chore: adjust client-fingerprint's snippet

.github/rename-cgo.sh

@@ -15,15 +15,6 @@ do
     elif [[ $FILENAME =~ "windows-4.0-amd64" ]];then
         echo "rename windows amd64 $FILENAME"
         mv $FILENAME clash.meta-windows-amd64-cgo.exe
-    elif [[ $FILENAME =~ "clash.meta-linux-arm-5" ]];then
-        echo "rename clash.meta-linux-arm-5 $FILENAME"
-        mv $FILENAME clash.meta-linux-armv5-cgo
-    elif [[ $FILENAME =~ "clash.meta-linux-arm-6" ]];then
-        echo "rename clash.meta-linux-arm-6 $FILENAME"
-        mv $FILENAME clash.meta-linux-armv6-cgo
-    elif [[ $FILENAME =~ "clash.meta-linux-arm-7" ]];then
-        echo "rename clash.meta-linux-arm-7 $FILENAME"
-        mv $FILENAME clash.meta-linux-armv7-cgo
     elif [[ $FILENAME =~ "linux" ]];then
         echo "rename linux $FILENAME"
         mv $FILENAME $FILENAME-cgo

.github/workflows/Delete.yml

@@ -1,16 +0,0 @@
-name: Delete old workflow runs
-on:
-  schedule:
-    - cron: '0 0 1 * *'
-# Run monthly, at 00:00 on the 1st day of month.
-
-jobs:
-  del_runs:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Delete workflow runs
-        uses: GitRML/delete-workflow-runs@main
-        with:
-          token: ${{ secrets.AUTH_PAT }}
-          repository: ${{ github.repository }}
-          retain_days: 30

.github/workflows/delete.yml

@@ -1,16 +0,0 @@
-name: Delete old workflow runs
-on:
-  schedule:
-    - cron: '0 0 1 * *'
-# Run monthly, at 00:00 on the 1st day of month.
-
-jobs:
-  del_runs:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Delete workflow runs
-        uses: GitRML/delete-workflow-runs@main
-        with:
-          token: ${{ secrets.AUTH_PAT }}
-          repository: ${{ github.repository }}
-          retain_days: 30

README.md

@@ -30,7 +30,8 @@
 - Comprehensive HTTP RESTful API controller
 
 ## Wiki
-Configuration examples can be found at [/docs/config.yaml](https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml), while documentation can be found [Clash.Meta Wiki](https://clash-meta.wiki).
+
+Documentation and configuring examples are available on [wiki](https://github.com/MetaCubeX/Clash.Meta/wiki) and [Clash.Meta Wiki](https://docs.metacubex.one/).
 
 ## Build
 

adapter/inbound/socket.go

@@ -42,8 +42,6 @@ func NewInner(conn net.Conn, dst string, host string) *context.ConnContext {
 		if host == "" {
 			if ip, err := netip.ParseAddr(h); err == nil {
 				metadata.DstIP = ip
-			} else {
-				metadata.Host = h
 			}
 		}
 	}

adapter/outbound/base.go

@@ -34,7 +34,12 @@ func (b *Base) Name() string {
 // Id implements C.ProxyAdapter
 func (b *Base) Id() string {
 	if b.id == "" {
-		b.id = utils.NewUUIDV6().String()
+		id, err := utils.UnsafeUUIDGenerator.NewV6()
+		if err != nil {
+			b.id = b.name
+		} else {
+			b.id = id.String()
+		}
 	}
 
 	return b.id
@@ -205,8 +210,6 @@ func NewConn(c net.Conn, a C.ProxyAdapter) C.Conn {
 type packetConn struct {
 	net.PacketConn
 	chain                   C.Chain
-	adapterName             string
-	connID                  string
 	actualRemoteDestination string
 }
 
@@ -224,13 +227,8 @@ func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
 
-func (c *packetConn) LocalAddr() net.Addr {
-	lAddr := c.PacketConn.LocalAddr()
-	return N.NewCustomAddr(c.adapterName, c.connID, lAddr) // make quic-go's connMultiplexer happy
-}
-
 func newPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
-	return &packetConn{pc, []string{a.Name()}, a.Name(), utils.NewUUIDV4().String(), parseRemoteDestination(a.Addr())}
+	return &packetConn{pc, []string{a.Name()}, parseRemoteDestination(a.Addr())}
 }
 
 func parseRemoteDestination(addr string) string {

adapter/outbound/shadowsocks.go

@@ -50,7 +50,6 @@ type ShadowSocksOption struct {
 	Plugin            string         `proxy:"plugin,omitempty"`
 	PluginOpts        map[string]any `proxy:"plugin-opts,omitempty"`
 	UDPOverTCP        bool           `proxy:"udp-over-tcp,omitempty"`
-	UDPOverTCPVersion int            `proxy:"udp-over-tcp-version,omitempty"`
 	ClientFingerprint string         `proxy:"client-fingerprint,omitempty"`
 }
 
@@ -87,14 +86,22 @@ type restlsOption struct {
 
 // StreamConn implements C.ProxyAdapter
 func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
-	// fix tls handshake not timeout
-	ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
-	defer cancel()
-	return ss.StreamConnContext(ctx, c, metadata)
+	switch ss.obfsMode {
+	case shadowtls.Mode:
+		// fix tls handshake not timeout
+		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
+		defer cancel()
+		var err error
+		c, err = shadowtls.NewShadowTLS(ctx, c, ss.shadowTLSOption)
+		if err != nil {
+			return nil, err
+		}
+
+	}
+	return ss.streamConn(c, metadata)
 }
 
-func (ss *ShadowSocks) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
-	useEarly := false
+func (ss *ShadowSocks) streamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	switch ss.obfsMode {
 	case "tls":
 		c = obfs.NewTLSObfs(c, ss.obfsOption.Host)
@@ -107,31 +114,21 @@ func (ss *ShadowSocks) StreamConnContext(ctx context.Context, c net.Conn, metada
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
 		}
-	case shadowtls.Mode:
-		var err error
-		c, err = shadowtls.NewShadowTLS(ctx, c, ss.shadowTLSOption)
-		if err != nil {
-			return nil, err
-		}
-		useEarly = true
 	case restls.Mode:
 		var err error
-		c, err = restls.NewRestls(ctx, c, ss.restlsConfig)
+		c, err = restls.NewRestls(c, ss.restlsConfig)
 		if err != nil {
 			return nil, fmt.Errorf("%s (restls) connect error: %w", ss.addr, err)
 		}
-		useEarly = true
 	}
-	useEarly = useEarly || N.NeedHandshake(c)
 	if metadata.NetWork == C.UDP && ss.option.UDPOverTCP {
-		uotDestination := uot.RequestDestination(uint8(ss.option.UDPOverTCPVersion))
-		if useEarly {
-			return ss.method.DialEarlyConn(c, uotDestination), nil
+		if N.NeedHandshake(c) {
+			return ss.method.DialEarlyConn(c, M.ParseSocksaddr(uot.UOTMagicAddress+":443")), nil
 		} else {
-			return ss.method.DialConn(c, uotDestination)
+			return ss.method.DialConn(c, M.ParseSocksaddr(uot.UOTMagicAddress+":443"))
 		}
 	}
-	if useEarly {
+	if N.NeedHandshake(c) {
 		return ss.method.DialEarlyConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
 	} else {
 		return ss.method.DialConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
@@ -155,7 +152,15 @@ func (ss *ShadowSocks) DialContextWithDialer(ctx context.Context, dialer C.Diale
 		safeConnClose(c, err)
 	}(c)
 
-	c, err = ss.StreamConnContext(ctx, c, metadata)
+	switch ss.obfsMode {
+	case shadowtls.Mode:
+		c, err = shadowtls.NewShadowTLS(ctx, c, ss.shadowTLSOption)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	c, err = ss.streamConn(c, metadata)
 	return NewConn(c, ss), err
 }
 
@@ -171,12 +176,7 @@ func (ss *ShadowSocks) ListenPacketWithDialer(ctx context.Context, dialer C.Dial
 		if err != nil {
 			return nil, err
 		}
-		destination := M.ParseSocksaddr(metadata.RemoteAddress())
-		if ss.option.UDPOverTCPVersion == 1 {
-			return newPacketConn(uot.NewConn(tcpConn, uot.Request{Destination: destination}), ss), nil
-		} else {
-			return newPacketConn(uot.NewLazyConn(tcpConn, uot.Request{Destination: destination}), ss), nil
-		}
+		return newPacketConn(uot.NewClientConn(tcpConn), ss), nil
 	}
 	addr, err := resolveUDPAddrWithPrefer(ctx, "udp", ss.addr, ss.prefer)
 	if err != nil {
@@ -199,12 +199,7 @@ func (ss *ShadowSocks) SupportWithDialer() bool {
 // ListenPacketOnStreamConn implements C.ProxyAdapter
 func (ss *ShadowSocks) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	if ss.option.UDPOverTCP {
-		destination := M.ParseSocksaddr(metadata.RemoteAddress())
-		if ss.option.UDPOverTCPVersion == uot.LegacyVersion {
-			return newPacketConn(uot.NewConn(c, uot.Request{Destination: destination}), ss), nil
-		} else {
-			return newPacketConn(uot.NewLazyConn(c, uot.Request{Destination: destination}), ss), nil
-		}
+		return newPacketConn(uot.NewClientConn(c), ss), nil
 	}
 	return nil, errors.New("no support")
 }
@@ -291,13 +286,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 		}
 
 	}
-	switch option.UDPOverTCPVersion {
-	case uot.Version, uot.LegacyVersion:
-	case 0:
-		option.UDPOverTCPVersion = uot.Version
-	default:
-		return nil, fmt.Errorf("ss %s unknown udp over tcp protocol version: %d", addr, option.UDPOverTCPVersion)
-	}
 
 	return &ShadowSocks{
 		Base: &Base{

adapter/outbound/tuic.go

@@ -42,17 +42,16 @@ type TuicOption struct {
 	DisableSni            bool     `proxy:"disable-sni,omitempty"`
 	MaxUdpRelayPacketSize int      `proxy:"max-udp-relay-packet-size,omitempty"`
 
-	FastOpen             bool   `proxy:"fast-open,omitempty"`
-	MaxOpenStreams       int    `proxy:"max-open-streams,omitempty"`
-	SkipCertVerify       bool   `proxy:"skip-cert-verify,omitempty"`
-	Fingerprint          string `proxy:"fingerprint,omitempty"`
-	CustomCA             string `proxy:"ca,omitempty"`
-	CustomCAString       string `proxy:"ca-str,omitempty"`
-	ReceiveWindowConn    int    `proxy:"recv-window-conn,omitempty"`
-	ReceiveWindow        int    `proxy:"recv-window,omitempty"`
-	DisableMTUDiscovery  bool   `proxy:"disable-mtu-discovery,omitempty"`
-	MaxDatagramFrameSize int    `proxy:"max-datagram-frame-size,omitempty"`
-	SNI                  string `proxy:"sni,omitempty"`
+	FastOpen            bool   `proxy:"fast-open,omitempty"`
+	MaxOpenStreams      int    `proxy:"max-open-streams,omitempty"`
+	SkipCertVerify      bool   `proxy:"skip-cert-verify,omitempty"`
+	Fingerprint         string `proxy:"fingerprint,omitempty"`
+	CustomCA            string `proxy:"ca,omitempty"`
+	CustomCAString      string `proxy:"ca-str,omitempty"`
+	ReceiveWindowConn   int    `proxy:"recv-window-conn,omitempty"`
+	ReceiveWindow       int    `proxy:"recv-window,omitempty"`
+	DisableMTUDiscovery bool   `proxy:"disable-mtu-discovery,omitempty"`
+	SNI                 string `proxy:"sni,omitempty"`
 }
 
 // DialContext implements C.ProxyAdapter
@@ -176,15 +175,6 @@ func NewTuic(option TuicOption) (*Tuic, error) {
 		option.MaxOpenStreams = 100
 	}
 
-	if option.MaxDatagramFrameSize == 0 {
-		option.MaxDatagramFrameSize = option.MaxUdpRelayPacketSize + tuic.PacketOverHead
-	}
-
-	if option.MaxDatagramFrameSize > 1400 {
-		option.MaxDatagramFrameSize = 1400
-	}
-	option.MaxUdpRelayPacketSize = option.MaxDatagramFrameSize - tuic.PacketOverHead
-
 	// ensure server's incoming stream can handle correctly, increase to 1.1x
 	quicMaxOpenStreams := int64(option.MaxOpenStreams)
 	quicMaxOpenStreams = quicMaxOpenStreams + int64(math.Ceil(float64(quicMaxOpenStreams)/10.0))
@@ -197,7 +187,6 @@ func NewTuic(option TuicOption) (*Tuic, error) {
 		MaxIncomingUniStreams:          quicMaxOpenStreams,
 		KeepAlivePeriod:                time.Duration(option.HeartbeatInterval) * time.Millisecond,
 		DisablePathMTUDiscovery:        option.DisableMTUDiscovery,
-		MaxDatagramFrameSize:           int64(option.MaxDatagramFrameSize),
 		EnableDatagrams:                true,
 	}
 	if option.ReceiveWindowConn == 0 {

adapter/parser.go

@@ -23,7 +23,12 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 	)
 	switch proxyType {
 	case "ss":
-		ssOption := &outbound.ShadowSocksOption{ClientFingerprint: tlsC.GetGlobalFingerprint()}
+		ssOption := &outbound.ShadowSocksOption{}
+
+		if GlobalUtlsClient := tlsC.GetGlobalFingerprint(); len(GlobalUtlsClient) != 0 {
+			ssOption.ClientFingerprint = GlobalUtlsClient
+		}
+
 		err = decoder.Decode(mapping, ssOption)
 		if err != nil {
 			break
@@ -56,7 +61,10 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 				Method: "GET",
 				Path:   []string{"/"},
 			},
-			ClientFingerprint: tlsC.GetGlobalFingerprint(),
+		}
+
+		if GlobalUtlsClient := tlsC.GetGlobalFingerprint(); len(GlobalUtlsClient) != 0 {
+			vmessOption.ClientFingerprint = GlobalUtlsClient
 		}
 
 		err = decoder.Decode(mapping, vmessOption)
@@ -65,7 +73,12 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		}
 		proxy, err = outbound.NewVmess(*vmessOption)
 	case "vless":
-		vlessOption := &outbound.VlessOption{ClientFingerprint: tlsC.GetGlobalFingerprint()}
+		vlessOption := &outbound.VlessOption{}
+
+		if GlobalUtlsClient := tlsC.GetGlobalFingerprint(); len(GlobalUtlsClient) != 0 {
+			vlessOption.ClientFingerprint = GlobalUtlsClient
+		}
+
 		err = decoder.Decode(mapping, vlessOption)
 		if err != nil {
 			break
@@ -79,7 +92,12 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		}
 		proxy, err = outbound.NewSnell(*snellOption)
 	case "trojan":
-		trojanOption := &outbound.TrojanOption{ClientFingerprint: tlsC.GetGlobalFingerprint()}
+		trojanOption := &outbound.TrojanOption{}
+
+		if GlobalUtlsClient := tlsC.GetGlobalFingerprint(); len(GlobalUtlsClient) != 0 {
+			trojanOption.ClientFingerprint = GlobalUtlsClient
+		}
+
 		err = decoder.Decode(mapping, trojanOption)
 		if err != nil {
 			break

adapter/provider/healthcheck.go

@@ -34,15 +34,16 @@ type HealthCheck struct {
 
 func (hc *HealthCheck) process() {
 	ticker := time.NewTicker(time.Duration(hc.interval) * time.Second)
+
+	go func() {
+		time.Sleep(30 * time.Second)
+		hc.lazyCheck()
+	}()
+
 	for {
 		select {
 		case <-ticker.C:
-			now := time.Now().Unix()
-			if !hc.lazy || now-hc.lastTouch.Load() < int64(hc.interval) {
-				hc.check()
-			} else {
-				log.Debugln("Skip once health check because we are lazy")
-			}
+			hc.lazyCheck()
 		case <-hc.done:
 			ticker.Stop()
 			return
@@ -50,6 +51,17 @@ func (hc *HealthCheck) process() {
 	}
 }
 
+func (hc *HealthCheck) lazyCheck() bool {
+	now := time.Now().Unix()
+	if !hc.lazy || now-hc.lastTouch.Load() < int64(hc.interval) {
+		hc.check()
+		return true
+	} else {
+		log.Debugln("Skip once health check because we are lazy")
+		return false
+	}
+}
+
 func (hc *HealthCheck) setProxy(proxies []C.Proxy) {
 	hc.proxies = proxies
 }
@@ -64,7 +76,10 @@ func (hc *HealthCheck) touch() {
 
 func (hc *HealthCheck) check() {
 	_, _, _ = hc.singleDo.Do(func() (struct{}, error) {
-		id := utils.NewUUIDV4().String()
+		id := ""
+		if uid, err := utils.UnsafeUUIDGenerator.NewV4(); err == nil {
+			id = uid.String()
+		}
 		log.Debugln("Start New Health Checking {%s}", id)
 		b, _ := batch.New[bool](context.Background(), batch.WithConcurrencyNum[bool](10))
 		for _, proxy := range hc.proxies {

adapter/provider/provider.go

@@ -80,7 +80,6 @@ func (pp *proxySetProvider) Initial() error {
 		return err
 	}
 	pp.OnUpdate(elm)
-	pp.getSubscriptionInfo()
 	return nil
 }
 
@@ -100,7 +99,7 @@ func (pp *proxySetProvider) setProxies(proxies []C.Proxy) {
 	pp.proxies = proxies
 	pp.healthCheck.setProxy(proxies)
 	if pp.healthCheck.auto() {
-		go pp.healthCheck.check()
+		defer func() { go pp.healthCheck.lazyCheck() }()
 	}
 }
 
@@ -173,6 +172,8 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, exc
 
 	fetcher := resource.NewFetcher[[]C.Proxy](name, interval, vehicle, proxiesParseAndFilter(filter, excludeFilter, excludeTypeArray, filterRegs, excludeFilterReg), proxiesOnUpdate(pd))
 	pd.Fetcher = fetcher
+
+	pd.getSubscriptionInfo()
 	wrapper := &ProxySetProvider{pd}
 	runtime.SetFinalizer(wrapper, stopProxyProvider)
 	return wrapper, nil

common/convert/util.go

@@ -294,7 +294,8 @@ var (
 )
 
 func RandHost() string {
-	base := strings.ToLower(base64.RawURLEncoding.EncodeToString(utils.NewUUIDV4().Bytes()))
+	id, _ := utils.UnsafeUUIDGenerator.NewV4()
+	base := strings.ToLower(base64.RawURLEncoding.EncodeToString(id.Bytes()))
 	base = strings.ReplaceAll(base, "-", "")
 	base = strings.ReplaceAll(base, "_", "")
 	buf := []byte(base)

common/convert/v.go

@@ -27,7 +27,7 @@ func handleVShareLink(names map[string]int, url *url.URL, scheme string, proxy m
 	proxy["skip-cert-verify"] = false
 	proxy["tls"] = false
 	tls := strings.ToLower(query.Get("security"))
-	if strings.HasSuffix(tls, "tls") || tls == "reality" {
+	if strings.HasSuffix(tls, "tls") {
 		proxy["tls"] = true
 		if fingerprint := query.Get("fp"); fingerprint == "" {
 			proxy["client-fingerprint"] = "chrome"
@@ -38,12 +38,6 @@ func handleVShareLink(names map[string]int, url *url.URL, scheme string, proxy m
 	if sni := query.Get("sni"); sni != "" {
 		proxy["servername"] = sni
 	}
-	if realityPublicKey := query.Get("pbk"); realityPublicKey != "" {
-		proxy["reality-opts"] = map[string]any{
-			"public-key": realityPublicKey,
-			"short-id":   query.Get("sid"),
-		}
-	}
 
 	switch query.Get("packetEncoding") {
 	case "none":

common/net/addr.go

@@ -1,36 +0,0 @@
-package net
-
-import (
-	"net"
-)
-
-type CustomAddr interface {
-	net.Addr
-	RawAddr() net.Addr
-}
-
-type customAddr struct {
-	networkStr string
-	addrStr    string
-	rawAddr    net.Addr
-}
-
-func (a customAddr) Network() string {
-	return a.networkStr
-}
-
-func (a customAddr) String() string {
-	return a.addrStr
-}
-
-func (a customAddr) RawAddr() net.Addr {
-	return a.rawAddr
-}
-
-func NewCustomAddr(networkStr string, addrStr string, rawAddr net.Addr) CustomAddr {
-	return customAddr{
-		networkStr: networkStr,
-		addrStr:    addrStr,
-		rawAddr:    rawAddr,
-	}
-}

common/utils/uuid.go

@@ -13,39 +13,11 @@ func (r fastRandReader) Read(p []byte) (int, error) {
 
 var UnsafeUUIDGenerator = uuid.NewGenWithOptions(uuid.WithRandomReader(fastRandReader{}))
 
-func NewUUIDV1() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV1() // fastrand.Read wouldn't cause error, so ignore err is safe
-	return u
-}
-
-func NewUUIDV3(ns uuid.UUID, name string) uuid.UUID {
-	return UnsafeUUIDGenerator.NewV3(ns, name)
-}
-
-func NewUUIDV4() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV4() // fastrand.Read wouldn't cause error, so ignore err is safe
-	return u
-}
-
-func NewUUIDV5(ns uuid.UUID, name string) uuid.UUID {
-	return UnsafeUUIDGenerator.NewV5(ns, name)
-}
-
-func NewUUIDV6() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV6() // fastrand.Read wouldn't cause error, so ignore err is safe
-	return u
-}
-
-func NewUUIDV7() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV7() // fastrand.Read wouldn't cause error, so ignore err is safe
-	return u
-}
-
 // UUIDMap https://github.com/XTLS/Xray-core/issues/158#issue-783294090
 func UUIDMap(str string) (uuid.UUID, error) {
 	u, err := uuid.FromString(str)
 	if err != nil {
-		return NewUUIDV5(uuid.Nil, str), nil
+		return UnsafeUUIDGenerator.NewV5(uuid.Nil, str), nil
 	}
 	return u, nil
 }

component/geodata/geodata.go

@@ -1,10 +1,13 @@
 package geodata
 
 import (
+	"errors"
 	"fmt"
+	C "github.com/Dreamacro/clash/constant"
+	"strings"
 
 	"github.com/Dreamacro/clash/component/geodata/router"
-	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/log"
 )
 
 type loader struct {
@@ -12,7 +15,47 @@ type loader struct {
 }
 
 func (l *loader) LoadGeoSite(list string) ([]*router.Domain, error) {
-	return l.LoadSiteByPath(C.GeositeName, list)
+	return l.LoadGeoSiteWithAttr(C.GeositeName, list)
+}
+
+func (l *loader) LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*router.Domain, error) {
+	parts := strings.Split(siteWithAttr, "@")
+	if len(parts) == 0 {
+		return nil, errors.New("empty rule")
+	}
+	list := strings.TrimSpace(parts[0])
+	attrVal := parts[1:]
+
+	if len(list) == 0 {
+		return nil, fmt.Errorf("empty listname in rule: %s", siteWithAttr)
+	}
+
+	domains, err := l.LoadSiteByPath(file, list)
+	if err != nil {
+		return nil, err
+	}
+
+	attrs := parseAttrs(attrVal)
+	if attrs.IsEmpty() {
+		if strings.Contains(siteWithAttr, "@") {
+			log.Warnln("empty attribute list: %s", siteWithAttr)
+		}
+		return domains, nil
+	}
+
+	filteredDomains := make([]*router.Domain, 0, len(domains))
+	hasAttrMatched := false
+	for _, domain := range domains {
+		if attrs.Match(domain) {
+			hasAttrMatched = true
+			filteredDomains = append(filteredDomains, domain)
+		}
+	}
+	if !hasAttrMatched {
+		log.Warnln("attribute match no rule: geosite: %s", siteWithAttr)
+	}
+
+	return filteredDomains, nil
 }
 
 func (l *loader) LoadGeoIP(country string) ([]*router.CIDR, error) {

component/geodata/geodataproto.go

@@ -14,5 +14,6 @@ type LoaderImplementation interface {
 type Loader interface {
 	LoaderImplementation
 	LoadGeoSite(list string) ([]*router.Domain, error)
+	LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*router.Domain, error)
 	LoadGeoIP(country string) ([]*router.CIDR, error)
 }

component/geodata/memconservative/cache.go

@@ -118,7 +118,7 @@ func (g GeoSiteCache) Unmarshal(filename, code string) (*router.GeoSite, error)
 
 	case errFailedToReadBytes, errFailedToReadExpectedLenBytes,
 		errInvalidGeodataFile, errInvalidGeodataVarintLength:
-		log.Warnln("failed to decode geosite file: %s%s", filename, ", fallback to the original ReadFile method")
+		log.Warnln("failed to decode geoip file: %s%s", filename, ", fallback to the original ReadFile method")
 		geositeBytes, err = os.ReadFile(asset)
 		if err != nil {
 			return nil, err

component/geodata/utils.go

@@ -1,14 +1,9 @@
 package geodata
 
 import (
-	"errors"
 	"fmt"
-	"golang.org/x/sync/singleflight"
-	"strings"
-
 	"github.com/Dreamacro/clash/component/geodata/router"
 	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/log"
 )
 
 var geoLoaderName = "memconservative"
@@ -39,8 +34,6 @@ func Verify(name string) error {
 	}
 }
 
-var loadGeoSiteMatcherSF = singleflight.Group{}
-
 func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error) {
 	if len(countryCode) == 0 {
 		return nil, 0, fmt.Errorf("country code could not be empty")
@@ -51,52 +44,15 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 		not = true
 		countryCode = countryCode[1:]
 	}
-	countryCode = strings.ToLower(countryCode)
 
-	parts := strings.Split(countryCode, "@")
-	if len(parts) == 0 {
-		return nil, 0, errors.New("empty rule")
-	}
-	listName := strings.TrimSpace(parts[0])
-	attrVal := parts[1:]
-
-	if len(listName) == 0 {
-		return nil, 0, fmt.Errorf("empty listname in rule: %s", countryCode)
-	}
-
-	v, err, shared := loadGeoSiteMatcherSF.Do(listName, func() (interface{}, error) {
-		geoLoader, err := GetGeoDataLoader(geoLoaderName)
-		if err != nil {
-			return nil, err
-		}
-		return geoLoader.LoadGeoSite(listName)
-	})
+	geoLoader, err := GetGeoDataLoader(geoLoaderName)
 	if err != nil {
-		if !shared {
-			loadGeoSiteMatcherSF.Forget(listName) // don't store the error result
-		}
 		return nil, 0, err
 	}
-	domains := v.([]*router.Domain)
 
-	attrs := parseAttrs(attrVal)
-	if attrs.IsEmpty() {
-		if strings.Contains(countryCode, "@") {
-			log.Warnln("empty attribute list: %s", countryCode)
-		}
-	} else {
-		filteredDomains := make([]*router.Domain, 0, len(domains))
-		hasAttrMatched := false
-		for _, domain := range domains {
-			if attrs.Match(domain) {
-				hasAttrMatched = true
-				filteredDomains = append(filteredDomains, domain)
-			}
-		}
-		if !hasAttrMatched {
-			log.Warnln("attribute match no rule: geosite: %s", countryCode)
-		}
-		domains = filteredDomains
+	domains, err := geoLoader.LoadGeoSite(countryCode)
+	if err != nil {
+		return nil, 0, err
 	}
 
 	/**
@@ -112,34 +68,25 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 	return matcher, len(domains), nil
 }
 
-var loadGeoIPMatcherSF = singleflight.Group{}
-
 func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
 	if len(country) == 0 {
 		return nil, 0, fmt.Errorf("country code could not be empty")
 	}
+	geoLoader, err := GetGeoDataLoader(geoLoaderName)
+	if err != nil {
+		return nil, 0, err
+	}
 
 	not := false
 	if country[0] == '!' {
 		not = true
 		country = country[1:]
 	}
-	country = strings.ToLower(country)
 
-	v, err, shared := loadGeoIPMatcherSF.Do(country, func() (interface{}, error) {
-		geoLoader, err := GetGeoDataLoader(geoLoaderName)
-		if err != nil {
-			return nil, err
-		}
-		return geoLoader.LoadGeoIP(country)
-	})
+	records, err := geoLoader.LoadGeoIP(country)
 	if err != nil {
-		if !shared {
-			loadGeoIPMatcherSF.Forget(country) // don't store the error result
-		}
 		return nil, 0, err
 	}
-	records := v.([]*router.CIDR)
 
 	geoIP := &router.GeoIP{
 		CountryCode:  country,
@@ -151,10 +98,6 @@ func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
 	if err != nil {
 		return nil, 0, err
 	}
+
 	return matcher, len(records), nil
 }
-
-func ClearCache() {
-	loadGeoSiteMatcherSF = singleflight.Group{}
-	loadGeoIPMatcherSF = singleflight.Group{}
-}

component/http/http.go

@@ -2,15 +2,14 @@ package http
 
 import (
 	"context"
+	"github.com/Dreamacro/clash/component/tls"
+	"github.com/Dreamacro/clash/listener/inner"
 	"io"
 	"net"
 	"net/http"
 	URL "net/url"
 	"strings"
 	"time"
-
-	"github.com/Dreamacro/clash/component/tls"
-	"github.com/Dreamacro/clash/listener/inner"
 )
 
 const (
@@ -53,7 +52,7 @@ func HttpRequest(ctx context.Context, url, method string, header map[string][]st
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {
-			conn := inner.HandleTcp(address, "")
+			conn := inner.HandleTcp(address, urlRes.Hostname())
 			return conn, nil
 		},
 		TLSClientConfig: tls.GetDefaultTLSConfig(),

component/tls/config.go

@@ -14,7 +14,7 @@ import (
 	xtls "github.com/xtls/go"
 )
 
-var trustCerts []*x509.Certificate
+var trustCert, _ = x509.SystemCertPool()
 
 var mutex sync.RWMutex
 var errNotMacth error = errors.New("certificate fingerprints do not match")
@@ -25,28 +25,16 @@ func AddCertificate(certificate string) error {
 	if certificate == "" {
 		return fmt.Errorf("certificate is empty")
 	}
-	if cert, err := x509.ParseCertificate([]byte(certificate)); err == nil {
-		trustCerts = append(trustCerts, cert)
-		return nil
-	} else {
+	if ok := trustCert.AppendCertsFromPEM([]byte(certificate)); !ok {
 		return fmt.Errorf("add certificate failed")
 	}
+	return nil
 }
 
 func ResetCertificate() {
 	mutex.Lock()
 	defer mutex.Unlock()
-	trustCerts = nil
-}
-
-func getCertPool() *x509.CertPool {
-	certPool, err := x509.SystemCertPool()
-	if err == nil {
-		for _, cert := range trustCerts {
-			certPool.AddCert(cert)
-		}
-	}
-	return certPool
+	trustCert, _ = x509.SystemCertPool()
 }
 
 func verifyFingerprint(fingerprint *[32]byte) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
@@ -96,13 +84,12 @@ func GetSpecifiedFingerprintTLSConfig(tlsConfig *tls.Config, fingerprint string)
 }
 
 func GetGlobalTLSConfig(tlsConfig *tls.Config) *tls.Config {
-	certPool := getCertPool()
 	if tlsConfig == nil {
 		return &tls.Config{
-			RootCAs: certPool,
+			RootCAs: trustCert,
 		}
 	}
-	tlsConfig.RootCAs = certPool
+	tlsConfig.RootCAs = trustCert
 	return tlsConfig
 }
 
@@ -119,13 +106,12 @@ func GetSpecifiedFingerprintXTLSConfig(tlsConfig *xtls.Config, fingerprint strin
 }
 
 func GetGlobalXTLSConfig(tlsConfig *xtls.Config) *xtls.Config {
-	certPool := getCertPool()
 	if tlsConfig == nil {
 		return &xtls.Config{
-			RootCAs: certPool,
+			RootCAs: trustCert,
 		}
 	}
 
-	tlsConfig.RootCAs = certPool
+	tlsConfig.RootCAs = trustCert
 	return tlsConfig
 }

component/tls/reality.go

@@ -44,6 +44,7 @@ func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string
 		}
 		uConfig := &utls.Config{
 			ServerName:             tlsConfig.ServerName,
+			NextProtos:             tlsConfig.NextProtos,
 			InsecureSkipVerify:     true,
 			SessionTicketsDisabled: true,
 			VerifyPeerCertificate:  verifier.VerifyPeerCertificate,
@@ -61,16 +62,20 @@ func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string
 		}
 
 		hello := uConn.HandshakeState.Hello
-		for i := range hello.SessionId { // https://github.com/golang/go/issues/5373
-			hello.SessionId[i] = 0
-		}
+		hello.SessionId = make([]byte, 32)
 		copy(hello.Raw[39:], hello.SessionId)
 
-		binary.BigEndian.PutUint64(hello.SessionId, uint64(time.Now().Unix()))
+		var nowTime time.Time
+		if uConfig.Time != nil {
+			nowTime = uConfig.Time()
+		} else {
+			nowTime = time.Now()
+		}
+		binary.BigEndian.PutUint64(hello.SessionId, uint64(nowTime.Unix()))
 
 		hello.SessionId[0] = 1
-		hello.SessionId[1] = 8
-		hello.SessionId[2] = 0
+		hello.SessionId[1] = 7
+		hello.SessionId[2] = 5
 		copy(hello.SessionId[8:], realityConfig.ShortID[:])
 
 		//log.Debugln("REALITY hello.sessionId[:16]: %v", hello.SessionId[:16])
@@ -125,7 +130,7 @@ func realityClientFallback(uConn net.Conn, serverName string, fingerprint utls.C
 		return
 	}
 	//_, _ = io.Copy(io.Discard, response.Body)
-	time.Sleep(time.Duration(5+fastrand.Int63n(10)) * time.Second)
+	time.Sleep(time.Duration(5 + fastrand.Int63n(10)))
 	response.Body.Close()
 	client.CloseIdleConnections()
 }

component/tls/utls.go

@@ -45,13 +45,8 @@ func GetFingerprint(ClientFingerprint string) (UClientHelloID, bool) {
 	}
 
 	fingerprint, ok := Fingerprints[ClientFingerprint]
-	if ok {
-		log.Debugln("use specified fingerprint:%s", fingerprint.Client)
-		return fingerprint, ok
-	} else {
-		log.Warnln("wrong ClientFingerprint:%s", ClientFingerprint)
-		return UClientHelloID{}, false
-	}
+	log.Debugln("use specified fingerprint:%s", fingerprint.Client)
+	return fingerprint, ok
 }
 
 func RollFingerprint() (UClientHelloID, bool) {
@@ -94,6 +89,7 @@ func copyConfig(c *tls.Config) *utls.Config {
 	return &utls.Config{
 		RootCAs:               c.RootCAs,
 		ServerName:            c.ServerName,
+		NextProtos:            c.NextProtos,
 		InsecureSkipVerify:    c.InsecureSkipVerify,
 		VerifyPeerCertificate: c.VerifyPeerCertificate,
 	}
@@ -132,7 +128,10 @@ func SetGlobalUtlsClient(Client string) {
 }
 
 func HaveGlobalFingerprint() bool {
-	return len(initUtlsClient) != 0 && initUtlsClient != "none"
+	if len(initUtlsClient) != 0 && initUtlsClient != "none" {
+		return true
+	}
+	return false
 }
 
 func GetGlobalFingerprint() string {

config/config.go

@@ -218,7 +218,6 @@ type RawTun struct {
 	ExcludePackage         []string          `yaml:"exclude-package" json:"exclude_package,omitempty"`
 	EndpointIndependentNat bool              `yaml:"endpoint-independent-nat" json:"endpoint_independent_nat,omitempty"`
 	UDPTimeout             int64             `yaml:"udp-timeout" json:"udp_timeout,omitempty"`
-	FileDescriptor         int               `yaml:"file-descriptor" json:"file-descriptor"`
 }
 
 type RawTuicServer struct {
@@ -452,6 +451,7 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 		tlsC.SetGlobalUtlsClient(config.General.GlobalClientFingerprint)
 	}
 
+	dialer.DefaultInterface.Store(config.General.Interface)
 	proxies, providers, err := parseProxies(rawCfg)
 	if err != nil {
 		return nil, err
@@ -989,27 +989,30 @@ func parseNameServerPolicy(nsPolicy map[string]any, preferH3 bool) (map[string][
 	re := regexp.MustCompile(`[a-zA-Z0-9\-]+\.[a-zA-Z]{2,}(\.[a-zA-Z]{2,})?`)
 
 	for k, v := range nsPolicy {
-		if strings.Contains(k, ",") {
-			if strings.Contains(k, "geosite:") {
-				subkeys := strings.Split(k, ":")
-				subkeys = subkeys[1:]
-				subkeys = strings.Split(subkeys[0], ",")
-				for _, subkey := range subkeys {
-					newKey := "geosite:" + subkey
-					updatedPolicy[newKey] = v
-				}
-			} else if re.MatchString(k) {
-				subkeys := strings.Split(k, ",")
-				for _, subkey := range subkeys {
-					updatedPolicy[subkey] = v
-				}
+		if strings.Contains(k, "geosite:") {
+			subkeys := strings.Split(k, ":")
+			subkeys = subkeys[1:]
+			subkeys = strings.Split(subkeys[0], ",")
+			//log.Infoln("subkeys:%+v", subkeys)
+			for _, subkey := range subkeys {
+				newKey := "geosite:" + subkey
+				//log.Infoln("newKey:%+v", newKey)
+				updatedPolicy[newKey] = v
+			}
+		} else if re.MatchString(k) {
+			subkeys := strings.Split(k, ",")
+			//log.Infoln("subkeys:%+v", subkeys)
+			for _, subkey := range subkeys {
+				updatedPolicy[subkey] = v
 			}
 		} else {
 			updatedPolicy[k] = v
 		}
 	}
+	//log.Infoln("updatedPolicy:%+v", updatedPolicy)
 
 	for domain, server := range updatedPolicy {
+
 		servers, err := utils.ToStringSlice(server)
 		if err != nil {
 			return nil, err
@@ -1240,7 +1243,6 @@ func parseTun(rawTun RawTun, general *General) error {
 		ExcludePackage:         rawTun.ExcludePackage,
 		EndpointIndependentNat: rawTun.EndpointIndependentNat,
 		UDPTimeout:             rawTun.UDPTimeout,
-		FileDescriptor:         rawTun.FileDescriptor,
 	}
 
 	return nil

config/updateGeo.go

@@ -63,8 +63,6 @@ func UpdateGeoDatabases() error {
 		return fmt.Errorf("can't save GeoSite database file: %w", err)
 	}
 
-	geodata.ClearCache()
-
 	return nil
 }
 

context/conn.go

@@ -17,8 +17,10 @@ type ConnContext struct {
 }
 
 func NewConnContext(conn net.Conn, metadata *C.Metadata) *ConnContext {
+	id, _ := utils.UnsafeUUIDGenerator.NewV4()
+
 	return &ConnContext{
-		id:       utils.NewUUIDV4(),
+		id:       id,
 		metadata: metadata,
 		conn:     N.NewBufferedConn(conn),
 	}

context/dns.go

@@ -23,10 +23,11 @@ type DNSContext struct {
 }
 
 func NewDNSContext(ctx context.Context, msg *dns.Msg) *DNSContext {
+	id, _ := utils.UnsafeUUIDGenerator.NewV4()
 	return &DNSContext{
 		Context: ctx,
 
-		id:  utils.NewUUIDV4(),
+		id:  id,
 		msg: msg,
 	}
 }

context/packetconn.go

@@ -16,8 +16,9 @@ type PacketConnContext struct {
 }
 
 func NewPacketConnContext(metadata *C.Metadata) *PacketConnContext {
+	id, _ := utils.UnsafeUUIDGenerator.NewV4()
 	return &PacketConnContext{
-		id:       utils.NewUUIDV4(),
+		id:       id,
 		metadata: metadata,
 	}
 }

dns/filters.go

@@ -29,10 +29,29 @@ func (gf *geoipFilter) Match(ip netip.Addr) bool {
 	}
 
 	if geoIPMatcher == nil {
-		var err error
-		geoIPMatcher, _, err = geodata.LoadGeoIPMatcher("CN")
+		countryCode := "cn"
+		geoLoader, err := geodata.GetGeoDataLoader(geodata.LoaderName())
 		if err != nil {
-			log.Errorln("[GeoIPFilter] LoadGeoIPMatcher error: %s", err.Error())
+			log.Errorln("[GeoIPFilter] GetGeoDataLoader error: %s", err.Error())
+			return false
+		}
+
+		records, err := geoLoader.LoadGeoIP(countryCode)
+		if err != nil {
+			log.Errorln("[GeoIPFilter] LoadGeoIP error: %s", err.Error())
+			return false
+		}
+
+		geoIP := &router.GeoIP{
+			CountryCode:  countryCode,
+			Cidr:         records,
+			ReverseMatch: false,
+		}
+
+		geoIPMatcher, err = router.NewGeoIPMatcher(geoIP)
+
+		if err != nil {
+			log.Errorln("[GeoIPFilter] NewGeoIPMatcher error: %s", err.Error())
 			return false
 		}
 	}
@@ -73,10 +92,6 @@ type geoSiteFilter struct {
 }
 
 func NewGeoSite(group string) (fallbackDomainFilter, error) {
-	if err := geodata.InitGeoSite(); err != nil {
-		log.Errorln("can't initial GeoSite: %s", err)
-		return nil, err
-	}
 	matcher, _, err := geodata.LoadGeoSiteMatcher(group)
 	if err != nil {
 		return nil, err

dns/resolver.go

@@ -516,7 +516,7 @@ func NewProxyServerHostResolver(old *Resolver) *Resolver {
 		main:        old.proxyServer,
 		lruCache:    old.lruCache,
 		hosts:       old.hosts,
-		policy:      trie.New[*Policy](),
+		policy:      old.policy,
 		ipv6Timeout: old.ipv6Timeout,
 	}
 	return r

flake.nix

@@ -28,7 +28,7 @@
             inherit version;
             src = ./.;
 
-            vendorSha256 = "sha256-W5oiPtTRin0731QQWr98xZ2Vpk97HYcBtKoi1OKZz+w=";
+            vendorSha256 = "sha256-8cbcE9gKJjU14DNTLPc6nneEPZg7Akt+FlSDlPRvG5k=";
 
             # Do not build testing suit
             excludedPackages = [ "./test" ];

go.mod

@@ -3,7 +3,6 @@ module github.com/Dreamacro/clash
 go 1.19
 
 require (
-	github.com/3andne/restls-client-go v0.1.4
 	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da
 	github.com/cilium/ebpf v0.9.3
 	github.com/coreos/go-iptables v0.6.0
@@ -19,39 +18,40 @@ require (
 	github.com/jpillora/backoff v1.0.0
 	github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40
 	github.com/mdlayher/netlink v1.7.2-0.20221213171556-9881fafed8c7
-	github.com/metacubex/quic-go v0.33.3-0.20230322045857-901b636b4594
+	github.com/metacubex/quic-go v0.33.1
 	github.com/metacubex/sing-shadowsocks v0.1.1-0.20230226153717-4e80da7e6947
-	github.com/metacubex/sing-tun v0.1.3-0.20230323115055-7935ba0ac8b3
+	github.com/metacubex/sing-tun v0.1.1-0.20230304153753-5058534177f3
 	github.com/metacubex/sing-wireguard v0.0.0-20230310035749-f7595fcae5cb
-	github.com/miekg/dns v1.1.52
+	github.com/miekg/dns v1.1.50
 	github.com/mroth/weightedrand/v2 v2.0.0
 	github.com/oschwald/geoip2-golang v1.8.0
 	github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97
-	github.com/sagernet/sing v0.2.1-0.20230323071235-f8038854d286
+	github.com/sagernet/sing v0.1.8
 	github.com/sagernet/sing-shadowtls v0.1.0
-	github.com/sagernet/sing-vmess v0.1.3
-	github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9
+	github.com/sagernet/sing-vmess v0.1.3-0.20230307060529-d110e81a50bc
+	github.com/sagernet/tfo-go v0.0.0-20230207095944-549363a7327d
 	github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2
 	github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c
 	github.com/samber/lo v1.37.0
 	github.com/sirupsen/logrus v1.9.0
-	github.com/stretchr/testify v1.8.2
+	github.com/stretchr/testify v1.8.1
 	github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837
 	github.com/zhangyunhao116/fastrand v0.3.0
 	go.etcd.io/bbolt v1.3.6
 	go.uber.org/atomic v1.10.0
 	go.uber.org/automaxprocs v1.5.1
-	golang.org/x/crypto v0.7.0
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29
-	golang.org/x/net v0.8.0
+	golang.org/x/crypto v0.6.0
+	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db
+	golang.org/x/net v0.7.0
 	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.6.0
+	golang.org/x/sys v0.5.0
 	google.golang.org/protobuf v1.28.2-0.20230118093459-a9481185b34d
 	gopkg.in/yaml.v3 v3.0.1
 	lukechampine.com/blake3 v1.1.7
 )
 
 require (
+	github.com/3andne/restls-client-go v0.1.4
 	github.com/ajg/form v1.5.1 // indirect
 	github.com/andybalholm/brotli v1.0.5 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -65,7 +65,7 @@ require (
 	github.com/klauspost/compress v1.15.15 // indirect
 	github.com/klauspost/cpuid/v2 v2.0.12 // indirect
 	github.com/mdlayher/socket v0.4.0 // indirect
-	github.com/metacubex/gvisor v0.0.0-20230323114922-412956fb6a03 // indirect
+	github.com/metacubex/gvisor v0.0.0-20230304153416-e2bb9c726005 // indirect
 	github.com/onsi/ginkgo/v2 v2.2.0 // indirect
 	github.com/oschwald/maxminddb-golang v1.10.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -75,10 +75,10 @@ require (
 	github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 // indirect
 	github.com/u-root/uio v0.0.0-20221213070652-c3537552635f // indirect
 	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/mod v0.7.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/tools v0.5.0 // indirect
 )
 
 replace go.uber.org/atomic v1.10.0 => github.com/metacubex/uber-atomic v0.0.0-20230202125923-feb10b770370

go.sum

@@ -89,20 +89,20 @@ github.com/mdlayher/raw v0.0.0-20190606142536-fef19f00fc18/go.mod h1:7EpbotpCmVZ
 github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
 github.com/mdlayher/socket v0.4.0 h1:280wsy40IC9M9q1uPGcLBwXpcTQDtoGwVt+BNoITxIw=
 github.com/mdlayher/socket v0.4.0/go.mod h1:xxFqz5GRCUN3UEOm9CZqEJsAbe1C8OwSK46NlmWuVoc=
-github.com/metacubex/gvisor v0.0.0-20230323114922-412956fb6a03 h1:gREIdurac9fpyBMBRPPMF/Sk3gKfPfdNCa4GQyR9FoA=
-github.com/metacubex/gvisor v0.0.0-20230323114922-412956fb6a03/go.mod h1:wqEuzdImyqD2MCGE8CYRJXbB77oSEJeoSSXXdwKjnsE=
-github.com/metacubex/quic-go v0.33.3-0.20230322045857-901b636b4594 h1:KD96JPdTIayTGGgRl6PuVqo2Bpo6+x3LqDDyqrYDDXw=
-github.com/metacubex/quic-go v0.33.3-0.20230322045857-901b636b4594/go.mod h1:9nOiGX6kqV3+ZbkDKdTNzdFD726QQHPH6WDb36jUSpA=
+github.com/metacubex/gvisor v0.0.0-20230304153416-e2bb9c726005 h1:0TEvReK/D6YLszjGj/bdx4d7amQSjQ2X/98r4ZiUbxU=
+github.com/metacubex/gvisor v0.0.0-20230304153416-e2bb9c726005/go.mod h1:wqEuzdImyqD2MCGE8CYRJXbB77oSEJeoSSXXdwKjnsE=
+github.com/metacubex/quic-go v0.33.1 h1:ZIxZFGivpSLOEZuuNkLy+aPvo1RP4uRBjNg3SAkXwIg=
+github.com/metacubex/quic-go v0.33.1/go.mod h1:9nOiGX6kqV3+ZbkDKdTNzdFD726QQHPH6WDb36jUSpA=
 github.com/metacubex/sing-shadowsocks v0.1.1-0.20230226153717-4e80da7e6947 h1:NnjC2+aIiyzzvFlo+C2WzBOJdsp+HAtu18FZomqYhUE=
 github.com/metacubex/sing-shadowsocks v0.1.1-0.20230226153717-4e80da7e6947/go.mod h1:U2gwhxzqgbhKCgn2B4z3t0Cj0LpMWFl/02BGCoG421w=
-github.com/metacubex/sing-tun v0.1.3-0.20230323115055-7935ba0ac8b3 h1:LnKcLs0HI0HX4xH/2XerX+1BLXS1Uj6Xvzn20xFuCOk=
-github.com/metacubex/sing-tun v0.1.3-0.20230323115055-7935ba0ac8b3/go.mod h1:0i22nk0tgkQz/N96hrhPib1O/C5AjxSnco7Mwi2YSF0=
+github.com/metacubex/sing-tun v0.1.1-0.20230304153753-5058534177f3 h1:oQLThm1a8E7hHmoM9XF2cO0FZPsHVynC4YXW4b3liUI=
+github.com/metacubex/sing-tun v0.1.1-0.20230304153753-5058534177f3/go.mod h1:b/19bRRhwampNPV+1gVDyDsQHmuGDaplxPQkwJh1kj4=
 github.com/metacubex/sing-wireguard v0.0.0-20230310035749-f7595fcae5cb h1:uhvzbtOvyg2c1k1H2EeVPuPvTEjDHCq4+U0AljG40P8=
 github.com/metacubex/sing-wireguard v0.0.0-20230310035749-f7595fcae5cb/go.mod h1:7mPG9qYln+CLKBcDt7Dk4c7b3S53VzEfexMVPe6T6FM=
 github.com/metacubex/uber-atomic v0.0.0-20230202125923-feb10b770370 h1:UkViS4DCESAUEYgbIEQdD02hyMacFt6Dny+1MOJtNIo=
 github.com/metacubex/uber-atomic v0.0.0-20230202125923-feb10b770370/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-github.com/miekg/dns v1.1.52 h1:Bmlc/qsNNULOe6bpXcUTsuOajd0DzRHwup6D9k1An0c=
-github.com/miekg/dns v1.1.52/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
+github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mroth/weightedrand/v2 v2.0.0 h1:ADehnByWbliEDIazDAKFdBHoqgHSXAkgyKqM/9YsPoo=
 github.com/mroth/weightedrand/v2 v2.0.0/go.mod h1:f2faGsfOGOwc1p94wzHKKZyTpcJUW7OJ/9U4yfiNAOU=
 github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI=
@@ -127,14 +127,14 @@ github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61/go.mod h
 github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE=
 github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
-github.com/sagernet/sing v0.2.1-0.20230323071235-f8038854d286 h1:0Td2b5l1KgrdlOnbRWgFFWsyb0TLoq/tP6j9Lut4JN0=
-github.com/sagernet/sing v0.2.1-0.20230323071235-f8038854d286/go.mod h1:9uHswk2hITw8leDbiLS/xn0t9nzBcbePxzm9PJhwdlw=
+github.com/sagernet/sing v0.1.8 h1:6DKo2FkSHn0nUcjO7bAext/ai7y7pCusK/+fScBJ5Jk=
+github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
 github.com/sagernet/sing-shadowtls v0.1.0 h1:05MYce8aR5xfKIn+y7xRFsdKhKt44QZTSEQW+lG5IWQ=
 github.com/sagernet/sing-shadowtls v0.1.0/go.mod h1:Kn1VUIprdkwCgkS6SXYaLmIpKzQbqBIKJBMY+RvBhYc=
-github.com/sagernet/sing-vmess v0.1.3 h1:q/+tsF46dvvapL6CpQBgPHJ6nQrDUZqEtLHCbsjO7iM=
-github.com/sagernet/sing-vmess v0.1.3/go.mod h1:GVXqAHwe9U21uS+Voh4YBIrADQyE4F9v0ayGSixSQAE=
-github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9 h1:2ItpW1nMNkPzmBTxV0/eClCklHrFSQMnUGcpUmJxVeE=
-github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9/go.mod h1:FUyTEc5ye5NjKnDTDMuiLF2M6T4BE6y6KZuax//UCEg=
+github.com/sagernet/sing-vmess v0.1.3-0.20230307060529-d110e81a50bc h1:vqlYWupvVDRpvv2F+RtECJN+VbuKjLtmQculQvOecls=
+github.com/sagernet/sing-vmess v0.1.3-0.20230307060529-d110e81a50bc/go.mod h1:V14iffGwhZPU2S7wgIiPlLWXygSjAXazYzD1w0ejBl4=
+github.com/sagernet/tfo-go v0.0.0-20230207095944-549363a7327d h1:trP/l6ZPWvQ/5Gv99Z7/t/v8iYy06akDMejxW1sznUk=
+github.com/sagernet/tfo-go v0.0.0-20230207095944-549363a7327d/go.mod h1:jk6Ii8Y3En+j2KQDLgdgQGwb3M6y7EL567jFnGYhN9g=
 github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 h1:kDUqhc9Vsk5HJuhfIATJ8oQwBmpOZJuozQG7Vk88lL4=
 github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2/go.mod h1:JKQMZq/O2qnZjdrt+B57olmfgEmLtY9iiSIEYtWvoSM=
 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo=
@@ -153,8 +153,8 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/u-root/uio v0.0.0-20221213070652-c3537552635f h1:dpx1PHxYqAnXzbryJrWP1NQLzEjwcVgFLhkknuFQ7ww=
 github.com/u-root/uio v0.0.0-20221213070652-c3537552635f/go.mod h1:IogEAUBXDEwX7oR/BMmCctShYs80ql4hF0ySdzGxf7E=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
@@ -171,15 +171,15 @@ go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190419010253-1f3472d942ba/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -191,8 +191,9 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
@@ -214,18 +215,21 @@ golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -233,8 +237,9 @@ golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4=
+golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

hub/executor/executor.go

@@ -75,38 +75,24 @@ func ParseWithBytes(buf []byte) (*config.Config, error) {
 func ApplyConfig(cfg *config.Config, force bool) {
 	mux.Lock()
 	defer mux.Unlock()
-
-	tunnel.OnSuspend()
-
-	CTLS.ResetCertificate()
-	for _, c := range cfg.TLS.CustomTrustCert {
-		if err := CTLS.AddCertificate(c); err != nil {
-			log.Warnln("%s\nadd error: %s", c, err.Error())
-		}
-	}
-
+	preUpdateExperimental(cfg)
 	updateUsers(cfg.Users)
 	updateProxies(cfg.Proxies, cfg.Providers)
 	updateRules(cfg.Rules, cfg.SubRules, cfg.RuleProviders)
 	updateSniffer(cfg.Sniffer)
 	updateHosts(cfg.Hosts)
 	updateGeneral(cfg.General)
+	initInnerTcp()
 	updateDNS(cfg.DNS, cfg.General.IPv6)
+	loadProxyProvider(cfg.Providers)
+	updateProfile(cfg)
+	loadRuleProvider(cfg.RuleProviders)
 	updateListeners(cfg.General, cfg.Listeners, force)
 	updateIPTables(cfg)
 	updateTun(cfg.General)
 	updateExperimental(cfg)
 	updateTunnels(cfg.Tunnels)
 
-	tunnel.OnInnerLoading()
-
-	initInnerTcp()
-	loadProxyProvider(cfg.Providers)
-	updateProfile(cfg)
-	loadRuleProvider(cfg.RuleProviders)
-
-	tunnel.OnRunning()
-
 	log.SetLevel(cfg.General.LogLevel)
 }
 
@@ -158,6 +144,10 @@ func updateListeners(general *config.General, listeners map[string]C.InboundList
 		return
 	}
 
+	if general.Interface == "" && (!general.Tun.Enable || !general.Tun.AutoDetectInterface) {
+		dialer.DefaultInterface.Store(general.Interface)
+	}
+
 	allowLan := general.AllowLan
 	listener.SetAllowLan(allowLan)
 
@@ -178,6 +168,15 @@ func updateExperimental(c *config.Config) {
 	runtime.GC()
 }
 
+func preUpdateExperimental(c *config.Config) {
+	CTLS.ResetCertificate()
+	for _, c := range c.TLS.CustomTrustCert {
+		if err := CTLS.AddCertificate(c); err != nil {
+			log.Warnln("%s\nadd error: %s", c, err.Error())
+		}
+	}
+}
+
 func updateDNS(c *config.DNS, generalIPv6 bool) {
 	if !c.Enable {
 		resolver.DefaultResolver = nil
@@ -343,8 +342,17 @@ func updateGeneral(general *config.General) {
 	inbound.SetTfo(general.InboundTfo)
 
 	adapter.UnifiedDelay.Store(general.UnifiedDelay)
+	// Avoid reload configuration clean the value, causing traffic loops
+	if listener.GetTunConf().Enable && listener.GetTunConf().AutoDetectInterface {
+		// changed only when the name is specified
+		// if name is empty, setting delay until after tun loaded
+		if general.Interface != "" && (!general.Tun.Enable || !general.Tun.AutoDetectInterface) {
+			dialer.DefaultInterface.Store(general.Interface)
+		}
+	} else {
+		dialer.DefaultInterface.Store(general.Interface)
+	}
 
-	dialer.DefaultInterface.Store(general.Interface)
 	dialer.DefaultRoutingMark.Store(int32(general.RoutingMark))
 	if general.RoutingMark > 0 {
 		log.Infoln("Use routing mark: %#x", general.RoutingMark)

hub/route/configs.go

@@ -80,7 +80,6 @@ type tunSchema struct {
 	ExcludePackage         *[]string          `yaml:"exclude-package" json:"exclude-package,omitempty"`
 	EndpointIndependentNat *bool              `yaml:"endpoint-independent-nat" json:"endpoint-independent-nat,omitempty"`
 	UDPTimeout             *int64             `yaml:"udp-timeout" json:"udp-timeout,omitempty"`
-	FileDescriptor         *int               `yaml:"file-descriptor" json:"file-descriptor"`
 }
 
 type tuicServerSchema struct {
@@ -170,9 +169,6 @@ func pointerOrDefaultTun(p *tunSchema, def LC.Tun) LC.Tun {
 		if p.UDPTimeout != nil {
 			def.UDPTimeout = *p.UDPTimeout
 		}
-		if p.FileDescriptor != nil {
-			def.FileDescriptor = *p.FileDescriptor
-		}
 	}
 	return def
 }

hub/route/restart.go

@@ -1,62 +0,0 @@
-package route
-
-import (
-	"fmt"
-	"net/http"
-	"os"
-	"os/exec"
-	"runtime"
-	"syscall"
-
-	"github.com/Dreamacro/clash/log"
-
-	"github.com/go-chi/chi/v5"
-	"github.com/go-chi/render"
-)
-
-func restartRouter() http.Handler {
-	r := chi.NewRouter()
-	r.Post("/", restart)
-	return r
-}
-
-func restart(w http.ResponseWriter, r *http.Request) {
-	// modify from https://github.com/AdguardTeam/AdGuardHome/blob/595484e0b3fb4c457f9bb727a6b94faa78a66c5f/internal/home/controlupdate.go#L108
-	execPath, err := os.Executable()
-	if err != nil {
-		render.Status(r, http.StatusInternalServerError)
-		render.JSON(w, r, newError(fmt.Sprintf("getting path: %s", err)))
-		return
-	}
-
-	render.JSON(w, r, render.M{"status": "ok"})
-	if f, ok := w.(http.Flusher); ok {
-		f.Flush()
-	}
-
-	// modify from https://github.com/AdguardTeam/AdGuardHome/blob/595484e0b3fb4c457f9bb727a6b94faa78a66c5f/internal/home/controlupdate.go#L180
-	// The background context is used because the underlying functions wrap it
-	// with timeout and shut down the server, which handles current request.  It
-	// also should be done in a separate goroutine for the same reason.
-	go func() {
-		if runtime.GOOS == "windows" {
-			cmd := exec.Command(execPath, os.Args[1:]...)
-			log.Infoln("restarting: %q %q", execPath, os.Args[1:])
-			cmd.Stdin = os.Stdin
-			cmd.Stdout = os.Stdout
-			cmd.Stderr = os.Stderr
-			err = cmd.Start()
-			if err != nil {
-				log.Fatalln("restarting: %s", err)
-			}
-
-			os.Exit(0)
-		}
-
-		log.Infoln("restarting: %q %q", execPath, os.Args[1:])
-		err = syscall.Exec(execPath, os.Args, os.Environ())
-		if err != nil {
-			log.Fatalln("restarting: %s", err)
-		}
-	}()
-}

hub/route/server.go

@@ -86,9 +86,6 @@ func Start(addr string, tlsAddr string, secret string,
 		r.Mount("/providers/rules", ruleProviderRouter())
 		r.Mount("/cache", cacheRouter())
 		r.Mount("/dns", dnsRouter())
-		r.Mount("/restart", restartRouter())
-		r.Mount("/upgrade", upgradeRouter())
-
 	})
 
 	if uiPath != "" {

hub/route/upgrade.go

@@ -1,28 +0,0 @@
-package route
-
-import (
-	"net/http"
-
-	"github.com/Dreamacro/clash/hub/updater"
-	"github.com/Dreamacro/clash/log"
-
-	"github.com/go-chi/chi/v5"
-)
-
-func upgradeRouter() http.Handler {
-	r := chi.NewRouter()
-	r.Post("/", upgrade)
-	return r
-}
-
-func upgrade(w http.ResponseWriter, r *http.Request) {
-	// modify from https://github.com/AdguardTeam/AdGuardHome/blob/595484e0b3fb4c457f9bb727a6b94faa78a66c5f/internal/home/controlupdate.go#L108
-	log.Infoln("start update")
-	err := updater.Update()
-	if err != nil {
-		log.Errorln("err:%s", err)
-		return
-	}
-
-	restart(w, r)
-}

hub/updater/limitedreader.go

@@ -1,67 +0,0 @@
-package updater
-
-import (
-	"fmt"
-	"io"
-
-	"golang.org/x/exp/constraints"
-)
-
-// LimitReachedError records the limit and the operation that caused it.
-type LimitReachedError struct {
-	Limit int64
-}
-
-// Error implements the [error] interface for *LimitReachedError.
-//
-// TODO(a.garipov): Think about error string format.
-func (lre *LimitReachedError) Error() string {
-	return fmt.Sprintf("attempted to read more than %d bytes", lre.Limit)
-}
-
-// limitedReader is a wrapper for [io.Reader] limiting the input and dealing
-// with errors package.
-type limitedReader struct {
-	r     io.Reader
-	limit int64
-	n     int64
-}
-
-// Read implements the [io.Reader] interface.
-func (lr *limitedReader) Read(p []byte) (n int, err error) {
-	if lr.n == 0 {
-		return 0, &LimitReachedError{
-			Limit: lr.limit,
-		}
-	}
-
-	p = p[:Min(lr.n, int64(len(p)))]
-
-	n, err = lr.r.Read(p)
-	lr.n -= int64(n)
-
-	return n, err
-}
-
-// LimitReader wraps Reader to make it's Reader stop with ErrLimitReached after
-// n bytes read.
-func LimitReader(r io.Reader, n int64) (limited io.Reader, err error) {
-	if n < 0 {
-		return nil, &updateError{Message: "limit must be non-negative"}
-	}
-
-	return &limitedReader{
-		r:     r,
-		limit: n,
-		n:     n,
-	}, nil
-}
-
-// Min returns the smaller of x or y.
-func Min[T constraints.Integer | ~string](x, y T) (res T) {
-	if x < y {
-		return x
-	}
-
-	return y
-}

hub/updater/updater.go

@@ -1,475 +0,0 @@
-package updater
-
-import (
-	"archive/zip"
-	"compress/gzip"
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"os"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"sync"
-	"time"
-
-	clashHttp "github.com/Dreamacro/clash/component/http"
-	"github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/log"
-)
-
-// modify from https://github.com/AdguardTeam/AdGuardHome/blob/595484e0b3fb4c457f9bb727a6b94faa78a66c5f/internal/updater/updater.go
-// Updater is the Clash.Meta updater.
-var (
-	goarch string
-	goos   string
-	goarm  string
-	gomips string
-
-	workDir string
-
-	// mu protects all fields below.
-	mu sync.RWMutex
-
-	currentExeName string // 当前可执行文件
-	updateDir      string // 更新目录
-	packageName    string // 更新压缩文件
-	backupDir      string // 备份目录
-	backupExeName  string // 备份文件名
-	updateExeName  string // 更新后的可执行文件
-
-	baseURL       string = "https://github.com/MetaCubeX/Clash.Meta/releases/download/Prerelease-Alpha/clash.meta"
-	versionURL    string = "https://github.com/MetaCubeX/Clash.Meta/releases/download/Prerelease-Alpha/version.txt"
-	packageURL    string
-	latestVersion string
-)
-
-type updateError struct {
-	Message string
-}
-
-func (e *updateError) Error() string {
-	return fmt.Sprintf("error: %s", e.Message)
-}
-
-// Update performs the auto-updater.  It returns an error if the updater failed.
-// If firstRun is true, it assumes the configuration file doesn't exist.
-func Update() (err error) {
-	mu.Lock()
-	defer mu.Unlock()
-
-	goos = runtime.GOOS
-	goarch = runtime.GOARCH
-	latestVersion, err = getLatestVersion()
-	if err != nil {
-		err := &updateError{Message: err.Error()}
-		return err
-	}
-
-	log.Infoln("current version alpha-%s, latest version alpha-%s", constant.Version, latestVersion)
-
-	if latestVersion == constant.Version {
-		err := &updateError{Message: "Already using latest version"}
-		return err
-	}
-
-	updateDownloadURL()
-
-	defer func() {
-		if err != nil {
-			log.Errorln("updater: failed: %v", err)
-		} else {
-			log.Infoln("updater: finished")
-		}
-	}()
-
-	execPath, err := os.Executable()
-	if err != nil {
-		return fmt.Errorf("getting executable path: %w", err)
-	}
-
-	workDir = filepath.Dir(execPath)
-
-	err = prepare(execPath)
-	if err != nil {
-		return fmt.Errorf("preparing: %w", err)
-	}
-
-	defer clean()
-
-	err = downloadPackageFile()
-	if err != nil {
-		return fmt.Errorf("downloading package file: %w", err)
-	}
-
-	err = unpack()
-	if err != nil {
-		return fmt.Errorf("unpacking: %w", err)
-	}
-
-	err = backup()
-	if err != nil {
-		return fmt.Errorf("replacing: %w", err)
-	}
-
-	err = replace()
-	if err != nil {
-		return fmt.Errorf("replacing: %w", err)
-	}
-
-	return nil
-}
-
-// prepare fills all necessary fields in Updater object.
-func prepare(exePath string) (err error) {
-	updateDir = filepath.Join(workDir, "meta-update")
-	currentExeName = exePath
-	_, pkgNameOnly := filepath.Split(packageURL)
-	if pkgNameOnly == "" {
-		return fmt.Errorf("invalid PackageURL: %q", packageURL)
-	}
-
-	packageName = filepath.Join(updateDir, pkgNameOnly)
-	//log.Infoln(packageName)
-	backupDir = filepath.Join(workDir, "meta-backup")
-
-	if goos == "windows" {
-		updateExeName = "clash.meta" + "-" + goos + "-" + goarch + ".exe"
-	} else {
-		updateExeName = "clash.meta" + "-" + goos + "-" + goarch
-	}
-
-	log.Infoln("updateExeName: %s ", updateExeName)
-
-	backupExeName = filepath.Join(backupDir, filepath.Base(exePath))
-	updateExeName = filepath.Join(updateDir, updateExeName)
-
-	log.Infoln(
-		"updater: updating using url: %s",
-		packageURL,
-	)
-
-	currentExeName = exePath
-	_, err = os.Stat(currentExeName)
-	if err != nil {
-		return fmt.Errorf("checking %q: %w", currentExeName, err)
-	}
-
-	return nil
-}
-
-// unpack extracts the files from the downloaded archive.
-func unpack() error {
-	var err error
-	_, pkgNameOnly := filepath.Split(packageURL)
-
-	log.Debugln("updater: unpacking package")
-	if strings.HasSuffix(pkgNameOnly, ".zip") {
-		_, err = zipFileUnpack(packageName, updateDir)
-		if err != nil {
-			return fmt.Errorf(".zip unpack failed: %w", err)
-		}
-
-	} else if strings.HasSuffix(pkgNameOnly, ".gz") {
-		_, err = gzFileUnpack(packageName, updateDir)
-		if err != nil {
-			return fmt.Errorf(".gz unpack failed: %w", err)
-		}
-
-	} else {
-		return fmt.Errorf("unknown package extension")
-	}
-
-	return nil
-}
-
-// backup makes a backup of the current configuration and supporting files.  It
-// ignores the configuration file if firstRun is true.
-func backup() (err error) {
-	log.Infoln("updater: backing up current Exefile")
-	_ = os.Mkdir(backupDir, 0o755)
-
-	err = copyFile(currentExeName, backupExeName)
-	if err != nil {
-		return fmt.Errorf("copySupportingFiles(%s, %s) failed: %w", currentExeName, backupExeName, err)
-	}
-
-	return nil
-}
-
-// replace moves the current executable with the updated one and also copies the
-// supporting files.
-func replace() error {
-	var err error
-
-	// log.Infoln("updater: renaming: %s to %s", currentExeName, backupExeName)
-	// err := os.Rename(currentExeName, backupExeName)
-	// if err != nil {
-	// 	return err
-	// }
-
-	if goos == "windows" {
-		// rename fails with "File in use" error
-		log.Infoln("copying: %s to %s", updateExeName, currentExeName)
-		err = copyFile(updateExeName, currentExeName)
-	} else {
-		log.Infoln("copying: %s to %s", updateExeName, currentExeName)
-		err = os.Rename(updateExeName, currentExeName)
-	}
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// clean removes the temporary directory itself and all it's contents.
-func clean() {
-	_ = os.RemoveAll(updateDir)
-}
-
-// MaxPackageFileSize is a maximum package file length in bytes. The largest
-// package whose size is limited by this constant currently has the size of
-// approximately 9 MiB.
-const MaxPackageFileSize = 32 * 1024 * 1024
-
-// Download package file and save it to disk
-func downloadPackageFile() (err error) {
-	// var resp *http.Response
-	// resp, err = client.Get(packageURL)
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*90)
-	defer cancel()
-	resp, err := clashHttp.HttpRequest(ctx, packageURL, http.MethodGet, http.Header{"User-Agent": {"clash"}}, nil)
-	if err != nil {
-		return fmt.Errorf("http request failed: %w", err)
-	}
-
-	defer func() {
-		closeErr := resp.Body.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-
-	var r io.Reader
-	r, err = LimitReader(resp.Body, MaxPackageFileSize)
-	if err != nil {
-		return fmt.Errorf("http request failed: %w", err)
-	}
-
-	log.Debugln("updater: reading http body")
-	// This use of ReadAll is now safe, because we limited body's Reader.
-	body, err := io.ReadAll(r)
-	if err != nil {
-		return fmt.Errorf("io.ReadAll() failed: %w", err)
-	}
-
-	log.Debugln("updateDir %s", updateDir)
-	err = os.Mkdir(updateDir, 0o755)
-	if err != nil {
-		return fmt.Errorf("mkdir error: %w", err)
-	}
-
-	log.Debugln("updater: saving package to file %s", packageName)
-	err = os.WriteFile(packageName, body, 0o644)
-	if err != nil {
-		return fmt.Errorf("os.WriteFile() failed: %w", err)
-	}
-	return nil
-}
-
-// Unpack a single .gz file to the specified directory
-// Existing files are overwritten
-// All files are created inside outDir, subdirectories are not created
-// Return the output file name
-func gzFileUnpack(gzfile, outDir string) (string, error) {
-	f, err := os.Open(gzfile)
-	if err != nil {
-		return "", fmt.Errorf("os.Open(): %w", err)
-	}
-
-	defer func() {
-		closeErr := f.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-
-	gzReader, err := gzip.NewReader(f)
-	if err != nil {
-		return "", fmt.Errorf("gzip.NewReader(): %w", err)
-	}
-
-	defer func() {
-		closeErr := gzReader.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-	// Get the original file name from the .gz file header
-	originalName := gzReader.Header.Name
-	if originalName == "" {
-		// Fallback: remove the .gz extension from the input file name if the header doesn't provide the original name
-		originalName = filepath.Base(gzfile)
-		originalName = strings.TrimSuffix(originalName, ".gz")
-	}
-
-	outputName := filepath.Join(outDir, originalName)
-
-	// Create the output file
-	wc, err := os.OpenFile(
-		outputName,
-		os.O_WRONLY|os.O_CREATE|os.O_TRUNC,
-		0o755,
-	)
-	if err != nil {
-		return "", fmt.Errorf("os.OpenFile(%s): %w", outputName, err)
-	}
-
-	defer func() {
-		closeErr := wc.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-
-	// Copy the contents of the gzReader to the output file
-	_, err = io.Copy(wc, gzReader)
-	if err != nil {
-		return "", fmt.Errorf("io.Copy(): %w", err)
-	}
-
-	return outputName, nil
-}
-
-// Unpack a single file from .zip file to the specified directory
-// Existing files are overwritten
-// All files are created inside 'outDir', subdirectories are not created
-// Return the output file name
-func zipFileUnpack(zipfile, outDir string) (string, error) {
-	zrc, err := zip.OpenReader(zipfile)
-	if err != nil {
-		return "", fmt.Errorf("zip.OpenReader(): %w", err)
-	}
-
-	defer func() {
-		closeErr := zrc.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-	if len(zrc.File) == 0 {
-		return "", fmt.Errorf("no files in the zip archive")
-	}
-
-	// Assuming the first file in the zip archive is the target file
-	zf := zrc.File[0]
-	var rc io.ReadCloser
-	rc, err = zf.Open()
-	if err != nil {
-		return "", fmt.Errorf("zip file Open(): %w", err)
-	}
-
-	defer func() {
-		closeErr := rc.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-	fi := zf.FileInfo()
-	name := fi.Name()
-	outputName := filepath.Join(outDir, name)
-
-	if fi.IsDir() {
-		return "", fmt.Errorf("the target file is a directory")
-	}
-
-	var wc io.WriteCloser
-	wc, err = os.OpenFile(outputName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, fi.Mode())
-	if err != nil {
-		return "", fmt.Errorf("os.OpenFile(): %w", err)
-	}
-
-	defer func() {
-		closeErr := wc.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-	_, err = io.Copy(wc, rc)
-	if err != nil {
-		return "", fmt.Errorf("io.Copy(): %w", err)
-	}
-
-	return outputName, nil
-}
-
-// Copy file on disk
-func copyFile(src, dst string) error {
-	d, e := os.ReadFile(src)
-	if e != nil {
-		return e
-	}
-	e = os.WriteFile(dst, d, 0o644)
-	if e != nil {
-		return e
-	}
-	return nil
-}
-
-func getLatestVersion() (version string, err error) {
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
-	defer cancel()
-	resp, err := clashHttp.HttpRequest(ctx, versionURL, http.MethodGet, http.Header{"User-Agent": {"clash"}}, nil)
-	if err != nil {
-		return "", fmt.Errorf("get Latest Version fail: %w", err)
-	}
-	defer func() {
-		closeErr := resp.Body.Close()
-		if closeErr != nil && err == nil {
-			err = closeErr
-		}
-	}()
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return "", fmt.Errorf("get Latest Version fail: %w", err)
-	}
-	content := strings.TrimRight(string(body), "\n")
-	return content, nil
-}
-
-func updateDownloadURL() {
-	var middle string
-
-	if goarch == "arm" && goarm != "" {
-		middle = fmt.Sprintf("-%s-%sv%s-%s", goos, goarch, goarm, latestVersion)
-	} else if isMIPS(goarch) && gomips != "" {
-		middle = fmt.Sprintf("-%s-%s-%s-%s", goos, goarch, gomips, latestVersion)
-	} else {
-		middle = fmt.Sprintf("-%s-%s-%s", goos, goarch, latestVersion)
-	}
-
-	if goos == "windows" {
-		middle += ".zip"
-	} else {
-		middle += ".gz"
-	}
-	packageURL = baseURL + middle
-	//log.Infoln(packageURL)
-}
-
-// isMIPS returns true if arch is any MIPS architecture.
-func isMIPS(arch string) (ok bool) {
-	switch arch {
-	case
-		"mips",
-		"mips64",
-		"mips64le",
-		"mipsle":
-		return true
-	default:
-		return false
-	}
-}

listener/config/shadowsocks.go

@@ -9,7 +9,6 @@ type ShadowsocksServer struct {
 	Listen   string
 	Password string
 	Cipher   string
-	Udp      bool
 }
 
 func (t ShadowsocksServer) String() string {

listener/config/tuic.go

@@ -15,7 +15,6 @@ type TuicServer struct {
 	AuthenticationTimeout int      `yaml:"authentication-timeout" json:"authentication-timeout,omitempty"`
 	ALPN                  []string `yaml:"alpn" json:"alpn,omitempty"`
 	MaxUdpRelayPacketSize int      `yaml:"max-udp-relay-packet-size" json:"max-udp-relay-packet-size,omitempty"`
-	MaxDatagramFrameSize  int      `yaml:"max-datagram-frame-size" json:"max-datagram-frame-size,omitempty"`
 }
 
 func (t TuicServer) String() string {

listener/config/tun.go

@@ -95,5 +95,4 @@ type Tun struct {
 	ExcludePackage         []string       `yaml:"exclude-package" json:"exclude-package,omitempty"`
 	EndpointIndependentNat bool           `yaml:"endpoint-independent-nat" json:"endpoint-independent-nat,omitempty"`
 	UDPTimeout             int64          `yaml:"udp-timeout" json:"udp-timeout,omitempty"`
-	FileDescriptor         int            `yaml:"file-descriptor" json:"file-descriptor"`
 }

listener/inbound/shadowsocks.go

@@ -11,7 +11,6 @@ type ShadowSocksOption struct {
 	BaseOption
 	Password string `inbound:"password"`
 	Cipher   string `inbound:"cipher"`
-	UDP      bool   `inbound:"udp,omitempty"`
 }
 
 func (o ShadowSocksOption) Equal(config C.InboundConfig) bool {
@@ -38,7 +37,6 @@ func NewShadowSocks(options *ShadowSocksOption) (*ShadowSocks, error) {
 			Listen:   base.RawAddress(),
 			Password: options.Password,
 			Cipher:   options.Cipher,
-			Udp:      options.UDP,
 		},
 	}, nil
 }

listener/inbound/tproxy.go

@@ -56,10 +56,13 @@ func (t *TProxy) Listen(tcpIn chan<- C.ConnContext, udpIn chan<- C.PacketAdapter
 		return err
 	}
 	if t.udp {
-		t.lUDP, err = tproxy.NewUDP(t.RawAddress(), udpIn, natTable, t.Additions()...)
-		if err != nil {
-			return err
+		if t.lUDP != nil {
+			t.lUDP, err = tproxy.NewUDP(t.RawAddress(), udpIn, natTable, t.Additions()...)
+			if err != nil {
+				return err
+			}
 		}
+
 	}
 	log.Infoln("TProxy[%s] proxy listening at: %s", t.Name(), t.Address())
 	return nil

listener/inbound/tun.go

@@ -33,7 +33,6 @@ type TunOption struct {
 	ExcludePackage         []string `inbound:"exclude_package,omitempty"`
 	EndpointIndependentNat bool     `inbound:"endpoint_independent_nat,omitempty"`
 	UDPTimeout             int64    `inbound:"udp_timeout,omitempty"`
-	FileDescriptor         int      `inbound:"file-descriptor,omitempty"`
 }
 
 func (o TunOption) Equal(config C.InboundConfig) bool {
@@ -97,7 +96,6 @@ func NewTun(options *TunOption) (*Tun, error) {
 			ExcludePackage:         options.ExcludePackage,
 			EndpointIndependentNat: options.EndpointIndependentNat,
 			UDPTimeout:             options.UDPTimeout,
-			FileDescriptor:         options.FileDescriptor,
 		},
 	}, nil
 }

listener/listener.go

@@ -271,7 +271,6 @@ func ReCreateShadowSocks(shadowSocksConfig string, tcpIn chan<- C.ConnContext, u
 			Listen:   addr,
 			Password: password,
 			Cipher:   cipher,
-			Udp:      true,
 		}
 	}
 
@@ -822,8 +821,7 @@ func hasTunConfigChange(tunConf *LC.Tun) bool {
 		LastTunConf.MTU != tunConf.MTU ||
 		LastTunConf.StrictRoute != tunConf.StrictRoute ||
 		LastTunConf.EndpointIndependentNat != tunConf.EndpointIndependentNat ||
-		LastTunConf.UDPTimeout != tunConf.UDPTimeout ||
-		LastTunConf.FileDescriptor != tunConf.FileDescriptor {
+		LastTunConf.UDPTimeout != tunConf.UDPTimeout {
 		return true
 	}
 

listener/parse.go

@@ -73,7 +73,7 @@ func ParseListener(mapping map[string]any) (C.InboundListener, error) {
 		}
 		listener, err = IN.NewTun(tunOption)
 	case "shadowsocks":
-		shadowsocksOption := &IN.ShadowSocksOption{UDP: true}
+		shadowsocksOption := &IN.ShadowSocksOption{}
 		err = decoder.Decode(mapping, shadowsocksOption)
 		if err != nil {
 			return nil, err

listener/shadowsocks/tcp.go

@@ -33,14 +33,12 @@ func New(config LC.ShadowsocksServer, tcpIn chan<- C.ConnContext, udpIn chan<- C
 	for _, addr := range strings.Split(config.Listen, ",") {
 		addr := addr
 
-		if config.Udp {
-			//UDP
-			ul, err := NewUDP(addr, pickCipher, udpIn)
-			if err != nil {
-				return nil, err
-			}
-			sl.udpListeners = append(sl.udpListeners, ul)
+		//UDP
+		ul, err := NewUDP(addr, pickCipher, udpIn)
+		if err != nil {
+			return nil, err
 		}
+		sl.udpListeners = append(sl.udpListeners, ul)
 
 		//TCP
 		l, err := inbound.Listen("tcp", addr)

listener/sing/sing.go

@@ -5,7 +5,6 @@ import (
 	"errors"
 	"golang.org/x/exp/slices"
 	"net"
-	"net/netip"
 	"sync"
 	"time"
 
@@ -25,11 +24,10 @@ import (
 const UDPTimeout = 5 * time.Minute
 
 type ListenerHandler struct {
-	TcpIn      chan<- C.ConnContext
-	UdpIn      chan<- C.PacketAdapter
-	Type       C.Type
-	Additions  []inbound.Addition
-	UDPTimeout time.Duration
+	TcpIn     chan<- C.ConnContext
+	UdpIn     chan<- C.PacketAdapter
+	Type      C.Type
+	Additions []inbound.Addition
 }
 
 type waitCloseConn struct {
@@ -63,16 +61,9 @@ func (h *ListenerHandler) NewConnection(ctx context.Context, conn net.Conn, meta
 	switch metadata.Destination.Fqdn {
 	case vmess.MuxDestination.Fqdn:
 		return vmess.HandleMuxConnection(ctx, conn, h)
-	case uot.MagicAddress:
-		request, err := uot.ReadRequest(conn)
-		if err != nil {
-			return E.Cause(err, "read UoT request")
-		}
-		metadata.Destination = request.Destination
-		return h.NewPacketConnection(ctx, uot.NewConn(conn, *request), metadata)
-	case uot.LegacyMagicAddress:
-		metadata.Destination = M.Socksaddr{Addr: netip.IPv4Unspecified()}
-		return h.NewPacketConnection(ctx, uot.NewConn(conn, uot.Request{}), metadata)
+	case uot.UOTMagicAddress:
+		metadata.Destination = M.Socksaddr{}
+		return h.NewPacketConnection(ctx, uot.NewClientConn(conn), metadata)
 	}
 	target := socks5.ParseAddr(metadata.Destination.String())
 	wg := &sync.WaitGroup{}
@@ -160,9 +151,6 @@ func (c *packet) WriteBack(b []byte, addr net.Addr) (n int, err error) {
 		return
 	}
 	err = conn.WritePacket(buff, M.SocksaddrFromNet(addr))
-	if err != nil {
-		return
-	}
 	return
 }
 

listener/sing_shadowsocks/server.go

@@ -76,40 +76,38 @@ func New(config LC.ShadowsocksServer, tcpIn chan<- C.ConnContext, udpIn chan<- C
 	for _, addr := range strings.Split(config.Listen, ",") {
 		addr := addr
 
-		if config.Udp {
-			//UDP
-			ul, err := net.ListenPacket("udp", addr)
-			if err != nil {
-				return nil, err
-			}
-
-			err = sockopt.UDPReuseaddr(ul.(*net.UDPConn))
-			if err != nil {
-				log.Warnln("Failed to Reuse UDP Address: %s", err)
-			}
-
-			sl.udpListeners = append(sl.udpListeners, ul)
-
-			go func() {
-				conn := bufio.NewPacketConn(ul)
-				for {
-					buff := buf.NewPacket()
-					remoteAddr, err := conn.ReadPacket(buff)
-					if err != nil {
-						buff.Release()
-						if sl.closed {
-							break
-						}
-						continue
-					}
-					_ = sl.service.NewPacket(context.TODO(), conn, buff, metadata.Metadata{
-						Protocol: "shadowsocks",
-						Source:   remoteAddr,
-					})
-				}
-			}()
+		//UDP
+		ul, err := net.ListenPacket("udp", addr)
+		if err != nil {
+			return nil, err
 		}
 
+		err = sockopt.UDPReuseaddr(ul.(*net.UDPConn))
+		if err != nil {
+			log.Warnln("Failed to Reuse UDP Address: %s", err)
+		}
+
+		sl.udpListeners = append(sl.udpListeners, ul)
+
+		go func() {
+			conn := bufio.NewPacketConn(ul)
+			for {
+				buff := buf.NewPacket()
+				remoteAddr, err := conn.ReadPacket(buff)
+				if err != nil {
+					buff.Release()
+					if sl.closed {
+						break
+					}
+					continue
+				}
+				_ = sl.service.NewPacket(context.TODO(), conn, buff, metadata.Metadata{
+					Protocol: "shadowsocks",
+					Source:   remoteAddr,
+				})
+			}
+		}()
+
 		//TCP
 		l, err := inbound.Listen("tcp", addr)
 		if err != nil {

listener/sing_tun/server.go

@@ -8,7 +8,6 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/Dreamacro/clash/adapter/inbound"
 	"github.com/Dreamacro/clash/component/dialer"
@@ -152,11 +151,10 @@ func New(options LC.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- C.PacketAdapte
 
 	handler := &ListenerHandler{
 		ListenerHandler: sing.ListenerHandler{
-			TcpIn:      tcpIn,
-			UdpIn:      udpIn,
-			Type:       C.TUN,
-			Additions:  additions,
-			UDPTimeout: time.Second * time.Duration(udpTimeout),
+			TcpIn:     tcpIn,
+			UdpIn:     udpIn,
+			Type:      C.TUN,
+			Additions: additions,
 		},
 		DnsAdds: dnsAdds,
 	}
@@ -214,7 +212,6 @@ func New(options LC.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- C.PacketAdapte
 		IncludeAndroidUser: options.IncludeAndroidUser,
 		IncludePackage:     options.IncludePackage,
 		ExcludePackage:     options.ExcludePackage,
-		FileDescriptor:     options.FileDescriptor,
 		InterfaceMonitor:   defaultInterfaceMonitor,
 		TableIndex:         2022,
 	}

listener/tuic/server.go

@@ -61,16 +61,6 @@ func New(config LC.TuicServer, tcpIn chan<- C.ConnContext, udpIn chan<- C.Packet
 	quicConfig.InitialConnectionReceiveWindow = tuic.DefaultConnectionReceiveWindow / 10
 	quicConfig.MaxConnectionReceiveWindow = tuic.DefaultConnectionReceiveWindow
 
-	if config.MaxUdpRelayPacketSize == 0 {
-		config.MaxUdpRelayPacketSize = 1500
-	}
-	maxDatagramFrameSize := config.MaxUdpRelayPacketSize + tuic.PacketOverHead
-	if maxDatagramFrameSize > 1400 {
-		maxDatagramFrameSize = 1400
-	}
-	config.MaxUdpRelayPacketSize = maxDatagramFrameSize - tuic.PacketOverHead
-	quicConfig.MaxDatagramFrameSize = int64(maxDatagramFrameSize)
-
 	tokens := make([][32]byte, len(config.Token))
 	for i, token := range config.Token {
 		tokens[i] = tuic.GenTKN(token)

transport/restls/restls.go

@@ -1,7 +1,6 @@
 package restls
 
 import (
-	"context"
 	"net"
 
 	tls "github.com/3andne/restls-client-go"
@@ -11,29 +10,48 @@ const (
 	Mode string = "restls"
 )
 
+// Restls
 type Restls struct {
-	*tls.UConn
+	net.Conn
+	firstPacketCache []byte
+	firstPacket      bool
 }
 
-func (r *Restls) Upstream() any {
-	return r.UConn.NetConn()
+func (r *Restls) Read(b []byte) (int, error) {
+	if err := r.Conn.(*tls.UConn).Handshake(); err != nil {
+		return 0, err
+	}
+	n, err := r.Conn.(*tls.UConn).Read(b)
+	return n, err
+}
+
+func (r *Restls) Write(b []byte) (int, error) {
+	if r.firstPacket {
+		r.firstPacketCache = append([]byte(nil), b...)
+		r.firstPacket = false
+		return len(b), nil
+	}
+	if len(r.firstPacketCache) != 0 {
+		b = append(r.firstPacketCache, b...)
+		r.firstPacketCache = nil
+	}
+	n, err := r.Conn.(*tls.UConn).Write(b)
+	return n, err
 }
 
 // NewRestls return a Restls Connection
-func NewRestls(ctx context.Context, conn net.Conn, config *tls.Config) (net.Conn, error) {
-	clientHellowID := tls.HelloChrome_Auto
+func NewRestls(conn net.Conn, config *tls.Config) (net.Conn, error) {
 	if config != nil {
 		clientIDPtr := config.ClientID.Load()
 		if clientIDPtr != nil {
-			clientHellowID = *clientIDPtr
+			return &Restls{
+				Conn:        tls.UClient(conn, config, *clientIDPtr),
+				firstPacket: true,
+			}, nil
 		}
 	}
-	restls := &Restls{
-		UConn: tls.UClient(conn, config, clientHellowID),
-	}
-	if err := restls.HandshakeContext(ctx); err != nil {
-		return nil, err
-	}
-
-	return restls, nil
+	return &Restls{
+		Conn:        tls.UClient(conn, config, tls.HelloChrome_Auto),
+		firstPacket: true,
+	}, nil
 }

transport/tuic/conn.go

@@ -1,6 +1,7 @@
 package tuic
 
 import (
+	"fmt"
 	"net"
 	"net/netip"
 	"sync"
@@ -200,7 +201,7 @@ func (q *quicStreamPacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err err
 
 func (q *quicStreamPacketConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
 	if q.udpRelayMode != "quic" && len(p) > q.maxUdpRelayPacketSize {
-		return 0, quic.ErrMessageTooLarge(q.maxUdpRelayPacketSize)
+		return 0, fmt.Errorf("udp packet too large(%d > %d)", len(p), q.maxUdpRelayPacketSize)
 	}
 	if q.closed {
 		return 0, net.ErrClosed
@@ -249,7 +250,29 @@ func (q *quicStreamPacketConn) WriteTo(p []byte, addr net.Addr) (n int, err erro
 }
 
 func (q *quicStreamPacketConn) LocalAddr() net.Addr {
-	return q.quicConn.LocalAddr()
+	addr := q.quicConn.LocalAddr()
+	if q.inputConn != nil { // client
+		return &packetAddr{addrStr: q.quicConn.LocalAddr().String(), connId: q.connId, rawAddr: addr}
+	}
+	return addr // server
 }
 
 var _ net.PacketConn = &quicStreamPacketConn{}
+
+type packetAddr struct {
+	addrStr string
+	connId  uint32
+	rawAddr net.Addr
+}
+
+func (a packetAddr) Network() string {
+	return "tuic"
+}
+
+func (a packetAddr) String() string {
+	return fmt.Sprintf("%s-%d", a.addrStr, a.connId)
+}
+
+func (a packetAddr) RawAddr() net.Addr {
+	return a.rawAddr
+}

transport/tuic/protocol.go

@@ -282,8 +282,6 @@ func (c Packet) BytesLen() int {
 	return c.CommandHead.BytesLen() + 4 + 2 + c.ADDR.BytesLen() + len(c.DATA)
 }
 
-var PacketOverHead = NewPacket(0, 0, NewAddressAddrPort(netip.AddrPortFrom(netip.IPv6Unspecified(), 0)), nil).BytesLen()
-
 type Dissociate struct {
 	CommandHead
 	ASSOC_ID uint32

transport/tuic/server.go

@@ -5,7 +5,6 @@ import (
 	"bytes"
 	"context"
 	"crypto/tls"
-	"fmt"
 	"net"
 	"sync"
 	"sync/atomic"
@@ -56,10 +55,14 @@ func (s *Server) Serve() error {
 			return err
 		}
 		SetCongestionController(conn, s.CongestionController)
+		uuid, err := utils.UnsafeUUIDGenerator.NewV4()
+		if err != nil {
+			return err
+		}
 		h := &serverHandler{
 			Server:   s,
 			quicConn: conn,
-			uuid:     utils.NewUUIDV4(),
+			uuid:     uuid,
 			authCh:   make(chan struct{}),
 		}
 		go h.handle()
@@ -150,7 +153,7 @@ func (s *serverHandler) parsePacket(packet Packet, udpRelayMode string) (err err
 	return s.HandleUdpFn(packet.ADDR.SocksAddr(), &serverUDPPacket{
 		pc:     pc,
 		packet: &packet,
-		rAddr:  N.NewCustomAddr("tuic", fmt.Sprintf("tuic-%s-%d", s.uuid, assocId), s.quicConn.RemoteAddr()), // for tunnel's handleUDPConn
+		rAddr:  &packetAddr{addrStr: "tuic-" + s.uuid.String(), connId: assocId, rawAddr: s.quicConn.RemoteAddr()},
 	})
 }
 

tunnel/statistic/tracker.go

@@ -83,6 +83,7 @@ func (tt *tcpTracker) Upstream() any {
 }
 
 func NewTCPTracker(conn C.Conn, manager *Manager, metadata *C.Metadata, rule C.Rule, uploadTotal int64, downloadTotal int64) *tcpTracker {
+	uuid, _ := utils.UnsafeUUIDGenerator.NewV4()
 	if conn != nil {
 		if tcpAddr, ok := conn.RemoteAddr().(*net.TCPAddr); ok {
 			metadata.RemoteDst = tcpAddr.IP.String()
@@ -95,7 +96,7 @@ func NewTCPTracker(conn C.Conn, manager *Manager, metadata *C.Metadata, rule C.R
 		Conn:    conn,
 		manager: manager,
 		trackerInfo: &trackerInfo{
-			UUID:          utils.NewUUIDV4(),
+			UUID:          uuid,
 			Start:         time.Now(),
 			Metadata:      metadata,
 			Chain:         conn.Chains(),
@@ -148,13 +149,14 @@ func (ut *udpTracker) Close() error {
 }
 
 func NewUDPTracker(conn C.PacketConn, manager *Manager, metadata *C.Metadata, rule C.Rule, uploadTotal int64, downloadTotal int64) *udpTracker {
+	uuid, _ := utils.UnsafeUUIDGenerator.NewV4()
 	metadata.RemoteDst = conn.RemoteDestination()
 
 	ut := &udpTracker{
 		PacketConn: conn,
 		manager:    manager,
 		trackerInfo: &trackerInfo{
-			UUID:          utils.NewUUIDV4(),
+			UUID:          uuid,
 			Start:         time.Now(),
 			Metadata:      metadata,
 			Chain:         conn.Chains(),

tunnel/status.go

@@ -1,92 +0,0 @@
-package tunnel
-
-import (
-	"encoding/json"
-	"errors"
-	"strings"
-	"sync/atomic"
-)
-
-type TunnelStatus int
-
-// StatusMapping is a mapping for Status enum
-var StatusMapping = map[string]TunnelStatus{
-	Suspend.String(): Suspend,
-	Inner.String():   Inner,
-	Running.String(): Running,
-}
-
-const (
-	Suspend TunnelStatus = iota
-	Inner
-	Running
-)
-
-// UnmarshalJSON unserialize Status
-func (s *TunnelStatus) UnmarshalJSON(data []byte) error {
-	var tp string
-	json.Unmarshal(data, &tp)
-	status, exist := StatusMapping[strings.ToLower(tp)]
-	if !exist {
-		return errors.New("invalid mode")
-	}
-	*s = status
-	return nil
-}
-
-// UnmarshalYAML unserialize Status with yaml
-func (s *TunnelStatus) UnmarshalYAML(unmarshal func(any) error) error {
-	var tp string
-	unmarshal(&tp)
-	status, exist := StatusMapping[strings.ToLower(tp)]
-	if !exist {
-		return errors.New("invalid status")
-	}
-	*s = status
-	return nil
-}
-
-// MarshalJSON serialize Status
-func (s TunnelStatus) MarshalJSON() ([]byte, error) {
-	return json.Marshal(s.String())
-}
-
-// MarshalYAML serialize TunnelMode with yaml
-func (s TunnelStatus) MarshalYAML() (any, error) {
-	return s.String(), nil
-}
-
-func (s TunnelStatus) String() string {
-	switch s {
-	case Suspend:
-		return "suspend"
-	case Inner:
-		return "inner"
-	case Running:
-		return "running"
-	default:
-		return "Unknown"
-	}
-}
-
-type AtomicStatus struct {
-	value atomic.Int32
-}
-
-func (a *AtomicStatus) Store(s TunnelStatus) {
-	a.value.Store(int32(s))
-}
-
-func (a *AtomicStatus) Load() TunnelStatus {
-	return TunnelStatus(a.value.Load())
-}
-
-func (a *AtomicStatus) String() string {
-	return a.Load().String()
-}
-
-func newAtomicStatus(s TunnelStatus) *AtomicStatus {
-	a := &AtomicStatus{}
-	a.Store(s)
-	return a
-}

tunnel/tunnel.go

@@ -26,7 +26,6 @@ import (
 )
 
 var (
-	status         = newAtomicStatus(Suspend)
 	tcpQueue       = make(chan C.ConnContext, 200)
 	udpQueue       = make(chan C.PacketAdapter, 200)
 	natTable       = nat.New()
@@ -50,22 +49,6 @@ var (
 	fakeIPRange netip.Prefix
 )
 
-func OnSuspend() {
-	status.Store(Suspend)
-}
-
-func OnInnerLoading() {
-	status.Store(Inner)
-}
-
-func OnRunning() {
-	status.Store(Running)
-}
-
-func Status() TunnelStatus {
-	return status.Load()
-}
-
 func SetFakeIPRange(p netip.Prefix) {
 	fakeIPRange = p
 }
@@ -175,19 +158,10 @@ func SetFindProcessMode(mode P.FindProcessMode) {
 	findProcessMode = mode
 }
 
-func isHandle(t C.Type) bool {
-	status := status.Load()
-	return status == Running || (status == Inner && t == C.INNER)
-}
-
 // processUDP starts a loop to handle udp packet
 func processUDP() {
 	queue := udpQueue
 	for conn := range queue {
-		if !isHandle(conn.Metadata().Type) {
-			conn.Drop()
-			continue
-		}
 		handleUDPConn(conn)
 	}
 }
@@ -203,10 +177,6 @@ func process() {
 
 	queue := tcpQueue
 	for conn := range queue {
-		if !isHandle(conn.Metadata().Type) {
-			_ = conn.Conn().Close()
-			continue
-		}
 		go handleTCPConn(conn)
 	}
 }