConfig.InsecureSkipVerify = true
 	return tlsConfig
 }
 func (c *Config) GetOrCreateCert(hostname string, ips ...net.IP) (*tls.Certificate, error) {
 	var leaf *x509.Certificate
 	tlsCertificate, ok := c.certsStorage.Get(hostname)
 	if ok {
 		leaf = tlsCertificate.Leaf
 		if _, err := leaf.Verify(x509.VerifyOptions{
 			DNSName: hostname,
 			Roots:   c.roots,
 		}); err == nil {
 			return tlsCertificate, nil
 		}
 	}
 	var (
 		key          = hostname
 		topHost      = hostname
 		wildcardHost = "*." + hostname
 		dnsNames     []string
 	)
 	if ip := net.ParseIP(hostname); ip != nil {
 		ips = append(ips, ip)
 	} else {
 		parts := strings.Split(hostname, ".")
 		l := len(parts)
 		if leaf != nil {
 			dnsNames = append(dnsNames, leaf.DNSNames...)
 		}
 		if l > 2 {
 			topIndex := l - 2
 			topHost = strings.Join(parts[topIndex:], ".")
 			for i := topIndex; i > 0; i-- {
 				wildcardHost = "*." + strings.Join(parts[i:], ".")
 				if i == topIndex && (len(dnsNames) == 0 || dnsNames[0] != topHost) {
 					dnsNames = append(dnsNames, topHost, wildcardHost)
 				} else if !hasDnsNames(dnsNames, wildcardHost) {
 					dnsNames = append(dnsNames, wildcardHost)
 				}
 			}
 		} else {
 			dnsNames = append(dnsNames, topHost, wildcardHost)
 		}
 		key = "+." + topHost
 	}
 	serial := atomic.AddInt64(&currentSerialNumber, 1)
 	tmpl := &x509.Certificate{
 		SerialNumber: big.NewInt(serial),
 		Subject: pkix.Name{
 			CommonName:   topHost,
 			Organization: []string{c.organization},
 		},
 		SubjectKeyId:          c.keyID,
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		NotBefore:             time.Now().Add(-c.validity),
 		NotAfter:              time.Now().Add(c.validity),
 		DNSNames:              dnsNames,
 		IPAddresses:           ips,
 	}
 	raw, err := x509.CreateCertificate(rand.Reader, tmpl, c.ca, c.privateKey.Public(), c.caPrivateKey)
 	if err != nil {
 		return nil, err
 	}
 	x509c, err := x509.ParseCertificate(raw)
 	if err != nil {
 		return nil, err
 	}
 	tlsCertificate = &tls.Certificate{
 		Certificate: [][]byte{raw, c.ca.Raw},
 		PrivateKey:  c.privateKey,
 		Leaf:        x509c,
 	}
 	c.certsStorage.Set(key, tlsCertificate)
 	return tlsCertificate, nil
 }
 // GenerateAndSave generate CA private key and CA certificate and dump them to file
 func GenerateAndSave(caPath string, caKeyPath string) error {
 	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return err
 	}
 	tmpl := &x509.Certificate{
 		SerialNumber: big.NewInt(time.Now().Unix()),
 		Subject: pkix.Name{
 			Country:      []string{"US"},
 			CommonName:   "Clash Root CA",
 			Organization: []string{"Clash Trust Services"},
 		},
 		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		NotBefore:             time.Now().Add(-(time.Hour * 24 * 60)),
 		NotAfter:              time.Now().Add(time.Hour * 24 * 365 * 25),
 		BasicConstraintsValid: true,
 		IsCA:                  true,
 	}
 	caRaw, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, privateKey.Public(), privateKey)
 	if err != nil {
 		return err
 	}
 	caOut, err := os.OpenFile(caPath, os.O_CREATE|os.O_WRONLY, 0o600)
 	if err != nil {
 		return err
 	}
 	defer func(caOut *os.File) {
 		_ = caOut.Close()
 	}(caOut)
 	if err = pem.Encode(caOut, &pem.Block{Type: "CERTIFICATE", Bytes: caRaw}); err != nil {
 		return err
 	}
 	caKeyOut, err := os.OpenFile(caKeyPath, os.O_CREATE|os.O_WRONLY, 0o600)
 	if err != nil {
 		return err
 	}
 	defer func(caKeyOut *os.File) {
 		_ = caKeyOut.Close()
 	}(caKeyOut)
 	if err = pem.Encode(caKeyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}); err != nil {
 		return err
 	}
 	return nil
 }
 func hasDnsNames(dnsNames []string, hostname string) bool {
 	for _, name := range dnsNames {
 		if name == hostname {
 			return true
 		}
 	}
 	return false
 }
--- a/common/cert/cert_test.go
+++ b/common/cert/cert_test.go
@ -0,0 +1,104 @@
 package cert
 import (
 	"crypto/tls"
 	"crypto/x509"
 	"net"
 	"os"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 )
 func TestCert(t *testing.T) {
 	ca, privateKey, err := NewAuthority("Clash ca", "Clash", 24*time.Hour)
 	assert.Nil(t, err)
 	assert.NotNil(t, ca)
 	assert.NotNil(t, privateKey)
 	c, err := NewConfig(ca, privateKey)
 	assert.Nil(t, err)
 	c.SetValidity(20 * time.Hour)
 	c.SetOrganization("Test Organization")
 	conf := c.NewTLSConfigForHost("example.org")
 	assert.Equal(t, []string{"http/1.1"}, conf.NextProtos)
 	assert.True(t, conf.InsecureSkipVerify)
 	// Test generating a certificate
 	clientHello := &tls.ClientHelloInfo{
 		ServerName: "example.org",
 	}
 	tlsCert, err := conf.GetCertificate(clientHello)
 	assert.Nil(t, err)
 	assert.NotNil(t, tlsCert)
 	// Assert certificate details
 	x509c := tlsCert.Leaf
 	assert.Equal(t, "example.org", x509c.Subject.CommonName)
 	assert.Nil(t, x509c.VerifyHostname("example.org"))
 	assert.Nil(t, x509c.VerifyHostname("abc.example.org"))
 	assert.Equal(t, []string{"Test Organization"}, x509c.Subject.Organization)
 	assert.NotNil(t, x509c.SubjectKeyId)
 	assert.True(t, x509c.BasicConstraintsValid)
 	assert.True(t, x509c.KeyUsage&x509.KeyUsageKeyEncipherment == x509.KeyUsageKeyEncipherment)
 	assert.True(t, x509c.KeyUsage&x509.KeyUsageDigitalSignature == x509.KeyUsageDigitalSignature)
 	assert.Equal(t, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, x509c.ExtKeyUsage)
 	assert.Equal(t, []string{"example.org", "*.example.org"}, x509c.DNSNames)
 	assert.True(t, x509c.NotBefore.Before(time.Now().Add(-2*time.Hour)))
 	assert.True(t, x509c.NotAfter.After(time.Now().Add(2*time.Hour)))
 	// Check that certificate is cached
 	tlsCert2, err := c.GetOrCreateCert("abc.example.org")
 	assert.Nil(t, err)
 	assert.True(t, tlsCert == tlsCert2)
 	// Check that certificate is new
 	_, _ = c.GetOrCreateCert("a.b.c.d.e.f.g.h.i.j.example.org")
 	tlsCert3, err := c.GetOrCreateCert("m.k.l.example.org")
 	x509c = tlsCert3.Leaf
 	assert.Nil(t, err)
 	assert.False(t, tlsCert == tlsCert3)
 	assert.Equal(t, []string{"example.org", "*.example.org", "*.j.example.org", "*.i.j.example.org", "*.h.i.j.example.org", "*.g.h.i.j.example.org", "*.f.g.h.i.j.example.org", "*.e.f.g.h.i.j.example.org", "*.d.e.f.g.h.i.j.example.org", "*.c.d.e.f.g.h.i.j.example.org", "*.b.c.d.e.f.g.h.i.j.example.org", "*.l.example.org", "*.k.l.example.org"}, x509c.DNSNames)
 	// Check that certificate is cached
 	tlsCert4, err := c.GetOrCreateCert("xyz.example.org")
 	x509c = tlsCert4.Leaf
 	assert.Nil(t, err)
 	assert.True(t, tlsCert3 == tlsCert4)
 	assert.Nil(t, x509c.VerifyHostname("example.org"))
 	assert.Nil(t, x509c.VerifyHostname("jkf.example.org"))
 	assert.Nil(t, x509c.VerifyHostname("n.j.example.org"))
 	assert.Nil(t, x509c.VerifyHostname("c.i.j.example.org"))
 	assert.Nil(t, x509c.VerifyHostname("m.l.example.org"))
 	assert.Error(t, x509c.VerifyHostname("m.l.jkf.example.org"))
 	// Check the certificate for an IP
 	tlsCertForIP, err := c.GetOrCreateCert("192.168.0.1")
 	x509c = tlsCertForIP.Leaf
 	assert.Nil(t, err)
 	assert.Equal(t, 1, len(x509c.IPAddresses))
 	assert.True(t, net.ParseIP("192.168.0.1").Equal(x509c.IPAddresses[0]))
 	// Check that certificate is cached
 	tlsCertForIP2, err := c.GetOrCreateCert("192.168.0.1")
 	x509c = tlsCertForIP2.Leaf
 	assert.Nil(t, err)
 	assert.True(t, tlsCertForIP == tlsCertForIP2)
 	assert.Nil(t, x509c.VerifyHostname("192.168.0.1"))
 }
 func TestGenerateAndSave(t *testing.T) {
 	caPath := "ca.crt"
 	caKeyPath := "ca.key"
 	err := GenerateAndSave(caPath, caKeyPath)
 	assert.Nil(t, err)
 	_ = os.Remove(caPath)
 	_ = os.Remove(caKeyPath)
 }
--- a/common/cert/storage.go
+++ b/common/cert/storage.go
@ -0,0 +1,32 @@
 package cert
 import (
 	"crypto/tls"
 	"github.com/Dreamacro/clash/component/trie"
 )
 // DomainTrieCertsStorage cache wildcard certificates
 type DomainTrieCertsStorage struct {
 	certsCache *trie.DomainTrie[*tls.Certificate]
 }
 // Get gets the certificate from the storage
 func (c *DomainTrieCertsStorage) Get(key string) (*tls.Certificate, bool) {
 	ca := c.certsCache.Search(key)
 	if ca == nil {
 		return nil, false
 	}
 	return ca.Data, true
 }
 // Set saves the certificate to the storage
 func (c *DomainTrieCertsStorage) Set(key string, cert *tls.Certificate) {
 	_ = c.certsCache.Insert(key, cert)
 }
 func NewDomainTrieCertsStorage() *DomainTrieCertsStorage {
 	return &DomainTrieCertsStorage{
 		certsCache: trie.New[*tls.Certificate](),
 	}
 }
--- a/common/cmd/cmd.go
+++ b/common/cmd/cmd.go
@ -14,9 +14,8 @@ func ExecCmd(cmdStr string) (string, error) {
 		cmd = exec.Command(args[0])
 	} else {
 		cmd = exec.Command(args[0], args[1:]...)
 	}
-	prepareBackgroundCommand(cmd)
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return "", fmt.Errorf("%v, %s", err, string(out))
--- a/common/cmd/cmd_other.go
+++ b/common/cmd/cmd_other.go
@ -1,11 +0,0 @@
 //go:build !windows
 package cmd
 import (
 	"os/exec"
 )
 func prepareBackgroundCommand(cmd *exec.Cmd) {
 }
--- a/common/cmd/cmd_windows.go
+++ b/common/cmd/cmd_windows.go
@ -1,12 +0,0 @@
 //go:build windows
 package cmd
 import (
 	"os/exec"
 	"syscall"
 )
 func prepareBackgroundCommand(cmd *exec.Cmd) {
 	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
 }
--- a/common/collections/stack.go
+++ b/common/collections/stack.go
@ -1,56 +0,0 @@
 package collections
 import "sync"
 type (
 	stack struct {
 		top    *node
 		length int
 		lock   *sync.RWMutex
 	}
 	node struct {
 		value interface{}
 		prev  *node
 	}
 )
 // NewStack Create a new stack
 func NewStack() *stack {
 	return &stack{nil, 0, &sync.RWMutex{}}
 }
 // Len Return the number of items in the stack
 func (this *stack) Len() int {
 	return this.length
 }
 // Peek View the top item on the stack
 func (this *stack) Peek() interface{} {
 	if this.length == 0 {
 		return nil
 	}
 	return this.top.value
 }
 // Pop the top item of the stack and return it
 func (this *stack) Pop() interface{} {
 	this.lock.Lock()
 	defer this.lock.Unlock()
 	if this.length == 0 {
 		return nil
 	}
 	n := this.top
 	this.top = n.prev
 	this.length--
 	return n.value
 }
 // Push a value onto the top of the stack
 func (this *stack) Push(value interface{}) {
 	this.lock.Lock()
 	defer this.lock.Unlock()
 	n := &node{value, this.top}
 	this.top = n
 	this.length++
 }
--- a/common/convert/converter.go
+++ b/common/convert/converter.go
@ -6,28 +6,37 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/url"
 	"strconv"
 	"strings"
 )
 var encRaw = base64.RawStdEncoding
 var enc = base64.StdEncoding
-func DecodeBase64(buf []byte) []byte {
+func DecodeBase64(buf []byte) ([]byte, error) {
-	dBuf := make([]byte, encRaw.DecodedLen(len(buf)))
+	dBuf := make([]byte, enc.DecodedLen(len(buf)))
-	n, err := encRaw.Decode(dBuf, buf)
+	n, err := enc.Decode(dBuf, buf)
 	if err != nil {
-		n, err = enc.Decode(dBuf, buf)
+		return nil, err
 	}
 	return dBuf[:n], nil
 }
 // DecodeBase64StringToString decode base64 string to string
 func DecodeBase64StringToString(s string) (string, error) {
 	dBuf, err := enc.DecodeString(s)
 	if err != nil {
-			return buf
+		return "", err
 	}
-	}
+
-	return dBuf[:n]
+	return string(dBuf), nil
 }
 // ConvertsV2Ray convert V2Ray subscribe proxies data to clash proxies config
 func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
-	data := DecodeBase64(buf)
+	data, err := DecodeBase64(buf)
 	if err != nil {
 		data = buf
 	}
 	arr := strings.Split(string(data), "\n")
@ -47,39 +56,6 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 		scheme = strings.ToLower(scheme)
 		switch scheme {
 		case "hysteria":
 			urlHysteria, err := url.Parse(line)
 			if err != nil {
 				continue
 			}
 			query := urlHysteria.Query()
 			name := uniqueName(names, urlHysteria.Fragment)
 			hysteria := make(map[string]any, 20)
 			hysteria["name"] = name
 			hysteria["type"] = scheme
 			hysteria["server"] = urlHysteria.Hostname()
 			hysteria["port"] = urlHysteria.Port()
 			hysteria["sni"] = query.Get("peer")
 			hysteria["obfs"] = query.Get("obfs")
 			hysteria["alpn"] = query.Get("alpn")
 			hysteria["auth_str"] = query.Get("auth")
 			hysteria["protocol"] = query.Get("protocol")
 			up := query.Get("up")
 			down := query.Get("down")
 			if up == "" {
 				up = query.Get("upmbps")
 			}
 			if down == "" {
 				down = query.Get("downmbps")
 			}
 			hysteria["down"] = down
 			hysteria["up"] = up
 			hysteria["skip-cert-verify"], _ = strconv.ParseBool(query.Get("insecure"))
 			proxies = append(proxies, hysteria)
 		case "trojan":
 			urlTrojan, err := url.Parse(line)
 			if err != nil {
@ -109,122 +85,22 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 				trojan["network"] = network
 			}
-			switch network {
+			if network == "ws" {
 			case "ws":
 				headers := make(map[string]any)
 				wsOpts := make(map[string]any)
 				headers["Host"] = RandHost()
 				headers["User-Agent"] = RandUserAgent()
 				wsOpts["path"] = query.Get("path")
 				wsOpts["headers"] = headers
 				trojan["ws-opts"] = wsOpts
 			case "grpc":
 				grpcOpts := make(map[string]any)
 				grpcOpts["grpc-service-name"] = query.Get("serviceName")
 				trojan["grpc-opts"] = grpcOpts
 			}
 			proxies = append(proxies, trojan)
 		case "vless":
 			urlVless, err := url.Parse(line)
 			if err != nil {
 				continue
 			}
 			query := urlVless.Query()
 			name := uniqueName(names, urlVless.Fragment)
 			vless := make(map[string]any, 20)
 			vless["name"] = name
 			vless["type"] = scheme
 			vless["server"] = urlVless.Hostname()
 			vless["port"] = urlVless.Port()
 			vless["uuid"] = urlVless.User.Username()
 			vless["udp"] = true
 			vless["skip-cert-verify"] = false
 			vless["tls"] = false
 			tls := strings.ToLower(query.Get("security"))
 			if strings.Contains(tls, "tls") {
 				vless["tls"] = true
 			}
 			sni := query.Get("sni")
 			if sni != "" {
 				vless["servername"] = sni
 			}
 			flow := strings.ToLower(query.Get("flow"))
 			if flow != "" {
 				vless["flow"] = flow
 			}
 			network := strings.ToLower(query.Get("type"))
 			fakeType := strings.ToLower(query.Get("headerType"))
 			if fakeType == "http" {
 				network = "http"
 			} else if network == "http" {
 				network = "h2"
 			}
 			vless["network"] = network
 			switch network {
 			case "tcp":
 				if fakeType != "none" {
 					headers := make(map[string]any)
 					httpOpts := make(map[string]any)
 					httpOpts["path"] = []string{"/"}
 					if query.Get("host") != "" {
 						headers["Host"] = []string{query.Get("host")}
 					}
 					if query.Get("method") != "" {
 						httpOpts["method"] = query.Get("method")
 					}
 					if query.Get("path") != "" {
 						httpOpts["path"] = []string{query.Get("path")}
 					}
 					httpOpts["headers"] = headers
 					vless["http-opts"] = httpOpts
 				}
 			case "http":
 				headers := make(map[string]any)
 				h2Opts := make(map[string]any)
 				h2Opts["path"] = []string{"/"}
 				if query.Get("path") != "" {
 					h2Opts["path"] = []string{query.Get("path")}
 				}
 				if query.Get("host") != "" {
 					h2Opts["host"] = []string{query.Get("host")}
 				}
 				h2Opts["headers"] = headers
 				vless["h2-opts"] = h2Opts
 			case "ws":
 				headers := make(map[string]any)
 				wsOpts := make(map[string]any)
 				headers["User-Agent"] = RandUserAgent()
 				headers["Host"] = query.Get("host")
 				wsOpts["path"] = query.Get("path")
 				wsOpts["headers"] = headers
 				vless["ws-opts"] = wsOpts
 			case "grpc":
 				grpcOpts := make(map[string]any)
 				grpcOpts["grpc-service-name"] = query.Get("serviceName")
 				vless["grpc-opts"] = grpcOpts
 			}
 			proxies = append(proxies, vless)
 		case "vmess":
-			dcBuf, err := encRaw.DecodeString(body)
+			dcBuf, err := enc.DecodeString(body)
 			if err != nil {
 				continue
 			}
@ -247,79 +123,37 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			vmess["alterId"] = values["aid"]
 			vmess["cipher"] = "auto"
 			vmess["udp"] = true
 			vmess["tls"] = false
 			vmess["skip-cert-verify"] = false
-			if values["cipher"] != nil && values["cipher"] != "" {
+			host := values["host"]
 				vmess["cipher"] = values["cipher"]
 			}
 			sni := values["sni"]
 			if sni != "" {
 				vmess["servername"] = sni
 			}
 			network := strings.ToLower(values["net"].(string))
-			if values["type"] == "http" {
+
 				network = "http"
 			} else if network == "http" {
 				network = "h2"
 			}
 			vmess["network"] = network
 			tls := strings.ToLower(values["tls"].(string))
-			if strings.Contains(tls, "tls") {
+			if tls != "" && tls != "0" && tls != "null" {
 				if host != nil {
 					vmess["servername"] = host
 				}
 				vmess["tls"] = true
 			}
-			switch network {
+			if network == "ws" {
 			case "http":
 				headers := make(map[string]any)
 				httpOpts := make(map[string]any)
 				if values["host"] != "" && values["host"] != nil {
 					headers["Host"] = []string{values["host"].(string)}
 				}
 				httpOpts["path"] = []string{"/"}
 				if values["path"] != "" && values["path"] != nil {
 					httpOpts["path"] = []string{values["path"].(string)}
 				}
 				httpOpts["headers"] = headers
 				vmess["http-opts"] = httpOpts
 			case "h2":
 				headers := make(map[string]any)
 				h2Opts := make(map[string]any)
 				if values["host"] != "" && values["host"] != nil {
 					headers["Host"] = []string{values["host"].(string)}
 				}
 				h2Opts["path"] = values["path"]
 				h2Opts["headers"] = headers
 				vmess["h2-opts"] = h2Opts
 			case "ws":
 				headers := make(map[string]any)
 				wsOpts := make(map[string]any)
-				wsOpts["path"] = []string{"/"}
+
-				if values["host"] != "" && values["host"] != nil {
+				headers["Host"] = RandHost()
-					headers["Host"] = values["host"].(string)
+				headers["User-Agent"] = RandUserAgent()
-				}
+
-				if values["path"] != "" && values["path"] != nil {
+				if values["path"] != nil {
-					wsOpts["path"] = values["path"].(string)
+					wsOpts["path"] = values["path"]
 				}
 				wsOpts["headers"] = headers
 				vmess["ws-opts"] = wsOpts
-			case "grpc":
+				vmess["ws-opts"] = wsOpts
 				grpcOpts := make(map[string]any)
 				grpcOpts["grpc-service-name"] = values["path"]
 				vmess["grpc-opts"] = grpcOpts
 			}
 			proxies = append(proxies, vmess)
 		case "ss":
 			urlSS, err := url.Parse(line)
 			if err != nil {
@ -330,7 +164,7 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			port := urlSS.Port()
 			if port == "" {
-				dcBuf, err := encRaw.DecodeString(urlSS.Host)
+				dcBuf, err := enc.DecodeString(urlSS.Host)
 				if err != nil {
 					continue
 				}
@ -347,10 +181,11 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			)
 			if password, found = urlSS.User.Password(); !found {
-				dcBuf, _ := enc.DecodeString(cipher)
+				dcBuf, err := enc.DecodeString(cipher)
-				if !strings.Contains(string(dcBuf), "2022-blake3") {
+				if err != nil {
-					dcBuf, _ = encRaw.DecodeString(cipher)
+					continue
 				}
 				cipher, password, found = strings.Cut(string(dcBuf), ":")
 				if !found {
 					continue
@ -365,19 +200,11 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			ss["port"] = urlSS.Port()
 			ss["cipher"] = cipher
 			ss["password"] = password
 			query := urlSS.Query()
 			ss["udp"] = true
-			if strings.Contains(query.Get("plugin"), "obfs") {
+
 				obfsParams := strings.Split(query.Get("plugin"), ";")
 				ss["plugin"] = "obfs"
 				ss["plugin-opts"] = map[string]any{
 					"host": obfsParams[2][10:],
 					"mode": obfsParams[1][5:],
 				}
 			}
 			proxies = append(proxies, ss)
 		case "ssr":
-			dcBuf, err := encRaw.DecodeString(body)
+			dcBuf, err := enc.DecodeString(body)
 			if err != nil {
 				continue
 			}
@ -434,6 +261,54 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			}
 			proxies = append(proxies, ssr)
 		case "vless":
 			urlVless, err := url.Parse(line)
 			if err != nil {
 				continue
 			}
 			query := urlVless.Query()
 			name := uniqueName(names, urlVless.Fragment)
 			vless := make(map[string]any, 20)
 			vless["name"] = name
 			vless["type"] = scheme
 			vless["server"] = urlVless.Hostname()
 			vless["port"] = urlVless.Port()
 			vless["uuid"] = urlVless.User.Username()
 			vless["udp"] = true
 			vless["skip-cert-verify"] = false
 			sni := query.Get("sni")
 			if sni != "" {
 				vless["servername"] = sni
 			}
 			flow := strings.ToLower(query.Get("flow"))
 			if flow != "" {
 				vless["flow"] = flow
 			}
 			network := strings.ToLower(query.Get("type"))
 			if network != "" {
 				vless["network"] = network
 			}
 			if network == "ws" {
 				headers := make(map[string]any)
 				wsOpts := make(map[string]any)
 				headers["Host"] = RandHost()
 				headers["User-Agent"] = RandUserAgent()
 				wsOpts["path"] = query.Get("path")
 				wsOpts["headers"] = headers
 				vless["ws-opts"] = wsOpts
 			}
 			proxies = append(proxies, vless)
 		}
 	}
@ -449,7 +324,7 @@ func urlSafe(data string) string {
 }
 func decodeUrlSafe(data string) string {
-	dcBuf, err := base64.RawURLEncoding.DecodeString(data)
+	dcBuf, err := base64.URLEncoding.DecodeString(data)
 	if err != nil {
 		return ""
 	}
--- a/common/convert/util.go
+++ b/common/convert/util.go
@ -29,7 +29,6 @@ var hostsSuffix = []string{
 	".alidns.com",
 	".cdngslb.com",
 	".mxhichina.com",
 	".alibabadns.com",
 }
 var userAgents = []string{
--- a/common/net/relay.go
+++ b/common/net/relay.go
@ -12,19 +12,28 @@ import (
 func Relay(leftConn, rightConn net.Conn) {
 	ch := make(chan error)
 	tcpKeepAlive(leftConn)
 	tcpKeepAlive(rightConn)
 	go func() {
 		buf := pool.Get(pool.RelayBufferSize)
 		// Wrapping to avoid using *net.TCPConn.(ReadFrom)
 		// See also https://github.com/Dreamacro/clash/pull/1209
 		_, err := io.CopyBuffer(WriteOnlyWriter{Writer: leftConn}, ReadOnlyReader{Reader: rightConn}, buf)
-		pool.Put(buf)
+		_ = pool.Put(buf)
-		leftConn.SetReadDeadline(time.Now())
+		_ = leftConn.SetReadDeadline(time.Now())
 		ch <- err
 	}()
 	buf := pool.Get(pool.RelayBufferSize)
-	io.CopyBuffer(WriteOnlyWriter{Writer: rightConn}, ReadOnlyReader{Reader: leftConn}, buf)
+	_, _ = io.CopyBuffer(WriteOnlyWriter{Writer: rightConn}, ReadOnlyReader{Reader: leftConn}, buf)
-	pool.Put(buf)
+	_ = pool.Put(buf)
-	rightConn.SetReadDeadline(time.Now())
+	_ = rightConn.SetReadDeadline(time.Now())
 	<-ch
 }
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
 		_ = tcp.SetKeepAlive(true)
 	}
 }
--- a/common/net/tcpip.go
+++ b/common/net/tcpip.go
@ -1,46 +0,0 @@
 package net
 import (
 	"fmt"
 	"net"
 	"strings"
 )
 func SplitNetworkType(s string) (string, string, error) {
 	var (
 		shecme   string
 		hostPort string
 	)
 	result := strings.Split(s, "://")
 	if len(result) == 2 {
 		shecme = result[0]
 		hostPort = result[1]
 	} else if len(result) == 1 {
 		hostPort = result[0]
 	} else {
 		return "", "", fmt.Errorf("tcp/udp style error")
 	}
 	if len(shecme) == 0 {
 		shecme = "udp"
 	}
 	if shecme != "tcp" && shecme != "udp" {
 		return "", "", fmt.Errorf("scheme should be tcp:// or udp://")
 	} else {
 		return shecme, hostPort, nil
 	}
 }
 func SplitHostPort(s string) (host, port string, hasPort bool, err error) {
 	temp := s
 	hasPort = true
 	if !strings.Contains(s, ":") && !strings.Contains(s, "]:") {
 		temp += ":0"
 		hasPort = false
 	}
 	host, port, err = net.SplitHostPort(temp)
 	return
 }
--- a/common/pool/alloc.go
+++ b/common/pool/alloc.go
@ -8,7 +8,7 @@ import (
 	"sync"
 )
-var DefaultAllocator = NewAllocator()
+var defaultAllocator = NewAllocator()
 // Allocator for incoming frames, optimized to prevent overwriting after zeroing
 type Allocator struct {
--- a/common/pool/pool.go
+++ b/common/pool/pool.go
@ -13,9 +13,9 @@ const (
 )
 func Get(size int) []byte {
-	return DefaultAllocator.Get(size)
+	return defaultAllocator.Get(size)
 }
 func Put(buf []byte) error {
-	return DefaultAllocator.Put(buf)
+	return defaultAllocator.Put(buf)
 }
--- a/component/sniffer/tls_sniffer.go
+++ b/component/sniffer/tls_sniffer.go
@ -1,115 +1,107 @@
-package sniffer
+package tls
 import (
 	"encoding/binary"
 	"errors"
 	"strings"
 	C "github.com/Dreamacro/clash/constant"
 )
 var ErrNoClue = errors.New("not enough information for making a decision")
 type SniffHeader struct {
 	domain string
 }
 func (h *SniffHeader) Protocol() string {
 	return "tls"
 }
 func (h *SniffHeader) Domain() string {
 	return h.domain
 }
 var (
 	errNotTLS         = errors.New("not TLS header")
 	errNotClientHello = errors.New("not client hello")
 )
 type TLSSniffer struct {
 }
 func (tls *TLSSniffer) Protocol() string {
 	return "tls"
 }
 func (tls *TLSSniffer) SupportNetwork() C.NetWork {
 	return C.TCP
 }
 func (tls *TLSSniffer) SniffTCP(bytes []byte) (string, error) {
 	domain, err := SniffTLS(bytes)
 	if err == nil {
 		return *domain, nil
 	} else {
 		return "", err
 	}
 }
 func IsValidTLSVersion(major, minor byte) bool {
 	return major == 3
 }
 // ReadClientHello returns server name (if any) from TLS client hello message.
 // https://github.com/golang/go/blob/master/src/crypto/tls/handshake_messages.go#L300
-func ReadClientHello(data []byte) (*string, error) {
+func ReadClientHello(data []byte, h *SniffHeader) error {
 	if len(data) < 42 {
-		return nil, ErrNoClue
+		return ErrNoClue
 	}
 	sessionIDLen := int(data[38])
 	if sessionIDLen > 32 || len(data) < 39+sessionIDLen {
-		return nil, ErrNoClue
+		return ErrNoClue
 	}
 	data = data[39+sessionIDLen:]
 	if len(data) < 2 {
-		return nil, ErrNoClue
+		return ErrNoClue
 	}
 	// cipherSuiteLen is the number of bytes of cipher suite numbers. Since
 	// they are uint16s, the number must be even.
 	cipherSuiteLen := int(data[0])<<8 | int(data[1])
 	if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen {
-		return nil, errNotClientHello
+		return errNotClientHello
 	}
 	data = data[2+cipherSuiteLen:]
 	if len(data) < 1 {
-		return nil, ErrNoClue
+		return ErrNoClue
 	}
 	compressionMethodsLen := int(data[0])
 	if len(data) < 1+compressionMethodsLen {
-		return nil, ErrNoClue
+		return ErrNoClue
 	}
 	data = data[1+compressionMethodsLen:]
 	if len(data) == 0 {
-		return nil, errNotClientHello
+		return errNotClientHello
 	}
 	if len(data) < 2 {
-		return nil, errNotClientHello
+		return errNotClientHello
 	}
 	extensionsLength := int(data[0])<<8 | int(data[1])
 	data = data[2:]
 	if extensionsLength != len(data) {
-		return nil, errNotClientHello
+		return errNotClientHello
 	}
 	for len(data) != 0 {
 		if len(data) < 4 {
-			return nil, errNotClientHello
+			return errNotClientHello
 		}
 		extension := uint16(data[0])<<8 | uint16(data[1])
 		length := int(data[2])<<8 | int(data[3])
 		data = data[4:]
 		if len(data) < length {
-			return nil, errNotClientHello
+			return errNotClientHello
 		}
 		if extension == 0x00 { /* extensionServerName */
 			d := data[:length]
 			if len(d) < 2 {
-				return nil, errNotClientHello
+				return errNotClientHello
 			}
 			namesLen := int(d[0])<<8 | int(d[1])
 			d = d[2:]
 			if len(d) != namesLen {
-				return nil, errNotClientHello
+				return errNotClientHello
 			}
 			for len(d) > 0 {
 				if len(d) < 3 {
-					return nil, errNotClientHello
+					return errNotClientHello
 				}
 				nameType := d[0]
 				nameLen := int(d[1])<<8 | int(d[2])
 				d = d[3:]
 				if len(d) < nameLen {
-					return nil, errNotClientHello
+					return errNotClientHello
 				}
 				if nameType == 0 {
 					serverName := string(d[:nameLen])
@ -117,22 +109,21 @@ func ReadClientHello(data []byte) (*string, error) {
 					// trailing dot. See
 					// https://tools.ietf.org/html/rfc6066#section-3.
 					if strings.HasSuffix(serverName, ".") {
-						return nil, errNotClientHello
+						return errNotClientHello
 					}
-
+					h.domain = serverName
-					return &serverName, nil
+					return nil
 				}
 				d = d[nameLen:]
 			}
 		}
 		data = data[length:]
 	}
-	return nil, errNotTLS
+	return errNotTLS
 }
-func SniffTLS(b []byte) (*string, error) {
+func SniffTLS(b []byte) (*SniffHeader, error) {
 	if len(b) < 5 {
 		return nil, ErrNoClue
 	}
@ -148,9 +139,10 @@ func SniffTLS(b []byte) (*string, error) {
 		return nil, ErrNoClue
 	}
-	domain, err := ReadClientHello(b[5 : 5+headerLen])
+	h := &SniffHeader{}
 	err := ReadClientHello(b[5:5+headerLen], h)
 	if err == nil {
-		return domain, nil
+		return h, nil
 	}
 	return nil, err
 }
--- a/common/snifer/tls/sniff_test.go
+++ b/common/snifer/tls/sniff_test.go
@ -1,4 +1,4 @@
-package sniffer
+package tls
 import (
 	"testing"
@ -142,7 +142,7 @@ func TestTLSHeaders(t *testing.T) {
 	}
 	for _, test := range cases {
-		domain, err := SniffTLS(test.input)
+		header, err := SniffTLS(test.input)
 		if test.err {
 			if err == nil {
 				t.Errorf("Exepct error but nil in test %v", test)
@ -151,8 +151,8 @@ func TestTLSHeaders(t *testing.T) {
 			if err != nil {
 				t.Errorf("Expect no error but actually %s in test %v", err.Error(), test)
 			}
-			if *domain != test.domain {
+			if header.Domain() != test.domain {
-				t.Error("expect domain ", test.domain, " but got ", domain)
+				t.Error("expect domain ", test.domain, " but got ", header.Domain())
 			}
 		}
 	}
--- a/common/structure/structure.go
+++ b/common/structure/structure.go
@ -31,7 +31,7 @@ func NewDecoder(option Option) *Decoder {
 // Decode transform a map[string]any to a struct
 func (d *Decoder) Decode(src map[string]any, dst any) error {
 	if reflect.TypeOf(dst).Kind() != reflect.Ptr {
-		return fmt.Errorf("decode must recive a ptr struct")
+		return fmt.Errorf("Decode must recive a ptr struct")
 	}
 	t := reflect.TypeOf(dst).Elem()
 	v := reflect.ValueOf(dst).Elem()
@ -301,7 +301,7 @@ func (d *Decoder) decodeStructFromMap(name string, dataVal, val reflect.Value) e
 		field reflect.StructField
 		val   reflect.Value
 	}
-	var fields []field
+	fields := []field{}
 	for len(structs) > 0 {
 		structVal := structs[0]
 		structs = structs[1:]
--- a/common/structure/structure_test.go
+++ b/common/structure/structure_test.go
@ -137,3 +137,45 @@ func TestStructure_Nest(t *testing.T) {
 	assert.Nil(t, err)
 	assert.Equal(t, s.BazOptional, goal)
 }
 func TestStructure_SliceNilValue(t *testing.T) {
 	rawMap := map[string]any{
 		"foo": 1,
 		"bar": []any{"bar", nil},
 	}
 	goal := &BazSlice{
 		Foo: 1,
 		Bar: []string{"bar", ""},
 	}
 	s := &BazSlice{}
 	err := weakTypeDecoder.Decode(rawMap, s)
 	assert.Nil(t, err)
 	assert.Equal(t, goal.Bar, s.Bar)
 	s = &BazSlice{}
 	err = decoder.Decode(rawMap, s)
 	assert.NotNil(t, err)
 }
 func TestStructure_SliceNilValueComplex(t *testing.T) {
 	rawMap := map[string]any{
 		"bar": []any{map[string]any{"bar": "foo"}, nil},
 	}
 	s := &struct {
 		Bar []map[string]any `test:"bar"`
 	}{}
 	err := decoder.Decode(rawMap, s)
 	assert.Nil(t, err)
 	assert.Nil(t, s.Bar[1])
 	ss := &struct {
 		Bar []Baz `test:"bar"`
 	}{}
 	err = decoder.Decode(rawMap, ss)
 	assert.NotNil(t, err)
 }
--- a/common/utils/range.go
+++ b/common/utils/range.go
@ -1,44 +0,0 @@
 package utils
 import (
 	"golang.org/x/exp/constraints"
 )
 type Range[T constraints.Ordered] struct {
 	start T
 	end   T
 }
 func NewRange[T constraints.Ordered](start, end T) *Range[T] {
 	if start > end {
 		return &Range[T]{
 			start: end,
 			end:   start,
 		}
 	}
 	return &Range[T]{
 		start: start,
 		end:   end,
 	}
 }
 func (r *Range[T]) Contains(t T) bool {
 	return t >= r.start && t <= r.end
 }
 func (r *Range[T]) LeftContains(t T) bool {
 	return t >= r.start && t < r.end
 }
 func (r *Range[T]) RightContains(t T) bool {
 	return t > r.start && t <= r.end
 }
 func (r *Range[T]) Start() T {
 	return r.start
 }
 func (r *Range[T]) End() T {
 	return r.end
 }
--- a/common/utils/uuid.go
+++ b/common/utils/uuid.go
@ -1,16 +0,0 @@
 package utils
 import (
 	"github.com/gofrs/uuid"
 )
 var uuidNamespace, _ = uuid.FromString("00000000-0000-0000-0000-000000000000")
 // UUIDMap https://github.com/XTLS/Xray-core/issues/158#issue-783294090
 func UUIDMap(str string) (uuid.UUID, error) {
 	u, err := uuid.FromString(str)
 	if err != nil {
 		return uuid.NewV5(uuidNamespace, str), nil
 	}
 	return u, nil
 }
--- a/common/utils/uuid_test.go
+++ b/common/utils/uuid_test.go
@ -1,74 +0,0 @@
 package utils
 import (
 	"github.com/gofrs/uuid"
 	"reflect"
 	"testing"
 )
 func TestUUIDMap(t *testing.T) {
 	type args struct {
 		str string
 	}
 	tests := []struct {
 		name    string
 		args    args
 		want    uuid.UUID
 		wantErr bool
 	}{
 		{
 			name: "uuid-test-1",
 			args: args{
 				str: "82410302-039e-41b6-98b0-d964084b4170",
 			},
 			want:    uuid.FromStringOrNil("82410302-039e-41b6-98b0-d964084b4170"),
 			wantErr: false,
 		},
 		{
 			name: "uuid-test-2",
 			args: args{
 				str: "88c502e6-d7eb-4c8e-8259-94cb13d83c77",
 			},
 			want:    uuid.FromStringOrNil("88c502e6-d7eb-4c8e-8259-94cb13d83c77"),
 			wantErr: false,
 		},
 		{
 			name: "uuid-map-1",
 			args: args{
 				str: "123456",
 			},
 			want:    uuid.FromStringOrNil("f8598425-92f2-5508-a071-4fc67f9040ac"),
 			wantErr: false,
 		},
 		// GENERATED BY 'xray uuid -i'
 		{
 			name: "uuid-map-2",
 			args: args{
 				str: "a9dk23bz0",
 			},
 			want:    uuid.FromStringOrNil("c91481b6-fc0f-5d9e-b166-5ddf07b9c3c5"),
 			wantErr: false,
 		},
 		{
 			name: "uuid-map-2",
 			args: args{
 				str: "中文123",
 			},
 			want:    uuid.FromStringOrNil("145c544c-2229-59e5-8dbb-3f33b7610d26"),
 			wantErr: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := UUIDMap(tt.args.str)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("UUIDMap() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
 			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("UUIDMap() got = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
--- a/component/dialer/dialer.go
+++ b/component/dialer/dialer.go
@ -3,19 +3,10 @@ package dialer
 import (
 	"context"
 	"errors"
 	"fmt"
 	"github.com/Dreamacro/clash/component/resolver"
 	"net"
 	"net/netip"
 	"sync"
 )
-var (
+	"github.com/Dreamacro/clash/component/resolver"
 	dialMux                    sync.Mutex
 	actualSingleDialContext    = singleDialContext
 	actualDualStackDialContext = dualStackDialContext
 	tcpConcurrent              = false
 	DisableIPv6                = false
 )
 func DialContext(ctx context.Context, network, address string, options ...Option) (net.Conn, error) {
@ -34,9 +25,33 @@ func DialContext(ctx context.Context, network, address string, options ...Option
 	switch network {
 	case "tcp4", "tcp6", "udp4", "udp6":
-		return actualSingleDialContext(ctx, network, address, opt)
+		host, port, err := net.SplitHostPort(address)
 		if err != nil {
 			return nil, err
 		}
 		var ip netip.Addr
 		switch network {
 		case "tcp4", "udp4":
 			if !opt.direct {
 				ip, err = resolver.ResolveIPv4ProxyServerHost(host)
 			} else {
 				ip, err = resolver.ResolveIPv4(host)
 			}
 		default:
 			if !opt.direct {
 				ip, err = resolver.ResolveIPv6ProxyServerHost(host)
 			} else {
 				ip, err = resolver.ResolveIPv6(host)
 			}
 		}
 		if err != nil {
 			return nil, err
 		}
 		return dialContext(ctx, network, ip, port, opt)
 	case "tcp", "udp":
-		return actualDualStackDialContext(ctx, network, address, opt)
+		return dualStackDialContext(ctx, network, address, opt)
 	default:
 		return nil, errors.New("network invalid")
 	}
@ -56,10 +71,6 @@ func ListenPacket(ctx context.Context, network, address string, options ...Optio
 		o(cfg)
 	}
 	if DisableIPv6 {
 		network = "udp4"
 	}
 	lc := &net.ListenConfig{}
 	if cfg.interfaceName != "" {
 		addr, err := bindIfaceToListenConfig(cfg.interfaceName, lc, network, address)
@ -78,24 +89,6 @@ func ListenPacket(ctx context.Context, network, address string, options ...Optio
 	return lc.ListenPacket(ctx, network, address)
 }
 func SetDial(concurrent bool) {
 	dialMux.Lock()
 	tcpConcurrent = concurrent
 	if concurrent {
 		actualSingleDialContext = concurrentSingleDialContext
 		actualDualStackDialContext = concurrentDualStackDialContext
 	} else {
 		actualSingleDialContext = singleDialContext
 		actualDualStackDialContext = dualStackDialContext
 	}
 	dialMux.Unlock()
 }
 func GetDial() bool {
 	return tcpConcurrent
 }
 func dialContext(ctx context.Context, network string, destination netip.Addr, port string, opt *option) (net.Conn, error) {
 	dialer := &net.Dialer{}
 	if opt.interfaceName != "" {
@ -107,10 +100,6 @@ func dialContext(ctx context.Context, network string, destination netip.Addr, po
 		bindMarkToDialer(opt.routingMark, dialer, network, destination)
 	}
 	if DisableIPv6 && destination.Is6() {
 		return nil, fmt.Errorf("IPv6 is diabled, dialer cancel")
 	}
 	return dialer.DialContext(ctx, network, net.JoinHostPort(destination.String(), port))
 }
@ -170,10 +159,7 @@ func dualStackDialContext(ctx context.Context, network, address string, opt *opt
 	go startRacer(ctx, network+"4", host, opt.direct, false)
 	go startRacer(ctx, network+"6", host, opt.direct, true)
-	count := 2
+	for res := range results {
 	for i := 0; i < count; i++ {
 		select {
 		case res := <-results:
 		if res.error == nil {
 			return res.Conn, nil
 		}
@ -193,136 +179,7 @@ func dualStackDialContext(ctx context.Context, network, address string, opt *opt
 				return nil, primary.error
 			}
 		}
 		case <-ctx.Done():
 			break
 		}
 	}
 	return nil, errors.New("never touched")
 }
 func concurrentDualStackDialContext(ctx context.Context, network, address string, opt *option) (net.Conn, error) {
 	host, port, err := net.SplitHostPort(address)
 	if err != nil {
 		return nil, err
 	}
 	var ips []netip.Addr
 	if opt.direct {
 		ips, err = resolver.ResolveAllIP(host)
 	} else {
 		ips, err = resolver.ResolveAllIPProxyServerHost(host)
 	}
 	return concurrentDialContext(ctx, network, ips, port, opt)
 }
 func concurrentDialContext(ctx context.Context, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error) {
 	returned := make(chan struct{})
 	defer close(returned)
 	type dialResult struct {
 		ip netip.Addr
 		net.Conn
 		error
 		resolved bool
 	}
 	results := make(chan dialResult)
 	tcpRacer := func(ctx context.Context, ip netip.Addr) {
 		result := dialResult{ip: ip}
 		defer func() {
 			select {
 			case results <- result:
 			case <-returned:
 				if result.Conn != nil {
 					result.Conn.Close()
 				}
 			}
 		}()
 		v := "4"
 		if ip.Is6() {
 			v = "6"
 		}
 		result.Conn, result.error = dialContext(ctx, network+v, ip, port, opt)
 	}
 	for _, ip := range ips {
 		go tcpRacer(ctx, ip)
 	}
 	connCount := len(ips)
 	for i := 0; i < connCount; i++ {
 		select {
 		case res := <-results:
 			if res.error == nil {
 				return res.Conn, nil
 			}
 		case <-ctx.Done():
 			break
 		}
 	}
 	return nil, fmt.Errorf("all ips %v tcp shake hands failed", ips)
 }
 func singleDialContext(ctx context.Context, network string, address string, opt *option) (net.Conn, error) {
 	host, port, err := net.SplitHostPort(address)
 	if err != nil {
 		return nil, err
 	}
 	var ip netip.Addr
 	switch network {
 	case "tcp4", "udp4":
 		if !opt.direct {
 			ip, err = resolver.ResolveIPv4ProxyServerHost(host)
 		} else {
 			ip, err = resolver.ResolveIPv4(host)
 		}
 	default:
 		if !opt.direct {
 			ip, err = resolver.ResolveIPv6ProxyServerHost(host)
 		} else {
 			ip, err = resolver.ResolveIPv6(host)
 		}
 	}
 	if err != nil {
 		return nil, err
 	}
 	return dialContext(ctx, network, ip, port, opt)
 }
 func concurrentSingleDialContext(ctx context.Context, network string, address string, opt *option) (net.Conn, error) {
 	host, port, err := net.SplitHostPort(address)
 	if err != nil {
 		return nil, err
 	}
 	var ips []netip.Addr
 	switch network {
 	case "tcp4", "udp4":
 		if !opt.direct {
 			ips, err = resolver.ResolveAllIPv4ProxyServerHost(host)
 		} else {
 			ips, err = resolver.ResolveAllIPv4(host)
 		}
 	default:
 		if !opt.direct {
 			ips, err = resolver.ResolveAllIPv6ProxyServerHost(host)
 		} else {
 			ips, err = resolver.ResolveAllIPv6(host)
 		}
 	}
 	if err != nil {
 		return nil, err
 	}
 	return concurrentDialContext(ctx, network, ips, port, opt)
 }
--- a/component/geodata/geodata.go
+++ b/component/geodata/geodata.go
@ -3,7 +3,6 @@ package geodata
 import (
 	"errors"
 	"fmt"
 	C "github.com/Dreamacro/clash/constant"
 	"strings"
 	"github.com/Dreamacro/clash/component/geodata/router"
@ -15,7 +14,7 @@ type loader struct {
 }
 func (l *loader) LoadGeoSite(list string) ([]*router.Domain, error) {
-	return l.LoadGeoSiteWithAttr(C.GeositeName, list)
+	return l.LoadGeoSiteWithAttr("geosite.dat", list)
 }
 func (l *loader) LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*router.Domain, error) {
@ -30,7 +29,7 @@ func (l *loader) LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*route
 		return nil, fmt.Errorf("empty listname in rule: %s", siteWithAttr)
 	}
-	domains, err := l.LoadSiteByPath(file, list)
+	domains, err := l.LoadSite(file, list)
 	if err != nil {
 		return nil, err
 	}
@ -59,7 +58,7 @@ func (l *loader) LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*route
 }
 func (l *loader) LoadGeoIP(country string) ([]*router.CIDR, error) {
-	return l.LoadIPByPath(C.GeoipName, country)
+	return l.LoadIP("geoip.dat", country)
 }
 var loaders map[string]func() LoaderImplementation
--- a/component/geodata/geodataproto.go
+++ b/component/geodata/geodataproto.go
@ -5,10 +5,8 @@ import (
 )
 type LoaderImplementation interface {
-	LoadSiteByPath(filename, list string) ([]*router.Domain, error)
+	LoadSite(filename, list string) ([]*router.Domain, error)
-	LoadSiteByBytes(geositeBytes []byte, list string) ([]*router.Domain, error)
+	LoadIP(filename, country string) ([]*router.CIDR, error)
 	LoadIPByPath(filename, country string) ([]*router.CIDR, error)
 	LoadIPByBytes(geoipBytes []byte, country string) ([]*router.CIDR, error)
 }
 type Loader interface {
--- a/component/geodata/init.go
+++ b/component/geodata/init.go
@ -1,52 +0,0 @@
 package geodata
 import (
 	"fmt"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 	"io"
 	"net/http"
 	"os"
 )
 var initFlag bool
 func InitGeoSite() error {
 	if _, err := os.Stat(C.Path.GeoSite()); os.IsNotExist(err) {
 		log.Infoln("Can't find GeoSite.dat, start download")
 		if err := downloadGeoSite(C.Path.GeoSite()); err != nil {
 			return fmt.Errorf("can't download GeoSite.dat: %s", err.Error())
 		}
 		log.Infoln("Download GeoSite.dat finish")
 	}
 	if !initFlag {
 		if err := Verify(C.GeositeName); err != nil {
 			log.Warnln("GeoSite.dat invalid, remove and download: %s", err)
 			if err := os.Remove(C.Path.GeoSite()); err != nil {
 				return fmt.Errorf("can't remove invalid GeoSite.dat: %s", err.Error())
 			}
 			if err := downloadGeoSite(C.Path.GeoSite()); err != nil {
 				return fmt.Errorf("can't download GeoSite.dat: %s", err.Error())
 			}
 		}
 		initFlag = true
 	}
 	return nil
 }
 func downloadGeoSite(path string) (err error) {
 	resp, err := http.Get(C.GeoSiteUrl)
 	if err != nil {
 		return
 	}
 	defer resp.Body.Close()
 	f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0o644)
 	if err != nil {
 		return err
 	}
 	defer f.Close()
 	_, err = io.Copy(f, resp.Body)
 	return err
 }
--- a/component/geodata/memconservative/cache.go
+++ b/component/geodata/memconservative/cache.go
@ -8,6 +8,7 @@ import (
 	"github.com/Dreamacro/clash/component/geodata/router"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 	"google.golang.org/protobuf/proto"
 )
@ -32,7 +33,7 @@ func (g GeoIPCache) Set(key string, value *router.GeoIP) {
 }
 func (g GeoIPCache) Unmarshal(filename, code string) (*router.GeoIP, error) {
-	asset := C.Path.GetAssetLocation(filename)
+	asset := C.Path.Resolve(filename)
 	idx := strings.ToLower(asset + ":" + code)
 	if g.Has(idx) {
 		return g.Get(idx), nil
@ -97,7 +98,7 @@ func (g GeoSiteCache) Set(key string, value *router.GeoSite) {
 }
 func (g GeoSiteCache) Unmarshal(filename, code string) (*router.GeoSite, error) {
-	asset := C.Path.GetAssetLocation(filename)
+	asset := C.Path.Resolve(filename)
 	idx := strings.ToLower(asset + ":" + code)
 	if g.Has(idx) {
 		return g.Get(idx), nil
--- a/component/geodata/memconservative/memc.go
+++ b/component/geodata/memconservative/memc.go
@ -1,7 +1,6 @@
 package memconservative
 import (
 	"errors"
 	"fmt"
 	"runtime"
@ -14,7 +13,7 @@ type memConservativeLoader struct {
 	geositecache GeoSiteCache
 }
-func (m *memConservativeLoader) LoadIPByPath(filename, country string) ([]*router.CIDR, error) {
+func (m *memConservativeLoader) LoadIP(filename, country string) ([]*router.CIDR, error) {
 	defer runtime.GC()
 	geoip, err := m.geoipcache.Unmarshal(filename, country)
 	if err != nil {
@ -23,11 +22,7 @@ func (m *memConservativeLoader) LoadIPByPath(filename, country string) ([]*route
 	return geoip.Cidr, nil
 }
-func (m *memConservativeLoader) LoadIPByBytes(geoipBytes []byte, country string) ([]*router.CIDR, error) {
+func (m *memConservativeLoader) LoadSite(filename, list string) ([]*router.Domain, error) {
 	return nil, errors.New("memConservative do not support LoadIPByBytes")
 }
 func (m *memConservativeLoader) LoadSiteByPath(filename, list string) ([]*router.Domain, error) {
 	defer runtime.GC()
 	geosite, err := m.geositecache.Unmarshal(filename, list)
 	if err != nil {
@ -36,10 +31,6 @@ func (m *memConservativeLoader) LoadSiteByPath(filename, list string) ([]*router
 	return geosite.Domain, nil
 }
 func (m *memConservativeLoader) LoadSiteByBytes(geositeBytes []byte, list string) ([]*router.Domain, error) {
 	return nil, errors.New("memConservative do not support LoadSiteByBytes")
 }
 func newMemConservativeLoader() geodata.LoaderImplementation {
 	return &memConservativeLoader{make(map[string]*router.GeoIP), make(map[string]*router.GeoSite)}
 }
--- a/component/geodata/router/condition.go
+++ b/component/geodata/router/condition.go
@ -1,10 +1,7 @@
 package router
 import (
 	"encoding/binary"
 	"fmt"
 	"net"
 	"sort"
 	"strings"
 	"github.com/Dreamacro/clash/component/geodata/strmatcher"
@ -33,10 +30,9 @@ func domainToMatcher(domain *Domain) (strmatcher.Matcher, error) {
 type DomainMatcher struct {
 	matchers strmatcher.IndexMatcher
 	not      bool
 }
-func NewMphMatcherGroup(domains []*Domain, not bool) (*DomainMatcher, error) {
+func NewMphMatcherGroup(domains []*Domain) (*DomainMatcher, error) {
 	g := strmatcher.NewMphMatcherGroup()
 	for _, d := range domains {
 		matcherType, f := matcherTypeMap[d.Type]
@ -51,12 +47,11 @@ func NewMphMatcherGroup(domains []*Domain, not bool) (*DomainMatcher, error) {
 	g.Build()
 	return &DomainMatcher{
 		matchers: g,
 		not:      not,
 	}, nil
 }
 // NewDomainMatcher new domain matcher.
-func NewDomainMatcher(domains []*Domain, not bool) (*DomainMatcher, error) {
+func NewDomainMatcher(domains []*Domain) (*DomainMatcher, error) {
 	g := new(strmatcher.MatcherGroup)
 	for _, d := range domains {
 		m, err := domainToMatcher(d)
@ -68,290 +63,9 @@ func NewDomainMatcher(domains []*Domain, not bool) (*DomainMatcher, error) {
 	return &DomainMatcher{
 		matchers: g,
 		not:      not,
 	}, nil
 }
 func (m *DomainMatcher) ApplyDomain(domain string) bool {
-	isMatched := len(m.matchers.Match(strings.ToLower(domain))) > 0
+	return len(m.matchers.Match(strings.ToLower(domain))) > 0
 	if m.not {
 		isMatched = !isMatched
 	}
 	return isMatched
 }
 // CIDRList is an alias of []*CIDR to provide sort.Interface.
 type CIDRList []*CIDR
 // Len implements sort.Interface.
 func (l *CIDRList) Len() int {
 	return len(*l)
 }
 // Less implements sort.Interface.
 func (l *CIDRList) Less(i int, j int) bool {
 	ci := (*l)[i]
 	cj := (*l)[j]
 	if len(ci.Ip) < len(cj.Ip) {
 		return true
 	}
 	if len(ci.Ip) > len(cj.Ip) {
 		return false
 	}
 	for k := 0; k < len(ci.Ip); k++ {
 		if ci.Ip[k] < cj.Ip[k] {
 			return true
 		}
 		if ci.Ip[k] > cj.Ip[k] {
 			return false
 		}
 	}
 	return ci.Prefix < cj.Prefix
 }
 // Swap implements sort.Interface.
 func (l *CIDRList) Swap(i int, j int) {
 	(*l)[i], (*l)[j] = (*l)[j], (*l)[i]
 }
 type ipv6 struct {
 	a uint64
 	b uint64
 }
 type GeoIPMatcher struct {
 	countryCode  string
 	reverseMatch bool
 	ip4          []uint32
 	prefix4      []uint8
 	ip6          []ipv6
 	prefix6      []uint8
 }
 func normalize4(ip uint32, prefix uint8) uint32 {
 	return (ip >> (32 - prefix)) << (32 - prefix)
 }
 func normalize6(ip ipv6, prefix uint8) ipv6 {
 	if prefix <= 64 {
 		ip.a = (ip.a >> (64 - prefix)) << (64 - prefix)
 		ip.b = 0
 	} else {
 		ip.b = (ip.b >> (128 - prefix)) << (128 - prefix)
 	}
 	return ip
 }
 func (m *GeoIPMatcher) Init(cidrs []*CIDR) error {
 	ip4Count := 0
 	ip6Count := 0
 	for _, cidr := range cidrs {
 		ip := cidr.Ip
 		switch len(ip) {
 		case 4:
 			ip4Count++
 		case 16:
 			ip6Count++
 		default:
 			return fmt.Errorf("unexpect ip length: %d", len(ip))
 		}
 	}
 	cidrList := CIDRList(cidrs)
 	sort.Sort(&cidrList)
 	m.ip4 = make([]uint32, 0, ip4Count)
 	m.prefix4 = make([]uint8, 0, ip4Count)
 	m.ip6 = make([]ipv6, 0, ip6Count)
 	m.prefix6 = make([]uint8, 0, ip6Count)
 	for _, cidr := range cidrs {
 		ip := cidr.Ip
 		prefix := uint8(cidr.Prefix)
 		switch len(ip) {
 		case 4:
 			m.ip4 = append(m.ip4, normalize4(binary.BigEndian.Uint32(ip), prefix))
 			m.prefix4 = append(m.prefix4, prefix)
 		case 16:
 			ip6 := ipv6{
 				a: binary.BigEndian.Uint64(ip[0:8]),
 				b: binary.BigEndian.Uint64(ip[8:16]),
 			}
 			ip6 = normalize6(ip6, prefix)
 			m.ip6 = append(m.ip6, ip6)
 			m.prefix6 = append(m.prefix6, prefix)
 		}
 	}
 	return nil
 }
 func (m *GeoIPMatcher) SetReverseMatch(isReverseMatch bool) {
 	m.reverseMatch = isReverseMatch
 }
 func (m *GeoIPMatcher) match4(ip uint32) bool {
 	if len(m.ip4) == 0 {
 		return false
 	}
 	if ip < m.ip4[0] {
 		return false
 	}
 	size := uint32(len(m.ip4))
 	l := uint32(0)
 	r := size
 	for l < r {
 		x := ((l + r) >> 1)
 		if ip < m.ip4[x] {
 			r = x
 			continue
 		}
 		nip := normalize4(ip, m.prefix4[x])
 		if nip == m.ip4[x] {
 			return true
 		}
 		l = x + 1
 	}
 	return l > 0 && normalize4(ip, m.prefix4[l-1]) == m.ip4[l-1]
 }
 func less6(a ipv6, b ipv6) bool {
 	return a.a < b.a || (a.a == b.a && a.b < b.b)
 }
 func (m *GeoIPMatcher) match6(ip ipv6) bool {
 	if len(m.ip6) == 0 {
 		return false
 	}
 	if less6(ip, m.ip6[0]) {
 		return false
 	}
 	size := uint32(len(m.ip6))
 	l := uint32(0)
 	r := size
 	for l < r {
 		x := (l + r) / 2
 		if less6(ip, m.ip6[x]) {
 			r = x
 			continue
 		}
 		if normalize6(ip, m.prefix6[x]) == m.ip6[x] {
 			return true
 		}
 		l = x + 1
 	}
 	return l > 0 && normalize6(ip, m.prefix6[l-1]) == m.ip6[l-1]
 }
 // Match returns true if the given ip is included by the GeoIP.
 func (m *GeoIPMatcher) Match(ip net.IP) bool {
 	switch len(ip) {
 	case 4:
 		if m.reverseMatch {
 			return !m.match4(binary.BigEndian.Uint32(ip))
 		}
 		return m.match4(binary.BigEndian.Uint32(ip))
 	case 16:
 		if m.reverseMatch {
 			return !m.match6(ipv6{
 				a: binary.BigEndian.Uint64(ip[0:8]),
 				b: binary.BigEndian.Uint64(ip[8:16]),
 			})
 		}
 		return m.match6(ipv6{
 			a: binary.BigEndian.Uint64(ip[0:8]),
 			b: binary.BigEndian.Uint64(ip[8:16]),
 		})
 	default:
 		return false
 	}
 }
 // GeoIPMatcherContainer is a container for GeoIPMatchers. It keeps unique copies of GeoIPMatcher by country code.
 type GeoIPMatcherContainer struct {
 	matchers []*GeoIPMatcher
 }
 // Add adds a new GeoIP set into the container.
 // If the country code of GeoIP is not empty, GeoIPMatcherContainer will try to find an existing one, instead of adding a new one.
 func (c *GeoIPMatcherContainer) Add(geoip *GeoIP) (*GeoIPMatcher, error) {
 	if len(geoip.CountryCode) > 0 {
 		for _, m := range c.matchers {
 			if m.countryCode == geoip.CountryCode && m.reverseMatch == geoip.ReverseMatch {
 				return m, nil
 			}
 		}
 	}
 	m := &GeoIPMatcher{
 		countryCode:  geoip.CountryCode,
 		reverseMatch: geoip.ReverseMatch,
 	}
 	if err := m.Init(geoip.Cidr); err != nil {
 		return nil, err
 	}
 	if len(geoip.CountryCode) > 0 {
 		c.matchers = append(c.matchers, m)
 	}
 	return m, nil
 }
 var globalGeoIPContainer GeoIPMatcherContainer
 type MultiGeoIPMatcher struct {
 	matchers []*GeoIPMatcher
 }
 func NewGeoIPMatcher(geoip *GeoIP) (*GeoIPMatcher, error) {
 	matcher, err := globalGeoIPContainer.Add(geoip)
 	if err != nil {
 		return nil, err
 	}
 	return matcher, nil
 }
 func (m *MultiGeoIPMatcher) ApplyIp(ip net.IP) bool {
 	for _, matcher := range m.matchers {
 		if matcher.Match(ip) {
 			return true
 		}
 	}
 	return false
 }
 func NewMultiGeoIPMatcher(geoips []*GeoIP) (*MultiGeoIPMatcher, error) {
 	var matchers []*GeoIPMatcher
 	for _, geoip := range geoips {
 		matcher, err := globalGeoIPContainer.Add(geoip)
 		if err != nil {
 			return nil, err
 		}
 		matchers = append(matchers, matcher)
 	}
 	matcher := &MultiGeoIPMatcher{
 		matchers: matchers,
 	}
 	return matcher, nil
 }
--- a/component/geodata/standard/standard.go
+++ b/component/geodata/standard/standard.go
@ -26,10 +26,14 @@ func ReadFile(path string) ([]byte, error) {
 }
 func ReadAsset(file string) ([]byte, error) {
-	return ReadFile(C.Path.GetAssetLocation(file))
+	return ReadFile(C.Path.Resolve(file))
 }
-func loadIP(geoipBytes []byte, country string) ([]*router.CIDR, error) {
+func loadIP(filename, country string) ([]*router.CIDR, error) {
 	geoipBytes, err := ReadAsset(filename)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open file: %s, base error: %s", filename, err.Error())
 	}
 	var geoipList router.GeoIPList
 	if err := proto.Unmarshal(geoipBytes, &geoipList); err != nil {
 		return nil, err
@ -41,10 +45,14 @@ func loadIP(geoipBytes []byte, country string) ([]*router.CIDR, error) {
 		}
 	}
-	return nil, fmt.Errorf("country %s not found", country)
+	return nil, fmt.Errorf("country not found in %s%s%s", filename, ": ", country)
 }
-func loadSite(geositeBytes []byte, list string) ([]*router.Domain, error) {
+func loadSite(filename, list string) ([]*router.Domain, error) {
 	geositeBytes, err := ReadAsset(filename)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open file: %s, base error: %s", filename, err.Error())
 	}
 	var geositeList router.GeoSiteList
 	if err := proto.Unmarshal(geositeBytes, &geositeList); err != nil {
 		return nil, err
@ -56,33 +64,17 @@ func loadSite(geositeBytes []byte, list string) ([]*router.Domain, error) {
 		}
 	}
-	return nil, fmt.Errorf("list %s not found", list)
+	return nil, fmt.Errorf("list not found in %s%s%s", filename, ": ", list)
 }
 type standardLoader struct{}
-func (d standardLoader) LoadSiteByPath(filename, list string) ([]*router.Domain, error) {
+func (d standardLoader) LoadSite(filename, list string) ([]*router.Domain, error) {
-	geositeBytes, err := ReadAsset(filename)
+	return loadSite(filename, list)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open file: %s, base error: %s", filename, err.Error())
 	}
 	return loadSite(geositeBytes, list)
 }
-func (d standardLoader) LoadSiteByBytes(geositeBytes []byte, list string) ([]*router.Domain, error) {
+func (d standardLoader) LoadIP(filename, country string) ([]*router.CIDR, error) {
-	return loadSite(geositeBytes, list)
+	return loadIP(filename, country)
 }
 func (d standardLoader) LoadIPByPath(filename, country string) ([]*router.CIDR, error) {
 	geoipBytes, err := ReadAsset(filename)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open file: %s, base error: %s", filename, err.Error())
 	}
 	return loadIP(geoipBytes, country)
 }
 func (d standardLoader) LoadIPByBytes(geoipBytes []byte, country string) ([]*router.CIDR, error) {
 	return loadIP(geoipBytes, country)
 }
 func init() {
--- a/component/geodata/utils.go
+++ b/component/geodata/utils.go
@ -1,50 +1,13 @@
 package geodata
 import (
 	"fmt"
 	"github.com/Dreamacro/clash/component/geodata/router"
-	C "github.com/Dreamacro/clash/constant"
+
 	"golang.org/x/exp/maps"
 )
-var geoLoaderName = "memconservative"
+func loadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error) {
-
+	geoLoaderName := "standard"
 //  geoLoaderName = "standard"
 func LoaderName() string {
 	return geoLoaderName
 }
 func SetLoader(newLoader string) {
 	if newLoader == "memc" {
 		newLoader = "memconservative"
 	}
 	geoLoaderName = newLoader
 }
 func Verify(name string) error {
 	switch name {
 	case C.GeositeName:
 		_, _, err := LoadGeoSiteMatcher("CN")
 		return err
 	case C.GeoipName:
 		_, _, err := LoadGeoIPMatcher("CN")
 		return err
 	default:
 		return fmt.Errorf("not support name")
 	}
 }
 func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error) {
 	if len(countryCode) == 0 {
 		return nil, 0, fmt.Errorf("country code could not be empty")
 	}
 	not := false
 	if countryCode[0] == '!' {
 		not = true
 		countryCode = countryCode[1:]
 	}
 	geoLoader, err := GetGeoDataLoader(geoLoaderName)
 	if err != nil {
 		return nil, 0, err
@ -60,7 +23,7 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 	matcher, err := router.NewDomainMatcher(domains)
 	mph：minimal perfect hash algorithm
 	*/
-	matcher, err := router.NewMphMatcherGroup(domains, not)
+	matcher, err := router.NewMphMatcherGroup(domains)
 	if err != nil {
 		return nil, 0, err
 	}
@ -68,36 +31,32 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 	return matcher, len(domains), nil
 }
-func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
+var ruleProviders = make(map[string]*router.DomainMatcher)
 	if len(country) == 0 {
 		return nil, 0, fmt.Errorf("country code could not be empty")
 	}
 	geoLoader, err := GetGeoDataLoader(geoLoaderName)
 	if err != nil {
 		return nil, 0, err
 	}
-	not := false
+// HasProvider has geo site provider by county code
-	if country[0] == '!' {
+func HasProvider(countyCode string) (ok bool) {
-		not = true
+	_, ok = ruleProviders[countyCode]
-		country = country[1:]
+	return ok
-	}
+}
-
+
-	records, err := geoLoader.LoadGeoIP(country)
+// GetProvidersList get geo site providers
-	if err != nil {
+func GetProvidersList(countyCode string) []*router.DomainMatcher {
-		return nil, 0, err
+	return maps.Values(ruleProviders)
-	}
+}
-
+
-	geoIP := &router.GeoIP{
+// GetProviderByCode get geo site provider by county code
-		CountryCode:  country,
+func GetProviderByCode(countyCode string) (matcher *router.DomainMatcher, ok bool) {
-		Cidr:         records,
+	matcher, ok = ruleProviders[countyCode]
-		ReverseMatch: not,
+	return
-	}
+}
-
+
-	matcher, err := router.NewGeoIPMatcher(geoIP)
+func LoadProviderByCode(countyCode string) (matcher *router.DomainMatcher, count int, err error) {
-	if err != nil {
+	var ok bool
-		return nil, 0, err
+	matcher, ok = ruleProviders[countyCode]
-	}
+	if !ok {
-
+		if matcher, count, err = loadGeoSiteMatcher(countyCode); err == nil {
-	return matcher, len(records), nil
+			ruleProviders[countyCode] = matcher
 		}
 	}
 	return
 }
--- a/component/http/http.go
+++ b/component/http/http.go
@ -1,64 +0,0 @@
 package http
 import (
 	"context"
 	"github.com/Dreamacro/clash/listener/inner"
 	"github.com/Dreamacro/clash/log"
 	"io"
 	"net"
 	"net/http"
 	URL "net/url"
 	"strings"
 	"time"
 )
 const (
 	UA = "Clash"
 )
 func HttpRequest(ctx context.Context, url, method string, header map[string][]string, body io.Reader) (*http.Response, error) {
 	method = strings.ToUpper(method)
 	urlRes, err := URL.Parse(url)
 	if err != nil {
 		return nil, err
 	}
 	req, err := http.NewRequest(method, urlRes.String(), body)
 	for k, v := range header {
 		for _, v := range v {
 			req.Header.Add(k, v)
 		}
 	}
 	if _, ok := header["User-Agent"]; !ok {
 		req.Header.Set("User-Agent", UA)
 	}
 	if err != nil {
 		return nil, err
 	}
 	if user := urlRes.User; user != nil {
 		password, _ := user.Password()
 		req.SetBasicAuth(user.Username(), password)
 	}
 	req = req.WithContext(ctx)
 	transport := &http.Transport{
 		// from http.DefaultTransport
 		MaxIdleConns:          100,
 		IdleConnTimeout:       30 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {
 			log.Infoln(urlRes.String())
 			conn := inner.HandleTcp(address, urlRes.Hostname())
 			return conn, nil
 		},
 	}
 	client := http.Client{Transport: transport}
 	return client.Do(req)
 }
--- a/component/mmdb/mmdb.go
+++ b/component/mmdb/mmdb.go
@ -1,11 +1,12 @@
 package mmdb
 import (
 	"github.com/oschwald/geoip2-golang"
 	"sync"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 	"github.com/oschwald/geoip2-golang"
 )
 var (
--- a/component/process/process.go
+++ b/component/process/process.go
@ -2,18 +2,17 @@ package process
 import (
 	"errors"
 	"github.com/Dreamacro/clash/common/nnip"
 	C "github.com/Dreamacro/clash/constant"
 	"net"
 	"net/netip"
 	"github.com/Dreamacro/clash/common/nnip"
 	C "github.com/Dreamacro/clash/constant"
 )
 var (
 	ErrInvalidNetwork     = errors.New("invalid network")
 	ErrPlatformNotSupport = errors.New("not support on this platform")
 	ErrNotFound           = errors.New("process not found")
 	enableFindProcess = true
 )
 const (
@ -21,26 +20,12 @@ const (
 	UDP = "udp"
 )
-func EnableFindProcess(e bool) {
+func FindProcessName(network string, srcIP netip.Addr, srcPort int) (string, error) {
 	enableFindProcess = e
 }
 func FindProcessName(network string, srcIP netip.Addr, srcPort int) (int32, string, error) {
 	return findProcessName(network, srcIP, srcPort)
 }
 func FindUid(network string, srcIP netip.Addr, srcPort int) (int32, error) {
 	_, uid, err := resolveSocketByNetlink(network, srcIP, srcPort)
 	if err != nil {
 		return -1, err
 	}
 	return uid, nil
 }
 func ShouldFindProcess(metadata *C.Metadata) bool {
-	if !enableFindProcess ||
+	if metadata.Process != "" {
 		metadata.Process != "" ||
 		metadata.ProcessPath != "" {
 		return false
 	}
 	for _, ip := range localIPs {
--- a/component/process/process_darwin.go
+++ b/component/process/process_darwin.go
@ -17,11 +17,7 @@ const (
 	proccallnumpidinfo  = 0x2
 )
-func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
+func findProcessName(network string, ip netip.Addr, port int) (string, error) {
 	return 0, 0, ErrPlatformNotSupport
 }
 func findProcessName(network string, ip netip.Addr, port int) (int32, string, error) {
 	var spath string
 	switch network {
 	case TCP:
@ -29,14 +25,14 @@ func findProcessName(network string, ip netip.Addr, port int) (int32, string, er
 	case UDP:
 		spath = "net.inet.udp.pcblist_n"
 	default:
-		return -1, "", ErrInvalidNetwork
+		return "", ErrInvalidNetwork
 	}
 	isIPv4 := ip.Is4()
 	value, err := syscall.Sysctl(spath)
 	if err != nil {
-		return -1, "", err
+		return "", err
 	}
 	buf := []byte(value)
@ -81,11 +77,10 @@ func findProcessName(network string, ip netip.Addr, port int) (int32, string, er
 		// xsocket_n.so_last_pid
 		pid := readNativeUint32(buf[so+68 : so+72])
-		pp, err := getExecPathFromPID(pid)
+		return getExecPathFromPID(pid)
 		return -1, pp, err
 	}
-	return -1, "", ErrNotFound
+	return "", ErrNotFound
 }
 func getExecPathFromPID(pid uint32) (string, error) {
--- a/component/process/process_freebsd_amd64.go
+++ b/component/process/process_freebsd_amd64.go
@ -21,11 +21,7 @@ var (
 	once sync.Once
 )
-func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
+func findProcessName(network string, ip netip.Addr, srcPort int) (string, error) {
 	return 0, 0, ErrPlatformNotSupport
 }
 func findProcessName(network string, ip netip.Addr, srcPort int) (int32, string, error) {
 	once.Do(func() {
 		if err := initSearcher(); err != nil {
 			log.Errorln("Initialize PROCESS-NAME failed: %s", err.Error())
@ -35,7 +31,7 @@ func findProcessName(network string, ip netip.Addr, srcPort int) (int32, string,
 	})
 	if defaultSearcher == nil {
-		return -1, "", ErrPlatformNotSupport
+		return "", ErrPlatformNotSupport
 	}
 	var spath string
@ -46,22 +42,21 @@ func findProcessName(network string, ip netip.Addr, srcPort int) (int32, string,
 	case UDP:
 		spath = "net.inet.udp.pcblist"
 	default:
-		return -1, "", ErrInvalidNetwork
+		return "", ErrInvalidNetwork
 	}
 	value, err := syscall.Sysctl(spath)
 	if err != nil {
-		return -1, "", err
+		return "", err
 	}
 	buf := []byte(value)
 	pid, err := defaultSearcher.Search(buf, ip, uint16(srcPort), isTCP)
 	if err != nil {
-		return -1, "", err
+		return "", err
 	}
-	pp, err := getExecPathFromPID(pid)
+	return getExecPathFromPID(pid)
 	return -1, pp, err
 }
 func getExecPathFromPID(pid uint32) (string, error) {
--- a/component/process/process_linux.go
+++ b/component/process/process_linux.go
@ -8,8 +8,6 @@ import (
 	"net/netip"
 	"os"
 	"path"
 	"path/filepath"
 	"runtime"
 	"strings"
 	"syscall"
 	"unicode"
@ -34,13 +32,13 @@ const (
 	pathProc                = "/proc"
 )
-func findProcessName(network string, ip netip.Addr, srcPort int) (int32, string, error) {
+func findProcessName(network string, ip netip.Addr, srcPort int) (string, error) {
 	inode, uid, err := resolveSocketByNetlink(network, ip, srcPort)
 	if err != nil {
-		return -1, "", err
+		return "", err
 	}
-	pp, err := resolveProcessNameByProcSearch(inode, uid)
+
-	return uid, pp, err
+	return resolveProcessNameByProcSearch(inode, uid)
 }
 func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
@ -110,7 +108,7 @@ func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32,
 		return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR")
 	}
-	inode, uid := unpackSocketDiagResponse(&message)
+	inode, uid := unpackSocketDiagResponse(&messages[0])
 	if inode < 0 || uid < 0 {
 		return 0, 0, fmt.Errorf("invalid inode(%d) or uid(%d)", inode, uid)
 	}
@ -198,39 +196,15 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
 				continue
 			}
 			if runtime.GOOS == "android" {
 				if bytes.Equal(buffer[:n], socket) {
 					cmdline, err := os.ReadFile(path.Join(processPath, "cmdline"))
 					if err != nil {
 						return "", err
 					}
 					return splitCmdline(cmdline), nil
 				}
 			} else {
 			if bytes.Equal(buffer[:n], socket) {
 				return os.Readlink(path.Join(processPath, "exe"))
 			}
 		}
 	}
 	}
 	return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
 }
 func splitCmdline(cmdline []byte) string {
 	cmdline = bytes.Trim(cmdline, " ")
 	idx := bytes.IndexFunc(cmdline, func(r rune) bool {
 		return unicode.IsControl(r) || unicode.IsSpace(r)
 	})
 	if idx == -1 {
 		return filepath.Base(string(cmdline))
 	}
 	return filepath.Base(string(cmdline[:idx]))
 }
 func isPid(s string) bool {
 	return strings.IndexFunc(s, func(r rune) bool {
 		return !unicode.IsDigit(r)
--- a/component/process/process_other.go
+++ b/component/process/process_other.go
@ -4,10 +4,6 @@ package process
 import "net/netip"
-func findProcessName(network string, ip netip.Addr, srcPort int) (int32, string, error) {
+func findProcessName(network string, ip netip.Addr, srcPort int) (string, error) {
-	return -1, "", ErrPlatformNotSupport
+	return "", ErrPlatformNotSupport
 }
 func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
 	return 0, 0, ErrPlatformNotSupport
 }
--- a/component/process/process_windows.go
+++ b/component/process/process_windows.go
@ -29,10 +29,6 @@ var (
 	once sync.Once
 )
 func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
 	return 0, 0, ErrPlatformNotSupport
 }
 func initWin32API() error {
 	h, err := windows.LoadLibrary("iphlpapi.dll")
 	if err != nil {
@ -62,7 +58,7 @@ func initWin32API() error {
 	return nil
 }
-func findProcessName(network string, ip netip.Addr, srcPort int) (int32, string, error) {
+func findProcessName(network string, ip netip.Addr, srcPort int) (string, error) {
 	once.Do(func() {
 		err := initWin32API()
 		if err != nil {
@ -86,22 +82,21 @@ func findProcessName(network string, ip netip.Addr, srcPort int) (int32, string,
 		fn = getExUDPTable
 		class = udpTablePid
 	default:
-		return -1, "", ErrInvalidNetwork
+		return "", ErrInvalidNetwork
 	}
 	buf, err := getTransportTable(fn, family, class)
 	if err != nil {
-		return -1, "", err
+		return "", err
 	}
 	s := newSearcher(family == windows.AF_INET, network == TCP)
 	pid, err := s.Search(buf, ip, uint16(srcPort))
 	if err != nil {
-		return -1, "", err
+		return "", err
 	}
-	pp, err := getExecPathFromPID(pid)
+	return getExecPathFromPID(pid)
 	return -1, pp, err
 }
 type searcher struct {
@ -220,7 +215,8 @@ func getExecPathFromPID(pid uint32) (string, error) {
 		uintptr(h),
 		uintptr(1),
 		uintptr(unsafe.Pointer(&buf[0])),
-		uintptr(unsafe.Pointer(&size)))
+		uintptr(unsafe.Pointer(&size)),
 	)
 	if r1 == 0 {
 		return "", err
 	}
--- a/component/resolver/resolver.go
+++ b/component/resolver/resolver.go
@ -40,10 +40,6 @@ type Resolver interface {
 	ResolveIP(host string) (ip netip.Addr, err error)
 	ResolveIPv4(host string) (ip netip.Addr, err error)
 	ResolveIPv6(host string) (ip netip.Addr, err error)
 	ResolveAllIP(host string) (ip []netip.Addr, err error)
 	ResolveAllIPPrimaryIPv4(host string) (ips []netip.Addr, err error)
 	ResolveAllIPv4(host string) (ips []netip.Addr, err error)
 	ResolveAllIPv6(host string) (ips []netip.Addr, err error)
 }
 // ResolveIPv4 with a host, return ipv4
@ -52,11 +48,43 @@ func ResolveIPv4(host string) (netip.Addr, error) {
 }
 func ResolveIPv4WithResolver(host string, r Resolver) (netip.Addr, error) {
-	if ips, err := ResolveAllIPv4WithResolver(host, r); err == nil {
+	if node := DefaultHosts.Search(host); node != nil {
-		return ips[rand.Intn(len(ips))], nil
+		if ip := node.Data; ip.Is4() {
-	} else {
+			return ip, nil
 		return netip.Addr{}, nil
 		}
 	}
 	ip, err := netip.ParseAddr(host)
 	if err == nil {
 		if ip.Is4() {
 			return ip, nil
 		}
 		return netip.Addr{}, ErrIPVersion
 	}
 	if r != nil {
 		return r.ResolveIPv4(host)
 	}
 	if DefaultResolver == nil {
 		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
 		defer cancel()
 		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip4", host)
 		if err != nil {
 			return netip.Addr{}, err
 		} else if len(ipAddrs) == 0 {
 			return netip.Addr{}, ErrIPNotFound
 		}
 		ip := ipAddrs[rand.Intn(len(ipAddrs))].To4()
 		if ip == nil {
 			return netip.Addr{}, ErrIPVersion
 		}
 		return netip.AddrFrom4(*(*[4]byte)(ip)), nil
 	}
 	return netip.Addr{}, ErrIPNotFound
 }
 // ResolveIPv6 with a host, return ipv6
@ -65,20 +93,74 @@ func ResolveIPv6(host string) (netip.Addr, error) {
 }
 func ResolveIPv6WithResolver(host string, r Resolver) (netip.Addr, error) {
-	if ips, err := ResolveAllIPv6WithResolver(host, r); err == nil {
+	if DisableIPv6 {
-		return ips[rand.Intn(len(ips))], nil
+		return netip.Addr{}, ErrIPv6Disabled
 	} else {
 		return netip.Addr{}, err
 	}
 	if node := DefaultHosts.Search(host); node != nil {
 		if ip := node.Data; ip.Is6() {
 			return ip, nil
 		}
 	}
 	ip, err := netip.ParseAddr(host)
 	if err == nil {
 		if ip.Is6() {
 			return ip, nil
 		}
 		return netip.Addr{}, ErrIPVersion
 	}
 	if r != nil {
 		return r.ResolveIPv6(host)
 	}
 	if DefaultResolver == nil {
 		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
 		defer cancel()
 		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip6", host)
 		if err != nil {
 			return netip.Addr{}, err
 		} else if len(ipAddrs) == 0 {
 			return netip.Addr{}, ErrIPNotFound
 		}
 		return netip.AddrFrom16(*(*[16]byte)(ipAddrs[rand.Intn(len(ipAddrs))])), nil
 	}
 	return netip.Addr{}, ErrIPNotFound
 }
 // ResolveIPWithResolver same as ResolveIP, but with a resolver
 func ResolveIPWithResolver(host string, r Resolver) (netip.Addr, error) {
-	if ips, err := ResolveAllIPPrimaryIPv4WithResolver(host, r); err == nil {
+	if node := DefaultHosts.Search(host); node != nil {
-		return ips[rand.Intn(len(ips))], nil
+		return node.Data, nil
-	} else {
+	}
 	if r != nil {
 		if DisableIPv6 {
 			return r.ResolveIPv4(host)
 		}
 		return r.ResolveIP(host)
 	} else if DisableIPv6 {
 		return ResolveIPv4(host)
 	}
 	ip, err := netip.ParseAddr(host)
 	if err == nil {
 		return ip, nil
 	}
 	if DefaultResolver == nil {
 		ipAddr, err := net.ResolveIPAddr("ip", host)
 		if err != nil {
 			return netip.Addr{}, err
 		}
 		return nnip.IpToAddr(ipAddr.IP), nil
 	}
 	return netip.Addr{}, ErrIPNotFound
 }
 // ResolveIP with a host, return ip
@ -89,217 +171,23 @@ func ResolveIP(host string) (netip.Addr, error) {
 // ResolveIPv4ProxyServerHost proxies server host only
 func ResolveIPv4ProxyServerHost(host string) (netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
-		if ip, err := ResolveIPv4WithResolver(host, ProxyServerHostResolver); err != nil {
+		return ResolveIPv4WithResolver(host, ProxyServerHostResolver)
 			return ResolveIPv4(host)
 		} else {
 			return ip, nil
 	}
 	}
 	return ResolveIPv4(host)
 }
 // ResolveIPv6ProxyServerHost proxies server host only
 func ResolveIPv6ProxyServerHost(host string) (netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
-		if ip, err := ResolveIPv6WithResolver(host, ProxyServerHostResolver); err != nil {
+		return ResolveIPv6WithResolver(host, ProxyServerHostResolver)
 			return ResolveIPv6(host)
 		} else {
 			return ip, nil
 	}
 	}
 	return ResolveIPv6(host)
 }
 // ResolveProxyServerHost proxies server host only
 func ResolveProxyServerHost(host string) (netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
-		if ip, err := ResolveIPWithResolver(host, ProxyServerHostResolver); err != nil {
+		return ResolveIPWithResolver(host, ProxyServerHostResolver)
 			return ResolveIP(host)
 		} else {
 			return ip, err
 	}
 	}
 	return ResolveIP(host)
 }
 func ResolveAllIPv6WithResolver(host string, r Resolver) ([]netip.Addr, error) {
 	if DisableIPv6 {
 		return []netip.Addr{}, ErrIPv6Disabled
 	}
 	if node := DefaultHosts.Search(host); node != nil {
 		if ip := node.Data; ip.Is6() {
 			return []netip.Addr{ip}, nil
 		}
 	}
 	ip, err := netip.ParseAddr(host)
 	if err == nil {
 		if ip.Is6() {
 			return []netip.Addr{ip}, nil
 		}
 		return []netip.Addr{}, ErrIPVersion
 	}
 	if r != nil {
 		return r.ResolveAllIPv6(host)
 	}
 	if DefaultResolver == nil {
 		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
 		defer cancel()
 		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip6", host)
 		if err != nil {
 			return []netip.Addr{}, err
 		} else if len(ipAddrs) == 0 {
 			return []netip.Addr{}, ErrIPNotFound
 		}
 		return []netip.Addr{netip.AddrFrom16(*(*[16]byte)(ipAddrs[rand.Intn(len(ipAddrs))]))}, nil
 	}
 	return []netip.Addr{}, ErrIPNotFound
 }
 func ResolveAllIPv4WithResolver(host string, r Resolver) ([]netip.Addr, error) {
 	if node := DefaultHosts.Search(host); node != nil {
 		if ip := node.Data; ip.Is4() {
 			return []netip.Addr{node.Data}, nil
 		}
 	}
 	ip, err := netip.ParseAddr(host)
 	if err == nil {
 		if ip.Is4() || ip.Is4In6() {
 			return []netip.Addr{ip}, nil
 		}
 		return []netip.Addr{}, ErrIPVersion
 	}
 	if r != nil {
 		return r.ResolveAllIPv4(host)
 	}
 	if DefaultResolver == nil {
 		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
 		defer cancel()
 		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip4", host)
 		if err != nil {
 			return []netip.Addr{}, err
 		} else if len(ipAddrs) == 0 {
 			return []netip.Addr{}, ErrIPNotFound
 		}
 		ip := ipAddrs[rand.Intn(len(ipAddrs))].To4()
 		if ip == nil {
 			return []netip.Addr{}, ErrIPVersion
 		}
 		return []netip.Addr{netip.AddrFrom4(*(*[4]byte)(ip))}, nil
 	}
 	return []netip.Addr{}, ErrIPNotFound
 }
 func ResolveAllIPWithResolver(host string, r Resolver) ([]netip.Addr, error) {
 	if node := DefaultHosts.Search(host); node != nil {
 		return []netip.Addr{node.Data}, nil
 	}
 	if r != nil {
 		if DisableIPv6 {
 			return r.ResolveAllIPv4(host)
 		}
 		return r.ResolveAllIP(host)
 	} else if DisableIPv6 {
 		return ResolveAllIPv4(host)
 	}
 	ip, err := netip.ParseAddr(host)
 	if err == nil {
 		return []netip.Addr{ip}, nil
 	}
 	if DefaultResolver == nil {
 		ipAddr, err := net.ResolveIPAddr("ip", host)
 		if err != nil {
 			return []netip.Addr{}, err
 		}
 		return []netip.Addr{nnip.IpToAddr(ipAddr.IP)}, nil
 	}
 	return []netip.Addr{}, ErrIPNotFound
 }
 func ResolveAllIPPrimaryIPv4WithResolver(host string, r Resolver) ([]netip.Addr, error) {
 	if node := DefaultHosts.Search(host); node != nil {
 		return []netip.Addr{node.Data}, nil
 	}
 	if r != nil {
 		if DisableIPv6 {
 			return r.ResolveAllIPv4(host)
 		}
 		return r.ResolveAllIPPrimaryIPv4(host)
 	} else if DisableIPv6 {
 		return ResolveAllIPv4(host)
 	}
 	ip, err := netip.ParseAddr(host)
 	if err == nil {
 		return []netip.Addr{ip}, nil
 	}
 	if DefaultResolver == nil {
 		ipAddr, err := net.ResolveIPAddr("ip", host)
 		if err != nil {
 			return []netip.Addr{}, err
 		}
 		return []netip.Addr{nnip.IpToAddr(ipAddr.IP)}, nil
 	}
 	return []netip.Addr{}, ErrIPNotFound
 }
 func ResolveAllIP(host string) ([]netip.Addr, error) {
 	return ResolveAllIPWithResolver(host, DefaultResolver)
 }
 func ResolveAllIPv4(host string) ([]netip.Addr, error) {
 	return ResolveAllIPv4WithResolver(host, DefaultResolver)
 }
 func ResolveAllIPv6(host string) ([]netip.Addr, error) {
 	return ResolveAllIPv6WithResolver(host, DefaultResolver)
 }
 func ResolveAllIPv6ProxyServerHost(host string) ([]netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
 		return ResolveAllIPv6WithResolver(host, ProxyServerHostResolver)
 	}
 	return ResolveAllIPv6(host)
 }
 func ResolveAllIPv4ProxyServerHost(host string) ([]netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
 		return ResolveAllIPv4WithResolver(host, ProxyServerHostResolver)
 	}
 	return ResolveAllIPv4(host)
 }
 func ResolveAllIPProxyServerHost(host string) ([]netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
 		return ResolveAllIPWithResolver(host, ProxyServerHostResolver)
 	}
 	return ResolveAllIP(host)
 }
--- a/component/script/build_actions.go
+++ b/component/script/build_actions.go
@ -0,0 +1,10 @@
 //go:build build_actions
 package script
 /*
 #cgo windows,amd64 CFLAGS: -ID:/python-amd64/include -DMS_WIN64
 #cgo windows,amd64 LDFLAGS: -LD:/python-amd64/libs -lpython39 -lpthread -lm
 */
 import "C"
--- a/component/script/build_local.go
+++ b/component/script/build_local.go
@ -0,0 +1,8 @@
 //go:build build_local
 package script
 /*
 #cgo pkg-config: python3-embed
 */
 import "C"
--- a/component/script/build_xgo.go
+++ b/component/script/build_xgo.go
@ -0,0 +1,24 @@
 //go:build !build_local
 package script
 /*
 #cgo linux,amd64 pkg-config: python3-embed
 #cgo darwin,amd64 CFLAGS: -I/build/python/python-3.9.7-darwin-amd64/include/python3.9
 #cgo darwin,arm64 CFLAGS: -I/build/python/python-3.9.7-darwin-arm64/include/python3.9
 #cgo windows,amd64 CFLAGS: -I/build/python/python-3.9.7-windows-amd64/include -DMS_WIN64
 #cgo windows,386 CFLAGS: -I/build/python/python-3.9.7-windows-386/include
 //#cgo linux,amd64 CFLAGS: -I/home/runner/work/clash/clash/bin/python/python-3.9.7-linux-amd64/include/python3.9
 //#cgo linux,arm64 CFLAGS: -I/build/python/python-3.9.7-linux-arm64/include/python3.9
 //#cgo linux,386 CFLAGS: -I/build/python/python-3.9.7-linux-386/include/python3.9
 #cgo darwin,amd64 LDFLAGS: -L/build/python/python-3.9.7-darwin-amd64/lib -lpython3.9 -ldl   -framework CoreFoundation
 #cgo darwin,arm64 LDFLAGS: -L/build/python/python-3.9.7-darwin-arm64/lib -lpython3.9 -ldl   -framework CoreFoundation
 #cgo windows,amd64 LDFLAGS: -L/build/python/python-3.9.7-windows-amd64/lib -lpython39 -lpthread -lm
 #cgo windows,386 LDFLAGS: -L/build/python/python-3.9.7-windows-386/lib -lpython39 -lpthread -lm
 //#cgo linux,amd64 LDFLAGS: -L/home/runner/work/clash/clash/bin/python/python-3.9.7-linux-amd64/lib -lpython3.9 -lpthread -ldl  -lutil -lm
 //#cgo linux,arm64 LDFLAGS: -L/build/python/python-3.9.7-linux-arm64/lib -lpython3.9 -lpthread -ldl  -lutil -lm
 //#cgo linux,386 LDFLAGS: -L/build/python/python-3.9.7-linux-386/lib -lpython3.9 -lpthread -ldl  -lutil -lm
 */
 import "C"
--- a/component/script/clash_module.c
+++ b/component/script/clash_module.c
@ -0,0 +1,743 @@
 #define PY_SSIZE_T_CLEAN
 #include "clash_module.h"
 #include <structmember.h>
 PyObject *clash_module;
 PyObject *main_fn;
 PyObject *clash_context;
 // init_python
 void init_python(const char *program, const char *path) {
 //    Py_NoSiteFlag = 1;
 //    Py_FrozenFlag = 1;
 //    Py_IgnoreEnvironmentFlag = 1;
 //    Py_IsolatedFlag = 1;
    append_inittab();
    wchar_t *programName = Py_DecodeLocale(program, NULL);
    if (programName != NULL) {
        Py_SetProgramName(programName);
        PyMem_RawFree(programName);
    }
 //    wchar_t *newPath = Py_DecodeLocale(path, NULL);
 //    if (newPath != NULL) {
 //        Py_SetPath(newPath);
 //        PyMem_RawFree(newPath);
 //    }
 //    Py_Initialize();
    Py_InitializeEx(0);
    char *pathPrefix = "import sys; sys.path.append('";
    char *pathSuffix = "')";
    char *newPath = (char *) malloc(strlen(pathPrefix) + strlen(path) + strlen(pathSuffix));
    sprintf(newPath, "%s%s%s", pathPrefix, path, pathSuffix);
    PyRun_SimpleString(newPath);
    free(newPath);
    /* Optionally import the module; alternatively,
        import can be deferred until the embedded script
        imports it. */
    clash_module = PyImport_ImportModule("clash");
 }
 // Load function, same as "import module_name.func_name as obj" in Python
 // Returns the function object or NULL if not found
 PyObject *load_func(const char *module_name, char *func_name) {
    // Import the module
    PyObject *py_mod_name = PyUnicode_FromString(module_name);
    if (py_mod_name == NULL) {
        return NULL;
    }
    PyObject *module = PyImport_Import(py_mod_name);
    Py_DECREF(py_mod_name);
    if (module == NULL) {
        return NULL;
    }
    // Get function, same as "getattr(module, func_name)" in Python
    PyObject *func = PyObject_GetAttrString(module, func_name);
    Py_DECREF(module);
    return func;
 }
 // Return last error as char *, NULL if there was no error
 const char *py_last_error() {
    PyObject *err = PyErr_Occurred();
    if (err == NULL) {
        return NULL;
    }
    PyObject *type, *value, *traceback;
    PyErr_Fetch(&type, &value, &traceback);
    if (value == NULL) {
        return NULL;
    }
    PyObject *str = PyObject_Str(value);
    const char *utf8 = PyUnicode_AsUTF8(str);
    Py_DECREF(str);
    PyErr_Clear();
    return utf8;
 }
 void py_clear(PyObject *obj) {
    Py_CLEAR(obj);
 }
 void load_main_func() {
    main_fn = load_func(CLASH_SCRIPT_MODULE_NAME, "main");
 }
 /** callback function, that call go function by python3 script. **/
 resolve_ip_callback resolve_ip_callback_fn;
 geoip_callback geoip_callback_fn;
 rule_provider_callback rule_provider_callback_fn;
 log_callback log_callback_fn;
 void
 set_resolve_ip_callback(resolve_ip_callback cb)
 {
    resolve_ip_callback_fn = cb;
 }
 void
 set_geoip_callback(geoip_callback cb)
 {
    geoip_callback_fn = cb;
 }
 void
 set_rule_provider_callback(rule_provider_callback cb)
 {
    rule_provider_callback_fn = cb;
 }
 void
 set_log_callback(log_callback cb)
 {
    log_callback_fn = cb;
 }
 /** end callback function **/
 /* --------------------------------------------------------------------- */
 /* RuleProvider objects */
 typedef struct {
    PyObject_HEAD
    PyObject *name; /* rule provider name */
 } RuleProviderObject;
 static int
 RuleProvider_traverse(RuleProviderObject *self, visitproc visit, void *arg)
 {
    Py_VISIT(self->name);
    return 0;
 }
 static int
 RuleProvider_clear(RuleProviderObject *self)
 {
    Py_CLEAR(self->name);
    return 0;
 }
 static void
 RuleProvider_dealloc(RuleProviderObject *self)
 {
    PyObject_GC_UnTrack(self);
    RuleProvider_clear(self);
    Py_TYPE(self)->tp_free((PyObject *) self);
 }
 static PyObject *
 RuleProvider_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
 {
    RuleProviderObject *self;
    self = (RuleProviderObject *) type->tp_alloc(type, 0);
    if (self != NULL) {
        self->name = PyUnicode_FromString("");
        if (self->name == NULL) {
            Py_DECREF(self);
            return NULL;
        }
    }
    return (PyObject *) self;
 }
 static int
 RuleProvider_init(RuleProviderObject *self, PyObject *args, PyObject *kwds)
 {
    static char *kwlist[] = {"name", NULL};
    PyObject *name = NULL, *tmp;
    if (!PyArg_ParseTupleAndKeywords(args, kwds, "|Us", kwlist, &name))
        return -1;
    if (name) {
        tmp = self->name;
        Py_INCREF(name);
        self->name = name;
        Py_DECREF(tmp);
    }
    return 0;
 }
 //static PyMemberDef RuleProvider_members[] = {
 //    {"adapter_type", T_STRING, offsetof(RuleProviderObject, adapter_type), 0,
 //     "adapter type"},
 //    {NULL}  /* Sentinel */
 //};
 static PyObject *
 RuleProvider_getname(RuleProviderObject *self, void *closure)
 {
    Py_INCREF(self->name);
    return self->name;
 }
 static int
 RuleProvider_setname(RuleProviderObject *self, PyObject *value, void *closure)
 {
    if (value == NULL) {
        PyErr_SetString(PyExc_TypeError, "Cannot delete the name attribute");
        return -1;
    }
    if (!PyUnicode_Check(value)) {
        PyErr_SetString(PyExc_TypeError,
            "The name attribute value must be a string");
        return -1;
    }
    Py_INCREF(value);
    Py_CLEAR(self->name);
    self->name = value;
    return 0;
 }
 static PyGetSetDef RuleProvider_getsetters[] = {
    {"name", (getter) RuleProvider_getname, (setter) RuleProvider_setname,
     "name", NULL},
    {NULL}  /* Sentinel */
 };
 static PyObject *
 RuleProvider_name(RuleProviderObject *self, PyObject *Py_UNUSED(ignored))
 {
    Py_INCREF(self->name);
    return self->name;
 }
 static PyObject *
 RuleProvider_match(RuleProviderObject *self, PyObject *args)
 {
    PyObject *result;
    PyObject *tmp;
    const char *provider_name;
    if (!PyArg_ParseTuple(args, "O!", &PyDict_Type, &tmp)) //Format "O","O!","O&": Borrowed reference.
        return NULL;
    if (tmp == NULL)
        Py_RETURN_FALSE;
    Py_INCREF(tmp);
 //    PyObject *py_src_port = PyDict_GetItemString(tmp, "src_port"); //Return value: Borrowed reference.
 //    PyObject *py_dst_port = PyDict_GetItemString(tmp, "dst_port"); //Return value: Borrowed reference.
 //    Py_INCREF(py_src_port);
 //    Py_INCREF(py_dst_port);
 //    char *c_src_port = (char *) malloc(PyLong_AsSize_t(py_src_port));
 //    char *c_dst_port = (char *) malloc(PyLong_AsSize_t(py_dst_port));
 //    sprintf(c_src_port, "%ld", PyLong_AsLong(py_src_port));
 //    sprintf(c_dst_port, "%ld", PyLong_AsLong(py_dst_port));
    struct Metadata metadata = {
        .type = PyUnicode_AsUTF8(PyDict_GetItemString(tmp, "type")), // PyDict_GetItemString() Return value: Borrowed reference.
        .network = PyUnicode_AsUTF8(PyDict_GetItemString(tmp, "network")),
        .process_name = PyUnicode_AsUTF8(PyDict_GetItemString(tmp, "process_name")),
        .process_path = PyUnicode_AsUTF8(PyDict_GetItemString(tmp, "process_path")),
        .host = PyUnicode_AsUTF8(PyDict_GetItemString(tmp, "host")),
        .src_ip = PyUnicode_AsUTF8(PyDict_GetItemString(tmp, "src_ip")),
        .src_port = (unsigned short)PyLong_AsUnsignedLong(PyDict_GetItemString(tmp, "src_port")),
        .dst_ip = PyUnicode_AsUTF8(PyDict_GetItemString(tmp, "dst_ip")),
        .dst_port = (unsigned short)PyLong_AsUnsignedLong(PyDict_GetItemString(tmp, "dst_port"))
    };
 //    Py_DECREF(py_src_port);
 //    Py_DECREF(py_dst_port);
    Py_INCREF(self->name);
    provider_name = PyUnicode_AsUTF8(self->name);
    Py_DECREF(self->name);
    Py_DECREF(tmp);
    int rs = rule_provider_callback_fn(provider_name, &metadata);
    result = (rs == 1) ? Py_True : Py_False;
    Py_INCREF(result);
    return result;
 }
 static PyMethodDef RuleProvider_methods[] = {
    {"name", (PyCFunction) RuleProvider_name, METH_NOARGS,
     "Return the RuleProvider name"
    },
    {"match", (PyCFunction) RuleProvider_match, METH_VARARGS,
     "Match the rule by the RuleProvider, match(metadata) -> boolean"
    },
    {NULL}  /* Sentinel */
 };
 static PyTypeObject RuleProviderType = {
    PyVarObject_HEAD_INIT(NULL, 0)
    .tp_name = "clash.RuleProvider",
    .tp_doc = "Clash RuleProvider objects",
    .tp_basicsize = sizeof(RuleProviderObject),
    .tp_itemsize = 0,
    .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC,
    .tp_new = RuleProvider_new,
    .tp_init = (initproc) RuleProvider_init,
    .tp_dealloc = (destructor) RuleProvider_dealloc,
    .tp_traverse = (traverseproc) RuleProvider_traverse,
    .tp_clear = (inquiry) RuleProvider_clear,
 //    .tp_members = RuleProvider_members,
    .tp_methods = RuleProvider_methods,
    .tp_getset = RuleProvider_getsetters,
 };
 /* end RuleProvider objects */
 /* --------------------------------------------------------------------- */
 /* Context objects */
 typedef struct {
    PyObject_HEAD
    PyObject *rule_providers; /* Dict<String, RuleProvider> */
 } ContextObject;
 static int
 Context_traverse(ContextObject *self, visitproc visit, void *arg)
 {
    Py_VISIT(self->rule_providers);
    return 0;
 }
 static int
 Context_clear(ContextObject *self)
 {
    Py_CLEAR(self->rule_providers);
    return 0;
 }
 static void
 Context_dealloc(ContextObject *self)
 {
    PyObject_GC_UnTrack(self);
    Context_clear(self);
    Py_TYPE(self)->tp_free((PyObject *) self);
 }
 static PyObject *
 Context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
 {
    ContextObject *self;
    self = (ContextObject *) type->tp_alloc(type, 0);
    if (self != NULL) {
        self->rule_providers = PyDict_New();
        if (self->rule_providers == NULL) {
            Py_DECREF(self);
            return NULL;
        }
    }
    return (PyObject *) self;
 }
 static int
 Context_init(ContextObject *self, PyObject *args, PyObject *kwds)
 {
    static char *kwlist[] = {"rule_providers", NULL};
    PyObject *rule_providers = NULL, *tmp;
    if (!PyArg_ParseTupleAndKeywords(args, kwds, "|O", kwlist,
                                     &rule_providers))
        return -1;
    if (rule_providers) {
        tmp = self->rule_providers;
        Py_INCREF(rule_providers);
        self->rule_providers = rule_providers;
        Py_DECREF(tmp);
    }
    return 0;
 }
 static PyObject *
 Context_getrule_providers(ContextObject *self, void *closure)
 {
    Py_INCREF(self->rule_providers);
    return self->rule_providers;
 }
 static int
 Context_setrule_providers(ContextObject *self, PyObject *value, void *closure)
 {
    if (value == NULL) {
        PyErr_SetString(PyExc_TypeError, "Cannot delete the rule_providers attribute");
        return -1;
    }
    if (!PyDict_Check(value)) {
        PyErr_SetString(PyExc_TypeError,
            "The rule_providers attribute value must be a dict");
        return -1;
    }
    Py_INCREF(value);
    Py_CLEAR(self->rule_providers);
    self->rule_providers = value;
    return 0;
 }
 static PyGetSetDef Context_getsetters[] = {
    {"rule_providers", (getter) Context_getrule_providers, (setter) Context_setrule_providers,
     "rule_providers", NULL},
    {NULL}  /* Sentinel */
 };
 static PyObject *
 Context_resolve_ip(PyObject *self, PyObject *args)
 {
    const char *host;
    const char *ip;
    if (!PyArg_ParseTuple(args, "s", &host))
        return NULL;
    if (host == NULL)
        return PyUnicode_FromString("");
    ip = resolve_ip_callback_fn(host);
    return PyUnicode_FromString(ip);
 }
 static PyObject *
 Context_geoip(PyObject *self, PyObject *args)
 {
    const char *ip;
    const char *countryCode;
    if (!PyArg_ParseTuple(args, "s", &ip))
        return NULL;
    if (ip == NULL)
        return PyUnicode_FromString("");
    countryCode = geoip_callback_fn(ip);
    return PyUnicode_FromString(countryCode);
 }
 static PyObject *
 Context_log(PyObject *self, PyObject *args)
 {
    const char *msg;
    if (!PyArg_ParseTuple(args, "s", &msg))
        return NULL;
    log_callback_fn(msg);
    Py_RETURN_NONE;
 }
 static PyMethodDef Context_methods[] = {
    {"resolve_ip", (PyCFunction) Context_resolve_ip, METH_VARARGS,
     "resolve_ip(host) -> string"
    },
    {"geoip", (PyCFunction) Context_geoip, METH_VARARGS,
     "geoip(ip) -> string"
    },
    {"log", (PyCFunction) Context_log, METH_VARARGS,
     "log(msg) -> void"
    },
    {NULL}  /* Sentinel */
 };
 static PyTypeObject ContextType = {
    PyVarObject_HEAD_INIT(NULL, 0)
    .tp_name = "clash.Context",
    .tp_doc = "Clash Context objects",
    .tp_basicsize = sizeof(ContextObject),
    .tp_itemsize = 0,
    .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC,
    .tp_new = Context_new,
    .tp_init = (initproc) Context_init,
    .tp_dealloc = (destructor) Context_dealloc,
    .tp_traverse = (traverseproc) Context_traverse,
    .tp_clear = (inquiry) Context_clear,
    .tp_methods = Context_methods,
    .tp_getset = Context_getsetters,
 };
 static PyModuleDef clashmodule = {
    PyModuleDef_HEAD_INIT,
    .m_name = "clash",
    .m_doc = "Clash module that creates an extension module for python3.",
    .m_size = -1,
 };
 PyMODINIT_FUNC
 PyInit_clash(void)
 {
    PyObject *m;
    m = PyModule_Create(&clashmodule);
    if (m == NULL)
        return NULL;
    if (PyType_Ready(&RuleProviderType) < 0)
        return NULL;
    Py_INCREF(&RuleProviderType);
    if (PyModule_AddObject(m, "RuleProvider", (PyObject *) &RuleProviderType) < 0) {
        Py_DECREF(&RuleProviderType);
        Py_DECREF(m);
        return NULL;
    }
    if (PyType_Ready(&ContextType) < 0)
        return NULL;
    Py_INCREF(&ContextType);
    if (PyModule_AddObject(m, "Context", (PyObject *) &ContextType) < 0) {
        Py_DECREF(&ContextType);
        Py_DECREF(m);
        return NULL;
    }
    return m;
 }
 /* end Context objects */
 /* --------------------------------------------------------------------- */
 void
 append_inittab()
 {
    /* Add a built-in module, before Py_Initialize */
    PyImport_AppendInittab("clash", PyInit_clash);
 }
 int new_clash_py_context(const char *provider_name_arr[], int size) {
    PyObject *dict = PyDict_New(); //Return value: New reference.
    if (dict == NULL) {
        PyErr_SetString(PyExc_TypeError,
            "PyDict_New failure");
        return 0;
    }
    for (int i = 0; i < size; i++) {
        PyObject *rule_provider = RuleProvider_new(&RuleProviderType, NULL, NULL);
        if (rule_provider == NULL) {
            Py_DECREF(dict);
            PyErr_SetString(PyExc_TypeError,
                    "RuleProvider_new failure");
            return 0;
        }
        RuleProviderObject *providerObj = (RuleProviderObject *) rule_provider;
        PyObject *py_name = PyUnicode_FromString(provider_name_arr[i]); //Return value: New reference.
        RuleProvider_setname(providerObj, py_name, NULL);
        Py_DECREF(py_name);
        PyDict_SetItemString(dict, provider_name_arr[i], rule_provider); //Parameter value: New reference.
        Py_DECREF(rule_provider);
    }
    clash_context = Context_new(&ContextType, NULL, NULL);
    if (clash_context == NULL) {
        Py_DECREF(dict);
        PyErr_SetString(PyExc_TypeError,
                "Context_new failure");
        return 0;
    }
    Context_setrule_providers((ContextObject *) clash_context, dict, NULL);
    Py_DECREF(dict);
    return 1;
 }
 const char *call_main(
                const char *type,
                const char *network,
                const char *process_name,
                const char *process_path,
                const char *host,
                const char *src_ip,
                unsigned short src_port,
                const char *dst_ip,
                unsigned short dst_port) {
    PyObject *metadataDict;
    PyObject *tupleArgs;
    PyObject *result;
    metadataDict = PyDict_New(); //Return value: New reference.
    if (metadataDict == NULL) {
        PyErr_SetString(PyExc_TypeError,
            "PyDict_New failure");
        return "-1";
    }
    PyObject *p_type = PyUnicode_FromString(type); //Return value: New reference.
    PyObject *p_network = PyUnicode_FromString(network); //Return value: New reference.
    PyObject *p_process_name = PyUnicode_FromString(process_name); //Return value: New reference.
    PyObject *p_process_path = PyUnicode_FromString(process_path); //Return value: New reference.
    PyObject *p_host = PyUnicode_FromString(host); //Return value: New reference.
    PyObject *p_src_ip = PyUnicode_FromString(src_ip); //Return value: New reference.
    PyObject *p_src_port = PyLong_FromUnsignedLong((unsigned long)src_port); //Return value: New reference.
    PyObject *p_dst_ip = PyUnicode_FromString(dst_ip); //Return value: New reference.
    PyObject *p_dst_port = PyLong_FromUnsignedLong((unsigned long)dst_port); //Return value: New reference.
    PyDict_SetItemString(metadataDict, "type", p_type); //Parameter value: New reference.
    PyDict_SetItemString(metadataDict, "network", p_network); //Parameter value: New reference.
    PyDict_SetItemString(metadataDict, "process_name", p_process_name); //Parameter value: New reference.
    PyDict_SetItemString(metadataDict, "process_path", p_process_path); //Parameter value: New reference.
    PyDict_SetItemString(metadataDict, "host", p_host); //Parameter value: New reference.
    PyDict_SetItemString(metadataDict, "src_ip", p_src_ip); //Parameter value: New reference.
    PyDict_SetItemString(metadataDict, "src_port", p_src_port); //Parameter value: New reference.
    PyDict_SetItemString(metadataDict, "dst_ip", p_dst_ip); //Parameter value: New reference.
    PyDict_SetItemString(metadataDict, "dst_port", p_dst_port); //Parameter value: New reference.
    Py_DECREF(p_type);
    Py_DECREF(p_network);
    Py_DECREF(p_process_name);
    Py_DECREF(p_process_path);
    Py_DECREF(p_host);
    Py_DECREF(p_src_ip);
    Py_DECREF(p_src_port);
    Py_DECREF(p_dst_ip);
    Py_DECREF(p_dst_port);
    tupleArgs = PyTuple_New(2); //Return value: New reference.
    if (tupleArgs == NULL) {
        Py_DECREF(metadataDict);
        PyErr_SetString(PyExc_TypeError,
            "PyTuple_New failure");
        return "-1";
    }
    Py_INCREF(clash_context);
    PyTuple_SetItem(tupleArgs, 0, clash_context); //clash_context Parameter value: Stolen reference.
    PyTuple_SetItem(tupleArgs, 1, metadataDict); //metadataDict Parameter value: Stolen reference.
    Py_INCREF(main_fn);
    result = PyObject_CallObject(main_fn, tupleArgs); //Return value: New reference.
    Py_DECREF(main_fn);
    Py_DECREF(tupleArgs);
    if (result == NULL) {
        return "-1";
    }
    if (!PyUnicode_Check(result)) {
        Py_DECREF(result);
        PyErr_SetString(PyExc_TypeError,
            "script main function return value must be a string");
        return "-1";
    }
    const char *adapter = PyUnicode_AsUTF8(result);
    Py_DECREF(result);
    return adapter;
 }
 int call_shortcut(PyObject *shortcut_fn,
                const char *type,
                const char *network,
                const char *process_name,
                const char *process_path,
                const char *host,
                const char *src_ip,
                unsigned short src_port,
                const char *dst_ip,
                unsigned short dst_port) {
    PyObject *args;
    PyObject *result;
    args = Py_BuildValue("{s:O, s:s, s:s, s:s, s:s, s:s, s:s, s:H, s:s, s:H}",
                        "ctx", clash_context,
                        "type", type,
                        "network", network,
                        "process_name", process_name,
                        "process_path", process_path,
                        "host", host,
                        "src_ip", src_ip,
                        "src_port", src_port,
                        "dst_ip", dst_ip,
                        "dst_port", dst_port); //Return value: New reference.
    if (args == NULL) {
        PyErr_SetString(PyExc_TypeError,
            "Py_BuildValue failure");
        return -1;
    }
    PyObject *tupleArgs = PyTuple_New(0); //Return value: New reference.
    Py_INCREF(clash_context);
    Py_INCREF(shortcut_fn);
    result = PyObject_Call(shortcut_fn, tupleArgs, args); //Return value: New reference.
    Py_DECREF(shortcut_fn);
    Py_DECREF(clash_context);
    Py_DECREF(tupleArgs);
    Py_DECREF(args);
    if (result == NULL) {
        return -1;
    }
    if (!PyBool_Check(result)) {
        Py_DECREF(result);
        PyErr_SetString(PyExc_TypeError,
            "script shortcut return value must be as boolean");
        return -1;
    }
    int rs = (result == Py_True) ? 1 : 0;
    Py_DECREF(result);
    return rs;
 }
 void finalize_Python() {
    Py_CLEAR(main_fn);
    Py_CLEAR(clash_context);
    Py_CLEAR(clash_module);
    Py_FinalizeEx();
    clash_module = NULL;
    main_fn = NULL;
    clash_context = NULL;
 }
 /* --------------------------------------------------------------------- */
--- a/component/script/clash_module.go
+++ b/component/script/clash_module.go
@ -0,0 +1,338 @@
 package script
 /*
 #include "clash_module.h"
 extern const char *resolveIPCallbackFn(const char *host);
 void
 go_set_resolve_ip_callback() {
 	set_resolve_ip_callback(resolveIPCallbackFn);
 }
 extern const char *geoipCallbackFn(const char *ip);
 void
 go_set_geoip_callback() {
 	set_geoip_callback(geoipCallbackFn);
 }
 extern const int ruleProviderCallbackFn(const char *provider_name, struct Metadata *metadata);
 void
 go_set_rule_provider_callback() {
 	set_rule_provider_callback(ruleProviderCallbackFn);
 }
 extern void logCallbackFn(const char *msg);
 void
 go_set_log_callback() {
 	set_log_callback(logCallbackFn);
 }
 */
 import "C"
 import (
 	"errors"
 	"fmt"
 	"os"
 	"runtime"
 	"strconv"
 	"strings"
 	"sync"
 	"syscall"
 	"unsafe"
 	"github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 )
 const ClashScriptModuleName = C.CLASH_SCRIPT_MODULE_NAME
 var lock sync.Mutex
 type PyObject C.PyObject
 func togo(cobject *C.PyObject) *PyObject {
 	return (*PyObject)(cobject)
 }
 func toc(object *PyObject) *C.PyObject {
 	return (*C.PyObject)(object)
 }
 func (pyObject *PyObject) IncRef() {
 	C.Py_IncRef(toc(pyObject))
 }
 func (pyObject *PyObject) DecRef() {
 	C.Py_DecRef(toc(pyObject))
 }
 func (pyObject *PyObject) Clear() {
 	C.py_clear(toc(pyObject))
 }
 // Py_Initialize initialize Python3
 func Py_Initialize(program string, path string) error {
 	lock.Lock()
 	defer lock.Unlock()
 	if C.Py_IsInitialized() != 0 {
 		if pyThreadState != nil {
 			PyEval_RestoreThread(pyThreadState)
 		}
 		C.finalize_Python()
 	}
 	path = strings.ReplaceAll(path, "\\", "/")
 	cPath := C.CString(path)
 	C.init_python(C.CString(program), cPath)
 	err := PyLastError()
 	if err != nil {
 		if C.Py_IsInitialized() != 0 {
 			C.finalize_Python()
 			_ = os.RemoveAll(constant.Path.ScriptDir())
 		}
 		return err
 	} else if C.Py_IsInitialized() == 0 {
 		err = errors.New("initialized script module failure")
 		return err
 	}
 	initPython3Callback()
 	return nil
 }
 func Py_IsInitialized() bool {
 	lock.Lock()
 	defer lock.Unlock()
 	return C.Py_IsInitialized() != 0
 }
 func Py_Finalize() {
 	lock.Lock()
 	defer lock.Unlock()
 	if C.Py_IsInitialized() != 0 {
 		if pyThreadState != nil {
 			PyEval_RestoreThread(pyThreadState)
 		}
 		C.finalize_Python()
 		_ = os.RemoveAll(constant.Path.ScriptDir())
 		log.Warnln("Clash clean up script mode.")
 	}
 }
 //Py_GetVersion get
 func Py_GetVersion() string {
 	cversion := C.Py_GetVersion()
 	return strings.Split(C.GoString(cversion), "\n")[0]
 }
 // loadPyFunc loads a Python function by module and function name
 func loadPyFunc(moduleName, funcName string) (*C.PyObject, error) {
 	// Convert names to C char*
 	cMod := C.CString(moduleName)
 	cFunc := C.CString(funcName)
 	// Free memory allocated by C.CString
 	defer func() {
 		C.free(unsafe.Pointer(cMod))
 		C.free(unsafe.Pointer(cFunc))
 	}()
 	fnc := C.load_func(cMod, cFunc)
 	if fnc == nil {
 		return nil, PyLastError()
 	}
 	return fnc, nil
 }
 //PyLastError python last error
 func PyLastError() error {
 	cp := C.py_last_error()
 	if cp == nil {
 		return nil
 	}
 	return errors.New(C.GoString(cp))
 }
 func LoadShortcutFunction(shortcut string) (*PyObject, error) {
 	fnc, err := loadPyFunc(ClashScriptModuleName, shortcut)
 	if err != nil {
 		return nil, err
 	}
 	return togo(fnc), nil
 }
 func LoadMainFunction() error {
 	C.load_main_func()
 	err := PyLastError()
 	if err != nil {
 		return err
 	}
 	return nil
 }
 //CallPyMainFunction call python script main function
 //return the proxy adapter name.
 func CallPyMainFunction(mtd *constant.Metadata) (string, error) {
 	_type := C.CString(mtd.Type.String())
 	network := C.CString(mtd.NetWork.String())
 	processName := C.CString(mtd.Process)
 	processPath := C.CString(mtd.ProcessPath)
 	host := C.CString(mtd.Host)
 	srcPortGo, _ := strconv.ParseUint(mtd.SrcPort, 10, 16)
 	dstPortGo, _ := strconv.ParseUint(mtd.DstPort, 10, 16)
 	srcPort := C.ushort(srcPortGo)
 	dstPort := C.ushort(dstPortGo)
 	dstIpGo := ""
 	srcIpGo := ""
 	if mtd.SrcIP.IsValid() {
 		srcIpGo = mtd.SrcIP.String()
 	}
 	if mtd.DstIP.IsValid() {
 		dstIpGo = mtd.DstIP.String()
 	}
 	srcIp := C.CString(srcIpGo)
 	dstIp := C.CString(dstIpGo)
 	defer func() {
 		C.free(unsafe.Pointer(_type))
 		C.free(unsafe.Pointer(network))
 		C.free(unsafe.Pointer(processName))
 		C.free(unsafe.Pointer(processPath))
 		C.free(unsafe.Pointer(host))
 		C.free(unsafe.Pointer(srcIp))
 		C.free(unsafe.Pointer(dstIp))
 	}()
 	runtime.LockOSThread()
 	gilState := PyGILState_Ensure()
 	defer PyGILState_Release(gilState)
 	cRs := C.call_main(_type, network, processName, processPath, host, srcIp, srcPort, dstIp, dstPort)
 	rs := C.GoString(cRs)
 	if rs == "-1" {
 		err := PyLastError()
 		if err != nil {
 			log.Errorln("[Script] script code error: %v", err)
 			killSelf()
 			return "", fmt.Errorf("script code error: %w", err)
 		} else {
 			return "", fmt.Errorf("script code error, result: %v", rs)
 		}
 	}
 	return rs, nil
 }
 //CallPyShortcut call python script shortcuts function
 //param: shortcut name
 //return the match result.
 func CallPyShortcut(fn *PyObject, mtd *constant.Metadata) (bool, error) {
 	_type := C.CString(mtd.Type.String())
 	network := C.CString(mtd.NetWork.String())
 	processName := C.CString(mtd.Process)
 	processPath := C.CString(mtd.ProcessPath)
 	host := C.CString(mtd.Host)
 	srcPortGo, _ := strconv.ParseUint(mtd.SrcPort, 10, 16)
 	dstPortGo, _ := strconv.ParseUint(mtd.DstPort, 10, 16)
 	srcPort := C.ushort(srcPortGo)
 	dstPort := C.ushort(dstPortGo)
 	dstIpGo := ""
 	srcIpGo := ""
 	if mtd.SrcIP.IsValid() {
 		srcIpGo = mtd.SrcIP.String()
 	}
 	if mtd.DstIP.IsValid() {
 		dstIpGo = mtd.DstIP.String()
 	}
 	srcIp := C.CString(srcIpGo)
 	dstIp := C.CString(dstIpGo)
 	defer func() {
 		C.free(unsafe.Pointer(_type))
 		C.free(unsafe.Pointer(network))
 		C.free(unsafe.Pointer(processName))
 		C.free(unsafe.Pointer(processPath))
 		C.free(unsafe.Pointer(host))
 		C.free(unsafe.Pointer(srcIp))
 		C.free(unsafe.Pointer(dstIp))
 	}()
 	runtime.LockOSThread()
 	gilState := PyGILState_Ensure()
 	defer PyGILState_Release(gilState)
 	cRs := C.call_shortcut(toc(fn), _type, network, processName, processPath, host, srcIp, srcPort, dstIp, dstPort)
 	rs := int(cRs)
 	if rs == -1 {
 		err := PyLastError()
 		if err != nil {
 			log.Errorln("[Script] script shortcut code error: %v", err)
 			killSelf()
 			return false, fmt.Errorf("script shortcut code error: %w", err)
 		} else {
 			return false, fmt.Errorf("script shortcut code error: result: %d", rs)
 		}
 	}
 	if rs == 1 {
 		return true, nil
 	} else {
 		return false, nil
 	}
 }
 func initPython3Callback() {
 	C.go_set_resolve_ip_callback()
 	C.go_set_geoip_callback()
 	C.go_set_rule_provider_callback()
 	C.go_set_log_callback()
 }
 //NewClashPyContext new clash context for python
 func NewClashPyContext(ruleProvidersName []string) error {
 	length := len(ruleProvidersName)
 	cStringArr := make([]*C.char, length)
 	for i, v := range ruleProvidersName {
 		cStringArr[i] = C.CString(v)
 		defer C.free(unsafe.Pointer(cStringArr[i]))
 	}
 	cArrPointer := unsafe.Pointer(nil)
 	if length > 0 {
 		cArrPointer = unsafe.Pointer(&cStringArr[0])
 	}
 	rs := C.new_clash_py_context((**C.char)(cArrPointer), C.int(length))
 	if int(rs) == 0 {
 		err := PyLastError()
 		return fmt.Errorf("new script module context failure: %w", err)
 	}
 	return nil
 }
 func killSelf() {
 	p, err := os.FindProcess(os.Getpid())
 	if err != nil {
 		os.Exit(int(syscall.SIGINT))
 		return
 	}
 	_ = p.Signal(syscall.SIGINT)
 }
--- a/component/script/clash_module.h
+++ b/component/script/clash_module.h
@ -0,0 +1,65 @@
 #ifndef CLASH_CALLBACK_MODULE_H__
 #define CLASH_CALLBACK_MODULE_H__
 #include <Python.h>
 #define CLASH_SCRIPT_MODULE_NAME "clash_script"
 struct Metadata {
    const char *type; /* type socks5/http */
    const char *network;  /* network tcp/udp */
    const char *process_name;
    const char *process_path;
    const char *host;
    const char *src_ip;
    unsigned short src_port;
    const char *dst_ip;
    unsigned short dst_port;
 };
 /** callback function, that call go function by python3 script. **/
 typedef const char *(*resolve_ip_callback)(const char *host);
 typedef const char *(*geoip_callback)(const char *ip);
 typedef const int (*rule_provider_callback)(const char *provider_name, struct Metadata *metadata);
 typedef void (*log_callback)(const char *msg);
 void set_resolve_ip_callback(resolve_ip_callback cb);
 void set_geoip_callback(geoip_callback cb);
 void set_rule_provider_callback(rule_provider_callback cb);
 void set_log_callback(log_callback cb);
 /*---------------------------------------------------------------*/
 void append_inittab();
 void init_python(const char *program, const char *path);
 void load_main_func();
 void finalize_Python();
 void py_clear(PyObject *obj);
 const char *py_last_error();
 PyObject *load_func(const char *module_name, char *func_name);
 int new_clash_py_context(const char *provider_name_arr[], int size);
 const char *call_main(
                const char *type,
                const char *network,
                const char *process_name,
                const char *process_path,
                const char *host,
                const char *src_ip,
                unsigned short src_port,
                const char *dst_ip,
                unsigned short dst_port);
 int call_shortcut(PyObject *shortcut_fn,
                const char *type,
                const char *network,
                const char *process_name,
                const char *process_path,
                const char *host,
                const char *src_ip,
                unsigned short src_port,
                const char *dst_ip,
                unsigned short dst_port);
 #endif // CLASH_CALLBACK_MODULE_H__
--- a/component/script/clash_module_export.go
+++ b/component/script/clash_module_export.go
@ -0,0 +1,145 @@
 package script
 /*
 #include "clash_module.h"
 */
 import "C"
 import (
 	"net/netip"
 	"strconv"
 	"strings"
 	"unsafe"
 	"github.com/Dreamacro/clash/component/mmdb"
 	"github.com/Dreamacro/clash/component/resolver"
 	"github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 )
 var (
 	ruleProviders = map[string]constant.Rule{}
 	pyThreadState *PyThreadState
 )
 func UpdateRuleProviders(rpd map[string]constant.Rule) {
 	ruleProviders = rpd
 	if Py_IsInitialized() {
 		pyThreadState = PyEval_SaveThread()
 	}
 }
 //export resolveIPCallbackFn
 func resolveIPCallbackFn(cHost *C.char) *C.char {
 	host := C.GoString(cHost)
 	if len(host) == 0 {
 		cip := C.CString("")
 		defer C.free(unsafe.Pointer(cip))
 		return cip
 	}
 	if ip, err := resolver.ResolveIP(host); err == nil {
 		cip := C.CString(ip.String())
 		defer C.free(unsafe.Pointer(cip))
 		return cip
 	} else {
 		log.Errorln("[Script] resolve ip error: %s", err.Error())
 		cip := C.CString("")
 		defer C.free(unsafe.Pointer(cip))
 		return cip
 	}
 }
 //export geoipCallbackFn
 func geoipCallbackFn(cIP *C.char) *C.char {
 	dstIP, err := netip.ParseAddr(C.GoString(cIP))
 	if err != nil {
 		emptyC := C.CString("")
 		defer C.free(unsafe.Pointer(emptyC))
 		return emptyC
 	}
 	if dstIP.IsPrivate() ||
 		dstIP.IsUnspecified() ||
 		dstIP.IsLoopback() ||
 		dstIP.IsMulticast() ||
 		dstIP.IsLinkLocalUnicast() ||
 		resolver.IsFakeBroadcastIP(dstIP) {
 		lanC := C.CString("LAN")
 		defer C.free(unsafe.Pointer(lanC))
 		return lanC
 	}
 	record, _ := mmdb.Instance().Country(dstIP.AsSlice())
 	rc := C.CString(strings.ToUpper(record.Country.IsoCode))
 	defer C.free(unsafe.Pointer(rc))
 	return rc
 }
 //export ruleProviderCallbackFn
 func ruleProviderCallbackFn(cProviderName *C.char, cMetadata *C.struct_Metadata) C.int {
 	//_type := C.GoString(cMetadata._type)
 	//network := C.GoString(cMetadata.network)
 	processName := C.GoString(cMetadata.process_name)
 	processPath := C.GoString(cMetadata.process_path)
 	host := C.GoString(cMetadata.host)
 	srcIp := C.GoString(cMetadata.src_ip)
 	srcPort := strconv.Itoa(int(cMetadata.src_port))
 	dstIp := C.GoString(cMetadata.dst_ip)
 	dstPort := strconv.Itoa(int(cMetadata.dst_port))
 	addrType := constant.AtypDomainName
 	if h, err := netip.ParseAddr(host); err == nil {
 		if h.Is4() {
 			addrType = constant.AtypIPv4
 		} else {
 			addrType = constant.AtypIPv6
 		}
 	}
 	src, _ := netip.ParseAddr(srcIp)
 	dst, _ := netip.ParseAddr(dstIp)
 	metadata := &constant.Metadata{
 		AddrType:    addrType,
 		SrcIP:       src,
 		DstIP:       dst,
 		SrcPort:     srcPort,
 		DstPort:     dstPort,
 		Host:        host,
 		Process:     processName,
 		ProcessPath: processPath,
 	}
 	providerName := C.GoString(cProviderName)
 	rule, ok := ruleProviders[providerName]
 	if !ok {
 		log.Warnln("[Script] rule provider [%s] not found", providerName)
 		return C.int(0)
 	}
 	if strings.HasPrefix(providerName, "geosite:") {
 		if len(host) == 0 {
 			return C.int(0)
 		}
 		metadata.AddrType = constant.AtypDomainName
 	}
 	rs := rule.Match(metadata)
 	if rs {
 		return C.int(1)
 	}
 	return C.int(0)
 }
 //export logCallbackFn
 func logCallbackFn(msg *C.char) {
 	log.Infoln(C.GoString(msg))
 }
--- a/component/script/thread.go
+++ b/component/script/thread.go
@ -0,0 +1,52 @@
 package script
 /*
 #include "Python.h"
 */
 import "C"
 //PyThreadState : https://docs.python.org/3/c-api/init.html#c.PyThreadState
 type PyThreadState C.PyThreadState
 //PyGILState is an opaque “handle” to the thread state when PyGILState_Ensure() was called, and must be passed to PyGILState_Release() to ensure Python is left in the same state
 type PyGILState C.PyGILState_STATE
 //PyEval_SaveThread : https://docs.python.org/3/c-api/init.html#c.PyEval_SaveThread
 func PyEval_SaveThread() *PyThreadState {
 	return (*PyThreadState)(C.PyEval_SaveThread())
 }
 //PyEval_RestoreThread : https://docs.python.org/3/c-api/init.html#c.PyEval_RestoreThread
 func PyEval_RestoreThread(tstate *PyThreadState) {
 	C.PyEval_RestoreThread((*C.PyThreadState)(tstate))
 }
 //PyThreadState_Get : https://docs.python.org/3/c-api/init.html#c.PyThreadState_Get
 func PyThreadState_Get() *PyThreadState {
 	return (*PyThreadState)(C.PyThreadState_Get())
 }
 //PyThreadState_Swap : https://docs.python.org/3/c-api/init.html#c.PyThreadState_Swap
 func PyThreadState_Swap(tstate *PyThreadState) *PyThreadState {
 	return (*PyThreadState)(C.PyThreadState_Swap((*C.PyThreadState)(tstate)))
 }
 //PyGILState_Ensure : https://docs.python.org/3/c-api/init.html#c.PyGILState_Ensure
 func PyGILState_Ensure() PyGILState {
 	return PyGILState(C.PyGILState_Ensure())
 }
 //PyGILState_Release : https://docs.python.org/3/c-api/init.html#c.PyGILState_Release
 func PyGILState_Release(state PyGILState) {
 	C.PyGILState_Release(C.PyGILState_STATE(state))
 }
 //PyGILState_GetThisThreadState : https://docs.python.org/3/c-api/init.html#c.PyGILState_GetThisThreadState
 func PyGILState_GetThisThreadState() *PyThreadState {
 	return (*PyThreadState)(C.PyGILState_GetThisThreadState())
 }
 //PyGILState_Check : https://docs.python.org/3/c-api/init.html#c.PyGILState_Check
 func PyGILState_Check() bool {
 	return C.PyGILState_Check() == 1
 }
--- a/component/sniffer/dispatcher.go
+++ b/component/sniffer/dispatcher.go
@ -1,176 +0,0 @@
 package sniffer
 import (
 	"errors"
 	"github.com/Dreamacro/clash/constant/sniffer"
 	"net"
 	"net/netip"
 	"strconv"
 	"time"
 	"github.com/Dreamacro/clash/component/trie"
 	CN "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/common/utils"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 )
 var (
 	ErrorUnsupportedSniffer = errors.New("unsupported sniffer")
 	ErrorSniffFailed        = errors.New("all sniffer failed")
 	ErrNoClue               = errors.New("not enough information for making a decision")
 )
 var Dispatcher SnifferDispatcher
 type (
 	SnifferDispatcher struct {
 		enable bool
 		sniffers []sniffer.Sniffer
 		foreDomain *trie.DomainTrie[bool]
 		skipSNI    *trie.DomainTrie[bool]
 		portRanges *[]utils.Range[uint16]
 	}
 )
 func (sd *SnifferDispatcher) TCPSniff(conn net.Conn, metadata *C.Metadata) {
 	bufConn, ok := conn.(*CN.BufferedConn)
 	if !ok {
 		return
 	}
 	if metadata.Host == "" || sd.foreDomain.Search(metadata.Host) != nil {
 		port, err := strconv.ParseUint(metadata.DstPort, 10, 16)
 		if err != nil {
 			log.Debugln("[Sniffer] Dst port is error")
 			return
 		}
 		inWhitelist := false
 		for _, portRange := range *sd.portRanges {
 			if portRange.Contains(uint16(port)) {
 				inWhitelist = true
 				break
 			}
 		}
 		if !inWhitelist {
 			return
 		}
 		if host, err := sd.sniffDomain(bufConn, metadata); err != nil {
 			log.Debugln("[Sniffer] All sniffing sniff failed with from [%s:%s] to [%s:%s]", metadata.SrcIP, metadata.SrcPort, metadata.String(), metadata.DstPort)
 			return
 		} else {
 			if sd.skipSNI.Search(host) != nil {
 				log.Debugln("[Sniffer] Skip sni[%s]", host)
 				return
 			}
 			sd.replaceDomain(metadata, host)
 		}
 	}
 }
 func (sd *SnifferDispatcher) replaceDomain(metadata *C.Metadata, host string) {
 	log.Debugln("[Sniffer] Sniff TCP [%s:%s]-->[%s:%s] success, replace domain [%s]-->[%s]",
 		metadata.SrcIP, metadata.SrcPort,
 		metadata.DstIP, metadata.DstPort,
 		metadata.Host, host)
 	metadata.AddrType = C.AtypDomainName
 	metadata.Host = host
 	metadata.DNSMode = C.DNSMapping
 	resolver.InsertHostByIP(metadata.DstIP, host)
 }
 func (sd *SnifferDispatcher) Enable() bool {
 	return sd.enable
 }
 func (sd *SnifferDispatcher) sniffDomain(conn *CN.BufferedConn, metadata *C.Metadata) (string, error) {
 	for _, sniffer := range sd.sniffers {
 		if sniffer.SupportNetwork() == C.TCP {
 			_ = conn.SetReadDeadline(time.Now().Add(3 * time.Second))
 			_, err := conn.Peek(1)
 			_ = conn.SetReadDeadline(time.Time{})
 			if err != nil {
 				_, ok := err.(*net.OpError)
 				if ok {
 					log.Errorln("[Sniffer] [%s] may not have any sent data, Consider adding skip", metadata.DstIP.String())
 					_ = conn.Close()
 				}
 				return "", err
 			}
 			bufferedLen := conn.Buffered()
 			bytes, err := conn.Peek(bufferedLen)
 			if err != nil {
 				log.Debugln("[Sniffer] the data length not enough")
 				continue
 			}
 			host, err := sniffer.SniffTCP(bytes)
 			if err != nil {
 				//log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP)
 				continue
 			}
 			_, err = netip.ParseAddr(host)
 			if err == nil {
 				//log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP)
 				continue
 			}
 			return host, nil
 		}
 	}
 	return "", ErrorSniffFailed
 }
 func NewCloseSnifferDispatcher() (*SnifferDispatcher, error) {
 	dispatcher := SnifferDispatcher{
 		enable: false,
 	}
 	return &dispatcher, nil
 }
 func NewSnifferDispatcher(needSniffer []sniffer.Type, forceDomain *trie.DomainTrie[bool],
 	skipSNI *trie.DomainTrie[bool], ports *[]utils.Range[uint16]) (*SnifferDispatcher, error) {
 	dispatcher := SnifferDispatcher{
 		enable:     true,
 		foreDomain: forceDomain,
 		skipSNI:    skipSNI,
 		portRanges: ports,
 	}
 	for _, snifferName := range needSniffer {
 		sniffer, err := NewSniffer(snifferName)
 		if err != nil {
 			log.Errorln("Sniffer name[%s] is error", snifferName)
 			return &SnifferDispatcher{enable: false}, err
 		}
 		dispatcher.sniffers = append(dispatcher.sniffers, sniffer)
 	}
 	return &dispatcher, nil
 }
 func NewSniffer(name sniffer.Type) (sniffer.Sniffer, error) {
 	switch name {
 	case sniffer.TLS:
 		return &TLSSniffer{}, nil
 	case sniffer.HTTP:
 		return &HTTPSniffer{}, nil
 	default:
 		return nil, ErrorUnsupportedSniffer
 	}
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
yaling888	3610d3dd84	Feature: add `path` to script config script: path: ./script.star	2022-06-06 05:20:59 +08:00
yaling888	663017a775	Feature: add `match_provider` to script shortcuts	2022-06-06 04:35:52 +08:00
yaling888	05f0c1060b	Refactor: script auto load geosite as a rule provider	2022-06-06 04:28:54 +08:00
yaling888	e03f1d0565	Chore: merge branch 'with-tun' into plus-pro	2022-06-06 03:22:48 +08:00
yaling888	c1821e28d3	Refactor: load geo domain matcher	2022-06-06 03:13:10 +08:00
yaling888	763929997b	Chore: code style	2022-06-06 02:37:10 +08:00
yaling888	c8e2b30540	Chore: update build	2022-06-04 02:24:15 +08:00
yaling888	dd95d335d9	Chore: merge branch 'with-tun' into plus-pro	2022-06-04 01:35:18 +08:00
yaling888	bf9eb000d2	Chore: update dependencies	2022-06-03 23:53:58 +08:00
yaling888	0563abae13	Chore: update build	2022-06-03 23:50:30 +08:00
yaling888	3dbba5d8d2	Chore: mix the proxy adapter and interface to dns client	2022-06-03 11:27:41 +08:00
yaling888	a4d135ed21	Feature: add regexp filter to use proxy provider in proxy group	2022-06-03 05:09:43 +08:00
yaling888	af5bd0f65e	Feature: add custom request header to proxy provider `header` value is type of string array header: Accept: - 'application/vnd.github.v3.raw' Authorization: - ' token xxxxxxxxxxx' User-Agent: - 'Clash/v1.10.6' `prefix-name` add a prefix to proxy name prefix-name: 'XXX-'	2022-06-03 05:09:43 +08:00
yaling888	8ed868b0f5	Feature: add V2Ray subscription support to proxy provider	2022-06-03 05:09:42 +08:00
yaling888	e7b8c9b9db	Chore: make hadowsocks2 lib embed	2022-06-02 22:17:14 +08:00
yaling888	ea8a5409ad	Chore: merge branch 'with-tun' into plus-pro	2022-05-29 00:57:07 +08:00
yaling888	39d524dc18	Chore: update dependencies	2022-05-29 00:45:29 +08:00
yaling888	0be8fc387a	Chore: change GEO databases source	2022-05-29 00:45:13 +08:00
yaling888	985dc99b5d	Refactor: use native Win32 API to detect interface changed on Windows	2022-05-28 09:50:09 +08:00
yaling888	67905bcf7e	Feature: make wintun driver embed	2022-05-27 09:20:46 +08:00
yaling888	b37e1fb2b9	Chore: yaml bump version from v2 to v3	2022-05-27 09:08:30 +08:00
yaling888	22449da5d3	Fix: cache cleanup panic	2022-05-25 02:00:24 +08:00
yaling888	6ad2cde909	Feature: support relay Socks5 UDP supports relaying of all UDP traffic except the HTTP outbound.	2022-05-25 01:39:58 +08:00
yaling888	68cf94a866	Chore: test cases	2022-05-25 01:36:27 +08:00
Dreamacro	7f41f94fff	Fix: benchmark read bytes	2022-05-23 12:58:18 +08:00
Dreamacro	d1f0dac302	Fix: test broken on opensource repo	2022-05-23 12:30:54 +08:00
Dreamacro	afb3e00067	Chore: add benchmark r/w	2022-05-23 12:27:52 +08:00
yaling888	5b49414b49	Chore: merge branch 'with-tun' into plus-pro	2022-05-22 05:50:29 +08:00
yaling888	fe44a762c2	Chore: update dependencies	2022-05-22 05:32:36 +08:00
yaling888	ce1014eae3	Feature: support relay UDP traffic	2022-05-22 05:32:15 +08:00
Dreamacro	9a31ad6151	Chore: cleanup test go.mod	2022-05-21 17:46:34 +08:00
Dreamacro	09cc6b69e3	Chore: cleanup test code	2022-05-21 17:38:17 +08:00
yaling888	622b10d34d	Chore: adjust iptables	2022-05-21 09:35:02 +08:00
yaling888	88b5741ad8	Fix: addrToMetadata err should be nil	2022-05-21 08:19:33 +08:00
yaling888	d11d28c358	Feature: add force-cert-verify to general config force verify TLS Certificate, prevent machine-in-the-middle attacks.	2022-05-19 04:27:22 +08:00
yaling888	03499fcea6	Refactor: fetcher by generics	2022-05-19 04:27:22 +08:00
yaling888	f788411154	Refactor: use raw proxy adapter to get proxy connection by dns client	2022-05-18 20:35:59 +08:00
yaling888	3d2b4b1f3a	Refactor: get default route interface by syscall on darwin	2022-05-18 05:58:58 +08:00
yaling888	5642d9c98e	Fix: should flush interface cache by switch network	2022-05-18 04:45:19 +08:00
yaling888	7a406b991e	Fix: module clash-test	2022-05-18 04:08:35 +08:00
Dreamacro	8603ac40a1	Chore: make linter happy	2022-05-17 19:58:33 +08:00
yaling888	178c70a320	Chore: merge branch 'with-tun' into plus-pro	2022-05-16 03:01:05 +08:00
yaling888	34eeb58bfa	Chore: update dependencies	2022-05-16 02:24:05 +08:00
yaling888	3d25f16b3b	Feature: make tls sni sniffing switch config	2022-05-16 01:43:24 +08:00
yaling888	891a56fd99	Feature: apply destination IP to tracker by Direct outbound for fake-ip mode	2022-05-16 01:43:24 +08:00
yaling888	ffbdcfcbfd	Feature: add update GEO databases to rest api	2022-05-16 01:43:23 +08:00
yaling888	72b9b829e9	Fix: set mitm outbound	2022-05-16 01:43:23 +08:00
yaling888	8b3e42bf19	Refactor: tun config	2022-05-16 01:43:23 +08:00
yaling888	e92bea8401	Chore: merge branch 'ogn-dev' into with-tun	2022-05-16 01:41:02 +08:00
Kr328	b384449717	Fix: fix upgrade header detect (#2134 )	2022-05-15 09:12:53 +08:00
yaling888	53c83118bc	Chore: merge branch 'ogn-dev' into with-tun	2022-05-14 02:29:50 +08:00
Kaming Chan	da7ffc0da9	Fix: add length check for ssr auth_aes128_sha1 (#2129 )	2022-05-13 11:21:39 +08:00
yaling888	6fe19944ad	Chore: code style	2022-05-09 09:12:30 +08:00
yaling888	9f00907647	Chore: merge branch 'with-tun' into plus-pro	2022-05-09 08:11:07 +08:00
yaling888	ace84ff548	Chore: code style	2022-05-09 08:10:20 +08:00
yaling888	160e630f03	Feature: add process_path to script metadata	2022-05-09 06:13:26 +08:00
yaling888	13d19ff101	Chore: code style	2022-05-09 03:17:09 +08:00
yaling888	934babca85	Chore: merge branch 'with-tun' into plus-pro	2022-05-09 01:56:32 +08:00
yaling888	95db646b3b	Chore: code style	2022-05-09 01:22:43 +08:00
yaling888	f23d1d5d7c	Chore: make sure script module always initialized	2022-05-08 06:17:09 +08:00
yaling888	4334b45e82	Chore: merge branch 'with-tun' into plus-pro	2022-05-08 04:12:20 +08:00
yaling888	ad1e09db55	Chore: update dependencies	2022-05-08 04:08:16 +08:00
yaling888	2eb7f3ad2f	Chore: merge branch 'ogn-dev' into with-tun	2022-05-08 03:12:50 +08:00
Dreamacro	5dd94c8298	Chore: update dependencies	2022-05-07 21:08:15 +08:00
Kaming Chan	412b44a981	Fix: decode nil value in slice decoder (#2102 )	2022-05-07 11:00:58 +08:00
yaling888	9ffcc9e352	Chore: merge branch 'with-tun' into plus-pro	2022-05-07 04:17:03 +08:00
yaling888	fe69ec7d6c	Fix: patch tun configs	2022-05-07 04:14:09 +08:00
yaling888	045b67524c	Chore: delay reject	2022-05-04 19:49:04 +08:00
yaling888	392572d684	Chore: merge branch 'with-tun' into plus-pro	2022-05-01 21:09:15 +08:00
yaling888	3c07ba6b56	Chore: use absolute path to execute commands on darwin	2022-05-01 21:01:19 +08:00
littoy	8c84c8b193	Feature: patch update support tun config	2022-05-01 17:08:17 +08:00
yaling888	0321ddbb90	Chore: add build windows actions	2022-04-30 16:07:17 +08:00
yaling888	d74dd69329	Chore: merge branch 'with-tun' into plus-pro	2022-04-29 22:24:18 +08:00
yaling888	7e85d5a954	Fix: tls handshake with timeout	2022-04-29 05:15:32 +08:00
yaling888	da92601902	Fix: mitm proxy should handle none-http(s) protocol over tcp	2022-04-28 06:46:57 +08:00
yaling888	22458ad0be	Chore: mitm proxy with authenticate	2022-04-28 00:46:47 +08:00
yaling888	c8bc4386dd	Fix: actions build	2022-04-27 06:14:49 +08:00
yaling888	1e7cbd6358	Chore: merge branch 'with-tun' into plus-pro	2022-04-27 05:49:45 +08:00
yaling888	30025c0241	Fix: mitm proxy should forward websocket	2022-04-27 05:35:31 +08:00
yaling888	7c50c068f5	Fix: if http proxy Upgrade failure	2022-04-27 05:35:31 +08:00
yaling888	ca4961a146	Chore: merge branch 'ong-dev' into with-tun	2022-04-27 05:33:49 +08:00
Dreamacro	aef4dd3fe7	Fix: make log api unblocked	2022-04-26 22:36:10 +08:00
yaling888	85f14f1c63	Chore: merge branch 'ogn-dev' into tun-dev	2022-04-26 18:46:42 +08:00
Kr328	6a92c6af4e	Fix: http proxy Upgrade behavior (#2097 )	2022-04-25 19:50:20 +08:00
yaling888	7115f7e61b	Fix: wildcard certificates	2022-04-25 10:54:12 +08:00
yaling888	62bc75af8a	Chore: signature wildcard certificates	2022-04-25 05:02:24 +08:00
yaling888	d763900b14	Chore: update dependencies	2022-04-24 02:23:05 +08:00
yaling888	6acba9ab8f	Chore: increase nattable capacity	2022-04-24 02:19:23 +08:00
yaling888	ca9f3bf8a9	Chore: use generics as possible	2022-04-24 02:07:57 +08:00
yaling888	c812363090	Chore: wait for system stack to close	2022-04-22 05:37:44 +08:00
yaling888	0a2701eef0	Fix: actions build	2022-04-21 04:51:01 +08:00
yaling888	0d004bf6f3	Chore: merge branch 'with-tun' into plus-pro	2022-04-21 04:33:53 +08:00
yaling888	450c608c83	Chore: fix typos	2022-04-21 03:54:34 +08:00
yaling888	053366c3e1	Chore: merge branch 'with-tun' into plus-pro	2022-04-20 02:40:44 +08:00
yaling888	567fe74f10	Chore: update dependencies	2022-04-20 01:59:57 +08:00
yaling888	cd62daccb0	Refactor: metadata use netip.Addr	2022-04-20 01:52:51 +08:00
yaling888	29c775331a	Chore: IpToAddr	2022-04-19 17:46:13 +08:00
yaling888	33d23dad6c	Chore: remove TODO	2022-04-19 17:05:12 +08:00
yaling888	42cf42fd8b	Chore: merge branch 'ogn-dev' into tun-dev	2022-04-18 17:21:00 +08:00
Kr328	e010940b61	Improve: replace bootstrap dns (#2080 )	2022-04-16 15:31:26 +08:00
Author: littoy	46f7c5e565	Fix: only rule mode need break conn when sni update	2022-04-15 01:00:08 +08:00
yaling888	6327cf7434	Chore: adjust mitm proxy	2022-04-15 00:29:21 +08:00
Dreamacro	2c9a4d276a	Chore: add more github action cache	2022-04-14 23:37:41 +08:00
Dreamacro	4dfba73e5c	Fix: SyscallN should not use nargs	2022-04-14 23:37:19 +08:00
Dreamacro	c282d662ca	Fix: make golangci lint support multi GOOS	2022-04-13 17:51:21 +08:00
yaling888	ca76e5cf0e	Chore: fix typo	2022-04-13 16:47:47 +08:00
Anankke	b3d7594813	Chore: add `none` alias to `dummy` on ShadowsocksR (#2056 )	2022-04-13 10:06:06 +08:00
yaling888	9d72bf2a36	Chore: merge branch 'with-tun' into plus-pro	2022-04-13 06:01:22 +08:00
yaling888	a3a50f9c7b	Chore: persistence fakeip pool state	2022-04-13 05:55:08 +08:00
yaling888	abc8ed4df0	Chore: hijack traffic destined for port 80 to mitm proxy server by default	2022-04-13 05:51:24 +08:00
yaling888	643f1ae970	Chore: update dependencies	2022-04-12 22:35:21 +08:00
yaling888	21a56ea36b	Chore: adjust ipstack	2022-04-12 22:33:10 +08:00
yaling888	a98749eb16	Fix: fakeip pool cycle used	2022-04-12 21:54:54 +08:00
yaling888	571c34f140	Chore: merge branch 'with-tun' into plus-pro	2022-04-12 00:47:45 +08:00
yaling888	008ee613ab	Refactor: fakeip pool use netip.Prefix, supports ipv6 range	2022-04-12 00:31:04 +08:00
yaling888	5999b6262d	Chore: fix typos	2022-04-11 06:28:42 +08:00
yaling888	05b4a326de	Chore: merge branch 'with-tun' into plus-pro	2022-04-10 05:57:06 +08:00
yaling888	f036e06f6f	Feature: MITM rewrite	2022-04-10 03:59:27 +08:00
yaling888	5a27ebd1b3	Refactor: DomainTrie use generics	2022-04-10 00:33:33 +08:00
yaling888	a8646082a3	Refactor: queue use generics	2022-04-10 00:33:33 +08:00
yaling888	400be9a905	Refactor: cache use generics	2022-04-10 00:33:33 +08:00
yaling888	0582c608b3	Refactor: lrucache use generics	2022-04-10 00:33:33 +08:00
yaling888	92d9d03f99	Chore: move sniffing logic into a single file & code style	2022-04-10 00:05:59 +08:00
fishg	b6653dd9b5	fix: trojan fail may panic	2022-04-09 23:17:25 +08:00
yaling888	d77ef6a525	Chore: merge branch 'with-tun' into plus-pro	2022-03-30 00:18:42 +08:00
yaling888	4d9d8b28ec	Chore: merge branch 'with-tun' into plus-pro	2022-03-29 07:36:14 +08:00
yaling888	7973491625	Chore: merge branch 'with-tun' into plus-pro	2022-03-28 03:34:49 +08:00
yaling888	edbc8ed972	Chore: merge branch 'with-tun' into plus-pro	2022-03-27 15:16:57 +08:00
yaling888	bd123dddc6	Chore: merge branch 'with-tun' into plus-pro	2022-03-25 04:38:04 +08:00
yaling888	ae493f1084	Chore: merge branch 'with-tun' into plus-pro	2022-03-23 16:54:56 +08:00
yaling888	711b2bcf87	Chore: merge branch 'with-tun' into plus-pro	2022-03-22 05:56:58 +08:00
yaling888	a45354fa08	Code: refresh code & rebase branch 'with-tun'	2022-03-21 09:03:47 +08:00