fix: Rule-Set中不解析DNS

feat: RULE-SET支持no-resolve

.github/workflows/docker.yaml

@@ -1,11 +1,13 @@
 name: Docker
 
-on: [push]
-
+on:
+  push:
+    branches:
+      - Beta
+    tags:
+      - "v*"
 env:
   REGISTRY: docker.io
-  IMAGE_NAME: '{{ env.DOCKERHUB_ACCOUNT }}/{{ env.DOCKERHUB_REPO }}'
-
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -23,6 +25,8 @@ jobs:
 
       - name: Setup Docker buildx
         uses: docker/setup-buildx-action@v1
+        with:
+          version: latest
 
       # Extract metadata (tags, labels) for Docker
       # https://github.com/docker/metadata-action
@@ -30,15 +34,15 @@ jobs:
         id: meta
         uses: docker/metadata-action@v3
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_ACCOUNT }}/${{secrets.DOCKERHUB_REPO}}
 
-      - name: Log into registry ${{ env.REGISTRY }}
+      - name: Log into registry
         if: github.event_name != 'pull_request'
         uses: docker/login-action@v1
         with:
           registry: ${{ env.REGISTRY }}
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
@@ -47,6 +51,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: .
+          file: ./Dockerfile
           push: ${{ github.event_name != 'pull_request' }}
           platforms: |
             linux/386

.github/workflows/prerelease.yml

@@ -1,8 +1,15 @@
-name: alpha
-on: [push]
+name: Prerelease
+on:
+  push:
+    branches:
+      - Alpha
+      - Beta
+  pull_request:
+    branches:
+      - Alpha
+      - Beta
 jobs:
   Build:
-    if: ${{ !contains(github.event.head_commit.message, '[Skip CI]') }}
     runs-on: ubuntu-latest
     steps:
       - name: Get latest go version
@@ -24,9 +31,13 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      #      - name: Get dependencies, run test
-      #        run: |
-      #          go test ./...
+
+
+      - name: Test
+        if: ${{github.ref_name=='Beta'}}
+        run: |
+          go test ./...
+
       - name: Build
         if: success()
         env:
@@ -38,34 +49,22 @@ jobs:
         uses: andreaswilli/delete-release-assets-action@v2.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          tag: alpha
+          tag: Prerelease-${{ github.ref_name }}
           deleteOnlyFromDrafts: false
 
       - name: Tag Repo
         uses: richardsimko/update-tag@v1
         with:
-          tag_name: alpha
+          tag_name: Prerelease-${{ github.ref_name }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Upload Alpha
         uses: softprops/action-gh-release@v1
-        if: ${{ env.GIT_BRANCH != 'Meta' && success() }}
+        if: ${{  success() }}
         with:
-          tag: ${{ github.ref }}
-          tag_name: alpha
+          tag: ${{ github.ref_name }}
+          tag_name: Prerelease-${{ github.ref_name }}
           files: bin/*
           prerelease: true
-
-#      - name: send telegram message on push
-#        uses: appleboy/telegram-action@master
-#        with:
-#          to: ${{ secrets.TTELEGRAM_CHAT_ID }}
-#          token: ${{ secrets.TELEGRAM_TOKEN }}
-#          message: |
-#            ${{ github.actor }} created commit:
-#            Commit message: ${{ github.event.commits[0].message }}
-#
-#            Repository: ${{ github.repository }}
-#
-#            See changes: https://github.com/${{ github.repository }}/commit/${{github.sha}}
+          generate_release_notes: true

.github/workflows/release.yaml

@@ -0,0 +1,44 @@
+name: Release
+on:
+  push:
+    tags:
+      - "v*"
+jobs:
+  Build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get latest go version
+        id: version
+        run: |
+          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ steps.version.outputs.go_version }}
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+      - name: Cache go module
+        uses: actions/cache@v2
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Test
+        run: |
+          go test ./...
+      - name: Build
+        if: success()
+        env:
+          NAME: Clash.Meta
+          BINDIR: bin
+        run: make -j releases
+
+      - name: Upload Release
+        uses: softprops/action-gh-release@v1
+        if: ${{ success() && startsWith(github.ref, 'refs/tags/')}}
+        with:
+          tag: ${{ github.ref }}
+          files: bin/*
+          generate_release_notes: true

Dockerfile

@@ -1,41 +1,26 @@
 FROM golang:alpine as builder
 
-ARG TARGETOS
-ARG TARGETARCH
-
 RUN apk add --no-cache make git && \
     mkdir /clash-config && \
     wget -O /clash-config/Country.mmdb https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb && \
     wget -O /clash-config/geosite.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat && \
     wget -O /clash-config/geoip.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
 
-WORKDIR /clash-src
+
 COPY . /clash-src
-RUN go mod download
-RUN /bin/ash -c 'set -ex && \
-    if [ "$TARGETARCH" == "amd64" ]; then \
-       GOOS=$TARGETOS GOARCH=$TARGETARCH GOAMD64=v1 make docker && \
-       mv ./bin/Clash.Meta-docker ./bin/clash-amd64v1 && \
-       GOOS=$TARGETOS GOARCH=$TARGETARCH GOAMD64=v2 make docker && \
-       mv ./bin/Clash.Meta-docker ./bin/clash-amd64v2 && \
-       GOOS=$TARGETOS GOARCH=$TARGETARCH GOAMD64=v3 make docker && \
-       mv ./bin/Clash.Meta-docker ./bin/clash-amd64v3 && \
-       ln -s clash-amd64v3 ./bin/clash-amd64v4 && \
-       mv check_amd64.sh ./bin/ && \
-       printf "#!/bin/sh\\nsh ./check_amd64.sh\\nexec ./clash-amd64v\$? \$@" > ./bin/clash && \
-       chmod +x ./bin/check_amd64.sh ./bin/clash; \
-    else \
-       GOOS=$TARGETOS GOARCH=$TARGETARCH make docker && \
-       mv ./bin/Clash.Meta-docker ./bin/clash; \
-    fi'
+WORKDIR /clash-src
+RUN go mod download &&\
+    make docker &&\
+    mv ./bin/Clash.Meta-docker /clash
+
 FROM alpine:latest
 LABEL org.opencontainers.image.source="https://github.com/MetaCubeX/Clash.Meta"
 
 RUN apk add --no-cache ca-certificates tzdata
 
 VOLUME ["/root/.config/clash/"]
-EXPOSE 7890/tcp
 
 COPY --from=builder /clash-config/ /root/.config/clash/
-COPY --from=builder /clash-src/bin/ /
+COPY --from=builder /clash /clash
+RUN chmod +x /clash
 ENTRYPOINT [ "/clash" ]

Makefile

@@ -1,7 +1,16 @@
 NAME=Clash.Meta
 BINDIR=bin
-BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
+BRANCH=$(shell git branch --show-current)
+ifeq ($(BRANCH),Alpha)
 VERSION=alpha-$(shell git rev-parse --short HEAD)
+else ifeq ($(BRANCH),Beta)
+VERSION=beta-$(shell git rev-parse --short HEAD)
+else ifeq ($(BRANCH),)
+VERSION=$(shell git describe --tags)
+else
+VERSION=unknown
+endif
+
 BUILDTIME=$(shell date -u)
 GOBUILD=CGO_ENABLED=0 go build -trimpath -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
 		-X "github.com/Dreamacro/clash/constant.BuildTime=$(BUILDTIME)" \
@@ -43,7 +52,7 @@ all:linux-amd64 linux-arm64\
  	windows-amd64 windows-arm64\
 
 docker:
-	$(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+	GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
 darwin-amd64v3:
 	GOARCH=amd64 GOOS=darwin GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@

adapter/outbound/base.go

@@ -2,12 +2,10 @@ package outbound
 
 import (
 	"context"
-	"crypto/sha1"
-	"encoding/hex"
 	"encoding/json"
 	"errors"
+	"github.com/gofrs/uuid"
 	"net"
-	"regexp"
 
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
@@ -20,6 +18,7 @@ type Base struct {
 	tp    C.AdapterType
 	udp   bool
 	rmark int
+	id    string
 }
 
 // Name implements C.ProxyAdapter
@@ -27,6 +26,20 @@ func (b *Base) Name() string {
 	return b.name
 }
 
+// Id implements C.ProxyAdapter
+func (b *Base) Id() string {
+	if b.id == "" {
+		id, err := uuid.NewV6()
+		if err != nil {
+			b.id = b.name
+		} else {
+			b.id = id.String()
+		}
+	}
+
+	return b.id
+}
+
 // Type implements C.ProxyAdapter
 func (b *Base) Type() C.AdapterType {
 	return b.tp
@@ -61,6 +74,7 @@ func (b *Base) SupportUDP() bool {
 func (b *Base) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
 		"type": b.Type().String(),
+		"id":   b.Id(),
 	})
 }
 
@@ -149,28 +163,3 @@ func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
 func newPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
 	return &packetConn{pc, []string{a.Name()}}
 }
-
-func uuidMap(str string) string {
-	match, _ := regexp.MatchString(`[\da-f]{8}(-[\da-f]{4}){3}-[\da-f]{12}$`, str)
-	if !match {
-		var Nil [16]byte
-		h := sha1.New()
-		h.Write(Nil[:])
-		h.Write([]byte(str))
-		u := h.Sum(nil)[:16]
-		u[6] = (u[6] & 0x0f) | (5 << 4)
-		u[8] = u[8]&(0xff>>2) | (0x02 << 6)
-		buf := make([]byte, 36)
-		hex.Encode(buf[0:8], u[0:4])
-		buf[8] = '-'
-		hex.Encode(buf[9:13], u[4:6])
-		buf[13] = '-'
-		hex.Encode(buf[14:18], u[6:8])
-		buf[18] = '-'
-		hex.Encode(buf[19:23], u[8:10])
-		buf[23] = '-'
-		hex.Encode(buf[24:], u[10:])
-		return string(buf)
-	}
-	return str
-}

adapter/outbound/direct.go

@@ -56,13 +56,3 @@ func NewCompatible() *Direct {
 		},
 	}
 }
-
-func NewPass() *Direct {
-	return &Direct{
-		Base: &Base{
-			name: "PASS",
-			tp:   C.Pass,
-			udp:  true,
-		},
-	}
-}

adapter/outbound/reject.go

@@ -34,6 +34,16 @@ func NewReject() *Reject {
 	}
 }
 
+func NewPass() *Reject {
+	return &Reject{
+		Base: &Base{
+			name: "PASS",
+			tp:   C.Pass,
+			udp:  true,
+		},
+	}
+}
+
 type nopConn struct{}
 
 func (rw *nopConn) Read(b []byte) (int, error) {

adapter/outbound/snell.go

@@ -99,7 +99,13 @@ func (s *Snell) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 	tcpKeepAlive(c)
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
 
-	return s.ListenPacketOnStreamConn(c, metadata)
+	err = snell.WriteUDPHeader(c, s.version)
+	if err != nil {
+		return nil, err
+	}
+
+	pc := snell.PacketConn(c)
+	return newPacketConn(pc, s), nil
 }
 
 // ListenPacketOnStreamConn implements C.ProxyAdapter

adapter/outbound/trojan.go

@@ -13,8 +13,6 @@ import (
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/trojan"
 	"github.com/Dreamacro/clash/transport/vless"
-
-	"golang.org/x/net/http2"
 )
 
 type Trojan struct {
@@ -25,7 +23,7 @@ type Trojan struct {
 	// for gun mux
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
-	transport    *http2.Transport
+	transport    *gun.TransportWrap
 }
 
 type TrojanOption struct {
@@ -161,7 +159,13 @@ func (t *Trojan) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 		}
 	}
 
-	return t.ListenPacketOnStreamConn(c, metadata)
+	err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
+	if err != nil {
+		return nil, err
+	}
+
+	pc := t.instance.PacketConn(c)
+	return newPacketConn(pc, t), err
 }
 
 // ListenPacketOnStreamConn implements C.ProxyAdapter

adapter/outbound/vless.go

@@ -18,8 +18,6 @@ import (
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/vless"
 	"github.com/Dreamacro/clash/transport/vmess"
-
-	"golang.org/x/net/http2"
 )
 
 const (
@@ -35,7 +33,7 @@ type Vless struct {
 	// for gun mux
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
-	transport    *http2.Transport
+	transport    *gun.TransportWrap
 }
 
 type VlessOption struct {
@@ -396,7 +394,7 @@ func NewVless(option VlessOption) (*Vless, error) {
 		}
 	}
 
-	client, err := vless.NewClient(uuidMap(option.UUID), addons, option.FlowShow)
+	client, err := vless.NewClient(option.UUID, addons, option.FlowShow)
 	if err != nil {
 		return nil, err
 	}

adapter/outbound/vmess.go

@@ -15,8 +15,6 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/vmess"
-
-	"golang.org/x/net/http2"
 )
 
 type Vmess struct {
@@ -27,7 +25,7 @@ type Vmess struct {
 	// for gun mux
 	gunTLSConfig *tls.Config
 	gunConfig    *gun.Config
-	transport    *http2.Transport
+	transport    *gun.TransportWrap
 }
 
 type VmessOption struct {
@@ -276,7 +274,7 @@ func (v *Vmess) SupportUOT() bool {
 func NewVmess(option VmessOption) (*Vmess, error) {
 	security := strings.ToLower(option.Cipher)
 	client, err := vmess.NewClient(vmess.Config{
-		UUID:     uuidMap(option.UUID),
+		UUID:     option.UUID,
 		AlterID:  uint16(option.AlterID),
 		Security: security,
 		HostName: option.Server,

adapter/outboundgroup/fallback.go

@@ -3,10 +3,6 @@ package outboundgroup
 import (
 	"context"
 	"encoding/json"
-	"github.com/Dreamacro/clash/log"
-	"go.uber.org/atomic"
-	"time"
-
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
@@ -16,8 +12,6 @@ import (
 type Fallback struct {
 	*GroupBase
 	disableUDP bool
-	failedTimes *atomic.Int32
-	failedTime  *atomic.Int64
 }
 
 func (f *Fallback) Now() string {
@@ -31,8 +25,7 @@ func (f *Fallback) DialContext(ctx context.Context, metadata *C.Metadata, opts .
 	c, err := proxy.DialContext(ctx, metadata, f.Base.DialOptions(opts...)...)
 	if err == nil {
 		c.AppendToChains(f)
-		f.failedTimes.Store(-1)
-		f.failedTime.Store(-1)
+		f.onDialSuccess()
 	} else {
 		f.onDialFailed()
 	}
@@ -46,41 +39,11 @@ func (f *Fallback) ListenPacketContext(ctx context.Context, metadata *C.Metadata
 	pc, err := proxy.ListenPacketContext(ctx, metadata, f.Base.DialOptions(opts...)...)
 	if err == nil {
 		pc.AppendToChains(f)
-		f.failedTimes.Store(-1)
-		f.failedTime.Store(-1)
-	} else {
-		f.onDialFailed()
 	}
 
 	return pc, err
 }
 
-func (f *Fallback) onDialFailed() {
-	if f.failedTime.Load() == -1 {
-		log.Warnln("%s first failed", f.Name())
-		now := time.Now().UnixMilli()
-		f.failedTime.Store(now)
-		f.failedTimes.Store(1)
-	} else {
-		if f.failedTime.Load()-time.Now().UnixMilli() > 5*time.Second.Milliseconds() {
-			f.failedTimes.Store(-1)
-			f.failedTime.Store(-1)
-		} else {
-			failedCount := f.failedTimes.Inc()
-			log.Warnln("%s failed count: %d", f.Name(), failedCount)
-			if failedCount >= 5 {
-				log.Warnln("because %s failed multiple times, active health check", f.Name())
-				for _, proxyProvider := range f.providers {
-					go proxyProvider.HealthCheck()
-				}
-
-				f.failedTimes.Store(-1)
-				f.failedTime.Store(-1)
-			}
-		}
-	}
-}
-
 // SupportUDP implements C.ProxyAdapter
 func (f *Fallback) SupportUDP() bool {
 	if f.disableUDP {
@@ -134,7 +97,5 @@ func NewFallback(option *GroupCommonOption, providers []provider.ProxyProvider)
 			providers,
 		}),
 		disableUDP: option.DisableUDP,
-		failedTimes: atomic.NewInt32(-1),
-		failedTime:  atomic.NewInt64(-1),
 	}
 }

adapter/outboundgroup/groupbase.go

@@ -5,9 +5,12 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 	types "github.com/Dreamacro/clash/constant/provider"
+	"github.com/Dreamacro/clash/log"
 	"github.com/Dreamacro/clash/tunnel"
 	"github.com/dlclark/regexp2"
+	"go.uber.org/atomic"
 	"sync"
+	"time"
 )
 
 type GroupBase struct {
@@ -16,6 +19,10 @@ type GroupBase struct {
 	providers     []provider.ProxyProvider
 	versions      sync.Map // map[string]uint
 	proxies       sync.Map // map[string][]C.Proxy
+	failedTestMux sync.Mutex
+	failedTimes   int
+	failedTime    time.Time
+	failedTesting *atomic.Bool
 }
 
 type GroupBaseOption struct {
@@ -33,6 +40,7 @@ func NewGroupBase(opt GroupBaseOption) *GroupBase {
 		Base:          outbound.NewBase(opt.BaseOption),
 		filter:        filter,
 		providers:     opt.providers,
+		failedTesting: atomic.NewBool(false),
 	}
 }
 
@@ -51,7 +59,7 @@ func (gb *GroupBase) GetProxies(touch bool) []C.Proxy {
 		}
 		return proxies
 	}
-	//TODO("Touch Version 没变的")
+
 	for _, pd := range gb.providers {
 		if pd.VehicleType() == types.Compatible {
 			if touch {
@@ -96,3 +104,61 @@ func (gb *GroupBase) GetProxies(touch bool) []C.Proxy {
 	}
 	return proxies
 }
+
+func (gb *GroupBase) onDialFailed() {
+	if gb.failedTesting.Load() {
+		return
+	}
+
+	go func() {
+		gb.failedTestMux.Lock()
+		defer gb.failedTestMux.Unlock()
+
+		gb.failedTimes++
+		if gb.failedTimes == 1 {
+			log.Warnln("ProxyGroup: %s first failed", gb.Name())
+			gb.failedTime = time.Now()
+		} else {
+			if time.Since(gb.failedTime) > gb.failedTimeoutInterval() {
+				return
+			}
+
+			log.Warnln("ProxyGroup: %s failed count: %d", gb.Name(), gb.failedTimes)
+			if gb.failedTimes >= gb.maxFailedTimes() {
+				gb.failedTesting.Store(true)
+				log.Warnln("because %s failed multiple times, active health check", gb.Name())
+				wg := sync.WaitGroup{}
+				for _, proxyProvider := range gb.providers {
+					wg.Add(1)
+					proxyProvider := proxyProvider
+					go func() {
+						defer wg.Done()
+						proxyProvider.HealthCheck()
+					}()
+				}
+
+				wg.Wait()
+				gb.failedTesting.Store(false)
+				gb.failedTimes = 0
+			}
+		}
+	}()
+}
+
+func (gb *GroupBase) failedIntervalTime() int64 {
+	return 5 * time.Second.Milliseconds()
+}
+
+func (gb *GroupBase) onDialSuccess() {
+	if !gb.failedTesting.Load() {
+		gb.failedTimes = 0
+	}
+}
+
+func (gb *GroupBase) maxFailedTimes() int {
+	return 5
+}
+
+func (gb *GroupBase) failedTimeoutInterval() time.Duration {
+	return 5 * time.Second
+}

adapter/outboundgroup/loadbalance.go

@@ -5,7 +5,9 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/Dreamacro/clash/common/cache"
 	"net"
+	"time"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/murmur3"
@@ -36,6 +38,10 @@ func parseStrategy(config map[string]any) string {
 }
 
 func getKey(metadata *C.Metadata) string {
+	if metadata == nil {
+		return ""
+	}
+
 	if metadata.Host != "" {
 		// ip host
 		if ip := net.ParseIP(metadata.Host); ip != nil {
@@ -54,6 +60,16 @@ func getKey(metadata *C.Metadata) string {
 	return metadata.DstIP.String()
 }
 
+func getKeyWithSrcAndDst(metadata *C.Metadata) string {
+	dst := getKey(metadata)
+	src := ""
+	if metadata != nil {
+		src = metadata.SrcIP.String()
+	}
+
+	return fmt.Sprintf("%s%s", src, dst)
+}
+
 func jumpHash(key uint64, buckets int32) int32 {
 	var b, j int64
 
@@ -71,6 +87,9 @@ func (lb *LoadBalance) DialContext(ctx context.Context, metadata *C.Metadata, op
 	defer func() {
 		if err == nil {
 			c.AppendToChains(lb)
+			lb.onDialSuccess()
+		} else {
+			lb.onDialFailed()
 		}
 	}()
 
@@ -130,6 +149,35 @@ func strategyConsistentHashing() strategyFn {
 	}
 }
 
+func strategyStickySessions() strategyFn {
+	ttl := time.Minute * 10
+
+	c := cache.New[uint64, int](1 * time.Second)
+	return func(proxies []C.Proxy, metadata *C.Metadata) C.Proxy {
+		key := uint64(murmur3.Sum32([]byte(getKeyWithSrcAndDst(metadata))))
+		length := len(proxies)
+		idx, expireTime := c.GetWithExpire(key)
+		if expireTime.IsZero() {
+			idx = int(jumpHash(key+uint64(time.Now().UnixMilli()), int32(length)))
+		}
+
+		for i := 0; i < length; i++ {
+			nowIdx := (idx + 1) % length
+			proxy := proxies[nowIdx]
+			if proxy.Alive() {
+				if nowIdx != idx {
+					c.Put(key, idx, -1)
+					c.Put(key, nowIdx, ttl)
+				}
+
+				return proxy
+			}
+		}
+
+		return proxies[0]
+	}
+}
+
 // Unwrap implements C.ProxyAdapter
 func (lb *LoadBalance) Unwrap(metadata *C.Metadata) C.Proxy {
 	proxies := lb.GetProxies(true)
@@ -138,7 +186,7 @@ func (lb *LoadBalance) Unwrap(metadata *C.Metadata) C.Proxy {
 
 // MarshalJSON implements C.ProxyAdapter
 func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
-	all := []string{}
+	var all []string
 	for _, proxy := range lb.GetProxies(false) {
 		all = append(all, proxy.Name())
 	}
@@ -155,6 +203,8 @@ func NewLoadBalance(option *GroupCommonOption, providers []provider.ProxyProvide
 		strategyFn = strategyConsistentHashing()
 	case "round-robin":
 		strategyFn = strategyRoundRobin()
+	case "sticky-sessions":
+		strategyFn = strategyStickySessions()
 	default:
 		return nil, fmt.Errorf("%w: %s", errStrategy, strategy)
 	}

adapter/outboundgroup/relay.go

@@ -170,6 +170,11 @@ func (r *Relay) proxies(metadata *C.Metadata, touch bool) ([]C.Proxy, []C.Proxy)
 	return targetProxies, chainProxies
 }
 
+func (r *Relay) Addr() string {
+	proxies, _ := r.proxies(nil, true)
+	return proxies[len(proxies)-1].Addr()
+}
+
 func NewRelay(option *GroupCommonOption, providers []provider.ProxyProvider) *Relay {
 	return &Relay{
 		GroupBase: NewGroupBase(GroupBaseOption{

adapter/outboundgroup/urltest.go

@@ -3,8 +3,6 @@ package outboundgroup
 import (
 	"context"
 	"encoding/json"
-	"github.com/Dreamacro/clash/log"
-	"go.uber.org/atomic"
 	"time"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
@@ -28,8 +26,6 @@ type URLTest struct {
 	disableUDP bool
 	fastNode   C.Proxy
 	fastSingle *singledo.Single[C.Proxy]
-	failedTimes *atomic.Int32
-	failedTime  *atomic.Int64
 }
 
 func (u *URLTest) Now() string {
@@ -41,8 +37,7 @@ func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata, opts ..
 	c, err = u.fast(true).DialContext(ctx, metadata, u.Base.DialOptions(opts...)...)
 	if err == nil {
 		c.AppendToChains(u)
-		u.failedTimes.Store(-1)
-		u.failedTime.Store(-1)
+		u.onDialSuccess()
 	} else {
 		u.onDialFailed()
 	}
@@ -54,11 +49,8 @@ func (u *URLTest) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 	pc, err := u.fast(true).ListenPacketContext(ctx, metadata, u.Base.DialOptions(opts...)...)
 	if err == nil {
 		pc.AppendToChains(u)
-		u.failedTimes.Store(-1)
-		u.failedTime.Store(-1)
-	} else {
-		u.onDialFailed()
 	}
+
 	return pc, err
 }
 
@@ -123,32 +115,6 @@ func (u *URLTest) MarshalJSON() ([]byte, error) {
 	})
 }
 
-func (u *URLTest) onDialFailed() {
-	if u.failedTime.Load() == -1 {
-		log.Warnln("%s first failed", u.Name())
-		now := time.Now().UnixMilli()
-		u.failedTime.Store(now)
-		u.failedTimes.Store(1)
-	} else {
-		if u.failedTime.Load()-time.Now().UnixMilli() > 5*1000 {
-			u.failedTimes.Store(-1)
-			u.failedTime.Store(-1)
-		} else {
-			failedCount := u.failedTimes.Inc()
-			log.Warnln("%s failed count: %d", u.Name(), failedCount)
-			if failedCount >= 5 {
-				log.Warnln("because %s failed multiple times, active health check", u.Name())
-				for _, proxyProvider := range u.providers {
-					go proxyProvider.HealthCheck()
-				}
-
-				u.failedTimes.Store(-1)
-				u.failedTime.Store(-1)
-			}
-		}
-	}
-}
-
 func parseURLTestOption(config map[string]any) []urlTestOption {
 	opts := []urlTestOption{}
 
@@ -171,13 +137,12 @@ func NewURLTest(option *GroupCommonOption, providers []provider.ProxyProvider, o
 				Interface:   option.Interface,
 				RoutingMark: option.RoutingMark,
 			},
+
 			option.Filter,
 			providers,
 		}),
 		fastSingle: singledo.NewSingle[C.Proxy](time.Second * 10),
 		disableUDP: option.DisableUDP,
-		failedTimes: atomic.NewInt32(-1),
-		failedTime:  atomic.NewInt64(-1),
 	}
 
 	for _, option := range options {

adapter/provider/fetcher.go

@@ -43,6 +43,14 @@ func (f *fetcher) Initial() (any, error) {
 		err     error
 		isLocal bool
 	)
+
+	defer func() {
+		// pull proxies automatically
+		if f.ticker != nil {
+			go f.pullLoop()
+		}
+	}()
+
 	if stat, fErr := os.Stat(f.vehicle.Path()); fErr == nil {
 		buf, err = os.ReadFile(f.vehicle.Path())
 		modTime := stat.ModTime()
@@ -84,11 +92,6 @@ func (f *fetcher) Initial() (any, error) {
 
 	f.hash = md5.Sum(buf)
 
-	// pull proxies automatically
-	if f.ticker != nil {
-		go f.pullLoop()
-	}
-
 	return proxies, nil
 }
 

adapter/provider/vehicle.go

@@ -73,7 +73,7 @@ func (h *HTTPVehicle) Read() ([]byte, error) {
 	transport := &http.Transport{
 		// from http.DefaultTransport
 		MaxIdleConns:          100,
-		IdleConnTimeout:       90 * time.Second,
+		IdleConnTimeout:       30 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {

common/structure/structure.go

@@ -159,9 +159,19 @@ func (d *Decoder) decodeSlice(name string, data any, val reflect.Value) error {
 		for valSlice.Len() <= i {
 			valSlice = reflect.Append(valSlice, reflect.Zero(valElemType))
 		}
-		currentField := valSlice.Index(i)
-
 		fieldName := fmt.Sprintf("%s[%d]", name, i)
+		if currentData == nil {
+			// in weakly type mode, null will convert to zero value
+			if d.option.WeaklyTypedInput {
+				continue
+			}
+			// in non-weakly type mode, null will convert to nil if element's zero value is nil, otherwise return an error
+			if elemKind := valElemType.Kind(); elemKind == reflect.Map || elemKind == reflect.Slice {
+				continue
+			}
+			return fmt.Errorf("'%s' can not be null", fieldName)
+		}
+		currentField := valSlice.Index(i)
 		if err := d.decode(fieldName, currentData, currentField); err != nil {
 			return err
 		}

common/utils/uuid.go

@@ -0,0 +1,16 @@
+package utils
+
+import (
+	"github.com/gofrs/uuid"
+)
+
+var uuidNamespace, _ = uuid.FromString("00000000-0000-0000-0000-000000000000")
+
+// UUIDMap https://github.com/XTLS/Xray-core/issues/158#issue-783294090
+func UUIDMap(str string) (uuid.UUID, error) {
+	u, err := uuid.FromString(str)
+	if err != nil {
+		return uuid.NewV5(uuidNamespace, str), nil
+	}
+	return u, nil
+}

common/utils/uuid_test.go

@@ -0,0 +1,74 @@
+package utils
+
+import (
+	"github.com/gofrs/uuid"
+	"reflect"
+	"testing"
+)
+
+func TestUUIDMap(t *testing.T) {
+	type args struct {
+		str string
+	}
+
+	tests := []struct {
+		name    string
+		args    args
+		want    uuid.UUID
+		wantErr bool
+	}{
+		{
+			name: "uuid-test-1",
+			args: args{
+				str: "82410302-039e-41b6-98b0-d964084b4170",
+			},
+			want:    uuid.FromStringOrNil("82410302-039e-41b6-98b0-d964084b4170"),
+			wantErr: false,
+		},
+		{
+			name: "uuid-test-2",
+			args: args{
+				str: "88c502e6-d7eb-4c8e-8259-94cb13d83c77",
+			},
+			want:    uuid.FromStringOrNil("88c502e6-d7eb-4c8e-8259-94cb13d83c77"),
+			wantErr: false,
+		},
+		{
+			name: "uuid-map-1",
+			args: args{
+				str: "123456",
+			},
+			want:    uuid.FromStringOrNil("f8598425-92f2-5508-a071-4fc67f9040ac"),
+			wantErr: false,
+		},
+		// GENERATED BY 'xray uuid -i'
+		{
+			name: "uuid-map-2",
+			args: args{
+				str: "a9dk23bz0",
+			},
+			want:    uuid.FromStringOrNil("c91481b6-fc0f-5d9e-b166-5ddf07b9c3c5"),
+			wantErr: false,
+		},
+		{
+			name: "uuid-map-2",
+			args: args{
+				str: "中文123",
+			},
+			want:    uuid.FromStringOrNil("145c544c-2229-59e5-8dbb-3f33b7610d26"),
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := UUIDMap(tt.args.str)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("UUIDMap() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("UUIDMap() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

component/dialer/dialer.go

@@ -253,7 +253,7 @@ func concurrentDialContext(ctx context.Context, network string, ips []netip.Addr
 		}
 	}
 
-	return nil, errors.New("all ip tcp shake hands failed")
+	return nil, fmt.Errorf("all ips %v tcp shake hands failed", ips)
 }
 
 func singleDialContext(ctx context.Context, network string, address string, opt *option) (net.Conn, error) {

component/geodata/router/condition.go

@@ -33,9 +33,10 @@ func domainToMatcher(domain *Domain) (strmatcher.Matcher, error) {
 
 type DomainMatcher struct {
 	matchers strmatcher.IndexMatcher
+	not      bool
 }
 
-func NewMphMatcherGroup(domains []*Domain) (*DomainMatcher, error) {
+func NewMphMatcherGroup(domains []*Domain, not bool) (*DomainMatcher, error) {
 	g := strmatcher.NewMphMatcherGroup()
 	for _, d := range domains {
 		matcherType, f := matcherTypeMap[d.Type]
@@ -50,11 +51,12 @@ func NewMphMatcherGroup(domains []*Domain) (*DomainMatcher, error) {
 	g.Build()
 	return &DomainMatcher{
 		matchers: g,
+		not:      not,
 	}, nil
 }
 
 // NewDomainMatcher new domain matcher.
-func NewDomainMatcher(domains []*Domain) (*DomainMatcher, error) {
+func NewDomainMatcher(domains []*Domain, not bool) (*DomainMatcher, error) {
 	g := new(strmatcher.MatcherGroup)
 	for _, d := range domains {
 		m, err := domainToMatcher(d)
@@ -66,11 +68,16 @@ func NewDomainMatcher(domains []*Domain) (*DomainMatcher, error) {
 
 	return &DomainMatcher{
 		matchers: g,
+		not:      not,
 	}, nil
 }
 
 func (m *DomainMatcher) ApplyDomain(domain string) bool {
-	return len(m.matchers.Match(strings.ToLower(domain))) > 0
+	isMatched := len(m.matchers.Match(strings.ToLower(domain))) > 0
+	if m.not {
+		isMatched = !isMatched
+	}
+	return isMatched
 }
 
 // CIDRList is an alias of []*CIDR to provide sort.Interface.

component/geodata/utils.go

@@ -1,9 +1,9 @@
 package geodata
 
 import (
+	"fmt"
 	"github.com/Dreamacro/clash/component/geodata/router"
 	C "github.com/Dreamacro/clash/constant"
-	"strings"
 )
 
 var geoLoaderName = "memconservative"
@@ -35,6 +35,16 @@ func Verify(name string) bool {
 }
 
 func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error) {
+	if len(countryCode) == 0 {
+		return nil, 0, fmt.Errorf("country code could not be empty")
+	}
+
+	not := false
+	if countryCode[0] == '!' {
+		not = true
+		countryCode = countryCode[1:]
+	}
+
 	geoLoader, err := GetGeoDataLoader(geoLoaderName)
 	if err != nil {
 		return nil, 0, err
@@ -50,7 +60,7 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 	matcher, err := router.NewDomainMatcher(domains)
 	mph：minimal perfect hash algorithm
 	*/
-	matcher, err := router.NewMphMatcherGroup(domains)
+	matcher, err := router.NewMphMatcherGroup(domains, not)
 	if err != nil {
 		return nil, 0, err
 	}
@@ -59,12 +69,21 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 }
 
 func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
+	if len(country) == 0 {
+		return nil, 0, fmt.Errorf("country code could not be empty")
+	}
 	geoLoader, err := GetGeoDataLoader(geoLoaderName)
 	if err != nil {
 		return nil, 0, err
 	}
 
-	records, err := geoLoader.LoadGeoIP(strings.ReplaceAll(country, "!", ""))
+	not := false
+	if country[0] == '!' {
+		not = true
+		country = country[1:]
+	}
+
+	records, err := geoLoader.LoadGeoIP(country)
 	if err != nil {
 		return nil, 0, err
 	}
@@ -72,7 +91,7 @@ func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
 	geoIP := &router.GeoIP{
 		CountryCode:  country,
 		Cidr:         records,
-		ReverseMatch: strings.Contains(country, "!"),
+		ReverseMatch: not,
 	}
 
 	matcher, err := router.NewGeoIPMatcher(geoIP)

component/sniffer/dispatcher.go

@@ -2,6 +2,7 @@ package sniffer
 
 import (
 	"errors"
+	"github.com/Dreamacro/clash/constant/sniffer"
 	"net"
 	"net/netip"
 	"strconv"
@@ -19,6 +20,7 @@ import (
 var (
 	ErrorUnsupportedSniffer = errors.New("unsupported sniffer")
 	ErrorSniffFailed        = errors.New("all sniffer failed")
+	ErrNoClue               = errors.New("not enough information for making a decision")
 )
 
 var Dispatcher SnifferDispatcher
@@ -27,7 +29,7 @@ type (
 	SnifferDispatcher struct {
 		enable bool
 
-		sniffers []C.Sniffer
+		sniffers []sniffer.Sniffer
 
 		foreDomain *trie.DomainTrie[bool]
 		skipSNI    *trie.DomainTrie[bool]
@@ -84,7 +86,6 @@ func (sd *SnifferDispatcher) replaceDomain(metadata *C.Metadata, host string) {
 	metadata.Host = host
 	metadata.DNSMode = C.DNSMapping
 	resolver.InsertHostByIP(metadata.DstIP, host)
-	metadata.DstIP = netip.Addr{}
 }
 
 func (sd *SnifferDispatcher) Enable() bool {
@@ -94,16 +95,16 @@ func (sd *SnifferDispatcher) Enable() bool {
 func (sd *SnifferDispatcher) sniffDomain(conn *CN.BufferedConn, metadata *C.Metadata) (string, error) {
 	for _, sniffer := range sd.sniffers {
 		if sniffer.SupportNetwork() == C.TCP {
-			conn.SetReadDeadline(time.Now().Add(3 * time.Second))
+			_ = conn.SetReadDeadline(time.Now().Add(3 * time.Second))
 			_, err := conn.Peek(1)
-			conn.SetReadDeadline(time.Time{})
+			_ = conn.SetReadDeadline(time.Time{})
 			if err != nil {
 				_, ok := err.(*net.OpError)
 				if ok {
-					log.Errorln("[Sniffer] [%s] Maybe read timeout, Consider adding skip", metadata.DstIP.String())
-					conn.Close()
+					log.Errorln("[Sniffer] [%s] may not have any sent data, Consider adding skip", metadata.DstIP.String())
+					_ = conn.Close()
 				}
-				log.Errorln("[Sniffer] %v", err)
+
 				return "", err
 			}
 
@@ -116,7 +117,13 @@ func (sd *SnifferDispatcher) sniffDomain(conn *CN.BufferedConn, metadata *C.Meta
 
 			host, err := sniffer.SniffTCP(bytes)
 			if err != nil {
-				log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP)
+				//log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP)
+				continue
+			}
+
+			_, err = netip.ParseAddr(host)
+			if err == nil {
+				//log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP)
 				continue
 			}
 
@@ -135,7 +142,7 @@ func NewCloseSnifferDispatcher() (*SnifferDispatcher, error) {
 	return &dispatcher, nil
 }
 
-func NewSnifferDispatcher(needSniffer []C.SnifferType, forceDomain *trie.DomainTrie[bool],
+func NewSnifferDispatcher(needSniffer []sniffer.Type, forceDomain *trie.DomainTrie[bool],
 	skipSNI *trie.DomainTrie[bool], ports *[]utils.Range[uint16]) (*SnifferDispatcher, error) {
 	dispatcher := SnifferDispatcher{
 		enable:     true,
@@ -157,10 +164,12 @@ func NewSnifferDispatcher(needSniffer []C.SnifferType, forceDomain *trie.DomainT
 	return &dispatcher, nil
 }
 
-func NewSniffer(name C.SnifferType) (C.Sniffer, error) {
+func NewSniffer(name sniffer.Type) (sniffer.Sniffer, error) {
 	switch name {
-	case C.TLS:
+	case sniffer.TLS:
 		return &TLSSniffer{}, nil
+	case sniffer.HTTP:
+		return &HTTPSniffer{}, nil
 	default:
 		return nil, ErrorUnsupportedSniffer
 	}

component/sniffer/http_sniffer.go

@@ -0,0 +1,100 @@
+package sniffer
+
+import (
+	"bytes"
+	"errors"
+	C "github.com/Dreamacro/clash/constant"
+	"net"
+	"strings"
+)
+
+var (
+	// refer to https://pkg.go.dev/net/http@master#pkg-constants
+	methods          = [...]string{"get", "post", "head", "put", "delete", "options", "connect", "patch", "trace"}
+	errNotHTTPMethod = errors.New("not an HTTP method")
+)
+
+type version byte
+
+const (
+	HTTP1 version = iota
+	HTTP2
+)
+
+type HTTPSniffer struct {
+	version version
+	host    string
+}
+
+func (http *HTTPSniffer) Protocol() string {
+	switch http.version {
+	case HTTP1:
+		return "http1"
+	case HTTP2:
+		return "http2"
+	default:
+		return "unknown"
+	}
+}
+
+func (http *HTTPSniffer) SupportNetwork() C.NetWork {
+	return C.TCP
+}
+
+func (http *HTTPSniffer) SniffTCP(bytes []byte) (string, error) {
+	domain, err := SniffHTTP(bytes)
+	if err == nil {
+		return *domain, nil
+	} else {
+		return "", err
+	}
+}
+
+func beginWithHTTPMethod(b []byte) error {
+	for _, m := range &methods {
+		if len(b) >= len(m) && strings.EqualFold(string(b[:len(m)]), m) {
+			return nil
+		}
+
+		if len(b) < len(m) {
+			return ErrNoClue
+		}
+	}
+	return errNotHTTPMethod
+}
+
+func SniffHTTP(b []byte) (*string, error) {
+	if err := beginWithHTTPMethod(b); err != nil {
+		return nil, err
+	}
+
+	_ = &HTTPSniffer{
+		version: HTTP1,
+	}
+
+	headers := bytes.Split(b, []byte{'\n'})
+	for i := 1; i < len(headers); i++ {
+		header := headers[i]
+		if len(header) == 0 {
+			break
+		}
+		parts := bytes.SplitN(header, []byte{':'}, 2)
+		if len(parts) != 2 {
+			continue
+		}
+		key := strings.ToLower(string(parts[0]))
+		if key == "host" {
+			rawHost := strings.ToLower(string(bytes.TrimSpace(parts[1])))
+			host, _, err := net.SplitHostPort(rawHost)
+			if err != nil {
+				if addrError, ok := err.(*net.AddrError); ok && strings.Contains(addrError.Err, "missing port") {
+					host = rawHost
+				} else {
+					return nil, err
+				}
+			}
+			return &host, nil
+		}
+	}
+	return nil, ErrNoClue
+}

component/sniffer/quic_sniffer.go

@@ -0,0 +1,3 @@
+package sniffer
+
+//TODO

component/sniffer/tls_sniffer.go

@@ -11,7 +11,6 @@ import (
 var (
 	errNotTLS         = errors.New("not TLS header")
 	errNotClientHello = errors.New("not client hello")
-	ErrNoClue         = errors.New("not enough information for making a decision")
 )
 
 type TLSSniffer struct {

config/config.go

@@ -4,6 +4,7 @@ import (
 	"container/list"
 	"errors"
 	"fmt"
+	"github.com/Dreamacro/clash/constant/sniffer"
 	"github.com/Dreamacro/clash/listener/tun/ipstack/commons"
 	"net"
 	"net/netip"
@@ -30,6 +31,7 @@ import (
 	"github.com/Dreamacro/clash/component/trie"
 	C "github.com/Dreamacro/clash/constant"
 	providerTypes "github.com/Dreamacro/clash/constant/provider"
+	snifferTypes "github.com/Dreamacro/clash/constant/sniffer"
 	"github.com/Dreamacro/clash/dns"
 	"github.com/Dreamacro/clash/log"
 	T "github.com/Dreamacro/clash/tunnel"
@@ -50,6 +52,7 @@ type General struct {
 	GeodataMode   bool         `json:"geodata-mode"`
 	GeodataLoader string       `json:"geodata-loader"`
 	TCPConcurrent bool         `json:"tcp-concurrent"`
+	Tun           Tun          `json:"tun"`
 }
 
 // Inbound config
@@ -96,12 +99,6 @@ type FallbackFilter struct {
 	GeoSite   []*router.DomainMatcher `yaml:"geosite"`
 }
 
-var (
-	GroupsList             = list.New()
-	ProxiesList            = list.New()
-	ParsingProxiesCallback func(groupsList *list.List, proxiesList *list.List)
-)
-
 // Profile config
 type Profile struct {
 	StoreSelected bool `yaml:"store-selected"`
@@ -127,11 +124,10 @@ type IPTables struct {
 
 type Sniffer struct {
 	Enable      bool
-	Force       bool
-	Sniffers    []C.SnifferType
+	Sniffers    []sniffer.Type
 	Reverses    *trie.DomainTrie[bool]
 	ForceDomain *trie.DomainTrie[bool]
-	SkipSNI     *trie.DomainTrie[bool]
+	SkipDomain  *trie.DomainTrie[bool]
 	Ports       *[]utils.Range[uint16]
 }
 
@@ -210,7 +206,7 @@ type RawConfig struct {
 	GeodataLoader      string       `yaml:"geodata-loader"`
 	TCPConcurrent      bool         `yaml:"tcp-concurrent" json:"tcp-concurrent"`
 
-	Sniffer       SnifferRaw                `yaml:"sniffer"`
+	Sniffer       RawSniffer                `yaml:"sniffer"`
 	ProxyProvider map[string]map[string]any `yaml:"proxy-providers"`
 	RuleProvider  map[string]map[string]any `yaml:"rule-providers"`
 	Hosts         map[string]string         `yaml:"hosts"`
@@ -224,13 +220,11 @@ type RawConfig struct {
 	Rule          []string                  `yaml:"rules"`
 }
 
-type SnifferRaw struct {
+type RawSniffer struct {
 	Enable      bool     `yaml:"enable" json:"enable"`
 	Sniffing    []string `yaml:"sniffing" json:"sniffing"`
-	Force       bool     `yaml:"force" json:"force"`
-	Reverse     []string `yaml:"reverses" json:"reverses"`
 	ForceDomain []string `yaml:"force-domain" json:"force-domain"`
-	SkipSNI     []string `yaml:"skip-sni" json:"skip-sni"`
+	SkipDomain  []string `yaml:"skip-domain" json:"skip-domain"`
 	Ports       []string `yaml:"port-whitelist" json:"port-whitelist"`
 }
 
@@ -263,10 +257,10 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 		Tun: RawTun{
 			Enable:              false,
 			Device:              "",
-			AutoDetectInterface: true,
 			Stack:               C.TunGvisor,
 			DNSHijack:           []string{"0.0.0.0:53"}, // default hijack all dns query
-			AutoRoute:           true,
+			AutoRoute:           false,
+			AutoDetectInterface: false,
 		},
 		IPTables: IPTables{
 			Enable:           false,
@@ -300,13 +294,11 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 				"www.msftconnecttest.com",
 			},
 		},
-		Sniffer: SnifferRaw{
+		Sniffer: RawSniffer{
 			Enable:      false,
-			Force:       false,
 			Sniffing:    []string{},
-			Reverse:     []string{},
 			ForceDomain: []string{},
-			SkipSNI:     []string{},
+			SkipDomain:  []string{},
 			Ports:       []string{},
 		},
 		Profile: Profile{
@@ -428,8 +420,8 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 	providersConfig := cfg.ProxyProvider
 
 	var proxyList []string
-	_proxiesList := list.New()
-	_groupsList := list.New()
+	proxiesList := list.New()
+	groupsList := list.New()
 
 	proxies["DIRECT"] = adapter.NewProxy(outbound.NewDirect())
 	proxies["REJECT"] = adapter.NewProxy(outbound.NewReject())
@@ -449,7 +441,7 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 		}
 		proxies[proxy.Name()] = proxy
 		proxyList = append(proxyList, proxy.Name())
-		_proxiesList.PushBack(mapping)
+		proxiesList.PushBack(mapping)
 	}
 
 	// keep the original order of ProxyGroups in config file
@@ -459,7 +451,7 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 			return nil, nil, fmt.Errorf("proxy group %d: missing name", idx)
 		}
 		proxyList = append(proxyList, groupName)
-		_groupsList.PushBack(mapping)
+		groupsList.PushBack(mapping)
 	}
 
 	// check if any loop exists and sort the ProxyGroups
@@ -514,12 +506,7 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 		[]providerTypes.ProxyProvider{pd},
 	)
 	proxies["GLOBAL"] = adapter.NewProxy(global)
-	ProxiesList = _proxiesList
-	GroupsList = _groupsList
-	if ParsingProxiesCallback != nil {
-		// refresh tray menu
-		go ParsingProxiesCallback(GroupsList, ProxiesList)
-	}
+
 	return proxies, providersMap, nil
 }
 
@@ -539,7 +526,6 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
 
 	var rules []C.Rule
 	rulesConfig := cfg.Rule
-	mode := cfg.Mode
 
 	// parse rules
 	for idx, line := range rulesConfig {
@@ -551,10 +537,6 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
 			ruleName = strings.ToUpper(rule[0])
 		)
 
-		if mode == T.Script && ruleName != "GEOSITE" {
-			continue
-		}
-
 		l := len(rule)
 
 		if ruleName == "NOT" || ruleName == "OR" || ruleName == "AND" {
@@ -920,10 +902,9 @@ func parseTun(rawTun RawTun, general *General) (*Tun, error) {
 	}, nil
 }
 
-func parseSniffer(snifferRaw SnifferRaw) (*Sniffer, error) {
+func parseSniffer(snifferRaw RawSniffer) (*Sniffer, error) {
 	sniffer := &Sniffer{
 		Enable: snifferRaw.Enable,
-		Force:  snifferRaw.Force,
 	}
 
 	var ports []utils.Range[uint16]
@@ -954,11 +935,11 @@ func parseSniffer(snifferRaw SnifferRaw) (*Sniffer, error) {
 
 	sniffer.Ports = &ports
 
-	loadSniffer := make(map[C.SnifferType]struct{})
+	loadSniffer := make(map[snifferTypes.Type]struct{})
 
 	for _, snifferName := range snifferRaw.Sniffing {
 		find := false
-		for _, snifferType := range C.SnifferList {
+		for _, snifferType := range snifferTypes.List {
 			if snifferType.String() == strings.ToUpper(snifferName) {
 				find = true
 				loadSniffer[snifferType] = struct{}{}
@@ -973,7 +954,6 @@ func parseSniffer(snifferRaw SnifferRaw) (*Sniffer, error) {
 	for st := range loadSniffer {
 		sniffer.Sniffers = append(sniffer.Sniffers, st)
 	}
-
 	sniffer.ForceDomain = trie.New[bool]()
 	for _, domain := range snifferRaw.ForceDomain {
 		err := sniffer.ForceDomain.Insert(domain, true)
@@ -982,35 +962,13 @@ func parseSniffer(snifferRaw SnifferRaw) (*Sniffer, error) {
 		}
 	}
 
-	sniffer.SkipSNI = trie.New[bool]()
-	for _, domain := range snifferRaw.SkipSNI {
-		err := sniffer.SkipSNI.Insert(domain, true)
+	sniffer.SkipDomain = trie.New[bool]()
+	for _, domain := range snifferRaw.SkipDomain {
+		err := sniffer.SkipDomain.Insert(domain, true)
 		if err != nil {
 			return nil, fmt.Errorf("error domian[%s] in force-domain, error:%v", domain, err)
 		}
 	}
 
-	// Compatibility, remove it when release
-	if strings.Contains(C.Version, "alpha") || strings.Contains(C.Version, "develop") || strings.Contains(C.Version, "1.10.0") {
-		log.Warnln("Sniffer param force and reverses deprecated, will be removed in the release version, see https://github.com/MetaCubeX/Clash.Meta/commit/48a01adb7a4f38974b9d9639f931d0d245aebf28")
-		if snifferRaw.Force {
-			// match all domain
-			sniffer.ForceDomain.Insert("+", true)
-			for _, domain := range snifferRaw.Reverse {
-				err := sniffer.SkipSNI.Insert(domain, true)
-				if err != nil {
-					return nil, fmt.Errorf("error domian[%s], error:%v", domain, err)
-				}
-			}
-		} else {
-			for _, domain := range snifferRaw.Reverse {
-				err := sniffer.ForceDomain.Insert(domain, true)
-				if err != nil {
-					return nil, fmt.Errorf("error domian[%s], error:%v", domain, err)
-				}
-			}
-		}
-	}
-
 	return sniffer, nil
 }

constant/metadata.go

@@ -86,6 +86,7 @@ type Metadata struct {
 	Uid         *int32     `json:"uid"`
 	Process     string     `json:"process"`
 	ProcessPath string     `json:"processPath"`
+	RemoteDst   string     `json:"remoteDestination"`
 }
 
 func (m *Metadata) RemoteAddress() string {
@@ -104,7 +105,7 @@ func (m *Metadata) SourceDetail() string {
 	if m.Process != "" && m.Uid != nil {
 		return fmt.Sprintf("%s(%s, uid=%d)", m.SourceAddress(), m.Process, *m.Uid)
 	} else if m.Uid != nil {
-		return fmt.Sprintf("%s(%d)", m.SourceAddress(), *m.Uid)
+		return fmt.Sprintf("%s(uid=%d)", m.SourceAddress(), *m.Uid)
 	} else if m.Process != "" {
 		return fmt.Sprintf("%s(%s)", m.SourceAddress(), m.Process)
 	} else {

constant/path.go

@@ -29,7 +29,6 @@ var Path = func() *path {
 type path struct {
 	homeDir    string
 	configFile string
-	scriptDir  string
 }
 
 // SetHomeDir is used to set the configuration path
@@ -123,23 +122,6 @@ func (p *path) GeoSite() string {
 	return P.Join(p.homeDir, "GeoSite.dat")
 }
 
-func (p *path) ScriptDir() string {
-	if len(p.scriptDir) != 0 {
-		return p.scriptDir
-	}
-	if dir, err := os.MkdirTemp("", Name+"-"); err == nil {
-		p.scriptDir = dir
-	} else {
-		p.scriptDir = P.Join(os.TempDir(), Name)
-		_ = os.MkdirAll(p.scriptDir, 0o644)
-	}
-	return p.scriptDir
-}
-
-func (p *path) Script() string {
-	return P.Join(p.ScriptDir(), "clash_script.py")
-}
-
 func (p *path) GetAssetLocation(file string) string {
 	return P.Join(p.homeDir, file)
 }

constant/rule.go

@@ -13,7 +13,6 @@ const (
 	DstPort
 	Process
 	ProcessPath
-	Script
 	RuleSet
 	Network
 	Uid
@@ -49,8 +48,6 @@ func (rt RuleType) String() string {
 		return "Process"
 	case ProcessPath:
 		return "ProcessPath"
-	case Script:
-		return "Script"
 	case MATCH:
 		return "Match"
 	case RuleSet:

constant/rule_extra.go

@@ -46,3 +46,11 @@ func (re *RuleExtra) NotMatchProcessName(processName string) bool {
 type RuleGeoSite interface {
 	GetDomainMatcher() *router.DomainMatcher
 }
+
+type RuleGeoIP interface {
+	GetIPMatcher() *router.GeoIPMatcher
+}
+
+type RuleGroup interface {
+	GetRecodeSize() int
+}

constant/sniffer.go

@@ -1,26 +0,0 @@
-package constant
-
-type Sniffer interface {
-	SupportNetwork() NetWork
-	SniffTCP(bytes []byte) (string, error)
-	Protocol() string
-}
-
-const (
-	TLS SnifferType = iota
-)
-
-var (
-	SnifferList = []SnifferType{TLS}
-)
-
-type SnifferType int
-
-func (rt SnifferType) String() string {
-	switch rt {
-	case TLS:
-		return "TLS"
-	default:
-		return "Unknown"
-	}
-}

constant/sniffer/sniffer.go

@@ -0,0 +1,31 @@
+package sniffer
+
+import "github.com/Dreamacro/clash/constant"
+
+type Sniffer interface {
+	SupportNetwork() constant.NetWork
+	SniffTCP(bytes []byte) (string, error)
+	Protocol() string
+}
+
+const (
+	TLS Type = iota
+	HTTP
+)
+
+var (
+	List = []Type{TLS, HTTP}
+)
+
+type Type int
+
+func (rt Type) String() string {
+	switch rt {
+	case TLS:
+		return "TLS"
+	case HTTP:
+		return "HTTP"
+	default:
+		return "Unknown"
+	}
+}

dns/doq.go

@@ -138,6 +138,8 @@ func (dc *quicClient) openSession() (quic.Connection, error) {
 	quicConfig := &quic.Config{
 		ConnectionIDLength:   12,
 		HandshakeIdleTimeout: time.Second * 8,
+		MaxIncomingStreams:   4,
+		MaxIdleTimeout:       time.Second * 45,
 	}
 
 	log.Debugln("opening session to %s", dc.addr)
@@ -175,7 +177,7 @@ func (dc *quicClient) openSession() (quic.Connection, error) {
 			return nil, fmt.Errorf("quio create packet failed")
 		}
 
-		udp = wrapConn.PacketConn
+		udp = wrapConn
 	}
 
 	session, err := quic.Dial(udp, &udpAddr, host, tlsConfig, quicConfig)

dns/middleware.go

@@ -164,6 +164,7 @@ func withResolver(resolver *Resolver) handler {
 		msg.SetRcode(r, msg.Rcode)
 		msg.Authoritative = true
 
+		log.Debugln("[DNS] %s --> %s", msgToDomain(r), msgToIP(msg))
 		return msg, nil
 	}
 }

dns/patch.go

@@ -0,0 +1,16 @@
+package dns
+
+import D "github.com/miekg/dns"
+
+type LocalServer struct {
+	handler handler
+}
+
+// ServeMsg implement resolver.LocalServer ResolveMsg
+func (s *LocalServer) ServeMsg(msg *D.Msg) (*D.Msg, error) {
+	return handlerWithContext(s.handler, msg)
+}
+
+func NewLocalServer(resolver *Resolver, mapper *ResolverEnhancer) *LocalServer {
+	return &LocalServer{handler: NewHandler(resolver, mapper)}
+}

dns/resolver.go

@@ -7,7 +7,6 @@ import (
 	"go.uber.org/atomic"
 	"math/rand"
 	"net/netip"
-	"strings"
 	"time"
 
 	"github.com/Dreamacro/clash/common/cache"
@@ -232,7 +231,7 @@ func (r *Resolver) matchPolicy(m *D.Msg) []dnsClient {
 		return nil
 	}
 
-	domain := r.msgToDomain(m)
+	domain := msgToDomain(m)
 	if domain == "" {
 		return nil
 	}
@@ -251,7 +250,7 @@ func (r *Resolver) shouldOnlyQueryFallback(m *D.Msg) bool {
 		return false
 	}
 
-	domain := r.msgToDomain(m)
+	domain := msgToDomain(m)
 
 	if domain == "" {
 		return false
@@ -332,14 +331,6 @@ func (r *Resolver) resolveIP(host string, dnsType uint16) (ips []netip.Addr, err
 	return
 }
 
-func (r *Resolver) msgToDomain(msg *D.Msg) string {
-	if len(msg.Question) > 0 {
-		return strings.TrimRight(msg.Question[0].Name, ".")
-	}
-
-	return ""
-}
-
 func (r *Resolver) asyncExchange(ctx context.Context, client []dnsClient, msg *D.Msg) <-chan *result {
 	ch := make(chan *result, 1)
 	go func() {

dns/util.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net"
 	"net/netip"
+	"strings"
 	"time"
 
 	"github.com/Dreamacro/clash/common/cache"
@@ -116,6 +117,14 @@ func msgToIP(msg *D.Msg) []netip.Addr {
 	return ips
 }
 
+func msgToDomain(msg *D.Msg) string {
+	if len(msg.Question) > 0 {
+		return strings.TrimRight(msg.Question[0].Name, ".")
+	}
+
+	return ""
+}
+
 type wrapPacketConn struct {
 	net.PacketConn
 	rAddr net.Addr

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/go-chi/render v1.0.1
 	github.com/gofrs/uuid v4.2.0+incompatible
 	github.com/gorilla/websocket v1.5.0
-	github.com/insomniacslk/dhcp v0.0.0-20220405050111-12fbdcb11b41
+	github.com/insomniacslk/dhcp v0.0.0-20220504074936-1ca156eafb9f
 	github.com/lucas-clemente/quic-go v0.27.0
 	github.com/miekg/dns v1.1.48
 	github.com/oschwald/geoip2-golang v1.7.0
@@ -20,23 +20,23 @@ require (
 	go.etcd.io/bbolt v1.3.6
 	go.uber.org/atomic v1.9.0
 	go.uber.org/automaxprocs v1.5.1
-	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
-	golang.org/x/exp v0.0.0-20220414153411-bcd21879b8fd
-	golang.org/x/net v0.0.0-20220421235706-1d1ef9303861
+	golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122
+	golang.org/x/exp v0.0.0-20220428152302-39d4317da171
+	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150
+	golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306
 	golang.zx2c4.com/wireguard v0.0.0-20220407013110-ef5c587f782d
 	golang.zx2c4.com/wireguard/windows v0.5.4-0.20220317000008-6432784c2469
 	google.golang.org/protobuf v1.28.0
 	gopkg.in/yaml.v2 v2.4.0
-	gvisor.dev/gvisor v0.0.0-20220422224113-2cca6b79d9f4
+	gvisor.dev/gvisor v0.0.0-20220506231117-8ef340c14150
 )
 
 require (
 	github.com/cheekybits/genny v1.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/fsnotify/fsnotify v1.5.1 // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/kr/pretty v0.2.1 // indirect

go.sum

@@ -31,8 +31,8 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI
 github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
-github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
+github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
+github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-chi/chi/v5 v5.0.7 h1:rDTPXLDHGATaeHvVlLcR4Qe0zftYethFucbjVQ1PxU8=
@@ -88,8 +88,8 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:Fecb
 github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
-github.com/insomniacslk/dhcp v0.0.0-20220405050111-12fbdcb11b41 h1:Yg3n3AI7GoHnWt7dyjsLPU+TEuZfPAg0OdiA3MJUV6I=
-github.com/insomniacslk/dhcp v0.0.0-20220405050111-12fbdcb11b41/go.mod h1:h+MxyHxRg9NH3terB1nfRIUaQEcI0XOVkdR9LNBlp8E=
+github.com/insomniacslk/dhcp v0.0.0-20220504074936-1ca156eafb9f h1:l1QCwn715k8nYkj4Ql50rzEog3WnMdrd4YYMMwemxEo=
+github.com/insomniacslk/dhcp v0.0.0-20220504074936-1ca156eafb9f/go.mod h1:h+MxyHxRg9NH3terB1nfRIUaQEcI0XOVkdR9LNBlp8E=
 github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
 github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw=
 github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ=
@@ -221,11 +221,11 @@ golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
-golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122 h1:NvGWuYG8dkDHFSKksI1P9faiVJ9rayE6l0+ouWVIDs8=
+golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20220414153411-bcd21879b8fd h1:zVFyTKZN/Q7mNRWSs1GOYnHM9NiFSJ54YVRsD0rNWT4=
-golang.org/x/exp v0.0.0-20220414153411-bcd21879b8fd/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE=
+golang.org/x/exp v0.0.0-20220428152302-39d4317da171 h1:TfdoLivD44QwvssI9Sv1xwa5DcL5XQr4au4sZ2F2NV4=
+golang.org/x/exp v0.0.0-20220428152302-39d4317da171/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -257,8 +257,8 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220421235706-1d1ef9303861 h1:yssD99+7tqHWO5Gwh81phT+67hg+KttniBr6UnEXOY8=
-golang.org/x/net v0.0.0-20220421235706-1d1ef9303861/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -304,8 +304,9 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=
-golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 h1:nonptSpoQ4vQjyraW20DXPAglgQfVnM9ZC6MmNLMR60=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -384,8 +385,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
-gvisor.dev/gvisor v0.0.0-20220422224113-2cca6b79d9f4 h1:CSkd548jw5hmVwdJ+JuUhMtRV56oQBER7sbkIOePP2Y=
-gvisor.dev/gvisor v0.0.0-20220422224113-2cca6b79d9f4/go.mod h1:tWwEcFvJavs154OdjFCw78axNrsDlz4Zh8jvPqwcpGI=
+gvisor.dev/gvisor v0.0.0-20220506231117-8ef340c14150 h1:bspdBY1iCLtW6JXold8yhXHkAiE9UoWfmHShNkTc9JA=
+gvisor.dev/gvisor v0.0.0-20220506231117-8ef340c14150/go.mod h1:tWwEcFvJavs154OdjFCw78axNrsDlz4Zh8jvPqwcpGI=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

hub/executor/concurrent_load_limit.go

@@ -0,0 +1,5 @@
+//go:build !386 && !amd64 && !arm64 && !arm64be && !mipsle && !mips
+
+package executor
+
+const concurrentCount = 5

hub/executor/concurrent_load_single.go

@@ -0,0 +1,5 @@
+//go:build mips || mipsle
+
+package executor
+
+const concurrentCount = 1

hub/executor/concurrent_load_unlimit.go

@@ -0,0 +1,7 @@
+//go:build 386 || amd64 || arm64 || arm64be
+
+package executor
+
+import "math"
+
+const concurrentCount = math.MaxInt

hub/executor/executor.go

@@ -2,6 +2,7 @@ package executor
 
 import (
 	"fmt"
+	"github.com/Dreamacro/clash/listener/inner"
 	"net/netip"
 	"os"
 	"runtime"
@@ -76,19 +77,24 @@ func ApplyConfig(cfg *config.Config, force bool) {
 	updateProxies(cfg.Proxies, cfg.Providers)
 	updateRules(cfg.Rules, cfg.RuleProviders)
 	updateSniffer(cfg.Sniffer)
-	updateDNS(cfg.DNS)
+	updateHosts(cfg.Hosts)
+	initInnerTcp()
+	updateDNS(cfg.DNS, cfg.General.IPv6)
+	loadProxyProvider(cfg.Providers)
+	updateProfile(cfg)
+	loadRuleProvider(cfg.RuleProviders)
 	updateGeneral(cfg.General, force)
 	updateIPTables(cfg)
 	updateTun(cfg.Tun, cfg.DNS)
 	updateExperimental(cfg)
-	updateHosts(cfg.Hosts)
-	loadProxyProvider(cfg.Providers)
-	updateProfile(cfg)
-	loadRuleProvider(cfg.RuleProviders)
 
 	log.SetLevel(cfg.General.LogLevel)
 }
 
+func initInnerTcp() {
+	inner.New(tunnel.TCPIn())
+}
+
 func GetGeneral() *config.General {
 	ports := P.GetPorts()
 	var authenticator []string
@@ -111,6 +117,7 @@ func GetGeneral() *config.General {
 		LogLevel:      log.Level(),
 		IPv6:          !resolver.DisableIPv6,
 		GeodataLoader: G.LoaderName(),
+		Tun:           P.GetTunConf(),
 	}
 
 	return general
@@ -118,12 +125,16 @@ func GetGeneral() *config.General {
 
 func updateExperimental(c *config.Config) {}
 
-func updateDNS(c *config.DNS) {
+func updateDNS(c *config.DNS, generalIPv6 bool) {
 	if !c.Enable {
+		resolver.DisableIPv6 = !generalIPv6
 		resolver.DefaultResolver = nil
 		resolver.DefaultHostMapper = nil
+		resolver.DefaultLocalServer = nil
 		dns.ReCreateServer("", nil, nil)
 		return
+	} else {
+		resolver.DisableIPv6 = !c.IPv6
 	}
 
 	cfg := dns.Config{
@@ -145,8 +156,6 @@ func updateDNS(c *config.DNS) {
 		ProxyServer: c.ProxyServerNameserver,
 	}
 
-	resolver.DisableIPv6 = !cfg.IPv6
-
 	r := dns.NewResolver(cfg)
 	pr := dns.NewProxyServerHostResolver(r)
 	m := dns.NewEnhancer(cfg)
@@ -158,6 +167,7 @@ func updateDNS(c *config.DNS) {
 
 	resolver.DefaultResolver = r
 	resolver.DefaultHostMapper = m
+	resolver.DefaultLocalServer = dns.NewLocalServer(r, m)
 
 	if pr.HasProxyServer() {
 		resolver.ProxyServerHostResolver = pr
@@ -185,7 +195,7 @@ func loadProvider(pv provider.Provider) {
 		log.Infoln("Start initial provider %s", (pv).Name())
 	}
 
-	if err := (pv).Initial(); err != nil {
+	if err := pv.Initial(); err != nil {
 		switch pv.Type() {
 		case provider.Proxy:
 			{
@@ -201,24 +211,50 @@ func loadProvider(pv provider.Provider) {
 }
 
 func loadRuleProvider(ruleProviders map[string]provider.RuleProvider) {
+	wg := sync.WaitGroup{}
+	ch := make(chan struct{}, concurrentCount)
 	for _, ruleProvider := range ruleProviders {
+		ruleProvider := ruleProvider
+		wg.Add(1)
+		ch <- struct{}{}
+		go func() {
+			defer func() { <-ch; wg.Done() }()
 			loadProvider(ruleProvider)
-	}
+
+		}()
 	}
 
-func loadProxyProvider(ruleProviders map[string]provider.ProxyProvider) {
-	for _, ruleProvider := range ruleProviders {
-		loadProvider(ruleProvider)
+	wg.Wait()
 }
+
+func loadProxyProvider(proxyProviders map[string]provider.ProxyProvider) {
+	// limit concurrent size
+	wg := sync.WaitGroup{}
+	ch := make(chan struct{}, concurrentCount)
+	for _, proxyProvider := range proxyProviders {
+		proxyProvider := proxyProvider
+		wg.Add(1)
+		ch <- struct{}{}
+		go func() {
+			defer func() { <-ch; wg.Done() }()
+			loadProvider(proxyProvider)
+		}()
+	}
+
+	wg.Wait()
 }
 
 func updateTun(tun *config.Tun, dns *config.DNS) {
-	P.ReCreateTun(tun, dns, tunnel.TCPIn(), tunnel.UDPIn())
+	var tunAddressPrefix *netip.Prefix
+	if dns.FakeIPRange != nil {
+		tunAddressPrefix = dns.FakeIPRange.IPNet()
+	}
+	P.ReCreateTun(tun, tunAddressPrefix, tunnel.TCPIn(), tunnel.UDPIn())
 }
 
 func updateSniffer(sniffer *config.Sniffer) {
 	if sniffer.Enable {
-		dispatcher, err := SNI.NewSnifferDispatcher(sniffer.Sniffers, sniffer.ForceDomain, sniffer.SkipSNI, sniffer.Ports)
+		dispatcher, err := SNI.NewSnifferDispatcher(sniffer.Sniffers, sniffer.ForceDomain, sniffer.SkipDomain, sniffer.Ports)
 		if err != nil {
 			log.Warnln("initial sniffer failed, err:%v", err)
 		}

hub/route/rules.go

@@ -1,6 +1,7 @@
 package route
 
 import (
+	"github.com/Dreamacro/clash/constant"
 	"net/http"
 
 	"github.com/Dreamacro/clash/tunnel"
@@ -19,17 +20,23 @@ type Rule struct {
 	Type    string `json:"type"`
 	Payload string `json:"payload"`
 	Proxy   string `json:"proxy"`
+	Size    int    `json:"Size"`
 }
 
 func getRules(w http.ResponseWriter, r *http.Request) {
 	rawRules := tunnel.Rules()
 	rules := []Rule{}
 	for _, rule := range rawRules {
-		rules = append(rules, Rule{
+		r := Rule{
 			Type:    rule.RuleType().String(),
 			Payload: rule.Payload(),
 			Proxy:   rule.Adapter(),
-		})
+			Size:    -1,
+		}
+		if rule.RuleType() == constant.GEOIP || rule.RuleType() == constant.GEOSITE {
+			r.Size = rule.(constant.RuleGroup).GetRecodeSize()
+		}
+		rules = append(rules, r)
 
 	}
 

hub/route/script.go

@@ -1,16 +0,0 @@
-package route
-
-import (
-	"github.com/go-chi/chi/v5"
-	"net/http"
-)
-
-func scriptRouter() http.Handler {
-	r := chi.NewRouter()
-	r.Get("/", getScript)
-	return r
-}
-
-func getScript(writer http.ResponseWriter, request *http.Request) {
-	writer.WriteHeader(http.StatusMethodNotAllowed)
-}

hub/route/server.go

@@ -72,7 +72,6 @@ func Start(addr string, secret string) {
 		r.Mount("/connections", connectionRouter())
 		r.Mount("/providers/proxies", proxyProviderRouter())
 		r.Mount("/providers/rules", ruleProviderRouter())
-		r.Mount("/script", scriptRouter())
 		r.Mount("/cache", cacheRouter())
 	})
 

listener/listener.go

@@ -5,8 +5,9 @@ import (
 	"github.com/Dreamacro/clash/common/cmd"
 	"github.com/Dreamacro/clash/listener/inner"
 	"net"
-	"os"
+	"net/netip"
 	"runtime"
+	"sort"
 	"strconv"
 	"sync"
 
@@ -26,6 +27,8 @@ import (
 var (
 	allowLan             = false
 	bindAddress          = "*"
+	lastTunConf          *config.Tun
+	lastTunAddressPrefix *netip.Prefix
 
 	socksListener     *socks.Listener
 	socksUDPListener  *socks.UDPListener
@@ -55,6 +58,15 @@ type Ports struct {
 	MixedPort  int `json:"mixed-port"`
 }
 
+func GetTunConf() config.Tun {
+	if lastTunConf == nil {
+		return config.Tun{
+			Enable: false,
+		}
+	}
+	return *lastTunConf
+}
+
 func AllowLan() bool {
 	return allowLan
 }
@@ -71,6 +83,10 @@ func SetBindAddress(host string) {
 	bindAddress = host
 }
 
+func NewInner(tcpIn chan<- C.ConnContext) {
+	inner.New(tcpIn)
+}
+
 func ReCreateHTTP(port int, tcpIn chan<- C.ConnContext) {
 	httpMux.Lock()
 	defer httpMux.Unlock()
@@ -115,7 +131,6 @@ func ReCreateSocks(port int, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.P
 			log.Errorln("Start SOCKS server error: %s", err.Error())
 		}
 	}()
-	inner.New(tcpIn)
 
 	addr := genAddr(bindAddress, port, allowLan)
 
@@ -312,7 +327,7 @@ func ReCreateMixed(port int, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.P
 	log.Infoln("Mixed(http+socks) proxy listening at: %s", mixedListener.Address())
 }
 
-func ReCreateTun(tunConf *config.Tun, dnsCfg *config.DNS, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.PacketAdapter) {
+func ReCreateTun(tunConf *config.Tun, tunAddressPrefix *netip.Prefix, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.PacketAdapter) {
 	tunMux.Lock()
 	defer tunMux.Unlock()
 
@@ -320,22 +335,35 @@ func ReCreateTun(tunConf *config.Tun, dnsCfg *config.DNS, tcpIn chan<- C.ConnCon
 	defer func() {
 		if err != nil {
 			log.Errorln("Start TUN listening error: %s", err.Error())
-			os.Exit(2)
 		}
 	}()
 
+	if tunAddressPrefix == nil {
+		tunAddressPrefix = lastTunAddressPrefix
+	}
+
+	if !hasTunConfigChange(tunConf, tunAddressPrefix) {
+		return
+	}
+
 	if tunStackListener != nil {
-		tunStackListener.Close()
+		_ = tunStackListener.Close()
 		tunStackListener = nil
+		lastTunConf = nil
+		lastTunAddressPrefix = nil
 	}
 
 	if !tunConf.Enable {
 		return
 	}
-	tunStackListener, err = tun.New(tunConf, dnsCfg, tcpIn, udpIn)
+
+	tunStackListener, err = tun.New(tunConf, tunAddressPrefix, tcpIn, udpIn)
 	if err != nil {
-		log.Warnln("Failed to start TUN interface: %s", err.Error())
+		log.Warnln("Failed to start TUN interface: %s", err)
 	}
+
+	lastTunConf = tunConf
+	lastTunAddressPrefix = tunAddressPrefix
 }
 
 // GetPorts return the ports of proxy servers
@@ -394,6 +422,47 @@ func genAddr(host string, port int, allowLan bool) string {
 	return fmt.Sprintf("127.0.0.1:%d", port)
 }
 
+func hasTunConfigChange(tunConf *config.Tun, tunAddressPrefix *netip.Prefix) bool {
+	if lastTunConf == nil {
+		return true
+	}
+
+	if len(lastTunConf.DNSHijack) != len(tunConf.DNSHijack) {
+		return true
+	}
+
+	sort.Slice(lastTunConf.DNSHijack, func(i, j int) bool {
+		return lastTunConf.DNSHijack[i].Addr().Less(lastTunConf.DNSHijack[j].Addr())
+	})
+
+	sort.Slice(tunConf.DNSHijack, func(i, j int) bool {
+		return tunConf.DNSHijack[i].Addr().Less(tunConf.DNSHijack[j].Addr())
+	})
+
+	for i, dns := range tunConf.DNSHijack {
+		if dns != lastTunConf.DNSHijack[i] {
+			return true
+		}
+	}
+
+	if lastTunConf.Enable != tunConf.Enable ||
+		lastTunConf.Device != tunConf.Device ||
+		lastTunConf.Stack != tunConf.Stack ||
+		lastTunConf.AutoRoute != tunConf.AutoRoute {
+		return true
+	}
+
+	if (tunAddressPrefix != nil && lastTunAddressPrefix == nil) || (tunAddressPrefix == nil && lastTunAddressPrefix != nil) {
+		return true
+	}
+
+	if tunAddressPrefix != nil && lastTunAddressPrefix != nil && *tunAddressPrefix != *lastTunAddressPrefix {
+		return true
+	}
+
+	return false
+}
+
 func Cleanup() {
 	if tunStackListener != nil {
 		_ = tunStackListener.Close()

listener/tun/ipstack/commons/router.go

@@ -33,7 +33,7 @@ func DefaultInterfaceChangeMonitor() {
 		interfaceName, err := GetAutoDetectInterface()
 		if err != nil {
 			log.Warnln("[TUN] default interface monitor exited, cause: %v", err)
-			break
+			continue
 		}
 
 		old := dialer.DefaultInterface.Load()

listener/tun/ipstack/commons/router_android.go

@@ -10,18 +10,18 @@ import (
 	"strings"
 )
 
-func GetAutoDetectInterface() (string, error) {
-	res, err := cmd.ExecCmd("sh -c ip route | awk '{print $3}' | xargs echo -n")
-	if err != nil {
-		return "", err
+func GetAutoDetectInterface() (ifn string, err error) {
+	cmdRes, err := cmd.ExecCmd("ip route get 1.1.1.1 uid 4294967295")
+
+	sps := strings.Split(cmdRes, " ")
+	if len(sps) > 4 {
+		ifn = sps[4]
 	}
-	ifaces := strings.Split(res, " ")
-	for _, iface := range ifaces {
-		if iface == "wlan0" {
-			return "wlan0", nil
+
+	if ifn == "" {
+		err = fmt.Errorf("interface not found")
 	}
-	}
-	return ifaces[0], nil
+	return
 }
 
 func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, autoRoute, autoDetectInterface bool) error {
@@ -40,6 +40,10 @@ func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int,
 		return err
 	}
 
+	if err = execRouterCmd("add", addr.Masked().String(), interfaceName, ip.String(), "main"); err != nil {
+		return err
+	}
+
 	if autoRoute {
 		err = configInterfaceRouting(interfaceName, addr, autoDetectInterface)
 	}

listener/tun/ipstack/commons/router_linux.go

@@ -19,20 +19,22 @@ func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int,
 		ip            = addr.Masked().Addr().Next()
 	)
 
-	_, err := cmd.ExecCmd(fmt.Sprintf("ip addr add %s dev %s", ip.String(), interfaceName))
-	if err != nil {
+	if _, err := cmd.ExecCmd(fmt.Sprintf("ip addr add %s dev %s", ip.String(), interfaceName)); err != nil {
 		return err
 	}
 
-	_, err = cmd.ExecCmd(fmt.Sprintf("ip link set %s up", interfaceName))
-	if err != nil {
+	if _, err := cmd.ExecCmd(fmt.Sprintf("ip link set %s up", interfaceName)); err != nil {
+		return err
+	}
+
+	if err := execRouterCmd("add", addr.Masked().String(), interfaceName, ip.String(), "main"); err != nil {
 		return err
 	}
 
 	if autoRoute {
-		err = configInterfaceRouting(interfaceName, addr, autoDetectInterface)
+		_ = configInterfaceRouting(interfaceName, addr, autoDetectInterface)
 	}
-	return err
+	return nil
 }
 
 func configInterfaceRouting(interfaceName string, addr netip.Prefix, autoDetectInterface bool) error {

listener/tun/ipstack/gvisor/handler.go

@@ -12,7 +12,6 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 	D "github.com/Dreamacro/clash/listener/tun/ipstack/commons"
 	"github.com/Dreamacro/clash/listener/tun/ipstack/gvisor/adapter"
-	"github.com/Dreamacro/clash/log"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 
@@ -39,8 +38,6 @@ func (gh *gvHandler) HandleTCP(tunConn adapter.TCPConn) {
 
 	if D.ShouldHijackDns(gh.dnsHijack, rAddrPort) {
 		go func() {
-			log.Debugln("[TUN] hijack dns tcp: %s", rAddrPort.String())
-
 			buf := pool.Get(pool.UDPBufferSize)
 			defer func() {
 				_ = pool.Put(buf)
@@ -123,8 +120,6 @@ func (gh *gvHandler) HandleUDP(tunConn adapter.UDPConn) {
 					}
 
 					_, _ = tunConn.WriteTo(msg, addr)
-
-					log.Debugln("[TUN] hijack dns udp: %s", rAddr.String())
 				}()
 
 				continue

listener/tun/ipstack/system/mars/nat/nat.go

@@ -44,7 +44,7 @@ func Start(device io.ReadWriter, gateway, portal, broadcast netip.Addr) (*TCP, *
 		for {
 			n, err := device.Read(buf)
 			if err != nil {
-				log.Warnln("system error:%s", err.Error())
+				log.Errorf("system error:%s", err.Error())
 				return
 			}
 

listener/tun/ipstack/system/mars/tcpip/tcpip_arm64_test.go

@@ -22,7 +22,7 @@ func Test_SumNeon(t *testing.T) {
 			}
 
 			compat := SumCompat(bytes[:size])
-			neon := sumNeon(bytes[:size])
+			neon := SumNeon(bytes[:size])
 
 			if compat != neon {
 				t.Errorf("Sum of length=%d mismatched", size)
@@ -46,6 +46,6 @@ func Benchmark_SumNeon(b *testing.B) {
 	b.ResetTimer()
 
 	for i := 0; i < b.N; i++ {
-		sumNeon(bytes)
+		SumNeon(bytes)
 	}
 }

listener/tun/ipstack/system/stack.go

@@ -93,8 +93,6 @@ func New(device device.Device, dnsHijack []netip.AddrPort, tunAddress netip.Pref
 
 			if D.ShouldHijackDns(dnsAddr, rAddrPort) {
 				go func() {
-					log.Debugln("[TUN] hijack dns tcp: %s", rAddrPort.String())
-
 					buf := pool.Get(pool.UDPBufferSize)
 					defer func() {
 						_ = pool.Put(buf)
@@ -186,8 +184,6 @@ func New(device device.Device, dnsHijack []netip.AddrPort, tunAddress netip.Pref
 					_, _ = stack.UDP().WriteTo(msg, rAddr, lAddr)
 
 					_ = pool.Put(buf)
-
-					log.Debugln("[TUN] hijack dns udp: %s", rAddrPort.String())
 				}()
 
 				continue

listener/tun/tun_adapter.go

@@ -23,14 +23,10 @@ import (
 )
 
 // New TunAdapter
-func New(tunConf *config.Tun, dnsConf *config.DNS, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.PacketAdapter) (ipstack.Stack, error) {
-	var tunAddressPrefix string
-	if dnsConf.FakeIPRange != nil {
-		tunAddressPrefix = dnsConf.FakeIPRange.IPNet().String()
-	}
+func New(tunConf *config.Tun, tunAddressPrefix *netip.Prefix, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.PacketAdapter) (ipstack.Stack, error) {
 
 	var (
-		tunAddress, _ = netip.ParsePrefix(tunAddressPrefix)
+		tunAddress = netip.Prefix{}
 		devName    = tunConf.Device
 		stackType  = tunConf.Stack
 		autoRoute  = tunConf.AutoRoute
@@ -42,6 +38,10 @@ func New(tunConf *config.Tun, dnsConf *config.DNS, tcpIn chan<- C.ConnContext, u
 		err error
 	)
 
+	if tunAddressPrefix != nil {
+		tunAddress = *tunAddressPrefix
+	}
+
 	if devName == "" {
 		devName = generateDeviceName()
 	}

log/log.go

@@ -10,8 +10,8 @@ import (
 )
 
 var (
-	logCh  = make(chan *Event)
-	source = observable.NewObservable[*Event](logCh)
+	logCh  = make(chan Event)
+	source = observable.NewObservable[Event](logCh)
 	level  = INFO
 )
 
@@ -57,12 +57,12 @@ func Fatalln(format string, v ...any) {
 	log.Fatalf(format, v...)
 }
 
-func Subscribe() observable.Subscription[*Event] {
+func Subscribe() observable.Subscription[Event] {
 	sub, _ := source.Subscribe()
 	return sub
 }
 
-func UnSubscribe(sub observable.Subscription[*Event]) {
+func UnSubscribe(sub observable.Subscription[Event]) {
 	source.UnSubscribe(sub)
 }
 
@@ -74,7 +74,7 @@ func SetLevel(newLevel LogLevel) {
 	level = newLevel
 }
 
-func print(data *Event) {
+func print(data Event) {
 	if data.LogLevel < level {
 		return
 	}
@@ -91,15 +91,9 @@ func print(data *Event) {
 	}
 }
 
-func newLog(logLevel LogLevel, format string, v ...any) *Event {
-	return &Event{
+func newLog(logLevel LogLevel, format string, v ...any) Event {
+	return Event{
 		LogLevel: logLevel,
 		Payload:  fmt.Sprintf(format, v...),
 	}
 }
-
-func PrintLog(logLevel LogLevel, format string, v ...interface{}) {
-	event := newLog(logLevel, format, v...)
-	logCh <- event
-	print(event)
-}

rule/common/geoip.go

@@ -18,6 +18,7 @@ type GEOIP struct {
 	adapter      string
 	noResolveIP  bool
 	geoIPMatcher *router.GeoIPMatcher
+	recodeSize   int
 }
 
 func (g *GEOIP) RuleType() C.RuleType {
@@ -65,6 +66,10 @@ func (g *GEOIP) GetIPMatcher() *router.GeoIPMatcher {
 	return g.geoIPMatcher
 }
 
+func (g *GEOIP) GetRecodeSize() int {
+	return g.recodeSize
+}
+
 func NewGEOIP(country string, adapter string, noResolveIP bool) (*GEOIP, error) {
 	if !C.GeodataMode {
 		geoip := &GEOIP{
@@ -76,18 +81,19 @@ func NewGEOIP(country string, adapter string, noResolveIP bool) (*GEOIP, error)
 		return geoip, nil
 	}
 
-	geoIPMatcher, recordsCount, err := geodata.LoadGeoIPMatcher(country)
+	geoIPMatcher, size, err := geodata.LoadGeoIPMatcher(country)
 	if err != nil {
 		return nil, fmt.Errorf("[GeoIP] %s", err.Error())
 	}
 
-	log.Infoln("Start initial GeoIP rule %s => %s, records: %d", country, adapter, recordsCount)
+	log.Infoln("Start initial GeoIP rule %s => %s, records: %d", country, adapter, size)
 	geoip := &GEOIP{
 		Base:         &Base{},
 		country:      country,
 		adapter:      adapter,
 		noResolveIP:  noResolveIP,
 		geoIPMatcher: geoIPMatcher,
+		recodeSize:   size,
 	}
 	return geoip, nil
 }

rule/common/geosite.go

@@ -17,6 +17,7 @@ type GEOSITE struct {
 	country    string
 	adapter    string
 	matcher    *router.DomainMatcher
+	recodeSize int
 }
 
 func (gs *GEOSITE) RuleType() C.RuleType {
@@ -44,19 +45,24 @@ func (gs *GEOSITE) GetDomainMatcher() *router.DomainMatcher {
 	return gs.matcher
 }
 
+func (gs *GEOSITE) GetRecodeSize() int {
+	return gs.recodeSize
+}
+
 func NewGEOSITE(country string, adapter string) (*GEOSITE, error) {
-	matcher, recordsCount, err := geodata.LoadGeoSiteMatcher(country)
+	matcher, size, err := geodata.LoadGeoSiteMatcher(country)
 	if err != nil {
 		return nil, fmt.Errorf("load GeoSite data error, %s", err.Error())
 	}
 
-	log.Infoln("Start initial GeoSite rule %s => %s, records: %d", country, adapter, recordsCount)
+	log.Infoln("Start initial GeoSite rule %s => %s, records: %d", country, adapter, size)
 
 	geoSite := &GEOSITE{
 		Base:       &Base{},
 		country:    country,
 		adapter:    adapter,
 		matcher:    matcher,
+		recodeSize: size,
 	}
 
 	return geoSite, nil

rule/logic/common.go

@@ -102,7 +102,8 @@ func parseRule(tp, payload string, params []string) (C.Rule, error) {
 	case "PROCESS-PATH":
 		parsed, parseErr = RC.NewProcess(payload, "", false)
 	case "RULE-SET":
-		parsed, parseErr = provider.NewRuleSet(payload, "")
+		noResolve := RC.HasNoResolve(params)
+		parsed, parseErr = provider.NewRuleSet(payload, "", noResolve)
 	case "NOT":
 		parsed, parseErr = NewNOT(payload, "")
 	case "AND":

rule/parser.go

@@ -39,10 +39,6 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
 		parsed, parseErr = RC.NewProcess(payload, target, true)
 	case "PROCESS-PATH":
 		parsed, parseErr = RC.NewProcess(payload, target, false)
-	case "MATCH":
-		parsed = RC.NewMatch(target)
-	case "RULE-SET":
-		parsed, parseErr = RP.NewRuleSet(payload, target)
 	case "NETWORK":
 		parsed, parseErr = RC.NewNetworkType(payload, target)
 	case "UID":
@@ -53,6 +49,11 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
 		parsed, parseErr = logic.NewOR(payload, target)
 	case "NOT":
 		parsed, parseErr = logic.NewNOT(payload, target)
+	case "RULE-SET":
+		noResolve := RC.HasNoResolve(params)
+		parsed, parseErr = RP.NewRuleSet(payload, target, noResolve)
+	case "MATCH":
+		parsed = RC.NewMatch(target)
 	default:
 		parseErr = fmt.Errorf("unsupported rule type %s", tp)
 	}

rule/provider/classical_strategy.go

@@ -30,26 +30,20 @@ func (c *classicalStrategy) ShouldResolveIP() bool {
 }
 
 func (c *classicalStrategy) OnUpdate(rules []string) {
-	var classicalRules []C.Rule
-	shouldResolveIP := false
-	count := 0
 	for _, rawRule := range rules {
 		ruleType, rule, params := ruleParse(rawRule)
 		r, err := parseRule(ruleType, rule, "", params)
 		if err != nil {
 			log.Warnln("parse rule error:[%s]", err.Error())
 		} else {
-			if !shouldResolveIP {
-				shouldResolveIP = shouldResolveIP || r.ShouldResolveIP()
+			if !c.shouldResolveIP {
+				c.shouldResolveIP = r.ShouldResolveIP()
 			}
 
-			classicalRules = append(classicalRules, r)
-			count++
+			c.rules = append(c.rules, r)
+			c.count++
 		}
 	}
-
-	c.rules = classicalRules
-	c.count = count
 }
 
 func NewClassicalStrategy() *classicalStrategy {

rule/provider/domain_strategy.go

@@ -8,7 +8,6 @@ import (
 )
 
 type domainStrategy struct {
-	shouldResolveIP bool
 	count       int
 	domainRules *trie.DomainTrie[bool]
 }
@@ -22,7 +21,7 @@ func (d *domainStrategy) Count() int {
 }
 
 func (d *domainStrategy) ShouldResolveIP() bool {
-	return d.shouldResolveIP
+	return false
 }
 
 func (d *domainStrategy) OnUpdate(rules []string) {
@@ -55,5 +54,5 @@ func ruleParse(ruleRaw string) (string, string, []string) {
 }
 
 func NewDomainStrategy() *domainStrategy {
-	return &domainStrategy{shouldResolveIP: false}
+	return &domainStrategy{}
 }

rule/provider/fetcher.go

@@ -44,6 +44,12 @@ func (f *fetcher) Initial() (interface{}, error) {
 		err      error
 	)
 
+	defer func() {
+		if f.ticker != nil {
+			go f.pullLoop()
+		}
+	}()
+
 	if stat, fErr := os.Stat(f.vehicle.Path()); fErr == nil {
 		buf, err = ioutil.ReadFile(f.vehicle.Path())
 		modTime := stat.ModTime()
@@ -83,9 +89,6 @@ func (f *fetcher) Initial() (interface{}, error) {
 	}
 
 	f.hash = md5.Sum(buf)
-	if f.ticker != nil {
-		go f.pullLoop()
-	}
 
 	return rules, nil
 }

rule/provider/parse.go

@@ -64,6 +64,9 @@ func parseRule(tp, payload, target string, params []string) (C.Rule, error) {
 		parsed = RC.NewDomainSuffix(payload, target)
 	case "DOMAIN-KEYWORD":
 		parsed = RC.NewDomainKeyword(payload, target)
+	case "GEOIP":
+		noResolve := RC.HasNoResolve(params)
+		parsed, parseErr = RC.NewGEOIP(payload, target, noResolve)
 	case "GEOSITE":
 		parsed, parseErr = RC.NewGEOSITE(payload, target)
 	case "IP-CIDR", "IP-CIDR6":
@@ -79,9 +82,8 @@ func parseRule(tp, payload, target string, params []string) (C.Rule, error) {
 		parsed, parseErr = RC.NewProcess(payload, target, true)
 	case "PROCESS-PATH":
 		parsed, parseErr = RC.NewProcess(payload, target, false)
-	case "GEOIP":
-		noResolve := RC.HasNoResolve(params)
-		parsed, parseErr = RC.NewGEOIP(payload, target, noResolve)
+	case "NETWORK":
+		parsed, parseErr = RC.NewNetworkType(payload, target)
 	default:
 		parseErr = fmt.Errorf("unsupported rule type %s", tp)
 	}

rule/provider/provider.go

@@ -29,6 +29,7 @@ type RulePayload struct {
 	value: Rule type or is empty
 	*/
 	Rules  []string `yaml:"payload"`
+	Rules2 []string `yaml:"rules"`
 }
 
 type ruleStrategy interface {
@@ -117,7 +118,8 @@ func NewRuleSetProvider(name string, behavior P.RuleType, interval time.Duration
 		rp,
 	}
 
-	runtime.SetFinalizer(wrapper, rp.fetcher.Destroy())
+	final := func(provider *RuleSetProvider) { rp.fetcher.Destroy() }
+	runtime.SetFinalizer(wrapper, final)
 	return wrapper
 }
 
@@ -144,5 +146,5 @@ func rulesParse(buf []byte) (interface{}, error) {
 		return nil, err
 	}
 
-	return rulePayload.Rules, nil
+	return append(rulePayload.Rules, rulePayload.Rules2...), nil
 }

rule/provider/rule_set.go

@@ -12,6 +12,7 @@ type RuleSet struct {
 	ruleProviderName string
 	adapter          string
 	ruleProvider     P.RuleProvider
+	noResolveIP      bool
 }
 
 func (rs *RuleSet) ShouldFindProcess() bool {
@@ -35,7 +36,7 @@ func (rs *RuleSet) Payload() string {
 }
 
 func (rs *RuleSet) ShouldResolveIP() bool {
-	return rs.getProviders().ShouldResolveIP()
+	return !rs.noResolveIP && rs.getProviders().ShouldResolveIP()
 }
 func (rs *RuleSet) getProviders() P.RuleProvider {
 	if rs.ruleProvider == nil {
@@ -46,7 +47,7 @@ func (rs *RuleSet) getProviders() P.RuleProvider {
 	return rs.ruleProvider
 }
 
-func NewRuleSet(ruleProviderName string, adapter string) (*RuleSet, error) {
+func NewRuleSet(ruleProviderName string, adapter string, noResolveIP bool) (*RuleSet, error) {
 	rp, ok := RuleProviders()[ruleProviderName]
 	if !ok {
 		return nil, fmt.Errorf("rule set %s not found", ruleProviderName)
@@ -56,5 +57,6 @@ func NewRuleSet(ruleProviderName string, adapter string) (*RuleSet, error) {
 		ruleProviderName: ruleProviderName,
 		adapter:          adapter,
 		ruleProvider:     rp,
+		noResolveIP:      noResolveIP,
 	}, nil
 }

transport/gun/gun.go

@@ -39,14 +39,13 @@ type DialFn = func(network, addr string) (net.Conn, error)
 type Conn struct {
 	response  *http.Response
 	request   *http.Request
-	transport *http2.Transport
+	transport *TransportWrap
 	writer    *io.PipeWriter
 	once      sync.Once
 	close     *atomic.Bool
 	err       error
 	remain    int
 	br        *bufio.Reader
-
 	// deadlines
 	deadline *time.Timer
 }
@@ -150,8 +149,8 @@ func (g *Conn) Close() error {
 	return g.writer.Close()
 }
 
-func (g *Conn) LocalAddr() net.Addr                { return &net.TCPAddr{IP: net.IPv4zero, Port: 0} }
-func (g *Conn) RemoteAddr() net.Addr               { return &net.TCPAddr{IP: net.IPv4zero, Port: 0} }
+func (g *Conn) LocalAddr() net.Addr                { return g.transport.LocalAddr() }
+func (g *Conn) RemoteAddr() net.Addr               { return g.transport.RemoteAddr() }
 func (g *Conn) SetReadDeadline(t time.Time) error  { return g.SetDeadline(t) }
 func (g *Conn) SetWriteDeadline(t time.Time) error { return g.SetDeadline(t) }
 
@@ -167,13 +166,15 @@ func (g *Conn) SetDeadline(t time.Time) error {
 	return nil
 }
 
-func NewHTTP2Client(dialFn DialFn, tlsConfig *tls.Config) *http2.Transport {
+func NewHTTP2Client(dialFn DialFn, tlsConfig *tls.Config) *TransportWrap {
+	wrap := TransportWrap{}
 	dialFunc := func(network, addr string, cfg *tls.Config) (net.Conn, error) {
 		pconn, err := dialFn(network, addr)
 		if err != nil {
 			return nil, err
 		}
 
+		wrap.remoteAddr = pconn.RemoteAddr()
 		cn := tls.Client(pconn, cfg)
 
 		// fix tls handshake not timeout
@@ -191,16 +192,18 @@ func NewHTTP2Client(dialFn DialFn, tlsConfig *tls.Config) *http2.Transport {
 		return cn, nil
 	}
 
-	return &http2.Transport{
+	wrap.Transport = &http2.Transport{
 		DialTLS:            dialFunc,
 		TLSClientConfig:    tlsConfig,
 		AllowHTTP:          false,
 		DisableCompression: true,
 		PingTimeout:        0,
 	}
+
+	return &wrap
 }
 
-func StreamGunWithTransport(transport *http2.Transport, cfg *Config) (net.Conn, error) {
+func StreamGunWithTransport(transport *TransportWrap, cfg *Config) (net.Conn, error) {
 	serviceName := "GunService"
 	if cfg.ServiceName != "" {
 		serviceName = cfg.ServiceName

transport/gun/gun_xtls.go

@@ -12,13 +12,15 @@ import (
 	"golang.org/x/net/http2"
 )
 
-func NewHTTP2XTLSClient(dialFn DialFn, tlsConfig *tls.Config) *http2.Transport {
+func NewHTTP2XTLSClient(dialFn DialFn, tlsConfig *tls.Config) *TransportWrap {
+	wrap := TransportWrap{}
 	dialFunc := func(network, addr string, cfg *tls.Config) (net.Conn, error) {
 		pconn, err := dialFn(network, addr)
 		if err != nil {
 			return nil, err
 		}
 
+		wrap.remoteAddr = pconn.RemoteAddr()
 		xtlsConfig := &xtls.Config{
 			InsecureSkipVerify: cfg.InsecureSkipVerify,
 			ServerName:         cfg.ServerName,
@@ -37,13 +39,15 @@ func NewHTTP2XTLSClient(dialFn DialFn, tlsConfig *tls.Config) *http2.Transport {
 		return cn, nil
 	}
 
-	return &http2.Transport{
+	wrap.Transport = &http2.Transport{
 		DialTLS:            dialFunc,
 		TLSClientConfig:    tlsConfig,
 		AllowHTTP:          false,
 		DisableCompression: true,
 		PingTimeout:        0,
 	}
+
+	return &wrap
 }
 
 func StreamGunWithXTLSConn(conn net.Conn, tlsConfig *tls.Config, cfg *Config) (net.Conn, error) {

transport/gun/transport.go

@@ -0,0 +1,20 @@
+package gun
+
+import (
+	"golang.org/x/net/http2"
+	"net"
+)
+
+type TransportWrap struct {
+	*http2.Transport
+	remoteAddr net.Addr
+	localAddr  net.Addr
+}
+
+func (tw *TransportWrap) RemoteAddr() net.Addr {
+	return tw.remoteAddr
+}
+
+func (tw *TransportWrap) LocalAddr() net.Addr {
+	return tw.localAddr
+}

transport/vless/vless.go

@@ -1,6 +1,7 @@
 package vless
 
 import (
+	"github.com/Dreamacro/clash/common/utils"
 	"net"
 
 	"github.com/gofrs/uuid"
@@ -49,7 +50,7 @@ func (c *Client) StreamConn(conn net.Conn, dst *DstAddr) (net.Conn, error) {
 
 // NewClient return Client instance
 func NewClient(uuidStr string, addons *Addons, xtlsShow bool) (*Client, error) {
-	uid, err := uuid.FromString(uuidStr)
+	uid, err := utils.UUIDMap(uuidStr)
 	if err != nil {
 		return nil, err
 	}

transport/vmess/vmess.go

@@ -2,6 +2,7 @@ package vmess
 
 import (
 	"fmt"
+	"github.com/Dreamacro/clash/common/utils"
 	"math/rand"
 	"net"
 	"runtime"
@@ -82,7 +83,7 @@ func (c *Client) StreamConn(conn net.Conn, dst *DstAddr) (net.Conn, error) {
 
 // NewClient return Client instance
 func NewClient(config Config) (*Client, error) {
-	uid, err := uuid.FromString(config.UUID)
+	uid, err := utils.UUIDMap(config.UUID)
 	if err != nil {
 		return nil, err
 	}

tunnel/mode.go

@@ -12,14 +12,12 @@ type TunnelMode int
 var ModeMapping = map[string]TunnelMode{
 	Global.String(): Global,
 	Rule.String():   Rule,
-	Script.String(): Script,
 	Direct.String(): Direct,
 }
 
 const (
 	Global TunnelMode = iota
 	Rule
-	Script
 	Direct
 )
 
@@ -63,8 +61,6 @@ func (m TunnelMode) String() string {
 		return "global"
 	case Rule:
 		return "rule"
-	case Script:
-		return "script"
 	case Direct:
 		return "direct"
 	default:

tunnel/tunnel.go

@@ -9,6 +9,7 @@ import (
 	"path/filepath"
 	"runtime"
 	"strconv"
+	"strings"
 	"sync"
 	"time"
 
@@ -178,7 +179,7 @@ func preHandleMetadata(metadata *C.Metadata) error {
 		} else {
 			metadata.Process = filepath.Base(path)
 			metadata.ProcessPath = path
-			if procesCache == metadata.Process {
+			if procesCache != metadata.Process {
 				log.Debugln("[Process] %s from process %s", metadata.String(), path)
 			}
 			procesCache = metadata.Process
@@ -269,6 +270,18 @@ func handleUDPConn(packet *inbound.PacketAdapter) {
 			return
 		}
 		pCtx.InjectPacketConn(rawPc)
+
+		actualProxy := proxy.Unwrap(metadata)
+		if actualProxy != nil {
+			if dst, _, err := net.SplitHostPort(actualProxy.Addr()); err == nil {
+				metadata.RemoteDst = dst
+			} else {
+				if addrError, ok := err.(*net.AddrError); ok && strings.Contains(addrError.Err, "missing port") {
+					metadata.RemoteDst = actualProxy.Addr()
+				}
+			}
+		}
+
 		pc := statistic.NewUDPTracker(rawPc, statistic.DefaultManager, metadata, rule)
 
 		switch true {
@@ -278,8 +291,6 @@ func handleUDPConn(packet *inbound.PacketAdapter) {
 			} else {
 				log.Infoln("[UDP] %s --> %s match %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), rule.Payload(), rawPc.Chains().String())
 			}
-		case mode == Script:
-			log.Infoln("[UDP] %s --> %s using SCRIPT %s", metadata.SourceDetail(), metadata.RemoteAddress(), rawPc.Chains().String())
 		case mode == Global:
 			log.Infoln("[UDP] %s --> %s using GLOBAL", metadata.SourceDetail(), metadata.RemoteAddress())
 		case mode == Direct:
@@ -332,6 +343,11 @@ func handleTCPConn(connCtx C.ConnContext) {
 		}
 		return
 	}
+
+	if tcpAddr, ok := remoteConn.RemoteAddr().(*net.TCPAddr); ok {
+		metadata.RemoteDst = tcpAddr.IP.String()
+	}
+
 	remoteConn = statistic.NewTCPTracker(remoteConn, statistic.DefaultManager, metadata, rule)
 	defer func(remoteConn C.Conn) {
 		_ = remoteConn.Close()
@@ -344,8 +360,6 @@ func handleTCPConn(connCtx C.ConnContext) {
 		} else {
 			log.Infoln("[TCP] %s --> %s match %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), rule.RuleType().String(), remoteConn.Chains().String())
 		}
-	case mode == Script:
-		log.Infoln("[TCP] %s --> %s using SCRIPT %s", metadata.SourceDetail(), metadata.RemoteAddress(), remoteConn.Chains().String())
 	case mode == Global:
 		log.Infoln("[TCP] %s --> %s using GLOBAL", metadata.SourceDetail(), metadata.RemoteAddress())
 	case mode == Direct: