Chore: update dependencies

Co-authored-by: fish <fish@youme.im>

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,30 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master, dev ]
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

Makefile

@@ -22,7 +22,8 @@ PLATFORM_LIST = \
 	linux-mips64 \
 	linux-mips64le \
 	freebsd-386 \
-	freebsd-amd64
+	freebsd-amd64 \
+	freebsd-arm64
 
 WINDOWS_ARCH_LIST = \
 	windows-386 \
@@ -82,6 +83,9 @@ freebsd-386:
 freebsd-amd64:
 	GOARCH=amd64 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
+freebsd-arm64:
+	GOARCH=arm64 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
 windows-386:
 	GOARCH=386 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
 

adapters/inbound/http.go

@@ -9,7 +9,7 @@ import (
 	"github.com/Dreamacro/clash/context"
 )
 
-// NewHTTP recieve normal http request and return HTTPContext
+// NewHTTP receive normal http request and return HTTPContext
 func NewHTTP(request *http.Request, conn net.Conn) *context.HTTPContext {
 	metadata := parseHTTPAddr(request)
 	metadata.Type = C.HTTP

adapters/inbound/https.go

@@ -8,7 +8,7 @@ import (
 	"github.com/Dreamacro/clash/context"
 )
 
-// NewHTTPS recieve CONNECT request and return ConnContext
+// NewHTTPS receive CONNECT request and return ConnContext
 func NewHTTPS(request *http.Request, conn net.Conn) *context.ConnContext {
 	metadata := parseHTTPAddr(request)
 	metadata.Type = C.HTTPCONNECT

adapters/inbound/socket.go

@@ -8,7 +8,7 @@ import (
 	"github.com/Dreamacro/clash/context"
 )
 
-// NewSocket recieve TCP inbound and return ConnContext
+// NewSocket receive TCP inbound and return ConnContext
 func NewSocket(target socks5.Addr, conn net.Conn, source C.Type) *context.ConnContext {
 	metadata := parseSocksAddr(target)
 	metadata.NetWork = C.TCP

adapters/outbound/base.go

@@ -21,36 +21,44 @@ type Base struct {
 	udp  bool
 }
 
+// Name implements C.ProxyAdapter
 func (b *Base) Name() string {
 	return b.name
 }
 
+// Type implements C.ProxyAdapter
 func (b *Base) Type() C.AdapterType {
 	return b.tp
 }
 
+// StreamConn implements C.ProxyAdapter
 func (b *Base) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	return c, errors.New("no support")
 }
 
+// DialUDP implements C.ProxyAdapter
 func (b *Base) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	return nil, errors.New("no support")
 }
 
+// SupportUDP implements C.ProxyAdapter
 func (b *Base) SupportUDP() bool {
 	return b.udp
 }
 
+// MarshalJSON implements C.ProxyAdapter
 func (b *Base) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
 		"type": b.Type().String(),
 	})
 }
 
+// Addr implements C.ProxyAdapter
 func (b *Base) Addr() string {
 	return b.addr
 }
 
+// Unwrap implements C.ProxyAdapter
 func (b *Base) Unwrap(metadata *C.Metadata) C.Proxy {
 	return nil
 }
@@ -64,10 +72,12 @@ type conn struct {
 	chain C.Chain
 }
 
+// Chains implements C.Connection
 func (c *conn) Chains() C.Chain {
 	return c.chain
 }
 
+// AppendToChains implements C.Connection
 func (c *conn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
@@ -81,10 +91,12 @@ type packetConn struct {
 	chain C.Chain
 }
 
+// Chains implements C.Connection
 func (c *packetConn) Chains() C.Chain {
 	return c.chain
 }
 
+// AppendToChains implements C.Connection
 func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
@@ -99,16 +111,19 @@ type Proxy struct {
 	alive   *atomic.Bool
 }
 
+// Alive implements C.Proxy
 func (p *Proxy) Alive() bool {
 	return p.alive.Load()
 }
 
+// Dial implements C.Proxy
 func (p *Proxy) Dial(metadata *C.Metadata) (C.Conn, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
 	defer cancel()
 	return p.DialContext(ctx, metadata)
 }
 
+// DialContext implements C.ProxyAdapter
 func (p *Proxy) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	conn, err := p.ProxyAdapter.DialContext(ctx, metadata)
 	if err != nil {
@@ -117,6 +132,7 @@ func (p *Proxy) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn,
 	return conn, err
 }
 
+// DelayHistory implements C.Proxy
 func (p *Proxy) DelayHistory() []C.DelayHistory {
 	queue := p.history.Copy()
 	histories := []C.DelayHistory{}
@@ -127,6 +143,7 @@ func (p *Proxy) DelayHistory() []C.DelayHistory {
 }
 
 // LastDelay return last history record. if proxy is not alive, return the max value of uint16.
+// implements C.Proxy
 func (p *Proxy) LastDelay() (delay uint16) {
 	var max uint16 = 0xffff
 	if !p.alive.Load() {
@@ -144,6 +161,7 @@ func (p *Proxy) LastDelay() (delay uint16) {
 	return history.Delay
 }
 
+// MarshalJSON implements C.ProxyAdapter
 func (p *Proxy) MarshalJSON() ([]byte, error) {
 	inner, err := p.ProxyAdapter.MarshalJSON()
 	if err != nil {
@@ -158,6 +176,7 @@ func (p *Proxy) MarshalJSON() ([]byte, error) {
 }
 
 // URLTest get the delay for the specified URL
+// implements C.Proxy
 func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 	defer func() {
 		p.alive.Store(err == nil)

adapters/outbound/direct.go

@@ -12,6 +12,7 @@ type Direct struct {
 	*Base
 }
 
+// DialContext implements C.ProxyAdapter
 func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	address := net.JoinHostPort(metadata.String(), metadata.DstPort)
 
@@ -23,6 +24,7 @@ func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn,
 	return NewConn(c, d), nil
 }
 
+// DialUDP implements C.ProxyAdapter
 func (d *Direct) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	pc, err := dialer.ListenPacket("udp", "")
 	if err != nil {

adapters/outbound/http.go

@@ -35,6 +35,7 @@ type HttpOption struct {
 	SkipCertVerify bool   `proxy:"skip-cert-verify,omitempty"`
 }
 
+// StreamConn implements C.ProxyAdapter
 func (h *Http) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	if h.tlsConfig != nil {
 		cc := tls.Client(c, h.tlsConfig)
@@ -51,6 +52,7 @@ func (h *Http) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	return c, nil
 }
 
+// DialContext implements C.ProxyAdapter
 func (h *Http) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Conn, err error) {
 	c, err := dialer.DialContext(ctx, "tcp", h.addr)
 	if err != nil {

adapters/outbound/reject.go

@@ -14,10 +14,12 @@ type Reject struct {
 	*Base
 }
 
+// DialContext implements C.ProxyAdapter
 func (r *Reject) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	return NewConn(&NopConn{}, r), nil
 }
 
+// DialUDP implements C.ProxyAdapter
 func (r *Reject) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	return nil, errors.New("match reject rule")
 }

adapters/outbound/shadowsocks.go

@@ -54,6 +54,7 @@ type v2rayObfsOption struct {
 	Mux            bool              `obfs:"mux,omitempty"`
 }
 
+// StreamConn implements C.ProxyAdapter
 func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	switch ss.obfsMode {
 	case "tls":
@@ -73,6 +74,7 @@ func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, e
 	return c, err
 }
 
+// DialContext implements C.ProxyAdapter
 func (ss *ShadowSocks) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Conn, err error) {
 	c, err := dialer.DialContext(ctx, "tcp", ss.addr)
 	if err != nil {
@@ -86,6 +88,7 @@ func (ss *ShadowSocks) DialContext(ctx context.Context, metadata *C.Metadata) (_
 	return NewConn(c, ss), err
 }
 
+// DialUDP implements C.ProxyAdapter
 func (ss *ShadowSocks) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	pc, err := dialer.ListenPacket("udp", "")
 	if err != nil {
@@ -102,6 +105,7 @@ func (ss *ShadowSocks) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	return newPacketConn(&ssPacketConn{PacketConn: pc, rAddr: addr}, ss), nil
 }
 
+// MarshalJSON implements C.ProxyAdapter
 func (ss *ShadowSocks) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
 		"type": ss.Type().String(),

adapters/outbound/shadowsocksr.go

@@ -37,6 +37,7 @@ type ShadowSocksROption struct {
 	UDP           bool   `proxy:"udp,omitempty"`
 }
 
+// StreamConn implements C.ProxyAdapter
 func (ssr *ShadowSocksR) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c = ssr.obfs.StreamConn(c)
 	c = ssr.cipher.StreamConn(c)
@@ -58,6 +59,7 @@ func (ssr *ShadowSocksR) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn,
 	return c, err
 }
 
+// DialContext implements C.ProxyAdapter
 func (ssr *ShadowSocksR) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Conn, err error) {
 	c, err := dialer.DialContext(ctx, "tcp", ssr.addr)
 	if err != nil {
@@ -71,6 +73,7 @@ func (ssr *ShadowSocksR) DialContext(ctx context.Context, metadata *C.Metadata)
 	return NewConn(c, ssr), err
 }
 
+// DialUDP implements C.ProxyAdapter
 func (ssr *ShadowSocksR) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	pc, err := dialer.ListenPacket("udp", "")
 	if err != nil {
@@ -88,6 +91,7 @@ func (ssr *ShadowSocksR) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	return newPacketConn(&ssPacketConn{PacketConn: pc, rAddr: addr}, ssr), nil
 }
 
+// MarshalJSON implements C.ProxyAdapter
 func (ssr *ShadowSocksR) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
 		"type": ssr.Type().String(),

adapters/outbound/snell.go

@@ -48,6 +48,7 @@ func streamConn(c net.Conn, option streamOption) *snell.Snell {
 	return snell.StreamConn(c, option.psk, option.version)
 }
 
+// StreamConn implements C.ProxyAdapter
 func (s *Snell) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
 	port, _ := strconv.Atoi(metadata.DstPort)
@@ -55,6 +56,7 @@ func (s *Snell) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	return c, err
 }
 
+// DialContext implements C.ProxyAdapter
 func (s *Snell) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Conn, err error) {
 	if s.version == snell.Version2 {
 		c, err := s.pool.Get()

adapters/outbound/socks5.go

@@ -35,6 +35,7 @@ type Socks5Option struct {
 	SkipCertVerify bool   `proxy:"skip-cert-verify,omitempty"`
 }
 
+// StreamConn implements C.ProxyAdapter
 func (ss *Socks5) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	if ss.tls {
 		cc := tls.Client(c, ss.tlsConfig)
@@ -58,6 +59,7 @@ func (ss *Socks5) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 	return c, nil
 }
 
+// DialContext implements C.ProxyAdapter
 func (ss *Socks5) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Conn, err error) {
 	c, err := dialer.DialContext(ctx, "tcp", ss.addr)
 	if err != nil {
@@ -75,6 +77,7 @@ func (ss *Socks5) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Co
 	return NewConn(c, ss), nil
 }
 
+// DialUDP implements C.ProxyAdapter
 func (ss *Socks5) DialUDP(metadata *C.Metadata) (_ C.PacketConn, err error) {
 	ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
 	defer cancel()

adapters/outbound/trojan.go

@@ -39,6 +39,7 @@ type TrojanOption struct {
 	GrpcOpts       GrpcOptions `proxy:"grpc-opts,omitempty"`
 }
 
+// StreamConn implements C.ProxyAdapter
 func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	if t.transport != nil {
@@ -55,6 +56,7 @@ func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 	return c, err
 }
 
+// DialContext implements C.ProxyAdapter
 func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Conn, err error) {
 	// gun transport
 	if t.transport != nil {
@@ -87,6 +89,7 @@ func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Con
 	return NewConn(c, t), err
 }
 
+// DialUDP implements C.ProxyAdapter
 func (t *Trojan) DialUDP(metadata *C.Metadata) (_ C.PacketConn, err error) {
 	var c net.Conn
 
@@ -96,6 +99,7 @@ func (t *Trojan) DialUDP(metadata *C.Metadata) (_ C.PacketConn, err error) {
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 		}
+		defer safeConnClose(c, err)
 	} else {
 		ctx, cancel := context.WithTimeout(context.Background(), tcpTimeout)
 		defer cancel()
@@ -103,16 +107,14 @@ func (t *Trojan) DialUDP(metadata *C.Metadata) (_ C.PacketConn, err error) {
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 		}
+		defer safeConnClose(c, err)
 		tcpKeepAlive(c)
 		c, err = t.instance.StreamConn(c)
 		if err != nil {
-			c.Close()
 			return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 		}
 	}
 
-	defer safeConnClose(c, err)
-
 	err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
 	if err != nil {
 		return nil, err

adapters/outbound/vmess.go

@@ -64,6 +64,7 @@ type GrpcOptions struct {
 	GrpcServiceName string `proxy:"grpc-service-name,omitempty"`
 }
 
+// StreamConn implements C.ProxyAdapter
 func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	switch v.option.Network {
@@ -170,6 +171,7 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	return v.client.StreamConn(c, parseVmessAddr(metadata))
 }
 
+// DialContext implements C.ProxyAdapter
 func (v *Vmess) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Conn, err error) {
 	// gun transport
 	if v.transport != nil {
@@ -198,6 +200,7 @@ func (v *Vmess) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Conn
 	return NewConn(c, v), err
 }
 
+// DialUDP implements C.ProxyAdapter
 func (v *Vmess) DialUDP(metadata *C.Metadata) (_ C.PacketConn, err error) {
 	// vmess use stream-oriented udp with a special address, so we needs a net.UDPAddr
 	if !metadata.Resolved() {
@@ -270,7 +273,12 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 		option: &option,
 	}
 
-	if option.Network == "grpc" {
+	switch option.Network {
+	case "h2":
+		if len(option.HTTP2Opts.Host) == 0 {
+			option.HTTP2Opts.Host = append(option.HTTP2Opts.Host, "www.example.com")
+		}
+	case "grpc":
 		dialFn := func(network, addr string) (net.Conn, error) {
 			c, err := dialer.DialContext(context.Background(), "tcp", v.addr)
 			if err != nil {

adapters/outboundgroup/fallback.go

@@ -22,6 +22,7 @@ func (f *Fallback) Now() string {
 	return proxy.Name()
 }
 
+// DialContext implements C.ProxyAdapter
 func (f *Fallback) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	proxy := f.findAliveProxy(true)
 	c, err := proxy.DialContext(ctx, metadata)
@@ -31,6 +32,7 @@ func (f *Fallback) DialContext(ctx context.Context, metadata *C.Metadata) (C.Con
 	return c, err
 }
 
+// DialUDP implements C.ProxyAdapter
 func (f *Fallback) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	proxy := f.findAliveProxy(true)
 	pc, err := proxy.DialUDP(metadata)
@@ -40,6 +42,7 @@ func (f *Fallback) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	return pc, err
 }
 
+// SupportUDP implements C.ProxyAdapter
 func (f *Fallback) SupportUDP() bool {
 	if f.disableUDP {
 		return false
@@ -49,6 +52,7 @@ func (f *Fallback) SupportUDP() bool {
 	return proxy.SupportUDP()
 }
 
+// MarshalJSON implements C.ProxyAdapter
 func (f *Fallback) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range f.proxies(false) {
@@ -61,6 +65,7 @@ func (f *Fallback) MarshalJSON() ([]byte, error) {
 	})
 }
 
+// Unwrap implements C.ProxyAdapter
 func (f *Fallback) Unwrap(metadata *C.Metadata) C.Proxy {
 	proxy := f.findAliveProxy(true)
 	return proxy

adapters/outboundgroup/loadbalance.go

@@ -68,6 +68,7 @@ func jumpHash(key uint64, buckets int32) int32 {
 	return int32(b)
 }
 
+// DialContext implements C.ProxyAdapter
 func (lb *LoadBalance) DialContext(ctx context.Context, metadata *C.Metadata) (c C.Conn, err error) {
 	defer func() {
 		if err == nil {
@@ -81,6 +82,7 @@ func (lb *LoadBalance) DialContext(ctx context.Context, metadata *C.Metadata) (c
 	return
 }
 
+// DialUDP implements C.ProxyAdapter
 func (lb *LoadBalance) DialUDP(metadata *C.Metadata) (pc C.PacketConn, err error) {
 	defer func() {
 		if err == nil {
@@ -93,6 +95,7 @@ func (lb *LoadBalance) DialUDP(metadata *C.Metadata) (pc C.PacketConn, err error
 	return proxy.DialUDP(metadata)
 }
 
+// SupportUDP implements C.ProxyAdapter
 func (lb *LoadBalance) SupportUDP() bool {
 	return !lb.disableUDP
 }
@@ -130,6 +133,7 @@ func strategyConsistentHashing() strategyFn {
 	}
 }
 
+// Unwrap implements C.ProxyAdapter
 func (lb *LoadBalance) Unwrap(metadata *C.Metadata) C.Proxy {
 	proxies := lb.proxies(true)
 	return lb.strategyFn(proxies, metadata)
@@ -143,6 +147,7 @@ func (lb *LoadBalance) proxies(touch bool) []C.Proxy {
 	return elm.([]C.Proxy)
 }
 
+// MarshalJSON implements C.ProxyAdapter
 func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range lb.proxies(false) {

adapters/outboundgroup/relay.go

@@ -19,6 +19,7 @@ type Relay struct {
 	providers []provider.ProxyProvider
 }
 
+// DialContext implements C.ProxyAdapter
 func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	proxies := r.proxies(metadata, true)
 	if len(proxies) == 0 {
@@ -56,6 +57,7 @@ func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn,
 	return outbound.NewConn(c, r), nil
 }
 
+// MarshalJSON implements C.ProxyAdapter
 func (r *Relay) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range r.rawProxies(false) {

adapters/outboundgroup/selector.go

@@ -19,6 +19,7 @@ type Selector struct {
 	providers  []provider.ProxyProvider
 }
 
+// DialContext implements C.ProxyAdapter
 func (s *Selector) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
 	c, err := s.selectedProxy(true).DialContext(ctx, metadata)
 	if err == nil {
@@ -27,6 +28,7 @@ func (s *Selector) DialContext(ctx context.Context, metadata *C.Metadata) (C.Con
 	return c, err
 }
 
+// DialUDP implements C.ProxyAdapter
 func (s *Selector) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	pc, err := s.selectedProxy(true).DialUDP(metadata)
 	if err == nil {
@@ -35,6 +37,7 @@ func (s *Selector) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	return pc, err
 }
 
+// SupportUDP implements C.ProxyAdapter
 func (s *Selector) SupportUDP() bool {
 	if s.disableUDP {
 		return false
@@ -43,6 +46,7 @@ func (s *Selector) SupportUDP() bool {
 	return s.selectedProxy(false).SupportUDP()
 }
 
+// MarshalJSON implements C.ProxyAdapter
 func (s *Selector) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range getProvidersProxies(s.providers, false) {
@@ -72,6 +76,7 @@ func (s *Selector) Set(name string) error {
 	return errors.New("proxy not exist")
 }
 
+// Unwrap implements C.ProxyAdapter
 func (s *Selector) Unwrap(metadata *C.Metadata) C.Proxy {
 	return s.selectedProxy(true)
 }

adapters/outboundgroup/urltest.go

@@ -33,6 +33,7 @@ func (u *URLTest) Now() string {
 	return u.fast(false).Name()
 }
 
+// DialContext implements C.ProxyAdapter
 func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata) (c C.Conn, err error) {
 	c, err = u.fast(true).DialContext(ctx, metadata)
 	if err == nil {
@@ -41,6 +42,7 @@ func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata) (c C.Co
 	return c, err
 }
 
+// DialUDP implements C.ProxyAdapter
 func (u *URLTest) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	pc, err := u.fast(true).DialUDP(metadata)
 	if err == nil {
@@ -49,6 +51,7 @@ func (u *URLTest) DialUDP(metadata *C.Metadata) (C.PacketConn, error) {
 	return pc, err
 }
 
+// Unwrap implements C.ProxyAdapter
 func (u *URLTest) Unwrap(metadata *C.Metadata) C.Proxy {
 	return u.fast(true)
 }
@@ -66,7 +69,13 @@ func (u *URLTest) fast(touch bool) C.Proxy {
 		proxies := u.proxies(touch)
 		fast := proxies[0]
 		min := fast.LastDelay()
+		fastNotExist := true
+
 		for _, proxy := range proxies[1:] {
+			if u.fastNode != nil && proxy.Name() == u.fastNode.Name() {
+				fastNotExist = false
+			}
+
 			if !proxy.Alive() {
 				continue
 			}
@@ -79,7 +88,7 @@ func (u *URLTest) fast(touch bool) C.Proxy {
 		}
 
 		// tolerance
-		if u.fastNode == nil || !u.fastNode.Alive() || u.fastNode.LastDelay() > fast.LastDelay()+u.tolerance {
+		if u.fastNode == nil || fastNotExist || !u.fastNode.Alive() || u.fastNode.LastDelay() > fast.LastDelay()+u.tolerance {
 			u.fastNode = fast
 		}
 
@@ -89,6 +98,7 @@ func (u *URLTest) fast(touch bool) C.Proxy {
 	return elm.(C.Proxy)
 }
 
+// SupportUDP implements C.ProxyAdapter
 func (u *URLTest) SupportUDP() bool {
 	if u.disableUDP {
 		return false
@@ -97,6 +107,7 @@ func (u *URLTest) SupportUDP() bool {
 	return u.fast(false).SupportUDP()
 }
 
+// MarshalJSON implements C.ProxyAdapter
 func (u *URLTest) MarshalJSON() ([]byte, error) {
 	var all []string
 	for _, proxy := range u.proxies(false) {

adapters/provider/fetcher.go

@@ -72,6 +72,8 @@ func (f *fetcher) Initial() (interface{}, error) {
 		if err != nil {
 			return nil, err
 		}
+
+		isLocal = false
 	}
 
 	if f.vehicle.Type() != File && !isLocal {

component/gun/gun.go

@@ -5,6 +5,7 @@ package gun
 
 import (
 	"bufio"
+	"bytes"
 	"crypto/tls"
 	"encoding/binary"
 	"errors"
@@ -30,20 +31,24 @@ var (
 		"content-type": []string{"application/grpc"},
 		"user-agent":   []string{"grpc-go/1.36.0"},
 	}
+	bufferPool = sync.Pool{New: func() interface{} { return &bytes.Buffer{} }}
 )
 
 type DialFn = func(network, addr string) (net.Conn, error)
 
 type Conn struct {
-	response *http.Response
-	request  *http.Request
-	client   *http.Client
-	writer   *io.PipeWriter
-	once     sync.Once
-	close    *atomic.Bool
-	err      error
-	remain   int
-	br       *bufio.Reader
+	response  *http.Response
+	request   *http.Request
+	transport *http2.Transport
+	writer    *io.PipeWriter
+	once      sync.Once
+	close     *atomic.Bool
+	err       error
+	remain    int
+	br        *bufio.Reader
+
+	// deadlines
+	deadline *time.Timer
 }
 
 type Config struct {
@@ -52,7 +57,7 @@ type Config struct {
 }
 
 func (g *Conn) initRequest() {
-	response, err := g.client.Do(g.request)
+	response, err := g.transport.RoundTrip(g.request)
 	if err != nil {
 		g.err = err
 		g.writer.Close()
@@ -61,6 +66,7 @@ func (g *Conn) initRequest() {
 
 	if !g.close.Load() {
 		g.response = response
+		g.br = bufio.NewReader(response.Body)
 	} else {
 		response.Body.Close()
 	}
@@ -72,24 +78,13 @@ func (g *Conn) Read(b []byte) (n int, err error) {
 		return 0, g.err
 	}
 
-	if g.br != nil {
-		remain := g.br.Buffered()
-		if len(b) < remain {
-			remain = len(b)
-		}
-
-		n, err = g.br.Read(b[:remain])
-		if g.br.Buffered() == 0 {
-			g.br = nil
-		}
-		return
-	} else if g.remain != 0 {
+	if g.remain > 0 {
 		size := g.remain
 		if len(b) < size {
 			size = len(b)
 		}
 
-		n, err = g.response.Body.Read(b[:size])
+		n, err = io.ReadFull(g.br, b[:size])
 		g.remain -= n
 		return
 	} else if g.response == nil {
@@ -97,61 +92,49 @@ func (g *Conn) Read(b []byte) (n int, err error) {
 	}
 
 	// 0x00 grpclength(uint32) 0x0A uleb128 payload
-	buf := make([]byte, 6)
-	_, err = io.ReadFull(g.response.Body, buf)
+	_, err = g.br.Discard(6)
 	if err != nil {
 		return 0, err
 	}
 
-	br := bufio.NewReaderSize(g.response.Body, 16)
-	protobufPayloadLen, err := binary.ReadUvarint(br)
+	protobufPayloadLen, err := binary.ReadUvarint(g.br)
 	if err != nil {
 		return 0, ErrInvalidLength
 	}
 
-	bufferedSize := br.Buffered()
-	if len(b) < bufferedSize {
-		n, err = br.Read(b)
-		g.br = br
-		g.remain = int(protobufPayloadLen) - n - g.br.Buffered()
-		return
+	size := int(protobufPayloadLen)
+	if len(b) < size {
+		size = len(b)
 	}
 
-	_, err = br.Read(b[:bufferedSize])
+	n, err = io.ReadFull(g.br, b[:size])
 	if err != nil {
 		return
 	}
 
-	offset := int(protobufPayloadLen)
-	if len(b) < int(protobufPayloadLen) {
-		offset = len(b)
-	}
-
-	if offset == bufferedSize {
-		return bufferedSize, nil
-	}
-
-	n, err = io.ReadFull(g.response.Body, b[bufferedSize:offset])
-	if err != nil {
-		return
-	}
-
-	remain := int(protobufPayloadLen) - offset
+	remain := int(protobufPayloadLen) - n
 	if remain > 0 {
 		g.remain = remain
 	}
 
-	return offset, nil
+	return n, nil
 }
 
 func (g *Conn) Write(b []byte) (n int, err error) {
-	protobufHeader := appendUleb128([]byte{0x0A}, uint64(len(b)))
+	protobufHeader := [binary.MaxVarintLen64 + 1]byte{0x0A}
+	varuintSize := binary.PutUvarint(protobufHeader[1:], uint64(len(b)))
 	grpcHeader := make([]byte, 5)
-	grpcPayloadLen := uint32(len(protobufHeader) + len(b))
+	grpcPayloadLen := uint32(varuintSize + 1 + len(b))
 	binary.BigEndian.PutUint32(grpcHeader[1:5], grpcPayloadLen)
 
-	buffers := net.Buffers{grpcHeader, protobufHeader, b}
-	_, err = buffers.WriteTo(g.writer)
+	buf := bufferPool.Get().(*bytes.Buffer)
+	defer bufferPool.Put(buf)
+	defer buf.Reset()
+	buf.Write(grpcHeader)
+	buf.Write(protobufHeader[:varuintSize+1])
+	buf.Write(b)
+
+	_, err = g.writer.Write(buf.Bytes())
 	if err == io.ErrClosedPipe && g.err != nil {
 		err = g.err
 	}
@@ -170,9 +153,20 @@ func (g *Conn) Close() error {
 
 func (g *Conn) LocalAddr() net.Addr                { return &net.TCPAddr{IP: net.IPv4zero, Port: 0} }
 func (g *Conn) RemoteAddr() net.Addr               { return &net.TCPAddr{IP: net.IPv4zero, Port: 0} }
-func (g *Conn) SetDeadline(t time.Time) error      { return nil }
-func (g *Conn) SetReadDeadline(t time.Time) error  { return nil }
-func (g *Conn) SetWriteDeadline(t time.Time) error { return nil }
+func (g *Conn) SetReadDeadline(t time.Time) error  { return g.SetDeadline(t) }
+func (g *Conn) SetWriteDeadline(t time.Time) error { return g.SetDeadline(t) }
+
+func (g *Conn) SetDeadline(t time.Time) error {
+	d := time.Until(t)
+	if g.deadline != nil {
+		g.deadline.Reset(d)
+		return nil
+	}
+	g.deadline = time.AfterFunc(d, func() {
+		g.Close()
+	})
+	return nil
+}
 
 func NewHTTP2Client(dialFn DialFn, tlsConfig *tls.Config) *http2.Transport {
 	dialFunc := func(network, addr string, cfg *tls.Config) (net.Conn, error) {
@@ -199,7 +193,6 @@ func NewHTTP2Client(dialFn DialFn, tlsConfig *tls.Config) *http2.Transport {
 		TLSClientConfig:    tlsConfig,
 		AllowHTTP:          false,
 		DisableCompression: true,
-		ReadIdleTimeout:    0,
 		PingTimeout:        0,
 	}
 }
@@ -210,10 +203,6 @@ func StreamGunWithTransport(transport *http2.Transport, cfg *Config) (net.Conn,
 		serviceName = cfg.ServiceName
 	}
 
-	client := &http.Client{
-		Transport: transport,
-	}
-
 	reader, writer := io.Pipe()
 	request := &http.Request{
 		Method: http.MethodPost,
@@ -230,10 +219,10 @@ func StreamGunWithTransport(transport *http2.Transport, cfg *Config) (net.Conn,
 	}
 
 	conn := &Conn{
-		request: request,
-		client:  client,
-		writer:  writer,
-		close:   atomic.NewBool(false),
+		request:   request,
+		transport: transport,
+		writer:    writer,
+		close:     atomic.NewBool(false),
 	}
 
 	go conn.once.Do(conn.initRequest)

component/gun/leb128.go

@@ -1,38 +0,0 @@
-// Copy from: https://github.com/Equim-chan/leb128
-// License: BSD-3-Clause
-
-package gun
-
-var sevenbits = [...]byte{
-	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-	0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
-	0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-	0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
-	0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
-	0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
-	0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
-	0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
-}
-
-func appendUleb128(b []byte, v uint64) []byte {
-	// If it's less than or equal to 7-bit
-	if v < 0x80 {
-		return append(b, sevenbits[v])
-	}
-
-	for {
-		c := uint8(v & 0x7f)
-		v >>= 7
-
-		if v != 0 {
-			c |= 0x80
-		}
-
-		b = append(b, c)
-		if c&0x80 == 0 {
-			break
-		}
-	}
-
-	return b
-}

component/process/process_freebsd_amd64.go

@@ -30,6 +30,10 @@ func findProcessName(network string, ip net.IP, srcPort int) (string, error) {
 		}
 	})
 
+	if defaultSearcher == nil {
+		return "", ErrPlatformNotSupport
+	}
+
 	var spath string
 	isTCP := network == TCP
 	switch network {
@@ -190,6 +194,8 @@ func newSearcher(major int) *searcher {
 			udpInpOffset: 8,
 		}
 	case 12:
+		fallthrough
+	case 13:
 		s = &searcher{
 			headSize:     64,
 			tcpItemSize:  744,

component/snell/pool.go

@@ -3,6 +3,7 @@ package snell
 import (
 	"context"
 	"net"
+	"time"
 
 	"github.com/Dreamacro/clash/component/pool"
 
@@ -61,6 +62,9 @@ func (pc *PoolConn) Write(b []byte) (int, error) {
 }
 
 func (pc *PoolConn) Close() error {
+	// clash use SetReadDeadline to break bidirectional copy between client and server.
+	// reset it before reuse connection to avoid io timeout error.
+	pc.Snell.Conn.SetReadDeadline(time.Time{})
 	pc.pool.Put(pc.Snell)
 	return nil
 }

component/vmess/aead.go

@@ -5,6 +5,7 @@ import (
 	"encoding/binary"
 	"errors"
 	"io"
+	"sync"
 
 	"github.com/Dreamacro/clash/common/pool"
 )
@@ -15,6 +16,8 @@ type aeadWriter struct {
 	nonce [32]byte
 	count uint16
 	iv    []byte
+
+	writeLock sync.Mutex
 }
 
 func newAEADWriter(w io.Writer, aead cipher.AEAD, iv []byte) *aeadWriter {
@@ -22,8 +25,12 @@ func newAEADWriter(w io.Writer, aead cipher.AEAD, iv []byte) *aeadWriter {
 }
 
 func (w *aeadWriter) Write(b []byte) (n int, err error) {
+	w.writeLock.Lock()
 	buf := pool.Get(pool.RelayBufferSize)
-	defer pool.Put(buf)
+	defer func() {
+		w.writeLock.Unlock()
+		pool.Put(buf)
+	}()
 	length := len(b)
 	for {
 		if length == 0 {

go.mod

@@ -4,19 +4,19 @@ go 1.16
 
 require (
 	github.com/Dreamacro/go-shadowsocks2 v0.1.7
-	github.com/go-chi/chi/v5 v5.0.2
+	github.com/go-chi/chi/v5 v5.0.3
 	github.com/go-chi/cors v1.2.0
 	github.com/go-chi/render v1.0.1
 	github.com/gofrs/uuid v4.0.0+incompatible
 	github.com/gorilla/websocket v1.4.2
-	github.com/miekg/dns v1.1.41
+	github.com/miekg/dns v1.1.42
 	github.com/oschwald/geoip2-golang v1.5.0
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.7.0
 	go.uber.org/atomic v1.7.0
-	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
-	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+	golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf
+	golang.org/x/net v0.0.0-20210508051633-16afe75a6701
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57
+	golang.org/x/sys v0.0.0-20210507161434-a76c4d0a0096
 	gopkg.in/yaml.v2 v2.4.0
 )

go.sum

@@ -3,8 +3,8 @@ github.com/Dreamacro/go-shadowsocks2 v0.1.7/go.mod h1:8p5G4cAj5ZlXwUR+Ww63gfSikr
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-chi/chi/v5 v5.0.2 h1:4xKeALZdMEsuI5s05PU2Bm89Uc5iM04qFubUCl5LfAQ=
-github.com/go-chi/chi/v5 v5.0.2/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/chi/v5 v5.0.3 h1:khYQBdPivkYG1s1TAzDQG1f6eX4kD2TItYVZexL5rS4=
+github.com/go-chi/chi/v5 v5.0.3/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-chi/cors v1.2.0 h1:tV1g1XENQ8ku4Bq3K9ub2AtgG+p16SmzeMSGTwrOKdE=
 github.com/go-chi/cors v1.2.0/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-chi/render v1.0.1 h1:4/5tis2cKaNdnv9zFLfXzcquC9HbeZgCnxGnKrltBS8=
@@ -13,8 +13,8 @@ github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPh
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
-github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
+github.com/miekg/dns v1.1.42 h1:gWGe42RGaIqXQZ+r3WUGEKBEtvPHY2SXo4dqixDNxuY=
+github.com/miekg/dns v1.1.42/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
 github.com/oschwald/geoip2-golang v1.5.0 h1:igg2yQIrrcRccB1ytFXqBfOHCjXWIoMv85lVJ1ONZzw=
 github.com/oschwald/geoip2-golang v1.5.0/go.mod h1:xdvYt5xQzB8ORWFqPnqMwZpCpgNagttWdoZLlJQzg7s=
 github.com/oschwald/maxminddb-golang v1.8.0 h1:Uh/DSnGoxsyp/KYbY1AuP0tYEwfs0sCph9p/UMXK/Hk=
@@ -32,23 +32,24 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 golang.org/x/crypto v0.0.0-20210317152858-513c2a44f670/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 h1:It14KIkyBFYkHkwZ7k45minvA9aorojkyjGk9KJ5B/w=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf h1:B2n+Zi5QeYRDAEodEu72OS36gmTWjgpXr2+cWcBW90o=
+golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210508051633-16afe75a6701 h1:lQVgcB3+FoAXOb20Dp6zTzAIrpj1k/yOOBN7s+Zv1rA=
+golang.org/x/net v0.0.0-20210508051633-16afe75a6701/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191224085550-c709ea063b76/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57 h1:F5Gozwx4I1xtr/sr/8CFbb57iKi3297KFs0QDbGN60A=
-golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210507161434-a76c4d0a0096 h1:5PbJGn5Sp3GEUjJ61aYbUP6RIo3Z3r2E4Tv9y2z8UHo=
+golang.org/x/sys v0.0.0-20210507161434-a76c4d0a0096/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

proxy/redir/tcp_other.go

@@ -1,3 +1,5 @@
+// +build !darwin,!linux,!freebsd
+
 package redir
 
 import (
@@ -8,5 +10,5 @@ import (
 )
 
 func parserPacket(conn net.Conn) (socks5.Addr, error) {
-	return nil, errors.New("Windows not support yet")
+	return nil, errors.New("system not support yet")
 }

proxy/redir/tproxy.go

@@ -48,7 +48,7 @@ func NewTProxy(addr string) (*TProxyListener, error) {
 				}
 				continue
 			}
-			go rl.handleRedir(c)
+			go rl.handleTProxy(c)
 		}
 	}()
 
@@ -64,7 +64,7 @@ func (l *TProxyListener) Address() string {
 	return l.address
 }
 
-func (l *TProxyListener) handleRedir(conn net.Conn) {
+func (l *TProxyListener) handleTProxy(conn net.Conn) {
 	target := socks5.ParseAddrToSocksAddr(conn.LocalAddr())
 	conn.(*net.TCPConn).SetKeepAlive(true)
 	tunnel.Add(inbound.NewSocket(target, conn, C.TPROXY))

tunnel/connection.go

@@ -21,6 +21,9 @@ func handleHTTP(ctx *context.HTTPContext, outbound net.Conn) {
 	req := ctx.Request()
 	conn := ctx.Conn()
 
+	// make outbound close after inbound error or close
+	conn = &connLinker{conn, outbound}
+
 	inboundReader := bufio.NewReader(conn)
 	outboundReader := bufio.NewReader(outbound)
 
@@ -29,7 +32,6 @@ func handleHTTP(ctx *context.HTTPContext, outbound net.Conn) {
 	for {
 		keepAlive := strings.TrimSpace(strings.ToLower(req.Header.Get("Proxy-Connection"))) == "keep-alive"
 
-		req.Header.Set("Connection", "close")
 		req.RequestURI = ""
 		inbound.RemoveHopByHopHeaders(req.Header)
 		err := req.Write(outbound)
@@ -72,14 +74,6 @@ func handleHTTP(ctx *context.HTTPContext, outbound net.Conn) {
 			break
 		}
 
-		// even if resp.Write write body to the connection, but some http request have to Copy to close it
-		buf := pool.Get(pool.RelayBufferSize)
-		_, err = io.CopyBuffer(conn, resp.Body, buf)
-		pool.Put(buf)
-		if err != nil && err != io.EOF {
-			break
-		}
-
 		req, err = http.ReadRequest(inboundReader)
 		if err != nil {
 			break
@@ -168,3 +162,31 @@ func relay(leftConn, rightConn net.Conn) {
 	rightConn.SetReadDeadline(time.Now())
 	<-ch
 }
+
+// connLinker make the two net.Conn correlated, for temporary resolution of leaks.
+// There is no better way to do this for now.
+type connLinker struct {
+	net.Conn
+	linker net.Conn
+}
+
+func (conn *connLinker) Read(b []byte) (n int, err error) {
+	n, err = conn.Conn.Read(b)
+	if err != nil {
+		conn.linker.Close()
+	}
+	return n, err
+}
+
+func (conn *connLinker) Write(b []byte) (n int, err error) {
+	n, err = conn.Conn.Write(b)
+	if err != nil {
+		conn.linker.Close()
+	}
+	return n, err
+}
+
+func (conn *connLinker) Close() error {
+	conn.linker.Close()
+	return conn.Conn.Close()
+}