Revert "chore: update quic-go to 0.36.0"

This reverts commit 2284acce94.

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,82 @@
+name: Bug report
+description: Create a report to help us improve
+title: "[Bug] "
+body:
+  - type: checkboxes
+    id: ensure
+    attributes:
+      label: Verify steps
+      description: "
+在提交之前，请确认
+Please verify that you've followed these steps
+"
+      options:
+        - label: "
+确保你使用的是**本仓库**最新的的 clash 或 clash Alpha 版本
+Ensure you are using the latest version of Clash or Clash Premium from **this repository**.
+"
+          required: true
+        - label: "
+如果你可以自己 debug 并解决的话，提交 PR 吧
+Is this something you can **debug and fix**? Send a pull request! Bug fixes and documentation fixes are welcome.
+"
+          required: false
+        - label: "
+我已经在 [Issue Tracker](……/) 中找过我要提出的问题
+I have searched on the [issue tracker](……/) for a related issue.
+"
+          required: true
+        - label: "
+我已经使用 Alpha 分支版本测试过，问题依旧存在
+I have tested using the dev branch, and the issue still exists.
+"
+          required: true
+        - label: "
+我已经仔细看过 [Documentation](https://wiki.metacubex.one/) 并无法自行解决问题
+I have read the [documentation](https://wiki.metacubex.one/) and was unable to solve the issue.
+"
+          required: true
+        - label: "
+这是 Clash 核心的问题，并非我所使用的 Clash 衍生版本（如 OpenClash、KoolClash 等）的特定问题
+This is an issue of the Clash core *per se*, not to the derivatives of Clash, like OpenClash or KoolClash.
+"
+          required: true
+  - type: input
+    attributes:
+      label: Clash version
+      description: "use `clash -v`"
+    validations:
+      required: true
+  - type: dropdown
+    id: os
+    attributes:
+      label: What OS are you seeing the problem on?
+      multiple: true
+      options:
+        - macOS
+        - Windows
+        - Linux
+        - OpenBSD/FreeBSD
+  - type: textarea
+    attributes:
+      render: yaml
+      label: "Clash config"
+      description: "
+在下方附上 Clash core 配置文件，请确保配置文件中没有敏感信息（比如：服务器地址，密码，端口等）
+Paste the Clash core configuration file below, please make sure that there is no sensitive information in the configuration file (e.g., server address/url, password, port)
+"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      render: shell
+      label: Clash log
+      description: "
+在下方附上 Clash Core 的日志，log level 使用 DEBUG
+Paste the Clash core log below with the log level set to `DEBUG`.
+"
+  - type: textarea
+    attributes:
+      label: Description
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,36 @@
+name: Feature request
+description: Suggest an idea for this project
+title: "[Feature] "
+body:
+  - type: checkboxes
+    id: ensure
+    attributes:
+      label: Verify steps
+      description: "
+在提交之前，请确认
+Please verify that you've followed these steps
+"
+      options:
+        - label: "
+我已经在 [Issue Tracker](……/) 中找过我要提出的请求
+I have searched on the [issue tracker](……/) for a related feature request.
+"
+          required: true
+        - label: "
+我已经仔细看过 [Documentation](https://wiki.metacubex.one/) 并无法找到这个功能
+I have read the [documentation](https://wiki.metacubex.one/) and was unable to solve the issue.
+"
+          required: true
+  - type: textarea
+    attributes:
+      label: Description
+      description: 请详细、清晰地表达你要提出的论述，例如这个问题如何影响到你？你想实现什么功能？目前 Clash Core 的行为是什麽？
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Possible Solution
+      description: "
+此项非必须，但是如果你有想法的话欢迎提出。
+Not obligatory, but suggest a fix/reason for the bug, or ideas how to implement the addition or change
+"

.github/genReleaseNote.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+while getopts "v:" opt; do
+  case $opt in
+    v)
+      version_range=$OPTARG
+      ;;
+    \?)
+      echo "Invalid option: -$OPTARG" >&2
+      exit 1
+      ;;
+  esac
+done
+
+if [ -z "$version_range" ]; then
+  echo "Please provide the version range using -v option. Example: ./genReleashNote.sh -v v1.14.1...v1.14.2"
+  exit 1
+fi
+
+echo "## What's Changed" > release.md
+git log --pretty=format:"* %s by @%an" --grep="^feat" -i $version_range | sort -f | uniq >> release.md
+echo "" >> release.md
+
+echo "## BUG & Fix" >> release.md
+git log --pretty=format:"* %s by @%an" --grep="^fix" -i $version_range | sort -f | uniq >> release.md
+echo "" >> release.md
+
+echo "## Maintenance" >> release.md
+git log --pretty=format:"* %s by @%an" --grep="^chore\|^docs\|^refactor" -i $version_range | sort -f | uniq >> release.md
+echo "" >> release.md
+
+echo "**Full Changelog**: https://github.com/MetaCubeX/Clash.Meta/compare/$version_range" >> release.md

.github/rename-cgo.sh

@@ -15,6 +15,15 @@ do
     elif [[ $FILENAME =~ "windows-4.0-amd64" ]];then
         echo "rename windows amd64 $FILENAME"
         mv $FILENAME clash.meta-windows-amd64-cgo.exe
+    elif [[ $FILENAME =~ "clash.meta-linux-arm-5" ]];then
+        echo "rename clash.meta-linux-arm-5 $FILENAME"
+        mv $FILENAME clash.meta-linux-armv5-cgo
+    elif [[ $FILENAME =~ "clash.meta-linux-arm-6" ]];then
+        echo "rename clash.meta-linux-arm-6 $FILENAME"
+        mv $FILENAME clash.meta-linux-armv6-cgo
+    elif [[ $FILENAME =~ "clash.meta-linux-arm-7" ]];then
+        echo "rename clash.meta-linux-arm-7 $FILENAME"
+        mv $FILENAME clash.meta-linux-armv7-cgo
     elif [[ $FILENAME =~ "linux" ]];then
         echo "rename linux $FILENAME"
         mv $FILENAME $FILENAME-cgo

.github/workflows/build.yml

@@ -5,17 +5,14 @@ on:
     paths-ignore:
       - "docs/**"
       - "README.md"
+      - ".github/ISSUE_TEMPLATE/**"
     branches:
       - Alpha
-      - Beta
-      - Meta
     tags:
       - "v*"
   pull_request_target:
     branches:
       - Alpha
-      - Beta
-      - Meta
       
 concurrency:
   group: ${{ github.ref }}-${{ github.workflow }}
@@ -97,11 +94,6 @@ jobs:
         run: echo "VERSION=alpha-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
         shell: bash
 
-      - name: Set variables
-        if: ${{github.ref_name=='Beta'}}
-        run: echo "VERSION=beta-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
-        shell: bash
-
       - name: Set variables
         if: ${{github.ref_name=='Meta'}}
         run: echo "VERSION=meta-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
@@ -129,7 +121,7 @@ jobs:
         shell: bash
 
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: "1.20"
           check-latest: true
@@ -226,7 +218,7 @@ jobs:
         working-directory: bin
 
       - name: Delete current release assets
-        uses: andreaswilli/delete-release-assets-action@v2.0.0
+        uses: 8Mi-Tech/delete-release-assets-action@main
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           tag: Prerelease-${{ github.ref_name }}
@@ -249,18 +241,14 @@ jobs:
           Release created at  ${{ env.BUILDTIME }}
           Synchronize ${{ github.ref_name }} branch code updates, keeping only the latest version
           <br>
-          ### release version
+          [我应该下载哪个文件? / Which file should I download?](https://github.com/MetaCubeX/Clash.Meta/wiki/FAQ)
-          `default(not specified in file name)`: compiled with GOAMD64=v3
+          [查看文档 / Docs](https://metacubex.github.io/Meta-Docs/)
-          `cgo`: support lwip tun stack, compiled with GOAMD64=v1
-          `compatible`: compiled with GOAMD64=v1
-          Check details between different architectural levels [here](https://github.com/golang/go/wiki/MinimumRequirements#amd64).
           EOF
 
       - name: Upload Prerelease
         uses: softprops/action-gh-release@v1
         if: ${{  success() }}
         with:
-          tag: ${{ github.ref_name }}
           tag_name: Prerelease-${{ github.ref_name }}
           files: |
             bin/*
@@ -274,6 +262,23 @@ jobs:
     needs: [Build]
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Get tags
+        run: |
+          echo "CURRENTVERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+          git fetch --tags
+          echo "PREVERSION=$(git describe --tags --abbrev=0 HEAD^)" >> $GITHUB_ENV
+
+      - name: Generate release notes
+        run: |
+          cp ./.github/genReleaseNote.sh ./
+          bash ./genReleaseNote.sh -v ${PREVERSION}...${CURRENTVERSION}
+          rm ./genReleaseNote.sh
+
       - uses: actions/download-artifact@v3
         with:
           name: artifact
@@ -287,12 +292,13 @@ jobs:
         uses: softprops/action-gh-release@v1
         if: ${{  success() }}
         with:
-          tag: ${{ github.ref_name }}
           tag_name: ${{ github.ref_name }}
           files: bin/*
           generate_release_notes: true
+          body_path: release.md
 
   Docker:
+    if: ${{ github.event_name != 'pull_request'  }}
     permissions: write-all
     needs: [Build]
     runs-on: ubuntu-latest
@@ -312,10 +318,10 @@ jobs:
         working-directory: bin
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
 
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
         with:
           version: latest
 
@@ -323,7 +329,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_ACCOUNT }}/${{secrets.DOCKERHUB_REPO}}
       - name: Show files
@@ -332,7 +338,7 @@ jobs:
           ls bin/
       - name: Log into registry
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ secrets.DOCKER_HUB_USER }}
@@ -342,7 +348,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           context: .
           file: ./Dockerfile

.github/workflows/delete.yml

@@ -0,0 +1,15 @@
+name: Delete old workflow runs
+on:
+  schedule:
+    - cron: "0 0 * * SUN"
+
+jobs:
+  del_runs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete workflow runs
+        uses: GitRML/delete-workflow-runs@main
+        with:
+          token: ${{ secrets.AUTH_PAT }}
+          repository: ${{ github.repository }}
+          retain_days: 30

Makefile

@@ -31,6 +31,8 @@ PLATFORM_LIST = \
 	linux-mips-hardfloat \
 	linux-mipsle-softfloat \
 	linux-mipsle-hardfloat \
+	linux-riscv64 \
+	linux-loong64 \
 	android-arm64 \
 	freebsd-386 \
 	freebsd-amd64 \
@@ -104,6 +106,9 @@ linux-mips64le:
 linux-riscv64:
 	GOARCH=riscv64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 	
+linux-loong64:
+	GOARCH=loong64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
 android-arm64:
 	GOARCH=arm64 GOOS=android $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 

README.md

@@ -30,8 +30,7 @@
 - Comprehensive HTTP RESTful API controller
 
 ## Wiki
-
+Configuration examples can be found at [/docs/config.yaml](https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml), while documentation can be found [Clash.Meta Wiki](https://clash-meta.wiki).
-Documentation and configuring examples are available on [wiki](https://github.com/MetaCubeX/Clash.Meta/wiki) and [Clash.Meta Wiki](https://docs.metacubex.one/).
 
 ## Build
 

adapter/adapter.go

@@ -3,25 +3,39 @@ package adapter
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
-	"github.com/Dreamacro/clash/common/queue"
-	"github.com/Dreamacro/clash/component/dialer"
-	C "github.com/Dreamacro/clash/constant"
 	"net"
 	"net/http"
 	"net/netip"
 	"net/url"
 	"time"
 
-	"go.uber.org/atomic"
+	"github.com/Dreamacro/clash/common/atomic"
+	"github.com/Dreamacro/clash/common/queue"
+	"github.com/Dreamacro/clash/common/utils"
+	"github.com/Dreamacro/clash/component/dialer"
+	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/log"
 )
 
 var UnifiedDelay = atomic.NewBool(false)
 
+const (
+	defaultHistoriesNum = 10
+)
+
+type extraProxyState struct {
+	history *queue.Queue[C.DelayHistory]
+	alive   *atomic.Bool
+}
+
 type Proxy struct {
 	C.ProxyAdapter
 	history *queue.Queue[C.DelayHistory]
 	alive   *atomic.Bool
+	url     string
+	extra   map[string]*extraProxyState
 }
 
 // Alive implements C.Proxy
@@ -29,6 +43,17 @@ func (p *Proxy) Alive() bool {
 	return p.alive.Load()
 }
 
+// AliveForTestUrl implements C.Proxy
+func (p *Proxy) AliveForTestUrl(url string) bool {
+	if p.extra != nil {
+		if state, ok := p.extra[url]; ok {
+			return state.alive.Load()
+		}
+	}
+
+	return p.alive.Load()
+}
+
 // Dial implements C.Proxy
 func (p *Proxy) Dial(metadata *C.Metadata) (C.Conn, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTCPTimeout)
@@ -65,6 +90,42 @@ func (p *Proxy) DelayHistory() []C.DelayHistory {
 	return histories
 }
 
+// DelayHistoryForTestUrl implements C.Proxy
+func (p *Proxy) DelayHistoryForTestUrl(url string) []C.DelayHistory {
+	var queueM []C.DelayHistory
+	if p.extra != nil {
+		if state, ok := p.extra[url]; ok {
+			queueM = state.history.Copy()
+		}
+	}
+
+	if queueM == nil {
+		queueM = p.history.Copy()
+	}
+
+	histories := []C.DelayHistory{}
+	for _, item := range queueM {
+		histories = append(histories, item)
+	}
+	return histories
+}
+
+func (p *Proxy) ExtraDelayHistory() map[string][]C.DelayHistory {
+	extra := map[string][]C.DelayHistory{}
+	if p.extra != nil && len(p.extra) != 0 {
+		for testUrl, option := range p.extra {
+			histories := []C.DelayHistory{}
+			queueM := option.history.Copy()
+			for _, item := range queueM {
+				histories = append(histories, item)
+			}
+
+			extra[testUrl] = histories
+		}
+	}
+	return extra
+}
+
 // LastDelay return last history record. if proxy is not alive, return the max value of uint16.
 // implements C.Proxy
 func (p *Proxy) LastDelay() (delay uint16) {
@@ -80,6 +141,30 @@ func (p *Proxy) LastDelay() (delay uint16) {
 	return history.Delay
 }
 
+// LastDelayForTestUrl implements C.Proxy
+func (p *Proxy) LastDelayForTestUrl(url string) (delay uint16) {
+	var max uint16 = 0xffff
+
+	alive := p.alive.Load()
+	history := p.history.Last()
+
+	if p.extra != nil {
+		if state, ok := p.extra[url]; ok {
+			alive = state.alive.Load()
+			history = state.history.Last()
+		}
+	}
+
+	if !alive {
+		return max
+	}
+
+	if history.Delay == 0 {
+		return max
+	}
+	return history.Delay
+}
+
 // MarshalJSON implements C.ProxyAdapter
 func (p *Proxy) MarshalJSON() ([]byte, error) {
 	inner, err := p.ProxyAdapter.MarshalJSON()
@@ -90,6 +175,7 @@ func (p *Proxy) MarshalJSON() ([]byte, error) {
 	mapping := map[string]any{}
 	_ = json.Unmarshal(inner, &mapping)
 	mapping["history"] = p.DelayHistory()
+	mapping["extra"] = p.ExtraDelayHistory()
 	mapping["name"] = p.Name()
 	mapping["udp"] = p.SupportUDP()
 	mapping["xudp"] = p.SupportXUDP()
@@ -99,17 +185,54 @@ func (p *Proxy) MarshalJSON() ([]byte, error) {
 
 // URLTest get the delay for the specified URL
 // implements C.Proxy
-func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
+func (p *Proxy) URLTest(ctx context.Context, url string, expectedStatus utils.IntRanges[uint16], store C.DelayHistoryStoreType) (t uint16, err error) {
 	defer func() {
-		p.alive.Store(err == nil)
+		alive := err == nil
+		store = p.determineFinalStoreType(store, url)
+
+		switch store {
+		case C.OriginalHistory:
+			p.alive.Store(alive)
 			record := C.DelayHistory{Time: time.Now()}
-		if err == nil {
+			if alive {
 				record.Delay = t
 			}
 			p.history.Put(record)
-		if p.history.Len() > 10 {
+			if p.history.Len() > defaultHistoriesNum {
 				p.history.Pop()
 			}
+
+			// test URL configured by the proxy provider
+			if len(p.url) == 0 {
+				p.url = url
+			}
+		case C.ExtraHistory:
+			record := C.DelayHistory{Time: time.Now()}
+			if alive {
+				record.Delay = t
+			}
+
+			if p.extra == nil {
+				p.extra = map[string]*extraProxyState{}
+			}
+
+			state, ok := p.extra[url]
+			if !ok {
+				state = &extraProxyState{
+					history: queue.New[C.DelayHistory](defaultHistoriesNum),
+					alive:   atomic.NewBool(true),
+				}
+				p.extra[url] = state
+			}
+
+			state.alive.Store(alive)
+			state.history.Put(record)
+			if state.history.Len() > defaultHistoriesNum {
+				state.history.Pop()
+			}
+		default:
+			log.Debugln("health check result will be discarded, url: %s alive: %t, delay: %d", url, alive, t)
+		}
 	}()
 
 	unifiedDelay := UnifiedDelay.Load()
@@ -172,12 +295,17 @@ func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 		}
 	}
 
+	if expectedStatus != nil && !expectedStatus.Check(uint16(resp.StatusCode)) {
+		// maybe another value should be returned for differentiation
+		err = errors.New("response status is inconsistent with the expected status")
+	}
+
 	t = uint16(time.Since(start) / time.Millisecond)
 	return
 }
 
 func NewProxy(adapter C.ProxyAdapter) *Proxy {
-	return &Proxy{adapter, queue.New[C.DelayHistory](10), atomic.NewBool(true)}
+	return &Proxy{adapter, queue.New[C.DelayHistory](defaultHistoriesNum), atomic.NewBool(true), "", map[string]*extraProxyState{}}
 }
 
 func urlToMetadata(rawURL string) (addr C.Metadata, err error) {
@@ -206,3 +334,24 @@ func urlToMetadata(rawURL string) (addr C.Metadata, err error) {
 	}
 	return
 }
+
+func (p *Proxy) determineFinalStoreType(store C.DelayHistoryStoreType, url string) C.DelayHistoryStoreType {
+	if store != C.DropHistory {
+		return store
+	}
+
+	if len(p.url) == 0 || url == p.url {
+		return C.OriginalHistory
+	}
+
+	if p.extra == nil {
+		store = C.ExtraHistory
+	} else {
+		if _, ok := p.extra[url]; ok {
+			store = C.ExtraHistory
+		} else if len(p.extra) < 2*C.DefaultMaxHealthCheckUrlNum {
+			store = C.ExtraHistory
+		}
+	}
+	return store
+}

adapter/inbound/addition.go

@@ -16,6 +16,12 @@ func WithInName(name string) Addition {
 	}
 }
 
+func WithInUser(user string) Addition {
+	return func(metadata *C.Metadata) {
+		metadata.InUser = user
+	}
+}
+
 func WithSpecialRules(specialRules string) Addition {
 	return func(metadata *C.Metadata) {
 		metadata.SpecialRules = specialRules

adapter/inbound/socket.go

@@ -30,19 +30,18 @@ func NewSocket(target socks5.Addr, conn net.Conn, source C.Type, additions ...Ad
 	return context.NewConnContext(conn, metadata)
 }
 
-func NewInner(conn net.Conn, dst string, host string) *context.ConnContext {
+func NewInner(conn net.Conn, address string) *context.ConnContext {
 	metadata := &C.Metadata{}
 	metadata.NetWork = C.TCP
 	metadata.Type = C.INNER
 	metadata.DNSMode = C.DNSNormal
-	metadata.Host = host
 	metadata.Process = C.ClashName
-	if h, port, err := net.SplitHostPort(dst); err == nil {
+	if h, port, err := net.SplitHostPort(address); err == nil {
 		metadata.DstPort = port
-		if host == "" {
 		if ip, err := netip.ParseAddr(h); err == nil {
 			metadata.DstIP = ip
-			}
+		} else {
+			metadata.Host = h
 		}
 	}
 

adapter/outbound/base.go

@@ -3,9 +3,9 @@ package outbound
 import (
 	"context"
 	"encoding/json"
-	"errors"
 	"net"
 	"strings"
+	"syscall"
 
 	N "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/common/utils"
@@ -34,12 +34,7 @@ func (b *Base) Name() string {
 // Id implements C.ProxyAdapter
 func (b *Base) Id() string {
 	if b.id == "" {
-		id, err := utils.UnsafeUUIDGenerator.NewV6()
+		b.id = utils.NewUUIDV6().String()
-		if err != nil {
-			b.id = b.name
-		} else {
-			b.id = id.String()
-		}
 	}
 
 	return b.id
@@ -50,33 +45,33 @@ func (b *Base) Type() C.AdapterType {
 	return b.tp
 }
 
-// StreamConn implements C.ProxyAdapter
+// StreamConnContext implements C.ProxyAdapter
-func (b *Base) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+func (b *Base) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
-	return c, errors.New("no support")
+	return c, C.ErrNotSupport
 }
 
 func (b *Base) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
-	return nil, errors.New("no support")
+	return nil, C.ErrNotSupport
 }
 
 // DialContextWithDialer implements C.ProxyAdapter
 func (b *Base) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
-	return nil, errors.New("no support")
+	return nil, C.ErrNotSupport
 }
 
 // ListenPacketContext implements C.ProxyAdapter
 func (b *Base) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
-	return nil, errors.New("no support")
+	return nil, C.ErrNotSupport
 }
 
 // ListenPacketWithDialer implements C.ProxyAdapter
 func (b *Base) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.PacketConn, err error) {
-	return nil, errors.New("no support")
+	return nil, C.ErrNotSupport
 }
 
 // SupportWithDialer implements C.ProxyAdapter
-func (b *Base) SupportWithDialer() bool {
+func (b *Base) SupportWithDialer() C.NetWork {
-	return false
+	return C.InvalidNet
 }
 
 // SupportUOT implements C.ProxyAdapter
@@ -99,6 +94,11 @@ func (b *Base) SupportTFO() bool {
 	return b.tfo
 }
 
+// IsL3Protocol implements C.ProxyAdapter
+func (b *Base) IsL3Protocol(metadata *C.Metadata) bool {
+	return false
+}
+
 // MarshalJSON implements C.ProxyAdapter
 func (b *Base) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]string{
@@ -151,6 +151,7 @@ type BasicOption struct {
 	Interface   string `proxy:"interface-name,omitempty" group:"interface-name,omitempty"`
 	RoutingMark int    `proxy:"routing-mark,omitempty" group:"routing-mark,omitempty"`
 	IPVersion   string `proxy:"ip-version,omitempty" group:"ip-version,omitempty"`
+	DialerProxy string `proxy:"dialer-proxy,omitempty"` // don't apply this option into groups, but can set a group name in a proxy
 }
 
 type BaseOption struct {
@@ -203,13 +204,26 @@ func (c *conn) Upstream() any {
 	return c.ExtendedConn
 }
 
+func (c *conn) WriterReplaceable() bool {
+	return true
+}
+
+func (c *conn) ReaderReplaceable() bool {
+	return true
+}
+
 func NewConn(c net.Conn, a C.ProxyAdapter) C.Conn {
+	if _, ok := c.(syscall.Conn); !ok { // exclusion system conn like *net.TCPConn
+		c = N.NewDeadlineConn(c) // most conn from outbound can't handle readDeadline correctly
+	}
 	return &conn{N.NewExtendedConn(c), []string{a.Name()}, parseRemoteDestination(a.Addr())}
 }
 
 type packetConn struct {
-	net.PacketConn
+	N.EnhancePacketConn
 	chain                   C.Chain
+	adapterName             string
+	connID                  string
 	actualRemoteDestination string
 }
 
@@ -227,8 +241,29 @@ func (c *packetConn) AppendToChains(a C.ProxyAdapter) {
 	c.chain = append(c.chain, a.Name())
 }
 
+func (c *packetConn) LocalAddr() net.Addr {
+	lAddr := c.EnhancePacketConn.LocalAddr()
+	return N.NewCustomAddr(c.adapterName, c.connID, lAddr) // make quic-go's connMultiplexer happy
+}
+
+func (c *packetConn) Upstream() any {
+	return c.EnhancePacketConn
+}
+
+func (c *packetConn) WriterReplaceable() bool {
+	return true
+}
+
+func (c *packetConn) ReaderReplaceable() bool {
+	return true
+}
+
 func newPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
-	return &packetConn{pc, []string{a.Name()}, parseRemoteDestination(a.Addr())}
+	epc := N.NewEnhancePacketConn(pc)
+	if _, ok := pc.(syscall.Conn); !ok { // exclusion system conn like *net.UDPConn
+		epc = N.NewDeadlineEnhancePacketConn(epc) // most conn from outbound can't handle readDeadline correctly
+	}
+	return &packetConn{epc, []string{a.Name()}, a.Name(), utils.NewUUIDV4().String(), parseRemoteDestination(a.Addr())}
 }
 
 func parseRemoteDestination(addr string) string {

adapter/outbound/direct.go

@@ -2,8 +2,7 @@ package outbound
 
 import (
 	"context"
-	"net"
+	"errors"
-
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
@@ -26,16 +25,19 @@ func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata, opts ...
 
 // ListenPacketContext implements C.ProxyAdapter
 func (d *Direct) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
-	opts = append(opts, dialer.WithResolver(resolver.DefaultResolver))
+	// net.UDPConn.WriteTo only working with *net.UDPAddr, so we need a net.UDPAddr
+	if !metadata.Resolved() {
+		ip, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, resolver.DefaultResolver)
+		if err != nil {
+			return nil, errors.New("can't resolve ip")
+		}
+		metadata.DstIP = ip
+	}
 	pc, err := dialer.ListenPacket(ctx, dialer.ParseNetwork("udp", metadata.DstIP), "", d.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
 	}
-	return newPacketConn(&directPacketConn{pc}, d), nil
+	return newPacketConn(pc, d), nil
-}
-
-type directPacketConn struct {
-	net.PacketConn
 }
 
 func NewDirect() *Direct {

adapter/outbound/http.go

@@ -10,10 +10,10 @@ import (
 	"io"
 	"net"
 	"net/http"
-	"net/url"
 	"strconv"
 
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	tlsC "github.com/Dreamacro/clash/component/tls"
 	C "github.com/Dreamacro/clash/constant"
 )
@@ -40,12 +40,10 @@ type HttpOption struct {
 	Headers        map[string]string `proxy:"headers,omitempty"`
 }
 
-// StreamConn implements C.ProxyAdapter
+// StreamConnContext implements C.ProxyAdapter
-func (h *Http) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+func (h *Http) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	if h.tlsConfig != nil {
 		cc := tls.Client(c, h.tlsConfig)
-		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
-		defer cancel()
 		err := cc.HandshakeContext(ctx)
 		c = cc
 		if err != nil {
@@ -66,6 +64,12 @@ func (h *Http) DialContext(ctx context.Context, metadata *C.Metadata, opts ...di
 
 // DialContextWithDialer implements C.ProxyAdapter
 func (h *Http) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
+	if len(h.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(h.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	c, err := dialer.DialContext(ctx, "tcp", h.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", h.addr, err)
@@ -76,7 +80,7 @@ func (h *Http) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metad
 		safeConnClose(c, err)
 	}(c)
 
-	c, err = h.StreamConn(c, metadata)
+	c, err = h.StreamConnContext(ctx, c, metadata)
 	if err != nil {
 		return nil, err
 	}
@@ -85,40 +89,42 @@ func (h *Http) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metad
 }
 
 // SupportWithDialer implements C.ProxyAdapter
-func (h *Http) SupportWithDialer() bool {
+func (h *Http) SupportWithDialer() C.NetWork {
-	return true
+	return C.TCP
 }
 
 func (h *Http) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
 	addr := metadata.RemoteAddress()
-	req := &http.Request{
+	HeaderString := "CONNECT " + addr + " HTTP/1.1\r\n"
-		Method: http.MethodConnect,
+	tempHeaders := map[string]string{
-		URL: &url.URL{
+		"Host":             addr,
-			Host: addr,
+		"User-Agent":       "Go-http-client/1.1",
-		},
+		"Proxy-Connection": "Keep-Alive",
-		Host: addr,
-		Header: http.Header{
-			"Proxy-Connection": []string{"Keep-Alive"},
-		},
 	}
 
-	//增加headers
-	if len(h.option.Headers) != 0 {
 	for key, value := range h.option.Headers {
-			req.Header.Add(key, value)
+		tempHeaders[key] = value
-		}
 	}
 
 	if h.user != "" && h.pass != "" {
 		auth := h.user + ":" + h.pass
-		req.Header.Add("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(auth)))
+		tempHeaders["Proxy-Authorization"] = "Basic " + base64.StdEncoding.EncodeToString([]byte(auth))
 	}
 
-	if err := req.Write(rw); err != nil {
+	for key, value := range tempHeaders {
+		HeaderString += key + ": " + value + "\r\n"
+	}
+
+	HeaderString += "\r\n"
+
+	_, err := rw.Write([]byte(HeaderString))
+
+	if err != nil {
 		return err
 	}
 
-	resp, err := http.ReadResponse(bufio.NewReader(rw), req)
+	resp, err := http.ReadResponse(bufio.NewReader(rw), nil)
+
 	if err != nil {
 		return err
 	}

adapter/outbound/hysteria.go

@@ -20,6 +20,7 @@ import (
 	M "github.com/sagernet/sing/common/metadata"
 
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	tlsC "github.com/Dreamacro/clash/component/tls"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
@@ -28,6 +29,7 @@ import (
 	"github.com/Dreamacro/clash/transport/hysteria/obfs"
 	"github.com/Dreamacro/clash/transport/hysteria/pmtud_fix"
 	"github.com/Dreamacro/clash/transport/hysteria/transport"
+	"github.com/Dreamacro/clash/transport/hysteria/utils"
 )
 
 const (
@@ -46,21 +48,12 @@ var rateStringRegexp = regexp.MustCompile(`^(\d+)\s*([KMGT]?)([Bb])ps$`)
 type Hysteria struct {
 	*Base
 
+	option *HysteriaOption
 	client *core.Client
 }
 
 func (h *Hysteria) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
-	hdc := hyDialerWithContext{
+	tcpConn, err := h.client.DialTCP(metadata.RemoteAddress(), h.genHdc(ctx, opts...))
-		ctx: context.Background(),
-		hyDialer: func(network string) (net.PacketConn, error) {
-			return dialer.ListenPacket(ctx, network, "", h.Base.DialOptions(opts...)...)
-		},
-		remoteAddr: func(addr string) (net.Addr, error) {
-			return resolveUDPAddrWithPrefer(ctx, "udp", addr, h.prefer)
-		},
-	}
-
-	tcpConn, err := h.client.DialTCP(metadata.RemoteAddress(), &hdc)
 	if err != nil {
 		return nil, err
 	}
@@ -69,20 +62,32 @@ func (h *Hysteria) DialContext(ctx context.Context, metadata *C.Metadata, opts .
 }
 
 func (h *Hysteria) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
-	hdc := hyDialerWithContext{
+	udpConn, err := h.client.DialUDP(h.genHdc(ctx, opts...))
+	if err != nil {
+		return nil, err
+	}
+	return newPacketConn(&hyPacketConn{udpConn}, h), nil
+}
+
+func (h *Hysteria) genHdc(ctx context.Context, opts ...dialer.Option) utils.PacketDialer {
+	return &hyDialerWithContext{
 		ctx: context.Background(),
 		hyDialer: func(network string) (net.PacketConn, error) {
-			return dialer.ListenPacket(ctx, network, "", h.Base.DialOptions(opts...)...)
+			var err error
+			var cDialer C.Dialer = dialer.NewDialer(h.Base.DialOptions(opts...)...)
+			if len(h.option.DialerProxy) > 0 {
+				cDialer, err = proxydialer.NewByName(h.option.DialerProxy, cDialer)
+				if err != nil {
+					return nil, err
+				}
+			}
+			rAddrPort, _ := netip.ParseAddrPort(h.Addr())
+			return cDialer.ListenPacket(ctx, network, "", rAddrPort)
 		},
 		remoteAddr: func(addr string) (net.Addr, error) {
 			return resolveUDPAddrWithPrefer(ctx, "udp", addr, h.prefer)
 		},
 	}
-	udpConn, err := h.client.DialUDP(&hdc)
-	if err != nil {
-		return nil, err
-	}
-	return newPacketConn(&hyPacketConn{udpConn}, h), nil
 }
 
 type HysteriaOption struct {
@@ -258,6 +263,7 @@ func NewHysteria(option HysteriaOption) (*Hysteria, error) {
 			rmark:  option.RoutingMark,
 			prefer: C.NewDNSPrefer(option.IPVersion),
 		},
+		option: &option,
 		client: client,
 	}, nil
 }
@@ -312,6 +318,16 @@ func (c *hyPacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
 	return
 }
 
+func (c *hyPacketConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err error) {
+	b, addrStr, err := c.UDPConn.ReadFrom()
+	if err != nil {
+		return
+	}
+	data = b
+	addr = M.ParseSocksaddr(addrStr).UDPAddr()
+	return
+}
+
 func (c *hyPacketConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
 	err = c.UDPConn.WriteTo(p, M.SocksaddrFromNet(addr).String())
 	if err != nil {

adapter/outbound/reject.go

@@ -78,6 +78,9 @@ type nopPacketConn struct{}
 
 func (npc nopPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) { return len(b), nil }
 func (npc nopPacketConn) ReadFrom(b []byte) (int, net.Addr, error)           { return 0, nil, io.EOF }
+func (npc nopPacketConn) WaitReadFrom() ([]byte, func(), net.Addr, error) {
+	return nil, nil, nil, io.EOF
+}
 func (npc nopPacketConn) Close() error                     { return nil }
 func (npc nopPacketConn) LocalAddr() net.Addr              { return udpAddrIPv4Unspecified }
 func (npc nopPacketConn) SetDeadline(time.Time) error      { return nil }

adapter/outbound/shadowsocks.go

@@ -6,20 +6,20 @@ import (
 	"fmt"
 	"net"
 	"strconv"
-	"time"
 
 	N "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/common/structure"
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
+	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/transport/restls"
 	obfs "github.com/Dreamacro/clash/transport/simple-obfs"
 	shadowtls "github.com/Dreamacro/clash/transport/sing-shadowtls"
-	"github.com/Dreamacro/clash/transport/socks5"
 	v2rayObfs "github.com/Dreamacro/clash/transport/v2ray-plugin"
 
-	shadowsocks "github.com/metacubex/sing-shadowsocks"
+	restlsC "github.com/3andne/restls-client-go"
-	"github.com/metacubex/sing-shadowsocks/shadowimpl"
+	"github.com/metacubex/sing-shadowsocks2"
-	"github.com/sagernet/sing/common/bufio"
 	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/uot"
 )
@@ -34,6 +34,7 @@ type ShadowSocks struct {
 	obfsOption      *simpleObfsOption
 	v2rayOption     *v2rayObfs.Option
 	shadowTLSOption *shadowtls.ShadowTLSOption
+	restlsConfig    *restlsC.Config
 }
 
 type ShadowSocksOption struct {
@@ -47,6 +48,8 @@ type ShadowSocksOption struct {
 	Plugin            string         `proxy:"plugin,omitempty"`
 	PluginOpts        map[string]any `proxy:"plugin-opts,omitempty"`
 	UDPOverTCP        bool           `proxy:"udp-over-tcp,omitempty"`
+	UDPOverTCPVersion int            `proxy:"udp-over-tcp-version,omitempty"`
+	ClientFingerprint string         `proxy:"client-fingerprint,omitempty"`
 }
 
 type simpleObfsOption struct {
@@ -69,28 +72,20 @@ type shadowTLSOption struct {
 	Password       string `obfs:"password"`
 	Host           string `obfs:"host"`
 	Fingerprint    string `obfs:"fingerprint,omitempty"`
-	ClientFingerprint string `obfs:"client-fingerprint,omitempty"`
 	SkipCertVerify bool   `obfs:"skip-cert-verify,omitempty"`
 	Version        int    `obfs:"version,omitempty"`
 }
 
-// StreamConn implements C.ProxyAdapter
+type restlsOption struct {
-func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	Password     string `obfs:"password"`
-	switch ss.obfsMode {
+	Host         string `obfs:"host"`
-	case shadowtls.Mode:
+	VersionHint  string `obfs:"version-hint"`
-		// fix tls handshake not timeout
+	RestlsScript string `obfs:"restls-script,omitempty"`
-		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
-		defer cancel()
-		var err error
-		c, err = shadowtls.NewShadowTLS(ctx, c, ss.shadowTLSOption)
-		if err != nil {
-			return nil, err
-		}
-	}
-	return ss.streamConn(c, metadata)
 }
 
-func (ss *ShadowSocks) streamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+// StreamConnContext implements C.ProxyAdapter
+func (ss *ShadowSocks) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	useEarly := false
 	switch ss.obfsMode {
 	case "tls":
 		c = obfs.NewTLSObfs(c, ss.obfsOption.Host)
@@ -99,19 +94,35 @@ func (ss *ShadowSocks) streamConn(c net.Conn, metadata *C.Metadata) (net.Conn, e
 		c = obfs.NewHTTPObfs(c, ss.obfsOption.Host, port)
 	case "websocket":
 		var err error
-		c, err = v2rayObfs.NewV2rayObfs(c, ss.v2rayOption)
+		c, err = v2rayObfs.NewV2rayObfs(ctx, c, ss.v2rayOption)
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
 		}
+	case shadowtls.Mode:
+		var err error
+		c, err = shadowtls.NewShadowTLS(ctx, c, ss.shadowTLSOption)
+		if err != nil {
+			return nil, err
 		}
+		useEarly = true
+	case restls.Mode:
+		var err error
+		c, err = restls.NewRestls(ctx, c, ss.restlsConfig)
+		if err != nil {
+			return nil, fmt.Errorf("%s (restls) connect error: %w", ss.addr, err)
+		}
+		useEarly = true
+	}
+	useEarly = useEarly || N.NeedHandshake(c)
 	if metadata.NetWork == C.UDP && ss.option.UDPOverTCP {
-		if N.NeedHandshake(c) {
+		uotDestination := uot.RequestDestination(uint8(ss.option.UDPOverTCPVersion))
-			return ss.method.DialEarlyConn(c, M.ParseSocksaddr(uot.UOTMagicAddress+":443")), nil
+		if useEarly {
+			return ss.method.DialEarlyConn(c, uotDestination), nil
 		} else {
-			return ss.method.DialConn(c, M.ParseSocksaddr(uot.UOTMagicAddress+":443"))
+			return ss.method.DialConn(c, uotDestination)
 		}
 	}
-	if N.NeedHandshake(c) {
+	if useEarly {
 		return ss.method.DialEarlyConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
 	} else {
 		return ss.method.DialConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
@@ -125,6 +136,12 @@ func (ss *ShadowSocks) DialContext(ctx context.Context, metadata *C.Metadata, op
 
 // DialContextWithDialer implements C.ProxyAdapter
 func (ss *ShadowSocks) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
+	if len(ss.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(ss.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	c, err := dialer.DialContext(ctx, "tcp", ss.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
@@ -135,15 +152,7 @@ func (ss *ShadowSocks) DialContextWithDialer(ctx context.Context, dialer C.Diale
 		safeConnClose(c, err)
 	}(c)
 
-	switch ss.obfsMode {
+	c, err = ss.StreamConnContext(ctx, c, metadata)
-	case shadowtls.Mode:
-		c, err = shadowtls.NewShadowTLS(ctx, c, ss.shadowTLSOption)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	c, err = ss.streamConn(c, metadata)
 	return NewConn(c, ss), err
 }
 
@@ -154,12 +163,18 @@ func (ss *ShadowSocks) ListenPacketContext(ctx context.Context, metadata *C.Meta
 
 // ListenPacketWithDialer implements C.ProxyAdapter
 func (ss *ShadowSocks) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	if len(ss.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(ss.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	if ss.option.UDPOverTCP {
 		tcpConn, err := ss.DialContextWithDialer(ctx, dialer, metadata)
 		if err != nil {
 			return nil, err
 		}
-		return newPacketConn(uot.NewClientConn(tcpConn), ss), nil
+		return ss.ListenPacketOnStreamConn(ctx, tcpConn, metadata)
 	}
 	addr, err := resolveUDPAddrWithPrefer(ctx, "udp", ss.addr, ss.prefer)
 	if err != nil {
@@ -170,21 +185,35 @@ func (ss *ShadowSocks) ListenPacketWithDialer(ctx context.Context, dialer C.Dial
 	if err != nil {
 		return nil, err
 	}
-	pc = ss.method.DialPacketConn(&bufio.BindPacketConn{PacketConn: pc, Addr: addr})
+	pc = ss.method.DialPacketConn(N.NewBindPacketConn(pc, addr))
 	return newPacketConn(pc, ss), nil
 }
 
 // SupportWithDialer implements C.ProxyAdapter
-func (ss *ShadowSocks) SupportWithDialer() bool {
+func (ss *ShadowSocks) SupportWithDialer() C.NetWork {
-	return true
+	return C.ALLNet
 }
 
 // ListenPacketOnStreamConn implements C.ProxyAdapter
-func (ss *ShadowSocks) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
+func (ss *ShadowSocks) ListenPacketOnStreamConn(ctx context.Context, c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	if ss.option.UDPOverTCP {
-		return newPacketConn(uot.NewClientConn(c), ss), nil
+		// ss uot use stream-oriented udp with a special address, so we need a net.UDPAddr
+		if !metadata.Resolved() {
+			ip, err := resolver.ResolveIP(ctx, metadata.Host)
+			if err != nil {
+				return nil, errors.New("can't resolve ip")
 			}
-	return nil, errors.New("no support")
+			metadata.DstIP = ip
+		}
+
+		destination := M.SocksaddrFromNet(metadata.UDPAddr())
+		if ss.option.UDPOverTCPVersion == uot.LegacyVersion {
+			return newPacketConn(uot.NewConn(c, uot.Request{Destination: destination}), ss), nil
+		} else {
+			return newPacketConn(uot.NewLazyConn(c, uot.Request{Destination: destination}), ss), nil
+		}
+	}
+	return nil, C.ErrNotSupport
 }
 
 // SupportUOT implements C.ProxyAdapter
@@ -194,7 +223,9 @@ func (ss *ShadowSocks) SupportUOT() bool {
 
 func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
-	method, err := shadowimpl.FetchMethod(option.Cipher, option.Password, time.Now)
+	method, err := shadowsocks.CreateMethod(context.Background(), option.Cipher, shadowsocks.MethodOptions{
+		Password: option.Password,
+	})
 	if err != nil {
 		return nil, fmt.Errorf("ss %s initialize error: %w", addr, err)
 	}
@@ -202,6 +233,7 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 	var v2rayOption *v2rayObfs.Option
 	var obfsOption *simpleObfsOption
 	var shadowTLSOpt *shadowtls.ShadowTLSOption
+	var restlsConfig *restlsC.Config
 	obfsMode := ""
 
 	decoder := structure.NewDecoder(structure.Option{TagName: "obfs", WeaklyTypedInput: true})
@@ -250,10 +282,30 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 			Password:          opt.Password,
 			Host:              opt.Host,
 			Fingerprint:       opt.Fingerprint,
-			ClientFingerprint: opt.ClientFingerprint,
+			ClientFingerprint: option.ClientFingerprint,
 			SkipCertVerify:    opt.SkipCertVerify,
 			Version:           opt.Version,
 		}
+	} else if option.Plugin == restls.Mode {
+		obfsMode = restls.Mode
+		restlsOpt := &restlsOption{}
+		if err := decoder.Decode(option.PluginOpts, restlsOpt); err != nil {
+			return nil, fmt.Errorf("ss %s initialize restls-plugin error: %w", addr, err)
+		}
+
+		restlsConfig, err = restlsC.NewRestlsConfig(restlsOpt.Host, restlsOpt.Password, restlsOpt.VersionHint, restlsOpt.RestlsScript, option.ClientFingerprint)
+		restlsConfig.SessionTicketsDisabled = true
+		if err != nil {
+			return nil, fmt.Errorf("ss %s initialize restls-plugin error: %w", addr, err)
+		}
+
+	}
+	switch option.UDPOverTCPVersion {
+	case uot.Version, uot.LegacyVersion:
+	case 0:
+		option.UDPOverTCPVersion = uot.LegacyVersion
+	default:
+		return nil, fmt.Errorf("ss %s unknown udp over tcp protocol version: %d", addr, option.UDPOverTCPVersion)
 	}
 
 	return &ShadowSocks{
@@ -274,38 +326,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 		v2rayOption:     v2rayOption,
 		obfsOption:      obfsOption,
 		shadowTLSOption: shadowTLSOpt,
+		restlsConfig:    restlsConfig,
 	}, nil
 }
-
-type ssPacketConn struct {
-	net.PacketConn
-	rAddr net.Addr
-}
-
-func (spc *ssPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) {
-	packet, err := socks5.EncodeUDPPacket(socks5.ParseAddrToSocksAddr(addr), b)
-	if err != nil {
-		return
-	}
-	return spc.PacketConn.WriteTo(packet[3:], spc.rAddr)
-}
-
-func (spc *ssPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
-	n, _, e := spc.PacketConn.ReadFrom(b)
-	if e != nil {
-		return 0, nil, e
-	}
-
-	addr := socks5.SplitAddr(b[:n])
-	if addr == nil {
-		return 0, nil, errors.New("parse addr error")
-	}
-
-	udpAddr := addr.UDPAddr()
-	if udpAddr == nil {
-		return 0, nil, errors.New("parse addr error")
-	}
-
-	copy(b, b[len(addr):])
-	return n - len(addr), udpAddr, e
-}

adapter/outbound/shadowsocksr.go

@@ -2,21 +2,26 @@ package outbound
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net"
 	"strconv"
 
+	N "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/shadowsocks/core"
 	"github.com/Dreamacro/clash/transport/shadowsocks/shadowaead"
 	"github.com/Dreamacro/clash/transport/shadowsocks/shadowstream"
+	"github.com/Dreamacro/clash/transport/socks5"
 	"github.com/Dreamacro/clash/transport/ssr/obfs"
 	"github.com/Dreamacro/clash/transport/ssr/protocol"
 )
 
 type ShadowSocksR struct {
 	*Base
+	option   *ShadowSocksROption
 	cipher   core.Cipher
 	obfs     obfs.Obfs
 	protocol protocol.Protocol
@@ -36,8 +41,8 @@ type ShadowSocksROption struct {
 	UDP           bool   `proxy:"udp,omitempty"`
 }
 
-// StreamConn implements C.ProxyAdapter
+// StreamConnContext implements C.ProxyAdapter
-func (ssr *ShadowSocksR) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+func (ssr *ShadowSocksR) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c = ssr.obfs.StreamConn(c)
 	c = ssr.cipher.StreamConn(c)
 	var (
@@ -65,6 +70,12 @@ func (ssr *ShadowSocksR) DialContext(ctx context.Context, metadata *C.Metadata,
 
 // DialContextWithDialer implements C.ProxyAdapter
 func (ssr *ShadowSocksR) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
+	if len(ssr.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(ssr.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	c, err := dialer.DialContext(ctx, "tcp", ssr.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", ssr.addr, err)
@@ -75,7 +86,7 @@ func (ssr *ShadowSocksR) DialContextWithDialer(ctx context.Context, dialer C.Dia
 		safeConnClose(c, err)
 	}(c)
 
-	c, err = ssr.StreamConn(c, metadata)
+	c, err = ssr.StreamConnContext(ctx, c, metadata)
 	return NewConn(c, ssr), err
 }
 
@@ -86,6 +97,12 @@ func (ssr *ShadowSocksR) ListenPacketContext(ctx context.Context, metadata *C.Me
 
 // ListenPacketWithDialer implements C.ProxyAdapter
 func (ssr *ShadowSocksR) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	if len(ssr.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(ssr.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	addr, err := resolveUDPAddrWithPrefer(ctx, "udp", ssr.addr, ssr.prefer)
 	if err != nil {
 		return nil, err
@@ -96,14 +113,14 @@ func (ssr *ShadowSocksR) ListenPacketWithDialer(ctx context.Context, dialer C.Di
 		return nil, err
 	}
 
-	pc = ssr.cipher.PacketConn(pc)
+	epc := ssr.cipher.PacketConn(N.NewEnhancePacketConn(pc))
-	pc = ssr.protocol.PacketConn(pc)
+	epc = ssr.protocol.PacketConn(epc)
-	return newPacketConn(&ssPacketConn{PacketConn: pc, rAddr: addr}, ssr), nil
+	return newPacketConn(&ssrPacketConn{EnhancePacketConn: epc, rAddr: addr}, ssr), nil
 }
 
 // SupportWithDialer implements C.ProxyAdapter
-func (ssr *ShadowSocksR) SupportWithDialer() bool {
+func (ssr *ShadowSocksR) SupportWithDialer() C.NetWork {
-	return true
+	return C.ALLNet
 }
 
 func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
@@ -168,8 +185,68 @@ func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
 			rmark:  option.RoutingMark,
 			prefer: C.NewDNSPrefer(option.IPVersion),
 		},
+		option:   &option,
 		cipher:   coreCiph,
 		obfs:     obfs,
 		protocol: protocol,
 	}, nil
 }
+
+type ssrPacketConn struct {
+	N.EnhancePacketConn
+	rAddr net.Addr
+}
+
+func (spc *ssrPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) {
+	packet, err := socks5.EncodeUDPPacket(socks5.ParseAddrToSocksAddr(addr), b)
+	if err != nil {
+		return
+	}
+	return spc.EnhancePacketConn.WriteTo(packet[3:], spc.rAddr)
+}
+
+func (spc *ssrPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
+	n, _, e := spc.EnhancePacketConn.ReadFrom(b)
+	if e != nil {
+		return 0, nil, e
+	}
+
+	addr := socks5.SplitAddr(b[:n])
+	if addr == nil {
+		return 0, nil, errors.New("parse addr error")
+	}
+
+	udpAddr := addr.UDPAddr()
+	if udpAddr == nil {
+		return 0, nil, errors.New("parse addr error")
+	}
+
+	copy(b, b[len(addr):])
+	return n - len(addr), udpAddr, e
+}
+
+func (spc *ssrPacketConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err error) {
+	data, put, _, err = spc.EnhancePacketConn.WaitReadFrom()
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	_addr := socks5.SplitAddr(data)
+	if _addr == nil {
+		if put != nil {
+			put()
+		}
+		return nil, nil, nil, errors.New("parse addr error")
+	}
+
+	addr = _addr.UDPAddr()
+	if addr == nil {
+		if put != nil {
+			put()
+		}
+		return nil, nil, nil, errors.New("parse addr error")
+	}
+
+	data = data[len(_addr):]
+	return
+}

adapter/outbound/singmux.go

@@ -0,0 +1,138 @@
+package outbound
+
+import (
+	"context"
+	"errors"
+	"net"
+	"runtime"
+
+	CN "github.com/Dreamacro/clash/common/net"
+	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
+	"github.com/Dreamacro/clash/component/resolver"
+	C "github.com/Dreamacro/clash/constant"
+
+	mux "github.com/sagernet/sing-mux"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type SingMux struct {
+	C.ProxyAdapter
+	base    ProxyBase
+	client  *mux.Client
+	dialer  *muxSingDialer
+	onlyTcp bool
+}
+
+type SingMuxOption struct {
+	Enabled        bool   `proxy:"enabled,omitempty"`
+	Protocol       string `proxy:"protocol,omitempty"`
+	MaxConnections int    `proxy:"max-connections,omitempty"`
+	MinStreams     int    `proxy:"min-streams,omitempty"`
+	MaxStreams     int    `proxy:"max-streams,omitempty"`
+	Padding        bool   `proxy:"padding,omitempty"`
+	Statistic      bool   `proxy:"statistic,omitempty"`
+	OnlyTcp        bool   `proxy:"only-tcp,omitempty"`
+}
+
+type ProxyBase interface {
+	DialOptions(opts ...dialer.Option) []dialer.Option
+}
+
+type muxSingDialer struct {
+	dialer    dialer.Dialer
+	proxy     C.ProxyAdapter
+	statistic bool
+}
+
+var _ N.Dialer = (*muxSingDialer)(nil)
+
+func (d *muxSingDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	var cDialer C.Dialer = proxydialer.New(d.proxy, d.dialer, d.statistic)
+	return cDialer.DialContext(ctx, network, destination.String())
+}
+
+func (d *muxSingDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	var cDialer C.Dialer = proxydialer.New(d.proxy, d.dialer, d.statistic)
+	return cDialer.ListenPacket(ctx, "udp", "", destination.AddrPort())
+}
+
+func (s *SingMux) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
+	options := s.base.DialOptions(opts...)
+	s.dialer.dialer = dialer.NewDialer(options...)
+	c, err := s.client.DialContext(ctx, "tcp", M.ParseSocksaddr(metadata.RemoteAddress()))
+	if err != nil {
+		return nil, err
+	}
+	return NewConn(CN.NewRefConn(c, s), s.ProxyAdapter), err
+}
+
+func (s *SingMux) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
+	if s.onlyTcp {
+		return s.ProxyAdapter.ListenPacketContext(ctx, metadata, opts...)
+	}
+	options := s.base.DialOptions(opts...)
+	s.dialer.dialer = dialer.NewDialer(options...)
+
+	// sing-mux use stream-oriented udp with a special address, so we need a net.UDPAddr
+	if !metadata.Resolved() {
+		ip, err := resolver.ResolveIP(ctx, metadata.Host)
+		if err != nil {
+			return nil, errors.New("can't resolve ip")
+		}
+		metadata.DstIP = ip
+	}
+
+	pc, err := s.client.ListenPacket(ctx, M.SocksaddrFromNet(metadata.UDPAddr()))
+	if err != nil {
+		return nil, err
+	}
+	if pc == nil {
+		return nil, E.New("packetConn is nil")
+	}
+	return newPacketConn(CN.NewRefPacketConn(CN.NewThreadSafePacketConn(pc), s), s.ProxyAdapter), nil
+}
+
+func (s *SingMux) SupportUDP() bool {
+	if s.onlyTcp {
+		return s.ProxyAdapter.SupportUDP()
+	}
+	return true
+}
+
+func (s *SingMux) SupportUOT() bool {
+	if s.onlyTcp {
+		return s.ProxyAdapter.SupportUOT()
+	}
+	return true
+}
+
+func closeSingMux(s *SingMux) {
+	_ = s.client.Close()
+}
+
+func NewSingMux(option SingMuxOption, proxy C.ProxyAdapter, base ProxyBase) (C.ProxyAdapter, error) {
+	singDialer := &muxSingDialer{dialer: dialer.NewDialer(), proxy: proxy, statistic: option.Statistic}
+	client, err := mux.NewClient(mux.Options{
+		Dialer:         singDialer,
+		Protocol:       option.Protocol,
+		MaxConnections: option.MaxConnections,
+		MinStreams:     option.MinStreams,
+		MaxStreams:     option.MaxStreams,
+		Padding:        option.Padding,
+	})
+	if err != nil {
+		return nil, err
+	}
+	outbound := &SingMux{
+		ProxyAdapter: proxy,
+		base:         base,
+		client:       client,
+		dialer:       singDialer,
+		onlyTcp:      option.OnlyTcp,
+	}
+	runtime.SetFinalizer(outbound, closeSingMux)
+	return outbound, nil
+}

adapter/outbound/snell.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/Dreamacro/clash/common/structure"
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	C "github.com/Dreamacro/clash/constant"
 	obfs "github.com/Dreamacro/clash/transport/simple-obfs"
 	"github.com/Dreamacro/clash/transport/snell"
@@ -15,6 +16,7 @@ import (
 
 type Snell struct {
 	*Base
+	option     *SnellOption
 	psk        []byte
 	pool       *snell.Pool
 	obfsOption *simpleObfsOption
@@ -50,8 +52,8 @@ func streamConn(c net.Conn, option streamOption) *snell.Snell {
 	return snell.StreamConn(c, option.psk, option.version)
 }
 
-// StreamConn implements C.ProxyAdapter
+// StreamConnContext implements C.ProxyAdapter
-func (s *Snell) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+func (s *Snell) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
 	if metadata.NetWork == C.UDP {
 		err := snell.WriteUDPHeader(c, s.version)
@@ -83,6 +85,12 @@ func (s *Snell) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 
 // DialContextWithDialer implements C.ProxyAdapter
 func (s *Snell) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
+	if len(s.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(s.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	c, err := dialer.DialContext(ctx, "tcp", s.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", s.addr, err)
@@ -93,7 +101,7 @@ func (s *Snell) DialContextWithDialer(ctx context.Context, dialer C.Dialer, meta
 		safeConnClose(c, err)
 	}(c)
 
-	c, err = s.StreamConn(c, metadata)
+	c, err = s.StreamConnContext(ctx, c, metadata)
 	return NewConn(c, s), err
 }
 
@@ -104,6 +112,13 @@ func (s *Snell) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 
 // ListenPacketWithDialer implements C.ProxyAdapter
 func (s *Snell) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (C.PacketConn, error) {
+	var err error
+	if len(s.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(s.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	c, err := dialer.DialContext(ctx, "tcp", s.addr)
 	if err != nil {
 		return nil, err
@@ -121,8 +136,8 @@ func (s *Snell) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, met
 }
 
 // SupportWithDialer implements C.ProxyAdapter
-func (s *Snell) SupportWithDialer() bool {
+func (s *Snell) SupportWithDialer() C.NetWork {
-	return true
+	return C.ALLNet
 }
 
 // SupportUOT implements C.ProxyAdapter
@@ -172,6 +187,7 @@ func NewSnell(option SnellOption) (*Snell, error) {
 			rmark:  option.RoutingMark,
 			prefer: C.NewDNSPrefer(option.IPVersion),
 		},
+		option:     &option,
 		psk:        psk,
 		obfsOption: obfsOption,
 		version:    option.Version,
@@ -179,7 +195,15 @@ func NewSnell(option SnellOption) (*Snell, error) {
 
 	if option.Version == snell.Version2 {
 		s.pool = snell.NewPool(func(ctx context.Context) (*snell.Snell, error) {
-			c, err := dialer.DialContext(ctx, "tcp", addr, s.Base.DialOptions()...)
+			var err error
+			var cDialer C.Dialer = dialer.NewDialer(s.Base.DialOptions()...)
+			if len(s.option.DialerProxy) > 0 {
+				cDialer, err = proxydialer.NewByName(s.option.DialerProxy, cDialer)
+				if err != nil {
+					return nil, err
+				}
+			}
+			c, err := cDialer.DialContext(ctx, "tcp", addr)
 			if err != nil {
 				return nil, err
 			}

adapter/outbound/socks5.go

@@ -10,6 +10,7 @@ import (
 	"strconv"
 
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	tlsC "github.com/Dreamacro/clash/component/tls"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/socks5"
@@ -17,6 +18,7 @@ import (
 
 type Socks5 struct {
 	*Base
+	option         *Socks5Option
 	user           string
 	pass           string
 	tls            bool
@@ -37,12 +39,10 @@ type Socks5Option struct {
 	Fingerprint    string `proxy:"fingerprint,omitempty"`
 }
 
-// StreamConn implements C.ProxyAdapter
+// StreamConnContext implements C.ProxyAdapter
-func (ss *Socks5) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+func (ss *Socks5) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	if ss.tls {
 		cc := tls.Client(c, ss.tlsConfig)
-		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
-		defer cancel()
 		err := cc.HandshakeContext(ctx)
 		c = cc
 		if err != nil {
@@ -70,6 +70,12 @@ func (ss *Socks5) DialContext(ctx context.Context, metadata *C.Metadata, opts ..
 
 // DialContextWithDialer implements C.ProxyAdapter
 func (ss *Socks5) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
+	if len(ss.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(ss.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	c, err := dialer.DialContext(ctx, "tcp", ss.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
@@ -80,7 +86,7 @@ func (ss *Socks5) DialContextWithDialer(ctx context.Context, dialer C.Dialer, me
 		safeConnClose(c, err)
 	}(c)
 
-	c, err = ss.StreamConn(c, metadata)
+	c, err = ss.StreamConnContext(ctx, c, metadata)
 	if err != nil {
 		return nil, err
 	}
@@ -89,13 +95,20 @@ func (ss *Socks5) DialContextWithDialer(ctx context.Context, dialer C.Dialer, me
 }
 
 // SupportWithDialer implements C.ProxyAdapter
-func (ss *Socks5) SupportWithDialer() bool {
+func (ss *Socks5) SupportWithDialer() C.NetWork {
-	return true
+	return C.TCP
 }
 
 // ListenPacketContext implements C.ProxyAdapter
 func (ss *Socks5) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
-	c, err := dialer.DialContext(ctx, "tcp", ss.addr, ss.Base.DialOptions(opts...)...)
+	var cDialer C.Dialer = dialer.NewDialer(ss.Base.DialOptions(opts...)...)
+	if len(ss.option.DialerProxy) > 0 {
+		cDialer, err = proxydialer.NewByName(ss.option.DialerProxy, cDialer)
+		if err != nil {
+			return nil, err
+		}
+	}
+	c, err := cDialer.DialContext(ctx, "tcp", ss.addr)
 	if err != nil {
 		err = fmt.Errorf("%s connect error: %w", ss.addr, err)
 		return
@@ -187,6 +200,7 @@ func NewSocks5(option Socks5Option) (*Socks5, error) {
 			rmark:  option.RoutingMark,
 			prefer: C.NewDNSPrefer(option.IPVersion),
 		},
+		option:         &option,
 		user:           option.UserName,
 		pass:           option.Password,
 		tls:            option.TLS,

adapter/outbound/trojan.go

@@ -8,8 +8,8 @@ import (
 	"net/http"
 	"strconv"
 
-	N "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	tlsC "github.com/Dreamacro/clash/component/tls"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
@@ -50,7 +50,7 @@ type TrojanOption struct {
 	ClientFingerprint string         `proxy:"client-fingerprint,omitempty"`
 }
 
-func (t *Trojan) plainStream(c net.Conn) (net.Conn, error) {
+func (t *Trojan) plainStream(ctx context.Context, c net.Conn) (net.Conn, error) {
 	if t.option.Network == "ws" {
 		host, port, _ := net.SplitHostPort(t.addr)
 		wsOpts := &trojan.WebsocketOption{
@@ -71,14 +71,14 @@ func (t *Trojan) plainStream(c net.Conn) (net.Conn, error) {
 			wsOpts.Headers = header
 		}
 
-		return t.instance.StreamWebsocketConn(c, wsOpts)
+		return t.instance.StreamWebsocketConn(ctx, c, wsOpts)
 	}
 
-	return t.instance.StreamConn(c)
+	return t.instance.StreamConn(ctx, c)
 }
 
-// StreamConn implements C.ProxyAdapter
+// StreamConnContext implements C.ProxyAdapter
-func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+func (t *Trojan) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 
 	if tlsC.HaveGlobalFingerprint() && len(t.option.ClientFingerprint) == 0 {
@@ -88,7 +88,7 @@ func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 	if t.transport != nil {
 		c, err = gun.StreamGunWithConn(c, t.gunTLSConfig, t.gunConfig, t.realityConfig)
 	} else {
-		c, err = t.plainStream(c)
+		c, err = t.plainStream(ctx, c)
 	}
 
 	if err != nil {
@@ -105,7 +105,7 @@ func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 		return c, err
 	}
 	err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata))
-	return N.NewExtendedConn(c), err
+	return c, err
 }
 
 // DialContext implements C.ProxyAdapter
@@ -135,6 +135,12 @@ func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata, opts ...
 
 // DialContextWithDialer implements C.ProxyAdapter
 func (t *Trojan) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
+	if len(t.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(t.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	c, err := dialer.DialContext(ctx, "tcp", t.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
@@ -145,7 +151,7 @@ func (t *Trojan) DialContextWithDialer(ctx context.Context, dialer C.Dialer, met
 		safeConnClose(c, err)
 	}(c)
 
-	c, err = t.StreamConn(c, metadata)
+	c, err = t.StreamConnContext(ctx, c, metadata)
 	if err != nil {
 		return nil, err
 	}
@@ -179,6 +185,12 @@ func (t *Trojan) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 
 // ListenPacketWithDialer implements C.ProxyAdapter
 func (t *Trojan) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	if len(t.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(t.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	c, err := dialer.DialContext(ctx, "tcp", t.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
@@ -187,7 +199,7 @@ func (t *Trojan) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, me
 		safeConnClose(c, err)
 	}(c)
 	tcpKeepAlive(c)
-	c, err = t.plainStream(c)
+	c, err = t.plainStream(ctx, c)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
@@ -202,8 +214,8 @@ func (t *Trojan) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, me
 }
 
 // SupportWithDialer implements C.ProxyAdapter
-func (t *Trojan) SupportWithDialer() bool {
+func (t *Trojan) SupportWithDialer() C.NetWork {
-	return true
+	return C.ALLNet
 }
 
 // ListenPacketOnStreamConn implements C.ProxyAdapter
@@ -271,7 +283,15 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 
 	if option.Network == "grpc" {
 		dialFn := func(network, addr string) (net.Conn, error) {
-			c, err := dialer.DialContext(context.Background(), "tcp", t.addr, t.Base.DialOptions()...)
+			var err error
+			var cDialer C.Dialer = dialer.NewDialer(t.Base.DialOptions()...)
+			if len(t.option.DialerProxy) > 0 {
+				cDialer, err = proxydialer.NewByName(t.option.DialerProxy, cDialer)
+				if err != nil {
+					return nil, err
+				}
+			}
+			c, err := cDialer.DialContext(context.Background(), "tcp", t.addr)
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %s", t.addr, err.Error())
 			}

adapter/outbound/tuic.go

@@ -13,16 +13,19 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/metacubex/quic-go"
-
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	tlsC "github.com/Dreamacro/clash/component/tls"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/tuic"
+
+	"github.com/gofrs/uuid/v5"
+	"github.com/metacubex/quic-go"
 )
 
 type Tuic struct {
 	*Base
+	option *TuicOption
 	client *tuic.PoolClient
 }
 
@@ -31,7 +34,9 @@ type TuicOption struct {
 	Name                  string   `proxy:"name"`
 	Server                string   `proxy:"server"`
 	Port                  int      `proxy:"port"`
-	Token                 string   `proxy:"token"`
+	Token                 string   `proxy:"token,omitempty"`
+	UUID                  string   `proxy:"uuid,omitempty"`
+	Password              string   `proxy:"password,omitempty"`
 	Ip                    string   `proxy:"ip,omitempty"`
 	HeartbeatInterval     int      `proxy:"heartbeat-interval,omitempty"`
 	ALPN                  []string `proxy:"alpn,omitempty"`
@@ -44,6 +49,7 @@ type TuicOption struct {
 
 	FastOpen             bool   `proxy:"fast-open,omitempty"`
 	MaxOpenStreams       int    `proxy:"max-open-streams,omitempty"`
+	CWND                 int    `proxy:"cwnd,omitempty"`
 	SkipCertVerify       bool   `proxy:"skip-cert-verify,omitempty"`
 	Fingerprint          string `proxy:"fingerprint,omitempty"`
 	CustomCA             string `proxy:"ca,omitempty"`
@@ -51,6 +57,7 @@ type TuicOption struct {
 	ReceiveWindowConn    int    `proxy:"recv-window-conn,omitempty"`
 	ReceiveWindow        int    `proxy:"recv-window,omitempty"`
 	DisableMTUDiscovery  bool   `proxy:"disable-mtu-discovery,omitempty"`
+	MaxDatagramFrameSize int    `proxy:"max-datagram-frame-size,omitempty"`
 	SNI                  string `proxy:"sni,omitempty"`
 }
 
@@ -83,24 +90,30 @@ func (t *Tuic) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, meta
 }
 
 // SupportWithDialer implements C.ProxyAdapter
-func (t *Tuic) SupportWithDialer() bool {
+func (t *Tuic) SupportWithDialer() C.NetWork {
-	return true
+	return C.ALLNet
 }
 
-func (t *Tuic) dial(ctx context.Context, opts ...dialer.Option) (pc net.PacketConn, addr net.Addr, err error) {
+func (t *Tuic) dialWithDialer(ctx context.Context, dialer C.Dialer) (transport *quic.Transport, addr net.Addr, err error) {
-	return t.dialWithDialer(ctx, dialer.NewDialer(opts...))
+	if len(t.option.DialerProxy) > 0 {
-}
+		dialer, err = proxydialer.NewByName(t.option.DialerProxy, dialer)
-
+		if err != nil {
-func (t *Tuic) dialWithDialer(ctx context.Context, dialer C.Dialer) (pc net.PacketConn, addr net.Addr, err error) {
+			return nil, nil, err
+		}
+	}
 	udpAddr, err := resolveUDPAddrWithPrefer(ctx, "udp", t.addr, t.prefer)
 	if err != nil {
 		return nil, nil, err
 	}
 	addr = udpAddr
+	var pc net.PacketConn
 	pc, err = dialer.ListenPacket(ctx, "udp", "", udpAddr.AddrPort())
 	if err != nil {
 		return nil, nil, err
 	}
+	transport = &quic.Transport{Conn: pc}
+	transport.SetCreatedConn(true) // auto close conn
+	transport.SetSingleUse(true)   // auto close transport
 	return
 }
 
@@ -163,8 +176,9 @@ func NewTuic(option TuicOption) (*Tuic, error) {
 		option.HeartbeatInterval = 10000
 	}
 
+	udpRelayMode := tuic.QUIC
 	if option.UdpRelayMode != "quic" {
-		option.UdpRelayMode = "native"
+		udpRelayMode = tuic.NATIVE
 	}
 
 	if option.MaxUdpRelayPacketSize == 0 {
@@ -175,6 +189,24 @@ func NewTuic(option TuicOption) (*Tuic, error) {
 		option.MaxOpenStreams = 100
 	}
 
+	if option.CWND == 0 {
+		option.CWND = 32
+	}
+
+	packetOverHead := tuic.PacketOverHeadV4
+	if len(option.Token) == 0 {
+		packetOverHead = tuic.PacketOverHeadV5
+	}
+
+	if option.MaxDatagramFrameSize == 0 {
+		option.MaxDatagramFrameSize = option.MaxUdpRelayPacketSize + packetOverHead
+	}
+
+	if option.MaxDatagramFrameSize > 1400 {
+		option.MaxDatagramFrameSize = 1400
+	}
+	option.MaxUdpRelayPacketSize = option.MaxDatagramFrameSize - packetOverHead
+
 	// ensure server's incoming stream can handle correctly, increase to 1.1x
 	quicMaxOpenStreams := int64(option.MaxOpenStreams)
 	quicMaxOpenStreams = quicMaxOpenStreams + int64(math.Ceil(float64(quicMaxOpenStreams)/10.0))
@@ -187,6 +219,7 @@ func NewTuic(option TuicOption) (*Tuic, error) {
 		MaxIncomingUniStreams:          quicMaxOpenStreams,
 		KeepAlivePeriod:                time.Duration(option.HeartbeatInterval) * time.Millisecond,
 		DisablePathMTUDiscovery:        option.DisableMTUDiscovery,
+		MaxDatagramFrameSize:           int64(option.MaxDatagramFrameSize),
 		EnableDatagrams:                true,
 	}
 	if option.ReceiveWindowConn == 0 {
@@ -201,12 +234,10 @@ func NewTuic(option TuicOption) (*Tuic, error) {
 	if len(option.Ip) > 0 {
 		addr = net.JoinHostPort(option.Ip, strconv.Itoa(option.Port))
 	}
-	host := option.Server
 	if option.DisableSni {
-		host = ""
 		tlsConfig.ServerName = ""
+		tlsConfig.InsecureSkipVerify = true // tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config
 	}
-	tkn := tuic.GenTKN(option.Token)
 
 	t := &Tuic{
 		Base: &Base{
@@ -219,6 +250,7 @@ func NewTuic(option TuicOption) (*Tuic, error) {
 			rmark:  option.RoutingMark,
 			prefer: C.NewDNSPrefer(option.IPVersion),
 		},
+		option: &option,
 	}
 
 	clientMaxOpenStreams := int64(option.MaxOpenStreams)
@@ -231,21 +263,40 @@ func NewTuic(option TuicOption) (*Tuic, error) {
 	if clientMaxOpenStreams < 1 {
 		clientMaxOpenStreams = 1
 	}
-	clientOption := &tuic.ClientOption{
+
+	if len(option.Token) > 0 {
+		tkn := tuic.GenTKN(option.Token)
+		clientOption := &tuic.ClientOptionV4{
 			TlsConfig:             tlsConfig,
 			QuicConfig:            quicConfig,
-		Host:                  host,
 			Token:                 tkn,
-		UdpRelayMode:          option.UdpRelayMode,
+			UdpRelayMode:          udpRelayMode,
 			CongestionController:  option.CongestionController,
 			ReduceRtt:             option.ReduceRtt,
 			RequestTimeout:        time.Duration(option.RequestTimeout) * time.Millisecond,
 			MaxUdpRelayPacketSize: option.MaxUdpRelayPacketSize,
 			FastOpen:              option.FastOpen,
 			MaxOpenStreams:        clientMaxOpenStreams,
+			CWND:                  option.CWND,
 		}
 
-	t.client = tuic.NewPoolClient(clientOption)
+		t.client = tuic.NewPoolClientV4(clientOption)
+	} else {
+		clientOption := &tuic.ClientOptionV5{
+			TlsConfig:             tlsConfig,
+			QuicConfig:            quicConfig,
+			Uuid:                  uuid.FromStringOrNil(option.UUID),
+			Password:              option.Password,
+			UdpRelayMode:          udpRelayMode,
+			CongestionController:  option.CongestionController,
+			ReduceRtt:             option.ReduceRtt,
+			MaxUdpRelayPacketSize: option.MaxUdpRelayPacketSize,
+			MaxOpenStreams:        clientMaxOpenStreams,
+			CWND:                  option.CWND,
+		}
+
+		t.client = tuic.NewPoolClientV5(clientOption)
+	}
 
 	return t, nil
 }

adapter/outbound/vless.go

@@ -13,7 +13,10 @@ import (
 	"sync"
 
 	"github.com/Dreamacro/clash/common/convert"
+	N "github.com/Dreamacro/clash/common/net"
+	"github.com/Dreamacro/clash/common/utils"
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	tlsC "github.com/Dreamacro/clash/component/tls"
 	C "github.com/Dreamacro/clash/constant"
@@ -23,8 +26,8 @@ import (
 	"github.com/Dreamacro/clash/transport/vless"
 	"github.com/Dreamacro/clash/transport/vmess"
 
-	vmessSing "github.com/sagernet/sing-vmess"
+	vmessSing "github.com/metacubex/sing-vmess"
-	"github.com/sagernet/sing-vmess/packetaddr"
+	"github.com/metacubex/sing-vmess/packetaddr"
 	M "github.com/sagernet/sing/common/metadata"
 )
 
@@ -73,7 +76,7 @@ type VlessOption struct {
 	ClientFingerprint string            `proxy:"client-fingerprint,omitempty"`
 }
 
-func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+func (v *Vless) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 
 	if tlsC.HaveGlobalFingerprint() && len(v.option.ClientFingerprint) == 0 {
@@ -127,10 +130,10 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				convert.SetUserAgent(wsOpts.Headers)
 			}
 		}
-		c, err = vmess.StreamWebsocketConn(c, wsOpts)
+		c, err = vmess.StreamWebsocketConn(ctx, c, wsOpts)
 	case "http":
 		// readability first, so just copy default TLS logic
-		c, err = v.streamTLSOrXTLSConn(c, false)
+		c, err = v.streamTLSOrXTLSConn(ctx, c, false)
 		if err != nil {
 			return nil, err
 		}
@@ -145,7 +148,7 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 
 		c = vmess.StreamHTTPConn(c, httpOpts)
 	case "h2":
-		c, err = v.streamTLSOrXTLSConn(c, true)
+		c, err = v.streamTLSOrXTLSConn(ctx, c, true)
 		if err != nil {
 			return nil, err
 		}
@@ -161,17 +164,45 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	default:
 		// default tcp network
 		// handle TLS And XTLS
-		c, err = v.streamTLSOrXTLSConn(c, false)
+		c, err = v.streamTLSOrXTLSConn(ctx, c, false)
 	}
 
 	if err != nil {
 		return nil, err
 	}
 
-	return v.client.StreamConn(c, parseVlessAddr(metadata, v.option.XUDP))
+	return v.streamConn(c, metadata)
 }
 
-func (v *Vless) streamTLSOrXTLSConn(conn net.Conn, isH2 bool) (net.Conn, error) {
+func (v *Vless) streamConn(c net.Conn, metadata *C.Metadata) (conn net.Conn, err error) {
+	if metadata.NetWork == C.UDP {
+		if v.option.PacketAddr {
+			metadata = &C.Metadata{
+				NetWork: C.UDP,
+				Host:    packetaddr.SeqPacketMagicAddress,
+				DstPort: "443",
+			}
+		} else {
+			metadata = &C.Metadata{ // a clear metadata only contains ip
+				NetWork: C.UDP,
+				DstIP:   metadata.DstIP,
+				DstPort: metadata.DstPort,
+			}
+		}
+		conn, err = v.client.StreamConn(c, parseVlessAddr(metadata, v.option.XUDP))
+		if v.option.PacketAddr {
+			conn = packetaddr.NewBindConn(conn)
+		}
+	} else {
+		conn, err = v.client.StreamConn(c, parseVlessAddr(metadata, false))
+	}
+	if err != nil {
+		conn = nil
+	}
+	return
+}
+
+func (v *Vless) streamTLSOrXTLSConn(ctx context.Context, conn net.Conn, isH2 bool) (net.Conn, error) {
 	host, _, _ := net.SplitHostPort(v.addr)
 
 	if v.isLegacyXTLSEnabled() && !isH2 {
@@ -185,7 +216,7 @@ func (v *Vless) streamTLSOrXTLSConn(conn net.Conn, isH2 bool) (net.Conn, error)
 			xtlsOpts.Host = v.option.ServerName
 		}
 
-		return vless.StreamXTLSConn(conn, &xtlsOpts)
+		return vless.StreamXTLSConn(ctx, conn, &xtlsOpts)
 
 	} else if v.option.TLS {
 		tlsOpts := vmess.TLSConfig{
@@ -204,7 +235,7 @@ func (v *Vless) streamTLSOrXTLSConn(conn net.Conn, isH2 bool) (net.Conn, error)
 			tlsOpts.Host = v.option.ServerName
 		}
 
-		return vmess.StreamTLSConn(conn, &tlsOpts)
+		return vmess.StreamTLSConn(ctx, conn, &tlsOpts)
 	}
 
 	return conn, nil
@@ -238,6 +269,12 @@ func (v *Vless) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 
 // DialContextWithDialer implements C.ProxyAdapter
 func (v *Vless) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
+	if len(v.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(v.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	c, err := dialer.DialContext(ctx, "tcp", v.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
@@ -247,7 +284,7 @@ func (v *Vless) DialContextWithDialer(ctx context.Context, dialer C.Dialer, meta
 		safeConnClose(c, err)
 	}(c)
 
-	c, err = v.StreamConn(c, metadata)
+	c, err = v.StreamConnContext(ctx, c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 	}
@@ -264,7 +301,6 @@ func (v *Vless) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 		}
 		metadata.DstIP = ip
 	}
-
 	var c net.Conn
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
@@ -276,27 +312,25 @@ func (v *Vless) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 			safeConnClose(c, err)
 		}(c)
 
-		if v.option.PacketAddr {
+		c, err = v.streamConn(c, metadata)
-			packetAddrMetadata := *metadata // make a copy
-			packetAddrMetadata.Host = packetaddr.SeqPacketMagicAddress
-			packetAddrMetadata.DstPort = "443"
-
-			c, err = v.client.StreamConn(c, parseVlessAddr(&packetAddrMetadata, false))
-		} else {
-			c, err = v.client.StreamConn(c, parseVlessAddr(metadata, v.option.XUDP))
-		}
-
 		if err != nil {
 			return nil, fmt.Errorf("new vless client error: %v", err)
 		}
 
-		return v.ListenPacketOnStreamConn(c, metadata)
+		return v.ListenPacketOnStreamConn(ctx, c, metadata)
 	}
 	return v.ListenPacketWithDialer(ctx, dialer.NewDialer(v.Base.DialOptions(opts...)...), metadata)
 }
 
 // ListenPacketWithDialer implements C.ProxyAdapter
 func (v *Vless) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	if len(v.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(v.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	// vless use stream-oriented udp with a special address, so we need a net.UDPAddr
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(ctx, metadata.Host)
@@ -305,6 +339,7 @@ func (v *Vless) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, met
 		}
 		metadata.DstIP = ip
 	}
+
 	c, err := dialer.DialContext(ctx, "tcp", v.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
@@ -314,40 +349,46 @@ func (v *Vless) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, met
 		safeConnClose(c, err)
 	}(c)
 
-	if v.option.PacketAddr {
+	c, err = v.StreamConnContext(ctx, c, metadata)
-		packetAddrMetadata := *metadata // make a copy
-		packetAddrMetadata.Host = packetaddr.SeqPacketMagicAddress
-		packetAddrMetadata.DstPort = "443"
-
-		c, err = v.StreamConn(c, &packetAddrMetadata)
-	} else {
-		c, err = v.StreamConn(c, metadata)
-	}
-
 	if err != nil {
 		return nil, fmt.Errorf("new vless client error: %v", err)
 	}
 
-	return v.ListenPacketOnStreamConn(c, metadata)
+	return v.ListenPacketOnStreamConn(ctx, c, metadata)
 }
 
 // SupportWithDialer implements C.ProxyAdapter
-func (v *Vless) SupportWithDialer() bool {
+func (v *Vless) SupportWithDialer() C.NetWork {
-	return true
+	return C.ALLNet
 }
 
 // ListenPacketOnStreamConn implements C.ProxyAdapter
-func (v *Vless) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
+func (v *Vless) ListenPacketOnStreamConn(ctx context.Context, c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	// vless use stream-oriented udp with a special address, so we need a net.UDPAddr
+	if !metadata.Resolved() {
+		ip, err := resolver.ResolveIP(ctx, metadata.Host)
+		if err != nil {
+			return nil, errors.New("can't resolve ip")
+		}
+		metadata.DstIP = ip
+	}
+
 	if v.option.XUDP {
-		return newPacketConn(&threadSafePacketConn{
+		var globalID [8]byte
-			PacketConn: vmessSing.NewXUDPConn(c, M.ParseSocksaddr(metadata.RemoteAddress())),
+		if metadata.SourceValid() {
-		}, v), nil
+			globalID = utils.GlobalID(metadata.SourceAddress())
+		}
+		return newPacketConn(N.NewThreadSafePacketConn(
+			vmessSing.NewXUDPConn(c,
+				globalID,
+				M.SocksaddrFromNet(metadata.UDPAddr())),
+		), v), nil
 	} else if v.option.PacketAddr {
-		return newPacketConn(&threadSafePacketConn{
+		return newPacketConn(N.NewThreadSafePacketConn(
-			PacketConn: packetaddr.NewConn(&vlessPacketConn{
+			packetaddr.NewConn(&vlessPacketConn{
 				Conn: c, rAddr: metadata.UDPAddr(),
-			}, M.ParseSocksaddr(metadata.RemoteAddress())),
+			}, M.SocksaddrFromNet(metadata.UDPAddr())),
-		}, v), nil
+		), v), nil
 	}
 	return newPacketConn(&vlessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }
@@ -504,6 +545,9 @@ func NewVless(option VlessOption) (*Vless, error) {
 			option.XUDP = true
 		}
 	}
+	if option.XUDP {
+		option.PacketAddr = false
+	}
 
 	client, err := vless.NewClient(option.UUID, addons, option.FlowShow)
 	if err != nil {
@@ -538,7 +582,15 @@ func NewVless(option VlessOption) (*Vless, error) {
 		}
 	case "grpc":
 		dialFn := func(network, addr string) (net.Conn, error) {
-			c, err := dialer.DialContext(context.Background(), "tcp", v.addr, v.Base.DialOptions()...)
+			var err error
+			var cDialer C.Dialer = dialer.NewDialer(v.Base.DialOptions()...)
+			if len(v.option.DialerProxy) > 0 {
+				cDialer, err = proxydialer.NewByName(v.option.DialerProxy, cDialer)
+				if err != nil {
+					return nil, err
+				}
+			}
+			c, err := cDialer.DialContext(context.Background(), "tcp", v.addr)
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 			}
@@ -551,15 +603,19 @@ func NewVless(option VlessOption) (*Vless, error) {
 			Host:              v.option.ServerName,
 			ClientFingerprint: v.option.ClientFingerprint,
 		}
-		tlsConfig := tlsC.GetGlobalTLSConfig(&tls.Config{
+		if option.ServerName == "" {
+			gunConfig.Host = v.addr
+		}
+		var tlsConfig *tls.Config
+		if option.TLS {
+			tlsConfig = tlsC.GetGlobalTLSConfig(&tls.Config{
 				InsecureSkipVerify: v.option.SkipCertVerify,
 				ServerName:         v.option.ServerName,
 			})
-
+			if option.ServerName == "" {
-		if v.option.ServerName == "" {
 				host, _, _ := net.SplitHostPort(v.addr)
 				tlsConfig.ServerName = host
-			gunConfig.Host = host
+			}
 		}
 
 		v.gunTLSConfig = tlsConfig

adapter/outbound/vmess.go

@@ -12,15 +12,17 @@ import (
 	"sync"
 
 	N "github.com/Dreamacro/clash/common/net"
+	"github.com/Dreamacro/clash/common/utils"
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	tlsC "github.com/Dreamacro/clash/component/tls"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
 	clashVMess "github.com/Dreamacro/clash/transport/vmess"
 
-	vmess "github.com/sagernet/sing-vmess"
+	vmess "github.com/metacubex/sing-vmess"
-	"github.com/sagernet/sing-vmess/packetaddr"
+	"github.com/metacubex/sing-vmess/packetaddr"
 	M "github.com/sagernet/sing/common/metadata"
 )
 
@@ -88,8 +90,8 @@ type WSOptions struct {
 	EarlyDataHeaderName string            `proxy:"early-data-header-name,omitempty"`
 }
 
-// StreamConn implements C.ProxyAdapter
+// StreamConnContext implements C.ProxyAdapter
-func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+func (v *Vmess) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 
 	if tlsC.HaveGlobalFingerprint() && (len(v.option.ClientFingerprint) == 0) {
@@ -137,7 +139,7 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				wsOpts.TLSConfig.ServerName = host
 			}
 		}
-		c, err = clashVMess.StreamWebsocketConn(c, wsOpts)
+		c, err = clashVMess.StreamWebsocketConn(ctx, c, wsOpts)
 	case "http":
 		// readability first, so just copy default TLS logic
 		if v.option.TLS {
@@ -152,7 +154,7 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			if v.option.ServerName != "" {
 				tlsOpts.Host = v.option.ServerName
 			}
-			c, err = clashVMess.StreamTLSConn(c, tlsOpts)
+			c, err = clashVMess.StreamTLSConn(ctx, c, tlsOpts)
 			if err != nil {
 				return nil, err
 			}
@@ -181,7 +183,7 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			tlsOpts.Host = v.option.ServerName
 		}
 
-		c, err = clashVMess.StreamTLSConn(c, &tlsOpts)
+		c, err = clashVMess.StreamTLSConn(ctx, c, &tlsOpts)
 		if err != nil {
 			return nil, err
 		}
@@ -209,34 +211,63 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				tlsOpts.Host = v.option.ServerName
 			}
 
-			c, err = clashVMess.StreamTLSConn(c, tlsOpts)
+			c, err = clashVMess.StreamTLSConn(ctx, c, tlsOpts)
 		}
 	}
 
 	if err != nil {
 		return nil, err
 	}
+	return v.streamConn(c, metadata)
+}
+
+func (v *Vmess) streamConn(c net.Conn, metadata *C.Metadata) (conn net.Conn, err error) {
 	if metadata.NetWork == C.UDP {
 		if v.option.XUDP {
-			if N.NeedHandshake(c) {
+			var globalID [8]byte
-				return v.client.DialEarlyXUDPPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
+			if metadata.SourceValid() {
-			} else {
+				globalID = utils.GlobalID(metadata.SourceAddress())
-				return v.client.DialXUDPPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
 			}
+			if N.NeedHandshake(c) {
+				conn = v.client.DialEarlyXUDPPacketConn(c,
+					globalID,
+					M.SocksaddrFromNet(metadata.UDPAddr()))
+			} else {
+				conn, err = v.client.DialXUDPPacketConn(c,
+					globalID,
+					M.SocksaddrFromNet(metadata.UDPAddr()))
+			}
+		} else if v.option.PacketAddr {
+			if N.NeedHandshake(c) {
+				conn = v.client.DialEarlyPacketConn(c,
+					M.ParseSocksaddrHostPort(packetaddr.SeqPacketMagicAddress, 443))
+			} else {
+				conn, err = v.client.DialPacketConn(c,
+					M.ParseSocksaddrHostPort(packetaddr.SeqPacketMagicAddress, 443))
+			}
+			conn = packetaddr.NewBindConn(conn)
 		} else {
 			if N.NeedHandshake(c) {
-				return v.client.DialEarlyPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
+				conn = v.client.DialEarlyPacketConn(c,
+					M.SocksaddrFromNet(metadata.UDPAddr()))
 			} else {
-				return v.client.DialPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
+				conn, err = v.client.DialPacketConn(c,
+					M.SocksaddrFromNet(metadata.UDPAddr()))
 			}
 		}
 	} else {
 		if N.NeedHandshake(c) {
-			return v.client.DialEarlyConn(c, M.ParseSocksaddr(metadata.RemoteAddress())), nil
+			conn = v.client.DialEarlyConn(c,
+				M.ParseSocksaddr(metadata.RemoteAddress()))
 		} else {
-			return v.client.DialConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
+			conn, err = v.client.DialConn(c,
+				M.ParseSocksaddr(metadata.RemoteAddress()))
 		}
 	}
+	if err != nil {
+		conn = nil
+	}
+	return
 }
 
 // DialContext implements C.ProxyAdapter
@@ -263,6 +294,12 @@ func (v *Vmess) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 
 // DialContextWithDialer implements C.ProxyAdapter
 func (v *Vmess) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
+	if len(v.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(v.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	c, err := dialer.DialContext(ctx, "tcp", v.addr)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
@@ -272,7 +309,7 @@ func (v *Vmess) DialContextWithDialer(ctx context.Context, dialer C.Dialer, meta
 		safeConnClose(c, err)
 	}(c)
 
-	c, err = v.StreamConn(c, metadata)
+	c, err = v.StreamConnContext(ctx, c, metadata)
 	return NewConn(c, v), err
 }
 
@@ -286,14 +323,6 @@ func (v *Vmess) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 		}
 		metadata.DstIP = ip
 	}
-
-	if v.option.PacketAddr {
-		_metadata := *metadata // make a copy
-		metadata = &_metadata
-		metadata.Host = packetaddr.SeqPacketMagicAddress
-		metadata.DstPort = "443"
-	}
-
 	var c net.Conn
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
@@ -305,30 +334,24 @@ func (v *Vmess) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 			safeConnClose(c, err)
 		}(c)
 
-		if v.option.XUDP {
+		c, err = v.streamConn(c, metadata)
-			if N.NeedHandshake(c) {
-				c = v.client.DialEarlyXUDPPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-			} else {
-				c, err = v.client.DialXUDPPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-			}
-		} else {
-			if N.NeedHandshake(c) {
-				c = v.client.DialEarlyPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-			} else {
-				c, err = v.client.DialPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
-			}
-		}
-
 		if err != nil {
 			return nil, fmt.Errorf("new vmess client error: %v", err)
 		}
-		return v.ListenPacketOnStreamConn(c, metadata)
+		return v.ListenPacketOnStreamConn(ctx, c, metadata)
 	}
 	return v.ListenPacketWithDialer(ctx, dialer.NewDialer(v.Base.DialOptions(opts...)...), metadata)
 }
 
 // ListenPacketWithDialer implements C.ProxyAdapter
 func (v *Vmess) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	if len(v.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(v.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	// vmess use stream-oriented udp with a special address, so we need a net.UDPAddr
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(ctx, metadata.Host)
@@ -347,24 +370,31 @@ func (v *Vmess) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, met
 		safeConnClose(c, err)
 	}(c)
 
-	c, err = v.StreamConn(c, metadata)
+	c, err = v.StreamConnContext(ctx, c, metadata)
 	if err != nil {
 		return nil, fmt.Errorf("new vmess client error: %v", err)
 	}
-	return v.ListenPacketOnStreamConn(c, metadata)
+	return v.ListenPacketOnStreamConn(ctx, c, metadata)
 }
 
 // SupportWithDialer implements C.ProxyAdapter
-func (v *Vmess) SupportWithDialer() bool {
+func (v *Vmess) SupportWithDialer() C.NetWork {
-	return true
+	return C.ALLNet
 }
 
 // ListenPacketOnStreamConn implements C.ProxyAdapter
-func (v *Vmess) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
+func (v *Vmess) ListenPacketOnStreamConn(ctx context.Context, c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
-	if v.option.PacketAddr {
+	// vmess use stream-oriented udp with a special address, so we need a net.UDPAddr
-		return newPacketConn(&threadSafePacketConn{PacketConn: packetaddr.NewBindConn(c)}, v), nil
+	if !metadata.Resolved() {
-	} else if pc, ok := c.(net.PacketConn); ok {
+		ip, err := resolver.ResolveIP(ctx, metadata.Host)
-		return newPacketConn(&threadSafePacketConn{PacketConn: pc}, v), nil
+		if err != nil {
+			return nil, errors.New("can't resolve ip")
+		}
+		metadata.DstIP = ip
+	}
+
+	if pc, ok := c.(net.PacketConn); ok {
+		return newPacketConn(N.NewThreadSafePacketConn(pc), v), nil
 	}
 	return newPacketConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }
@@ -398,13 +428,6 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 		option.PacketAddr = false
 	}
 
-	switch option.Network {
-	case "h2", "grpc":
-		if !option.TLS {
-			option.TLS = true
-		}
-	}
-
 	v := &Vmess{
 		Base: &Base{
 			name:   option.Name,
@@ -428,7 +451,15 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 		}
 	case "grpc":
 		dialFn := func(network, addr string) (net.Conn, error) {
-			c, err := dialer.DialContext(context.Background(), "tcp", v.addr, v.Base.DialOptions()...)
+			var err error
+			var cDialer C.Dialer = dialer.NewDialer(v.Base.DialOptions()...)
+			if len(v.option.DialerProxy) > 0 {
+				cDialer, err = proxydialer.NewByName(v.option.DialerProxy, cDialer)
+				if err != nil {
+					return nil, err
+				}
+			}
+			c, err := cDialer.DialContext(context.Background(), "tcp", v.addr)
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 			}
@@ -441,15 +472,19 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 			Host:              v.option.ServerName,
 			ClientFingerprint: v.option.ClientFingerprint,
 		}
-		tlsConfig := &tls.Config{
+		if option.ServerName == "" {
+			gunConfig.Host = v.addr
+		}
+		var tlsConfig *tls.Config
+		if option.TLS {
+			tlsConfig = tlsC.GetGlobalTLSConfig(&tls.Config{
 				InsecureSkipVerify: v.option.SkipCertVerify,
 				ServerName:         v.option.ServerName,
-		}
+			})
-
+			if option.ServerName == "" {
-		if v.option.ServerName == "" {
 				host, _, _ := net.SplitHostPort(v.addr)
 				tlsConfig.ServerName = host
-			gunConfig.Host = host
+			}
 		}
 
 		v.gunTLSConfig = tlsConfig
@@ -466,17 +501,6 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 	return v, nil
 }
 
-type threadSafePacketConn struct {
-	net.PacketConn
-	access sync.Mutex
-}
-
-func (c *threadSafePacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
-	c.access.Lock()
-	defer c.access.Unlock()
-	return c.PacketConn.WriteTo(b, addr)
-}
-
 type vmessPacketConn struct {
 	net.Conn
 	rAddr  net.Addr
@@ -486,9 +510,9 @@ type vmessPacketConn struct {
 // WriteTo implments C.PacketConn.WriteTo
 // Since VMess doesn't support full cone NAT by design, we verify if addr matches uc.rAddr, and drop the packet if not.
 func (uc *vmessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
-	allowedAddr := uc.rAddr.(*net.UDPAddr)
+	allowedAddr := uc.rAddr
-	destAddr := addr.(*net.UDPAddr)
+	destAddr := addr
-	if !(allowedAddr.IP.Equal(destAddr.IP) && allowedAddr.Port == destAddr.Port) {
+	if allowedAddr.String() != destAddr.String() {
 		return 0, ErrUDPRemoteAddrMismatch
 	}
 	uc.access.Lock()

adapter/outbound/wireguard.go

@@ -15,8 +15,10 @@ import (
 
 	CN "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/dns"
 	"github.com/Dreamacro/clash/log"
 
 	wireguard "github.com/metacubex/sing-wireguard"
@@ -37,75 +39,97 @@ type WireGuard struct {
 	dialer    *wgSingDialer
 	startOnce sync.Once
 	startErr  error
+	resolver  *dns.Resolver
+	refP      *refProxyAdapter
 }
 
 type WireGuardOption struct {
 	BasicOption
+	WireGuardPeerOption
 	Name                string `proxy:"name"`
-	Server              string  `proxy:"server"`
-	Port                int     `proxy:"port"`
-	Ip                  string  `proxy:"ip,omitempty"`
-	Ipv6                string  `proxy:"ipv6,omitempty"`
 	PrivateKey          string `proxy:"private-key"`
-	PublicKey           string  `proxy:"public-key"`
-	PreSharedKey        string  `proxy:"pre-shared-key,omitempty"`
-	Reserved            []uint8 `proxy:"reserved,omitempty"`
 	Workers             int    `proxy:"workers,omitempty"`
 	MTU                 int    `proxy:"mtu,omitempty"`
 	UDP                 bool   `proxy:"udp,omitempty"`
 	PersistentKeepalive int    `proxy:"persistent-keepalive,omitempty"`
+
+	Peers []WireGuardPeerOption `proxy:"peers,omitempty"`
+
+	RemoteDnsResolve bool     `proxy:"remote-dns-resolve,omitempty"`
+	Dns              []string `proxy:"dns,omitempty"`
+}
+
+type WireGuardPeerOption struct {
+	Server       string   `proxy:"server"`
+	Port         int      `proxy:"port"`
+	Ip           string   `proxy:"ip,omitempty"`
+	Ipv6         string   `proxy:"ipv6,omitempty"`
+	PublicKey    string   `proxy:"public-key,omitempty"`
+	PreSharedKey string   `proxy:"pre-shared-key,omitempty"`
+	Reserved     []uint8  `proxy:"reserved,omitempty"`
+	AllowedIPs   []string `proxy:"allowed-ips,omitempty"`
 }
 
 type wgSingDialer struct {
 	dialer    dialer.Dialer
+	proxyName string
 }
 
-var _ N.Dialer = &wgSingDialer{}
+var _ N.Dialer = (*wgSingDialer)(nil)
 
 func (d *wgSingDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	return d.dialer.DialContext(ctx, network, destination.String())
+	var cDialer C.Dialer = d.dialer
+	if len(d.proxyName) > 0 {
+		pd, err := proxydialer.NewByName(d.proxyName, d.dialer)
+		if err != nil {
+			return nil, err
+		}
+		cDialer = pd
+	}
+	return cDialer.DialContext(ctx, network, destination.String())
 }
 
 func (d *wgSingDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	return d.dialer.ListenPacket(ctx, "udp", "", destination.AddrPort())
+	var cDialer C.Dialer = d.dialer
+	if len(d.proxyName) > 0 {
+		pd, err := proxydialer.NewByName(d.proxyName, d.dialer)
+		if err != nil {
+			return nil, err
+		}
+		cDialer = pd
+	}
+	return cDialer.ListenPacket(ctx, "udp", "", destination.AddrPort())
+}
+
+type wgSingErrorHandler struct {
+	name string
+}
+
+var _ E.Handler = (*wgSingErrorHandler)(nil)
+
+func (w wgSingErrorHandler) NewError(ctx context.Context, err error) {
+	if E.IsClosedOrCanceled(err) {
+		log.SingLogger.Debug(fmt.Sprintf("[WG](%s) connection closed: %s", w.name, err))
+		return
+	}
+	log.SingLogger.Error(fmt.Sprintf("[WG](%s) %s", w.name, err))
 }
 
 type wgNetDialer struct {
 	tunDevice wireguard.Device
 }
 
-var _ dialer.NetDialer = &wgNetDialer{}
+var _ dialer.NetDialer = (*wgNetDialer)(nil)
 
 func (d wgNetDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
 	return d.tunDevice.DialContext(ctx, network, M.ParseSocksaddr(address).Unwrap())
 }
 
-func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
+func (option WireGuardPeerOption) Addr() M.Socksaddr {
-	outbound := &WireGuard{
+	return M.ParseSocksaddrHostPort(option.Server, uint16(option.Port))
-		Base: &Base{
+}
-			name:   option.Name,
-			addr:   net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
-			tp:     C.WireGuard,
-			udp:    option.UDP,
-			iface:  option.Interface,
-			rmark:  option.RoutingMark,
-			prefer: C.NewDNSPrefer(option.IPVersion),
-		},
-		dialer: &wgSingDialer{dialer: dialer.NewDialer()},
-	}
-	runtime.SetFinalizer(outbound, closeWireGuard)
 
-	var reserved [3]uint8
+func (option WireGuardPeerOption) Prefixes() ([]netip.Prefix, error) {
-	if len(option.Reserved) > 0 {
-		if len(option.Reserved) != 3 {
-			return nil, E.New("invalid reserved value, required 3 bytes, got ", len(option.Reserved))
-		}
-		reserved[0] = uint8(option.Reserved[0])
-		reserved[1] = uint8(option.Reserved[1])
-		reserved[2] = uint8(option.Reserved[2])
-	}
-	peerAddr := M.ParseSocksaddrHostPort(option.Server, uint16(option.Port))
-	outbound.bind = wireguard.NewClientBind(context.Background(), outbound.dialer, peerAddr, reserved)
 	localPrefixes := make([]netip.Prefix, 0, 2)
 	if len(option.Ip) > 0 {
 		if !strings.Contains(option.Ip, "/") {
@@ -130,7 +154,46 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 	if len(localPrefixes) == 0 {
 		return nil, E.New("missing local address")
 	}
-	var privateKey, peerPublicKey, preSharedKey string
+	return localPrefixes, nil
+}
+
+func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
+	outbound := &WireGuard{
+		Base: &Base{
+			name:   option.Name,
+			addr:   net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
+			tp:     C.WireGuard,
+			udp:    option.UDP,
+			iface:  option.Interface,
+			rmark:  option.RoutingMark,
+			prefer: C.NewDNSPrefer(option.IPVersion),
+		},
+		dialer: &wgSingDialer{dialer: dialer.NewDialer(), proxyName: option.DialerProxy},
+	}
+	runtime.SetFinalizer(outbound, closeWireGuard)
+
+	var reserved [3]uint8
+	if len(option.Reserved) > 0 {
+		if len(option.Reserved) != 3 {
+			return nil, E.New("invalid reserved value, required 3 bytes, got ", len(option.Reserved))
+		}
+		copy(reserved[:], option.Reserved)
+	}
+	var isConnect bool
+	var connectAddr M.Socksaddr
+	if len(option.Peers) < 2 {
+		isConnect = true
+		if len(option.Peers) == 1 {
+			connectAddr = option.Peers[0].Addr()
+		} else {
+			connectAddr = option.Addr()
+		}
+	}
+	outbound.bind = wireguard.NewClientBind(context.Background(), wgSingErrorHandler{outbound.Name()}, outbound.dialer, isConnect, connectAddr, reserved)
+
+	var localPrefixes []netip.Prefix
+
+	var privateKey string
 	{
 		bytes, err := base64.StdEncoding.DecodeString(option.PrivateKey)
 		if err != nil {
@@ -138,6 +201,52 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 		}
 		privateKey = hex.EncodeToString(bytes)
 	}
+	ipcConf := "private_key=" + privateKey
+	if peersLen := len(option.Peers); peersLen > 0 {
+		localPrefixes = make([]netip.Prefix, 0, peersLen*2)
+		for i, peer := range option.Peers {
+			var peerPublicKey, preSharedKey string
+			{
+				bytes, err := base64.StdEncoding.DecodeString(peer.PublicKey)
+				if err != nil {
+					return nil, E.Cause(err, "decode public key for peer ", i)
+				}
+				peerPublicKey = hex.EncodeToString(bytes)
+			}
+			if peer.PreSharedKey != "" {
+				bytes, err := base64.StdEncoding.DecodeString(peer.PreSharedKey)
+				if err != nil {
+					return nil, E.Cause(err, "decode pre shared key for peer ", i)
+				}
+				preSharedKey = hex.EncodeToString(bytes)
+			}
+			destination := peer.Addr()
+			ipcConf += "\npublic_key=" + peerPublicKey
+			ipcConf += "\nendpoint=" + destination.String()
+			if preSharedKey != "" {
+				ipcConf += "\npreshared_key=" + preSharedKey
+			}
+			if len(peer.AllowedIPs) == 0 {
+				return nil, E.New("missing allowed_ips for peer ", i)
+			}
+			for _, allowedIP := range peer.AllowedIPs {
+				ipcConf += "\nallowed_ip=" + allowedIP
+			}
+			if len(peer.Reserved) > 0 {
+				if len(peer.Reserved) != 3 {
+					return nil, E.New("invalid reserved value for peer ", i, ", required 3 bytes, got ", len(peer.Reserved))
+				}
+				copy(reserved[:], option.Reserved)
+				outbound.bind.SetReservedForEndpoint(destination, reserved)
+			}
+			prefixes, err := peer.Prefixes()
+			if err != nil {
+				return nil, err
+			}
+			localPrefixes = append(localPrefixes, prefixes...)
+		}
+	} else {
+		var peerPublicKey, preSharedKey string
 		{
 			bytes, err := base64.StdEncoding.DecodeString(option.PublicKey)
 			if err != nil {
@@ -152,12 +261,16 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 			}
 			preSharedKey = hex.EncodeToString(bytes)
 		}
-	ipcConf := "private_key=" + privateKey
 		ipcConf += "\npublic_key=" + peerPublicKey
-	ipcConf += "\nendpoint=" + peerAddr.String()
+		ipcConf += "\nendpoint=" + connectAddr.String()
 		if preSharedKey != "" {
 			ipcConf += "\npreshared_key=" + preSharedKey
 		}
+		var err error
+		localPrefixes, err = option.Prefixes()
+		if err != nil {
+			return nil, err
+		}
 		var has4, has6 bool
 		for _, address := range localPrefixes {
 			if address.Addr().Is4() {
@@ -172,6 +285,8 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 		if has6 {
 			ipcConf += "\nallowed_ip=::/0"
 		}
+	}
+
 	if option.PersistentKeepalive != 0 {
 		ipcConf += fmt.Sprintf("\npersistent_keepalive_interval=%d", option.PersistentKeepalive)
 	}
@@ -179,6 +294,9 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 	if mtu == 0 {
 		mtu = 1408
 	}
+	if len(localPrefixes) == 0 {
+		return nil, E.New("missing local address")
+	}
 	var err error
 	outbound.tunDevice, err = wireguard.NewStackDevice(localPrefixes, uint32(mtu))
 	if err != nil {
@@ -186,20 +304,45 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 	}
 	outbound.device = device.NewDevice(outbound.tunDevice, outbound.bind, &device.Logger{
 		Verbosef: func(format string, args ...interface{}) {
-			log.SingLogger.Debug(fmt.Sprintf(strings.ToLower(format), args...))
+			log.SingLogger.Debug(fmt.Sprintf("[WG](%s) %s", option.Name, fmt.Sprintf(format, args...)))
 		},
 		Errorf: func(format string, args ...interface{}) {
-			log.SingLogger.Error(fmt.Sprintf(strings.ToLower(format), args...))
+			log.SingLogger.Error(fmt.Sprintf("[WG](%s) %s", option.Name, fmt.Sprintf(format, args...)))
 		},
 	}, option.Workers)
 	if debug.Enabled {
-		log.SingLogger.Trace("created wireguard ipc conf: \n", ipcConf)
+		log.SingLogger.Trace(fmt.Sprintf("[WG](%s) created wireguard ipc conf: \n %s", option.Name, ipcConf))
 	}
 	err = outbound.device.IpcSet(ipcConf)
 	if err != nil {
 		return nil, E.Cause(err, "setup wireguard")
 	}
 	//err = outbound.tunDevice.Start()
+
+	var has6 bool
+	for _, address := range localPrefixes {
+		if !address.Addr().Unmap().Is4() {
+			has6 = true
+			break
+		}
+	}
+
+	refP := &refProxyAdapter{}
+	outbound.refP = refP
+	if option.RemoteDnsResolve && len(option.Dns) > 0 {
+		nss, err := dns.ParseNameServer(option.Dns)
+		if err != nil {
+			return nil, err
+		}
+		for i := range nss {
+			nss[i].ProxyAdapter = refP
+		}
+		outbound.resolver = dns.NewResolver(dns.Config{
+			Main: nss,
+			IPv6: has6,
+		})
+	}
+
 	return outbound, nil
 }
 
@@ -220,8 +363,14 @@ func (w *WireGuard) DialContext(ctx context.Context, metadata *C.Metadata, opts
 	if w.startErr != nil {
 		return nil, w.startErr
 	}
-	if !metadata.Resolved() {
+	if !metadata.Resolved() || w.resolver != nil {
-		options = append(options, dialer.WithResolver(resolver.DefaultResolver))
+		r := resolver.DefaultResolver
+		if w.resolver != nil {
+			w.refP.SetProxyAdapter(w)
+			defer w.refP.ClearProxyAdapter()
+			r = w.resolver
+		}
+		options = append(options, dialer.WithResolver(r))
 		options = append(options, dialer.WithNetDialer(wgNetDialer{tunDevice: w.tunDevice}))
 		conn, err = dialer.NewDialer(options...).DialContext(ctx, "tcp", metadata.RemoteAddress())
 	} else {
@@ -250,8 +399,14 @@ func (w *WireGuard) ListenPacketContext(ctx context.Context, metadata *C.Metadat
 	if err != nil {
 		return nil, err
 	}
-	if !metadata.Resolved() {
+	if (!metadata.Resolved() || w.resolver != nil) && metadata.Host != "" {
-		ip, err := resolver.ResolveIP(ctx, metadata.Host)
+		r := resolver.DefaultResolver
+		if w.resolver != nil {
+			w.refP.SetProxyAdapter(w)
+			defer w.refP.ClearProxyAdapter()
+			r = w.resolver
+		}
+		ip, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, r)
 		if err != nil {
 			return nil, errors.New("can't resolve ip")
 		}
@@ -267,3 +422,144 @@ func (w *WireGuard) ListenPacketContext(ctx context.Context, metadata *C.Metadat
 	}
 	return newPacketConn(CN.NewRefPacketConn(pc, w), w), nil
 }
+
+// IsL3Protocol implements C.ProxyAdapter
+func (w *WireGuard) IsL3Protocol(metadata *C.Metadata) bool {
+	return true
+}
+
+type refProxyAdapter struct {
+	proxyAdapter C.ProxyAdapter
+	count        int
+	mutex        sync.Mutex
+}
+
+func (r *refProxyAdapter) SetProxyAdapter(proxyAdapter C.ProxyAdapter) {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	r.proxyAdapter = proxyAdapter
+	r.count++
+}
+
+func (r *refProxyAdapter) ClearProxyAdapter() {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	r.count--
+	if r.count == 0 {
+		r.proxyAdapter = nil
+	}
+}
+
+func (r *refProxyAdapter) Name() string {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.Name()
+	}
+	return ""
+}
+
+func (r *refProxyAdapter) Type() C.AdapterType {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.Type()
+	}
+	return C.AdapterType(0)
+}
+
+func (r *refProxyAdapter) Addr() string {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.Addr()
+	}
+	return ""
+}
+
+func (r *refProxyAdapter) SupportUDP() bool {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.SupportUDP()
+	}
+	return false
+}
+
+func (r *refProxyAdapter) SupportXUDP() bool {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.SupportXUDP()
+	}
+	return false
+}
+
+func (r *refProxyAdapter) SupportTFO() bool {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.SupportTFO()
+	}
+	return false
+}
+
+func (r *refProxyAdapter) MarshalJSON() ([]byte, error) {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.MarshalJSON()
+	}
+	return nil, C.ErrNotSupport
+}
+
+func (r *refProxyAdapter) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.StreamConnContext(ctx, c, metadata)
+	}
+	return nil, C.ErrNotSupport
+}
+
+func (r *refProxyAdapter) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.DialContext(ctx, metadata, opts...)
+	}
+	return nil, C.ErrNotSupport
+}
+
+func (r *refProxyAdapter) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.ListenPacketContext(ctx, metadata, opts...)
+	}
+	return nil, C.ErrNotSupport
+}
+
+func (r *refProxyAdapter) SupportUOT() bool {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.SupportUOT()
+	}
+	return false
+}
+
+func (r *refProxyAdapter) SupportWithDialer() C.NetWork {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.SupportWithDialer()
+	}
+	return C.InvalidNet
+}
+
+func (r *refProxyAdapter) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (C.Conn, error) {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.DialContextWithDialer(ctx, dialer, metadata)
+	}
+	return nil, C.ErrNotSupport
+}
+
+func (r *refProxyAdapter) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (C.PacketConn, error) {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.ListenPacketWithDialer(ctx, dialer, metadata)
+	}
+	return nil, C.ErrNotSupport
+}
+
+func (r *refProxyAdapter) IsL3Protocol(metadata *C.Metadata) bool {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.IsL3Protocol(metadata)
+	}
+	return false
+}
+
+func (r *refProxyAdapter) Unwrap(metadata *C.Metadata, touch bool) C.Proxy {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.Unwrap(metadata, touch)
+	}
+	return nil
+}
+
+var _ C.ProxyAdapter = (*refProxyAdapter)(nil)

adapter/outboundgroup/fallback.go

@@ -9,6 +9,7 @@ import (
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/callback"
 	N "github.com/Dreamacro/clash/common/net"
+	"github.com/Dreamacro/clash/common/utils"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
@@ -19,6 +20,7 @@ type Fallback struct {
 	disableUDP     bool
 	testUrl        string
 	selected       string
+	expectedStatus string
 }
 
 func (f *Fallback) Now() string {
@@ -37,16 +39,13 @@ func (f *Fallback) DialContext(ctx context.Context, metadata *C.Metadata, opts .
 	}
 
 	if N.NeedHandshake(c) {
-		c = &callback.FirstWriteCallBackConn{
+		c = callback.NewFirstWriteCallBackConn(c, func(err error) {
-			Conn: c,
-			Callback: func(err error) {
 			if err == nil {
 				f.onDialSuccess()
 			} else {
 				f.onDialFailed(proxy.Type(), err)
 			}
-			},
+		})
-		}
 	}
 
 	return c, err
@@ -73,6 +72,11 @@ func (f *Fallback) SupportUDP() bool {
 	return proxy.SupportUDP()
 }
 
+// IsL3Protocol implements C.ProxyAdapter
+func (f *Fallback) IsL3Protocol(metadata *C.Metadata) bool {
+	return f.findAliveProxy(false).IsL3Protocol(metadata)
+}
+
 // MarshalJSON implements C.ProxyAdapter
 func (f *Fallback) MarshalJSON() ([]byte, error) {
 	all := []string{}
@@ -83,6 +87,8 @@ func (f *Fallback) MarshalJSON() ([]byte, error) {
 		"type":     f.Type().String(),
 		"now":      f.Now(),
 		"all":      all,
+		"testUrl":  f.testUrl,
+		"expected": f.expectedStatus,
 	})
 }
 
@@ -96,12 +102,14 @@ func (f *Fallback) findAliveProxy(touch bool) C.Proxy {
 	proxies := f.GetProxies(touch)
 	for _, proxy := range proxies {
 		if len(f.selected) == 0 {
-			if proxy.Alive() {
+			// if proxy.Alive() {
+			if proxy.AliveForTestUrl(f.testUrl) {
 				return proxy
 			}
 		} else {
 			if proxy.Name() == f.selected {
-				if proxy.Alive() {
+				// if proxy.Alive() {
+				if proxy.AliveForTestUrl(f.testUrl) {
 					return proxy
 				} else {
 					f.selected = ""
@@ -127,15 +135,21 @@ func (f *Fallback) Set(name string) error {
 	}
 
 	f.selected = name
-	if !p.Alive() {
+	// if !p.Alive() {
+	if !p.AliveForTestUrl(f.testUrl) {
 		ctx, cancel := context.WithTimeout(context.Background(), time.Millisecond*time.Duration(5000))
 		defer cancel()
-		_, _ = p.URLTest(ctx, f.testUrl)
+		expectedStatus, _ := utils.NewIntRanges[uint16](f.expectedStatus)
+		_, _ = p.URLTest(ctx, f.testUrl, expectedStatus, C.ExtraHistory)
 	}
 
 	return nil
 }
 
+func (f *Fallback) ForceSet(name string) {
+	f.selected = name
+}
+
 func NewFallback(option *GroupCommonOption, providers []provider.ProxyProvider) *Fallback {
 	return &Fallback{
 		GroupBase: NewGroupBase(GroupBaseOption{
@@ -152,5 +166,6 @@ func NewFallback(option *GroupCommonOption, providers []provider.ProxyProvider)
 		}),
 		disableUDP:     option.DisableUDP,
 		testUrl:        option.URL,
+		expectedStatus: option.ExpectedStatus,
 	}
 }

adapter/outboundgroup/groupbase.go

@@ -8,6 +8,8 @@ import (
 	"time"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
+	"github.com/Dreamacro/clash/common/atomic"
+	"github.com/Dreamacro/clash/common/utils"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 	types "github.com/Dreamacro/clash/constant/provider"
@@ -15,7 +17,6 @@ import (
 	"github.com/Dreamacro/clash/tunnel"
 
 	"github.com/dlclark/regexp2"
-	"go.uber.org/atomic"
 )
 
 type GroupBase struct {
@@ -130,10 +131,6 @@ func (gb *GroupBase) GetProxies(touch bool) []C.Proxy {
 		}
 	}
 
-	if len(proxies) == 0 {
-		return append(proxies, tunnel.Proxies()["COMPATIBLE"])
-	}
-
 	if len(gb.providers) > 1 && len(gb.filterRegs) > 1 {
 		var newProxies []C.Proxy
 		proxiesSet := map[string]struct{}{}
@@ -189,10 +186,14 @@ func (gb *GroupBase) GetProxies(touch bool) []C.Proxy {
 		proxies = newProxies
 	}
 
+	if len(proxies) == 0 {
+		return append(proxies, tunnel.Proxies()["COMPATIBLE"])
+	}
+
 	return proxies
 }
 
-func (gb *GroupBase) URLTest(ctx context.Context, url string) (map[string]uint16, error) {
+func (gb *GroupBase) URLTest(ctx context.Context, url string, expectedStatus utils.IntRanges[uint16]) (map[string]uint16, error) {
 	var wg sync.WaitGroup
 	var lock sync.Mutex
 	mp := map[string]uint16{}
@@ -201,7 +202,7 @@ func (gb *GroupBase) URLTest(ctx context.Context, url string) (map[string]uint16
 		proxy := proxy
 		wg.Add(1)
 		go func() {
-			delay, err := proxy.URLTest(ctx, url)
+			delay, err := proxy.URLTest(ctx, url, expectedStatus, C.DropHistory)
 			if err == nil {
 				lock.Lock()
 				mp[proxy.Name()] = delay

adapter/outboundgroup/loadbalance.go

@@ -12,8 +12,8 @@ import (
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/cache"
 	"github.com/Dreamacro/clash/common/callback"
-	"github.com/Dreamacro/clash/common/murmur3"
 	N "github.com/Dreamacro/clash/common/net"
+	"github.com/Dreamacro/clash/common/utils"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
@@ -27,6 +27,8 @@ type LoadBalance struct {
 	*GroupBase
 	disableUDP     bool
 	strategyFn     strategyFn
+	testUrl        string
+	expectedStatus string
 }
 
 var errStrategy = errors.New("unsupported strategy")
@@ -95,16 +97,13 @@ func (lb *LoadBalance) DialContext(ctx context.Context, metadata *C.Metadata, op
 	}
 
 	if N.NeedHandshake(c) {
-		c = &callback.FirstWriteCallBackConn{
+		c = callback.NewFirstWriteCallBackConn(c, func(err error) {
-			Conn: c,
-			Callback: func(err error) {
 			if err == nil {
 				lb.onDialSuccess()
 			} else {
 				lb.onDialFailed(proxy.Type(), err)
 			}
-			},
+		})
-		}
 	}
 
 	return
@@ -127,7 +126,12 @@ func (lb *LoadBalance) SupportUDP() bool {
 	return !lb.disableUDP
 }
 
-func strategyRoundRobin() strategyFn {
+// IsL3Protocol implements C.ProxyAdapter
+func (lb *LoadBalance) IsL3Protocol(metadata *C.Metadata) bool {
+	return lb.Unwrap(metadata, false).IsL3Protocol(metadata)
+}
+
+func strategyRoundRobin(url string) strategyFn {
 	idx := 0
 	idxMutex := sync.Mutex{}
 	return func(proxies []C.Proxy, metadata *C.Metadata, touch bool) C.Proxy {
@@ -146,7 +150,8 @@ func strategyRoundRobin() strategyFn {
 		for ; i < length; i++ {
 			id := (idx + i) % length
 			proxy := proxies[id]
-			if proxy.Alive() {
+			// if proxy.Alive() {
+			if proxy.AliveForTestUrl(url) {
 				i++
 				return proxy
 			}
@@ -156,22 +161,24 @@ func strategyRoundRobin() strategyFn {
 	}
 }
 
-func strategyConsistentHashing() strategyFn {
+func strategyConsistentHashing(url string) strategyFn {
 	maxRetry := 5
 	return func(proxies []C.Proxy, metadata *C.Metadata, touch bool) C.Proxy {
-		key := uint64(murmur3.Sum32([]byte(getKey(metadata))))
+		key := utils.MapHash(getKey(metadata))
 		buckets := int32(len(proxies))
 		for i := 0; i < maxRetry; i, key = i+1, key+1 {
 			idx := jumpHash(key, buckets)
 			proxy := proxies[idx]
-			if proxy.Alive() {
+			// if proxy.Alive() {
+			if proxy.AliveForTestUrl(url) {
 				return proxy
 			}
 		}
 
 		// when availability is poor, traverse the entire list to get the available nodes
 		for _, proxy := range proxies {
-			if proxy.Alive() {
+			// if proxy.Alive() {
+			if proxy.AliveForTestUrl(url) {
 				return proxy
 			}
 		}
@@ -180,14 +187,14 @@ func strategyConsistentHashing() strategyFn {
 	}
 }
 
-func strategyStickySessions() strategyFn {
+func strategyStickySessions(url string) strategyFn {
 	ttl := time.Minute * 10
 	maxRetry := 5
 	lruCache := cache.New[uint64, int](
 		cache.WithAge[uint64, int](int64(ttl.Seconds())),
 		cache.WithSize[uint64, int](1000))
 	return func(proxies []C.Proxy, metadata *C.Metadata, touch bool) C.Proxy {
-		key := uint64(murmur3.Sum32([]byte(getKeyWithSrcAndDst(metadata))))
+		key := utils.MapHash(getKeyWithSrcAndDst(metadata))
 		length := len(proxies)
 		idx, has := lruCache.Get(key)
 		if !has {
@@ -197,7 +204,8 @@ func strategyStickySessions() strategyFn {
 		nowIdx := idx
 		for i := 1; i < maxRetry; i++ {
 			proxy := proxies[nowIdx]
-			if proxy.Alive() {
+			// if proxy.Alive() {
+			if proxy.AliveForTestUrl(url) {
 				if nowIdx != idx {
 					lruCache.Delete(key)
 					lruCache.Set(key, nowIdx)
@@ -230,6 +238,8 @@ func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
 	return json.Marshal(map[string]any{
 		"type":           lb.Type().String(),
 		"all":            all,
+		"testUrl":        lb.testUrl,
+		"expectedStatus": lb.expectedStatus,
 	})
 }
 
@@ -237,11 +247,11 @@ func NewLoadBalance(option *GroupCommonOption, providers []provider.ProxyProvide
 	var strategyFn strategyFn
 	switch strategy {
 	case "consistent-hashing":
-		strategyFn = strategyConsistentHashing()
+		strategyFn = strategyConsistentHashing(option.URL)
 	case "round-robin":
-		strategyFn = strategyRoundRobin()
+		strategyFn = strategyRoundRobin(option.URL)
 	case "sticky-sessions":
-		strategyFn = strategyStickySessions()
+		strategyFn = strategyStickySessions(option.URL)
 	default:
 		return nil, fmt.Errorf("%w: %s", errStrategy, strategy)
 	}
@@ -260,5 +270,7 @@ func NewLoadBalance(option *GroupCommonOption, providers []provider.ProxyProvide
 		}),
 		strategyFn:     strategyFn,
 		disableUDP:     option.DisableUDP,
+		testUrl:        option.URL,
+		expectedStatus: option.ExpectedStatus,
 	}, nil
 }

adapter/outboundgroup/parser.go

@@ -3,19 +3,20 @@ package outboundgroup
 import (
 	"errors"
 	"fmt"
+	"strings"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/adapter/provider"
 	"github.com/Dreamacro/clash/common/structure"
+	"github.com/Dreamacro/clash/common/utils"
 	C "github.com/Dreamacro/clash/constant"
 	types "github.com/Dreamacro/clash/constant/provider"
 )
 
 var (
 	errFormat            = errors.New("format error")
-	errType              = errors.New("unsupport type")
+	errType              = errors.New("unsupported type")
 	errMissProxy         = errors.New("`use` or `proxies` missing")
-	errMissHealthCheck   = errors.New("`url` or `interval` missing")
 	errDuplicateProvider = errors.New("duplicate provider name")
 )
 
@@ -32,6 +33,7 @@ type GroupCommonOption struct {
 	Filter         string   `group:"filter,omitempty"`
 	ExcludeFilter  string   `group:"exclude-filter,omitempty"`
 	ExcludeType    string   `group:"exclude-type,omitempty"`
+	ExpectedStatus string   `group:"expected-status,omitempty"`
 }
 
 func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, providersMap map[string]types.ProxyProvider) (C.ProxyAdapter, error) {
@@ -53,30 +55,36 @@ func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, provide
 	providers := []types.ProxyProvider{}
 
 	if len(groupOption.Proxies) == 0 && len(groupOption.Use) == 0 {
-		return nil, errMissProxy
+		return nil, fmt.Errorf("%s: %w", groupName, errMissProxy)
 	}
 
+	expectedStatus, err := utils.NewIntRanges[uint16](groupOption.ExpectedStatus)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", groupName, err)
+	}
+
+	status := strings.TrimSpace(groupOption.ExpectedStatus)
+	if status == "" {
+		status = "*"
+	}
+	groupOption.ExpectedStatus = status
+	testUrl := groupOption.URL
+
 	if len(groupOption.Proxies) != 0 {
 		ps, err := getProxies(proxyMap, groupOption.Proxies)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("%s: %w", groupName, err)
 		}
 
 		if _, ok := providersMap[groupName]; ok {
-			return nil, errDuplicateProvider
+			return nil, fmt.Errorf("%s: %w", groupName, errDuplicateProvider)
 		}
 
+		var url string
+		var interval uint
+
 		// select don't need health check
-		if groupOption.Type == "select" || groupOption.Type == "relay" {
+		if groupOption.Type != "select" && groupOption.Type != "relay" {
-			hc := provider.NewHealthCheck(ps, "", 0, true)
-			pd, err := provider.NewCompatibleProvider(groupName, ps, hc)
-			if err != nil {
-				return nil, err
-			}
-
-			providers = append(providers, pd)
-			providersMap[groupName] = pd
-		} else {
 			if groupOption.URL == "" {
 				groupOption.URL = "https://cp.cloudflare.com/generate_204"
 			}
@@ -85,22 +93,29 @@ func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, provide
 				groupOption.Interval = 300
 			}
 
-			hc := provider.NewHealthCheck(ps, groupOption.URL, uint(groupOption.Interval), groupOption.Lazy)
+			url = groupOption.URL
+			interval = uint(groupOption.Interval)
+		}
+
+		hc := provider.NewHealthCheck(ps, url, interval, true, expectedStatus)
 		pd, err := provider.NewCompatibleProvider(groupName, ps, hc)
 		if err != nil {
-				return nil, err
+			return nil, fmt.Errorf("%s: %w", groupName, err)
 		}
 
 		providers = append(providers, pd)
 		providersMap[groupName] = pd
 	}
-	}
 
 	if len(groupOption.Use) != 0 {
 		list, err := getProviders(providersMap, groupOption.Use)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("%s: %w", groupName, err)
 		}
+
+		// different proxy groups use different test URL
+		addTestUrlToProviders(list, testUrl, expectedStatus, groupOption.Filter, uint(groupOption.Interval))
+
 		providers = append(providers, list...)
 	} else {
 		groupOption.Filter = ""
@@ -154,3 +169,13 @@ func getProviders(mapping map[string]types.ProxyProvider, list []string) ([]type
 	}
 	return ps, nil
 }
+
+func addTestUrlToProviders(providers []types.ProxyProvider, url string, expectedStatus utils.IntRanges[uint16], filter string, interval uint) {
+	if len(providers) == 0 || len(url) == 0 {
+		return
+	}
+
+	for _, pd := range providers {
+		pd.RegisterHealthCheckTask(url, expectedStatus, filter, interval)
+	}
+}

adapter/outboundgroup/relay.go

@@ -3,13 +3,9 @@ package outboundgroup
 import (
 	"context"
 	"encoding/json"
-	"net"
-	"net/netip"
-	"strings"
-
 	"github.com/Dreamacro/clash/adapter/outbound"
-	N "github.com/Dreamacro/clash/common/net"
 	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/proxydialer"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/constant/provider"
 )
@@ -18,36 +14,6 @@ type Relay struct {
 	*GroupBase
 }
 
-type proxyDialer struct {
-	proxy  C.Proxy
-	dialer C.Dialer
-}
-
-func (p proxyDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
-	currentMeta, err := addrToMetadata(address)
-	if err != nil {
-		return nil, err
-	}
-	if strings.Contains(network, "udp") { // should not support this operation
-		currentMeta.NetWork = C.UDP
-		pc, err := p.proxy.ListenPacketWithDialer(ctx, p.dialer, currentMeta)
-		if err != nil {
-			return nil, err
-		}
-		return N.NewBindPacketConn(pc, currentMeta.UDPAddr()), nil
-	}
-	return p.proxy.DialContextWithDialer(ctx, p.dialer, currentMeta)
-}
-
-func (p proxyDialer) ListenPacket(ctx context.Context, network, address string, rAddrPort netip.AddrPort) (net.PacketConn, error) {
-	currentMeta, err := addrToMetadata(rAddrPort.String())
-	if err != nil {
-		return nil, err
-	}
-	currentMeta.NetWork = C.UDP
-	return p.proxy.ListenPacketWithDialer(ctx, p.dialer, currentMeta)
-}
-
 // DialContext implements C.ProxyAdapter
 func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	proxies, chainProxies := r.proxies(metadata, true)
@@ -61,10 +27,7 @@ func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 	var d C.Dialer
 	d = dialer.NewDialer(r.Base.DialOptions(opts...)...)
 	for _, proxy := range proxies[:len(proxies)-1] {
-		d = proxyDialer{
+		d = proxydialer.New(proxy, d, false)
-			proxy:  proxy,
-			dialer: d,
-		}
 	}
 	last := proxies[len(proxies)-1]
 	conn, err := last.DialContextWithDialer(ctx, d, metadata)
@@ -95,10 +58,7 @@ func (r *Relay) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 	var d C.Dialer
 	d = dialer.NewDialer(r.Base.DialOptions(opts...)...)
 	for _, proxy := range proxies[:len(proxies)-1] {
-		d = proxyDialer{
+		d = proxydialer.New(proxy, d, false)
-			proxy:  proxy,
-			dialer: d,
-		}
 	}
 	last := proxies[len(proxies)-1]
 	pc, err := last.ListenPacketWithDialer(ctx, d, metadata)
@@ -129,7 +89,10 @@ func (r *Relay) SupportUDP() bool {
 		if proxy.SupportUOT() {
 			return true
 		}
-		if !proxy.SupportWithDialer() {
+		switch proxy.SupportWithDialer() {
+		case C.ALLNet:
+		case C.UDP:
+		default: // C.TCP and C.InvalidNet
 			return false
 		}
 	}

adapter/outboundgroup/selector.go

@@ -44,6 +44,11 @@ func (s *Selector) SupportUDP() bool {
 	return s.selectedProxy(false).SupportUDP()
 }
 
+// IsL3Protocol implements C.ProxyAdapter
+func (s *Selector) IsL3Protocol(metadata *C.Metadata) bool {
+	return s.selectedProxy(false).IsL3Protocol(metadata)
+}
+
 // MarshalJSON implements C.ProxyAdapter
 func (s *Selector) MarshalJSON() ([]byte, error) {
 	all := []string{}
@@ -73,6 +78,10 @@ func (s *Selector) Set(name string) error {
 	return errors.New("proxy not exist")
 }
 
+func (s *Selector) ForceSet(name string) {
+	s.selected = name
+}
+
 // Unwrap implements C.ProxyAdapter
 func (s *Selector) Unwrap(metadata *C.Metadata, touch bool) C.Proxy {
 	return s.selectedProxy(touch)

adapter/outboundgroup/urltest.go

@@ -3,6 +3,7 @@ package outboundgroup
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"time"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
@@ -24,6 +25,9 @@ func urlTestWithTolerance(tolerance uint16) urlTestOption {
 
 type URLTest struct {
 	*GroupBase
+	selected       string
+	testUrl        string
+	expectedStatus string
 	tolerance      uint16
 	disableUDP     bool
 	fastNode       C.Proxy
@@ -34,6 +38,26 @@ func (u *URLTest) Now() string {
 	return u.fast(false).Name()
 }
 
+func (u *URLTest) Set(name string) error {
+	var p C.Proxy
+	for _, proxy := range u.GetProxies(false) {
+		if proxy.Name() == name {
+			p = proxy
+			break
+		}
+	}
+	if p == nil {
+		return errors.New("proxy not exist")
+	}
+	u.selected = name
+	u.fast(false)
+	return nil
+}
+
+func (u *URLTest) ForceSet(name string) {
+	u.selected = name
+}
+
 // DialContext implements C.ProxyAdapter
 func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (c C.Conn, err error) {
 	proxy := u.fast(true)
@@ -45,16 +69,13 @@ func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata, opts ..
 	}
 
 	if N.NeedHandshake(c) {
-		c = &callback.FirstWriteCallBackConn{
+		c = callback.NewFirstWriteCallBackConn(c, func(err error) {
-			Conn: c,
-			Callback: func(err error) {
 			if err == nil {
 				u.onDialSuccess()
 			} else {
 				u.onDialFailed(proxy.Type(), err)
 			}
-			},
+		})
-		}
 	}
 
 	return c, err
@@ -76,10 +97,24 @@ func (u *URLTest) Unwrap(metadata *C.Metadata, touch bool) C.Proxy {
 }
 
 func (u *URLTest) fast(touch bool) C.Proxy {
-	elm, _, shared := u.fastSingle.Do(func() (C.Proxy, error) {
+
 	proxies := u.GetProxies(touch)
+	if u.selected != "" {
+		for _, proxy := range proxies {
+			if !proxy.Alive() {
+				continue
+			}
+			if proxy.Name() == u.selected {
+				u.fastNode = proxy
+				return proxy
+			}
+		}
+	}
+
+	elm, _, shared := u.fastSingle.Do(func() (C.Proxy, error) {
 		fast := proxies[0]
-		min := fast.LastDelay()
+		// min := fast.LastDelay()
+		min := fast.LastDelayForTestUrl(u.testUrl)
 		fastNotExist := true
 
 		for _, proxy := range proxies[1:] {
@@ -87,22 +122,24 @@ func (u *URLTest) fast(touch bool) C.Proxy {
 				fastNotExist = false
 			}
 
-			if !proxy.Alive() {
+			// if !proxy.Alive() {
+			if !proxy.AliveForTestUrl(u.testUrl) {
 				continue
 			}
 
-			delay := proxy.LastDelay()
+			// delay := proxy.LastDelay()
+			delay := proxy.LastDelayForTestUrl(u.testUrl)
 			if delay < min {
 				fast = proxy
 				min = delay
 			}
-		}
 
+		}
 		// tolerance
-		if u.fastNode == nil || fastNotExist || !u.fastNode.Alive() || u.fastNode.LastDelay() > fast.LastDelay()+u.tolerance {
+		// if u.fastNode == nil || fastNotExist || !u.fastNode.Alive() || u.fastNode.LastDelay() > fast.LastDelay()+u.tolerance {
+		if u.fastNode == nil || fastNotExist || !u.fastNode.AliveForTestUrl(u.testUrl) || u.fastNode.LastDelayForTestUrl(u.testUrl) > fast.LastDelayForTestUrl(u.testUrl)+u.tolerance {
 			u.fastNode = fast
 		}
-
 		return u.fastNode, nil
 	})
 	if shared && touch { // a shared fastSingle.Do() may cause providers untouched, so we touch them again
@@ -117,10 +154,14 @@ func (u *URLTest) SupportUDP() bool {
 	if u.disableUDP {
 		return false
 	}
-
 	return u.fast(false).SupportUDP()
 }
 
+// IsL3Protocol implements C.ProxyAdapter
+func (u *URLTest) IsL3Protocol(metadata *C.Metadata) bool {
+	return u.fast(false).IsL3Protocol(metadata)
+}
+
 // MarshalJSON implements C.ProxyAdapter
 func (u *URLTest) MarshalJSON() ([]byte, error) {
 	all := []string{}
@@ -131,6 +172,8 @@ func (u *URLTest) MarshalJSON() ([]byte, error) {
 		"type":     u.Type().String(),
 		"now":      u.Now(),
 		"all":      all,
+		"testUrl":  u.testUrl,
+		"expected": u.expectedStatus,
 	})
 }
 
@@ -164,6 +207,8 @@ func NewURLTest(option *GroupCommonOption, providers []provider.ProxyProvider, o
 		}),
 		fastSingle:     singledo.NewSingle[C.Proxy](time.Second * 10),
 		disableUDP:     option.DisableUDP,
+		testUrl:        option.URL,
+		expectedStatus: option.ExpectedStatus,
 	}
 
 	for _, option := range options {

adapter/outboundgroup/util.go

@@ -1,37 +1,10 @@
 package outboundgroup
 
 import (
-	"fmt"
 	"net"
-	"net/netip"
 	"time"
-
-	C "github.com/Dreamacro/clash/constant"
 )
 
-func addrToMetadata(rawAddress string) (addr *C.Metadata, err error) {
-	host, port, err := net.SplitHostPort(rawAddress)
-	if err != nil {
-		err = fmt.Errorf("addrToMetadata failed: %w", err)
-		return
-	}
-
-	if ip, err := netip.ParseAddr(host); err != nil {
-		addr = &C.Metadata{
-			Host:    host,
-			DstPort: port,
-		}
-	} else {
-		addr = &C.Metadata{
-			Host:    "",
-			DstIP:   ip.Unmap(),
-			DstPort: port,
-		}
-	}
-
-	return
-}
-
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
 		_ = tcp.SetKeepAlive(true)
@@ -41,4 +14,5 @@ func tcpKeepAlive(c net.Conn) {
 
 type SelectAble interface {
 	Set(string) error
+	ForceSet(name string)
 }

adapter/parser.go

@@ -23,7 +23,7 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 	)
 	switch proxyType {
 	case "ss":
-		ssOption := &outbound.ShadowSocksOption{}
+		ssOption := &outbound.ShadowSocksOption{ClientFingerprint: tlsC.GetGlobalFingerprint()}
 		err = decoder.Decode(mapping, ssOption)
 		if err != nil {
 			break
@@ -56,10 +56,7 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 				Method: "GET",
 				Path:   []string{"/"},
 			},
-		}
+			ClientFingerprint: tlsC.GetGlobalFingerprint(),
-
-		if GlobalUtlsClient := tlsC.GetGlobalFingerprint(); len(GlobalUtlsClient) != 0 {
-			vmessOption.ClientFingerprint = GlobalUtlsClient
 		}
 
 		err = decoder.Decode(mapping, vmessOption)
@@ -68,12 +65,7 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		}
 		proxy, err = outbound.NewVmess(*vmessOption)
 	case "vless":
-		vlessOption := &outbound.VlessOption{}
+		vlessOption := &outbound.VlessOption{ClientFingerprint: tlsC.GetGlobalFingerprint()}
-
-		if GlobalUtlsClient := tlsC.GetGlobalFingerprint(); len(GlobalUtlsClient) != 0 {
-			vlessOption.ClientFingerprint = GlobalUtlsClient
-		}
-
 		err = decoder.Decode(mapping, vlessOption)
 		if err != nil {
 			break
@@ -87,12 +79,7 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		}
 		proxy, err = outbound.NewSnell(*snellOption)
 	case "trojan":
-		trojanOption := &outbound.TrojanOption{}
+		trojanOption := &outbound.TrojanOption{ClientFingerprint: tlsC.GetGlobalFingerprint()}
-
-		if GlobalUtlsClient := tlsC.GetGlobalFingerprint(); len(GlobalUtlsClient) != 0 {
-			trojanOption.ClientFingerprint = GlobalUtlsClient
-		}
-
 		err = decoder.Decode(mapping, trojanOption)
 		if err != nil {
 			break
@@ -127,5 +114,19 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 		return nil, err
 	}
 
+	if muxMapping, muxExist := mapping["smux"].(map[string]any); muxExist {
+		muxOption := &outbound.SingMuxOption{}
+		err = decoder.Decode(muxMapping, muxOption)
+		if err != nil {
+			return nil, err
+		}
+		if muxOption.Enabled {
+			proxy, err = outbound.NewSingMux(*muxOption, proxy, proxy.(outbound.ProxyBase))
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
 	return NewProxy(proxy), nil
 }

adapter/provider/healthcheck.go

@@ -2,15 +2,18 @@ package provider
 
 import (
 	"context"
+	"strings"
+	"sync"
 	"time"
 
+	"github.com/Dreamacro/clash/common/atomic"
 	"github.com/Dreamacro/clash/common/batch"
 	"github.com/Dreamacro/clash/common/singledo"
 	"github.com/Dreamacro/clash/common/utils"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 
-	"go.uber.org/atomic"
+	"github.com/dlclark/regexp2"
 )
 
 const (
@@ -22,48 +25,109 @@ type HealthCheckOption struct {
 	Interval uint
 }
 
+type extraOption struct {
+	expectedStatus utils.IntRanges[uint16]
+	filters        map[string]struct{}
+}
+
 type HealthCheck struct {
 	url            string
+	extra          map[string]*extraOption
+	mu             sync.Mutex
+	started        *atomic.Bool
 	proxies        []C.Proxy
 	interval       uint
 	lazy           bool
+	expectedStatus utils.IntRanges[uint16]
 	lastTouch      *atomic.Int64
 	done           chan struct{}
 	singleDo       *singledo.Single[struct{}]
 }
 
 func (hc *HealthCheck) process() {
+	if hc.started.Load() {
+		log.Warnln("Skip start health check timer due to it's started")
+		return
+	}
+
 	ticker := time.NewTicker(time.Duration(hc.interval) * time.Second)
-
+	hc.start()
-	go func() {
-		time.Sleep(30 * time.Second)
-		hc.lazyCheck()
-	}()
-
 	for {
 		select {
 		case <-ticker.C:
-			hc.lazyCheck()
+			now := time.Now().Unix()
+			if !hc.lazy || now-hc.lastTouch.Load() < int64(hc.interval) {
+				hc.check()
+			} else {
+				log.Debugln("Skip once health check because we are lazy")
+			}
 		case <-hc.done:
 			ticker.Stop()
+			hc.stop()
 			return
 		}
 	}
 }
 
-func (hc *HealthCheck) lazyCheck() bool {
+func (hc *HealthCheck) setProxy(proxies []C.Proxy) {
-	now := time.Now().Unix()
+	hc.proxies = proxies
-	if !hc.lazy || now-hc.lastTouch.Load() < int64(hc.interval) {
+}
-		hc.check()
+
-		return true
+func (hc *HealthCheck) registerHealthCheckTask(url string, expectedStatus utils.IntRanges[uint16], filter string, interval uint) {
-	} else {
+	url = strings.TrimSpace(url)
-		log.Debugln("Skip once health check because we are lazy")
+	if len(url) == 0 || url == hc.url {
-		return false
+		log.Debugln("ignore invalid health check url: %s", url)
+		return
+	}
+
+	hc.mu.Lock()
+	defer hc.mu.Unlock()
+
+	// if the provider has not set up health checks, then modify it to be the same as the group's interval
+	if hc.interval == 0 {
+		hc.interval = interval
+	}
+
+	if hc.extra == nil {
+		hc.extra = make(map[string]*extraOption)
+	}
+
+	// prioritize the use of previously registered configurations, especially those from provider
+	if _, ok := hc.extra[url]; ok {
+		// provider default health check does not set filter
+		if url != hc.url && len(filter) != 0 {
+			splitAndAddFiltersToExtra(filter, hc.extra[url])
+		}
+
+		log.Debugln("health check url: %s exists", url)
+		return
+	}
+
+	// due to the time-consuming nature of health checks, a maximum of defaultMaxTestURLNum URLs can be set for testing
+	if len(hc.extra) > C.DefaultMaxHealthCheckUrlNum {
+		log.Debugln("skip add url: %s to health check because it has reached the maximum limit: %d", url, C.DefaultMaxHealthCheckUrlNum)
+		return
+	}
+
+	option := &extraOption{filters: map[string]struct{}{}, expectedStatus: expectedStatus}
+	splitAndAddFiltersToExtra(filter, option)
+	hc.extra[url] = option
+
+	if hc.auto() && !hc.started.Load() {
+		go hc.process()
 	}
 }
 
-func (hc *HealthCheck) setProxy(proxies []C.Proxy) {
+func splitAndAddFiltersToExtra(filter string, option *extraOption) {
-	hc.proxies = proxies
+	filter = strings.TrimSpace(filter)
+	if len(filter) != 0 {
+		for _, regex := range strings.Split(filter, "`") {
+			regex = strings.TrimSpace(regex)
+			if len(regex) != 0 {
+				option.filters[regex] = struct{}{}
+			}
+		}
+	}
 }
 
 func (hc *HealthCheck) auto() bool {
@@ -74,42 +138,100 @@ func (hc *HealthCheck) touch() {
 	hc.lastTouch.Store(time.Now().Unix())
 }
 
+func (hc *HealthCheck) start() {
+	hc.started.Store(true)
+}
+
+func (hc *HealthCheck) stop() {
+	hc.started.Store(false)
+}
+
 func (hc *HealthCheck) check() {
 	_, _, _ = hc.singleDo.Do(func() (struct{}, error) {
-		id := ""
+		id := utils.NewUUIDV4().String()
-		if uid, err := utils.UnsafeUUIDGenerator.NewV4(); err == nil {
-			id = uid.String()
-		}
 		log.Debugln("Start New Health Checking {%s}", id)
 		b, _ := batch.New[bool](context.Background(), batch.WithConcurrencyNum[bool](10))
-		for _, proxy := range hc.proxies {
-			p := proxy
-			b.Go(p.Name(), func() (bool, error) {
-				ctx, cancel := context.WithTimeout(context.Background(), defaultURLTestTimeout)
-				defer cancel()
-				log.Debugln("Health Checking %s {%s}", p.Name(), id)
-				_, _ = p.URLTest(ctx, hc.url)
-				log.Debugln("Health Checked %s : %t %d ms {%s}", p.Name(), p.Alive(), p.LastDelay(), id)
-				return false, nil
-			})
-		}
 
+		// execute default health check
+		option := &extraOption{filters: nil, expectedStatus: hc.expectedStatus}
+		hc.execute(b, hc.url, id, option)
+
+		// execute extra health check
+		if len(hc.extra) != 0 {
+			for url, option := range hc.extra {
+				hc.execute(b, url, id, option)
+			}
+		}
 		b.Wait()
 		log.Debugln("Finish A Health Checking {%s}", id)
 		return struct{}{}, nil
 	})
 }
 
+func (hc *HealthCheck) execute(b *batch.Batch[bool], url, uid string, option *extraOption) {
+	url = strings.TrimSpace(url)
+	if len(url) == 0 {
+		log.Debugln("Health Check has been skipped due to testUrl is empty, {%s}", uid)
+		return
+	}
+
+	var filterReg *regexp2.Regexp
+	var store = C.OriginalHistory
+	var expectedStatus utils.IntRanges[uint16]
+	if option != nil {
+		if url != hc.url {
+			store = C.ExtraHistory
+		}
+
+		expectedStatus = option.expectedStatus
+		if len(option.filters) != 0 {
+			filters := make([]string, 0, len(option.filters))
+			for filter := range option.filters {
+				filters = append(filters, filter)
+			}
+
+			filterReg = regexp2.MustCompile(strings.Join(filters, "|"), 0)
+		}
+	}
+
+	for _, proxy := range hc.proxies {
+		// skip proxies that do not require health check
+		if filterReg != nil {
+			if match, _ := filterReg.FindStringMatch(proxy.Name()); match == nil {
+				continue
+			}
+		}
+
+		p := proxy
+		b.Go(p.Name(), func() (bool, error) {
+			ctx, cancel := context.WithTimeout(context.Background(), defaultURLTestTimeout)
+			defer cancel()
+			log.Debugln("Health Checking, proxy: %s, url: %s, id: {%s}", p.Name(), url, uid)
+			_, _ = p.URLTest(ctx, url, expectedStatus, store)
+			log.Debugln("Health Checked, proxy: %s, url: %s, alive: %t, delay: %d ms uid: {%s}", p.Name(), url, p.AliveForTestUrl(url), p.LastDelayForTestUrl(url), uid)
+			return false, nil
+		})
+	}
+}
+
 func (hc *HealthCheck) close() {
 	hc.done <- struct{}{}
 }
 
-func NewHealthCheck(proxies []C.Proxy, url string, interval uint, lazy bool) *HealthCheck {
+func NewHealthCheck(proxies []C.Proxy, url string, interval uint, lazy bool, expectedStatus utils.IntRanges[uint16]) *HealthCheck {
+	if len(url) == 0 {
+		interval = 0
+		expectedStatus = nil
+	}
+
 	return &HealthCheck{
 		proxies:        proxies,
 		url:            url,
+		extra:          map[string]*extraOption{},
+		started:        atomic.NewBool(false),
 		interval:       interval,
 		lazy:           lazy,
+		expectedStatus: expectedStatus,
 		lastTouch:      atomic.NewInt64(0),
 		done:           make(chan struct{}, 1),
 		singleDo:       singledo.NewSingle[struct{}](time.Second),

adapter/provider/parser.go

@@ -6,28 +6,34 @@ import (
 	"time"
 
 	"github.com/Dreamacro/clash/common/structure"
+	"github.com/Dreamacro/clash/common/utils"
 	"github.com/Dreamacro/clash/component/resource"
 	C "github.com/Dreamacro/clash/constant"
 	types "github.com/Dreamacro/clash/constant/provider"
 )
 
-var errVehicleType = errors.New("unsupport vehicle type")
+var (
+	errVehicleType = errors.New("unsupport vehicle type")
+	errSubPath     = errors.New("path is not subpath of home directory")
+)
 
 type healthCheckSchema struct {
 	Enable         bool   `provider:"enable"`
 	URL            string `provider:"url"`
 	Interval       int    `provider:"interval"`
 	Lazy           bool   `provider:"lazy,omitempty"`
+	ExpectedStatus string `provider:"expected-status,omitempty"`
 }
 
 type proxyProviderSchema struct {
 	Type          string            `provider:"type"`
-	Path          string            `provider:"path"`
+	Path          string            `provider:"path,omitempty"`
 	URL           string            `provider:"url,omitempty"`
 	Interval      int               `provider:"interval,omitempty"`
 	Filter        string            `provider:"filter,omitempty"`
 	ExcludeFilter string            `provider:"exclude-filter,omitempty"`
 	ExcludeType   string            `provider:"exclude-type,omitempty"`
+	DialerProxy   string            `provider:"dialer-proxy,omitempty"`
 	HealthCheck   healthCheckSchema `provider:"health-check,omitempty"`
 }
 
@@ -43,20 +49,33 @@ func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvide
 		return nil, err
 	}
 
+	expectedStatus, err := utils.NewIntRanges[uint16](schema.HealthCheck.ExpectedStatus)
+	if err != nil {
+		return nil, err
+	}
+
 	var hcInterval uint
 	if schema.HealthCheck.Enable {
 		hcInterval = uint(schema.HealthCheck.Interval)
 	}
-	hc := NewHealthCheck([]C.Proxy{}, schema.HealthCheck.URL, hcInterval, schema.HealthCheck.Lazy)
+	hc := NewHealthCheck([]C.Proxy{}, schema.HealthCheck.URL, hcInterval, schema.HealthCheck.Lazy, expectedStatus)
-
-	path := C.Path.Resolve(schema.Path)
 
 	var vehicle types.Vehicle
 	switch schema.Type {
 	case "file":
+		path := C.Path.Resolve(schema.Path)
 		vehicle = resource.NewFileVehicle(path)
 	case "http":
+		if schema.Path != "" {
+			path := C.Path.Resolve(schema.Path)
+			if !C.Path.IsSafePath(path) {
+				return nil, fmt.Errorf("%w: %s", errSubPath, path)
+			}
 			vehicle = resource.NewHTTPVehicle(schema.URL, path)
+		} else {
+			path := C.Path.GetPathByHash("proxies", schema.URL)
+			vehicle = resource.NewHTTPVehicle(schema.URL, path)
+		}
 	default:
 		return nil, fmt.Errorf("%w: %s", errVehicleType, schema.Type)
 	}
@@ -65,6 +84,7 @@ func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvide
 	filter := schema.Filter
 	excludeFilter := schema.ExcludeFilter
 	excludeType := schema.ExcludeType
+	dialerProxy := schema.DialerProxy
 
-	return NewProxySetProvider(name, interval, filter, excludeFilter, excludeType, vehicle, hc)
+	return NewProxySetProvider(name, interval, filter, excludeFilter, excludeType, dialerProxy, vehicle, hc)
 }

adapter/provider/provider.go

@@ -12,11 +12,13 @@ import (
 
 	"github.com/Dreamacro/clash/adapter"
 	"github.com/Dreamacro/clash/common/convert"
+	"github.com/Dreamacro/clash/common/utils"
 	clashHttp "github.com/Dreamacro/clash/component/http"
 	"github.com/Dreamacro/clash/component/resource"
 	C "github.com/Dreamacro/clash/constant"
 	types "github.com/Dreamacro/clash/constant/provider"
 	"github.com/Dreamacro/clash/log"
+	"github.com/Dreamacro/clash/tunnel/statistic"
 
 	"github.com/dlclark/regexp2"
 	"gopkg.in/yaml.v3"
@@ -49,6 +51,7 @@ func (pp *proxySetProvider) MarshalJSON() ([]byte, error) {
 		"type":             pp.Type().String(),
 		"vehicleType":      pp.VehicleType().String(),
 		"proxies":          pp.Proxies(),
+		"testUrl":          pp.healthCheck.url,
 		"updatedAt":        pp.UpdatedAt,
 		"subscriptionInfo": pp.subscriptionInfo,
 	})
@@ -80,6 +83,8 @@ func (pp *proxySetProvider) Initial() error {
 		return err
 	}
 	pp.OnUpdate(elm)
+	pp.getSubscriptionInfo()
+	pp.closeAllConnections()
 	return nil
 }
 
@@ -95,11 +100,15 @@ func (pp *proxySetProvider) Touch() {
 	pp.healthCheck.touch()
 }
 
+func (pp *proxySetProvider) RegisterHealthCheckTask(url string, expectedStatus utils.IntRanges[uint16], filter string, interval uint) {
+	pp.healthCheck.registerHealthCheckTask(url, expectedStatus, filter, interval)
+}
+
 func (pp *proxySetProvider) setProxies(proxies []C.Proxy) {
 	pp.proxies = proxies
 	pp.healthCheck.setProxy(proxies)
 	if pp.healthCheck.auto() {
-		defer func() { go pp.healthCheck.lazyCheck() }()
+		go pp.healthCheck.check()
 	}
 }
 
@@ -137,12 +146,24 @@ func (pp *proxySetProvider) getSubscriptionInfo() {
 	}()
 }
 
+func (pp *proxySetProvider) closeAllConnections() {
+	statistic.DefaultManager.Range(func(c statistic.Tracker) bool {
+		for _, chain := range c.Chains() {
+			if chain == pp.Name() {
+				_ = c.Close()
+				break
+			}
+		}
+		return true
+	})
+}
+
 func stopProxyProvider(pd *ProxySetProvider) {
 	pd.healthCheck.close()
 	_ = pd.Fetcher.Destroy()
 }
 
-func NewProxySetProvider(name string, interval time.Duration, filter string, excludeFilter string, excludeType string, vehicle types.Vehicle, hc *HealthCheck) (*ProxySetProvider, error) {
+func NewProxySetProvider(name string, interval time.Duration, filter string, excludeFilter string, excludeType string, dialerProxy string, vehicle types.Vehicle, hc *HealthCheck) (*ProxySetProvider, error) {
 	excludeFilterReg, err := regexp2.Compile(excludeFilter, 0)
 	if err != nil {
 		return nil, fmt.Errorf("invalid excludeFilter regex: %w", err)
@@ -170,10 +191,8 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, exc
 		healthCheck: hc,
 	}
 
-	fetcher := resource.NewFetcher[[]C.Proxy](name, interval, vehicle, proxiesParseAndFilter(filter, excludeFilter, excludeTypeArray, filterRegs, excludeFilterReg), proxiesOnUpdate(pd))
+	fetcher := resource.NewFetcher[[]C.Proxy](name, interval, vehicle, proxiesParseAndFilter(filter, excludeFilter, excludeTypeArray, filterRegs, excludeFilterReg, dialerProxy), proxiesOnUpdate(pd))
 	pd.Fetcher = fetcher
-
-	pd.getSubscriptionInfo()
 	wrapper := &ProxySetProvider{pd}
 	runtime.SetFinalizer(wrapper, stopProxyProvider)
 	return wrapper, nil
@@ -197,6 +216,7 @@ func (cp *compatibleProvider) MarshalJSON() ([]byte, error) {
 		"type":        cp.Type().String(),
 		"vehicleType": cp.VehicleType().String(),
 		"proxies":     cp.Proxies(),
+		"testUrl":     cp.healthCheck.url,
 	})
 }
 
@@ -236,6 +256,10 @@ func (cp *compatibleProvider) Touch() {
 	cp.healthCheck.touch()
 }
 
+func (cp *compatibleProvider) RegisterHealthCheckTask(url string, expectedStatus utils.IntRanges[uint16], filter string, interval uint) {
+	cp.healthCheck.registerHealthCheckTask(url, expectedStatus, filter, interval)
+}
+
 func stopCompatibleProvider(pd *CompatibleProvider) {
 	pd.healthCheck.close()
 }
@@ -268,7 +292,7 @@ func proxiesOnUpdate(pd *proxySetProvider) func([]C.Proxy) {
 	}
 }
 
-func proxiesParseAndFilter(filter string, excludeFilter string, excludeTypeArray []string, filterRegs []*regexp2.Regexp, excludeFilterReg *regexp2.Regexp) resource.Parser[[]C.Proxy] {
+func proxiesParseAndFilter(filter string, excludeFilter string, excludeTypeArray []string, filterRegs []*regexp2.Regexp, excludeFilterReg *regexp2.Regexp, dialerProxy string) resource.Parser[[]C.Proxy] {
 	return func(buf []byte) ([]C.Proxy, error) {
 		schema := &ProxySchema{}
 
@@ -331,6 +355,9 @@ func proxiesParseAndFilter(filter string, excludeFilter string, excludeTypeArray
 				if _, ok := proxiesSet[name]; ok {
 					continue
 				}
+				if len(dialerProxy) > 0 {
+					mapping["dialer-proxy"] = dialerProxy
+				}
 				proxy, err := adapter.ParseProxy(mapping)
 				if err != nil {
 					return nil, fmt.Errorf("proxy %d error: %w", idx, err)

common/atomic/type.go

@@ -0,0 +1,205 @@
+package atomic
+
+import (
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"sync/atomic"
+)
+
+type Bool struct {
+	atomic.Bool
+}
+
+func NewBool(val bool) *Bool {
+	i := &Bool{}
+	i.Store(val)
+	return i
+}
+
+func (i *Bool) MarshalJSON() ([]byte, error) {
+	return json.Marshal(i.Load())
+}
+
+func (i *Bool) UnmarshalJSON(b []byte) error {
+	var v bool
+	if err := json.Unmarshal(b, &v); err != nil {
+		return err
+	}
+	i.Store(v)
+	return nil
+}
+
+func (i *Bool) String() string {
+	v := i.Load()
+	return strconv.FormatBool(v)
+}
+
+type Pointer[T any] struct {
+	atomic.Pointer[T]
+}
+
+func NewPointer[T any](v *T) *Pointer[T] {
+	var p Pointer[T]
+	if v != nil {
+		p.Store(v)
+	}
+	return &p
+}
+
+func (p *Pointer[T]) MarshalJSON() ([]byte, error) {
+	return json.Marshal(p.Load())
+}
+
+func (p *Pointer[T]) UnmarshalJSON(b []byte) error {
+	var v *T
+	if err := json.Unmarshal(b, &v); err != nil {
+		return err
+	}
+	p.Store(v)
+	return nil
+}
+
+func (p *Pointer[T]) String() string {
+	return fmt.Sprint(p.Load())
+}
+
+type Int32 struct {
+	atomic.Int32
+}
+
+func NewInt32(val int32) *Int32 {
+	i := &Int32{}
+	i.Store(val)
+	return i
+}
+
+func (i *Int32) MarshalJSON() ([]byte, error) {
+	return json.Marshal(i.Load())
+}
+
+func (i *Int32) UnmarshalJSON(b []byte) error {
+	var v int32
+	if err := json.Unmarshal(b, &v); err != nil {
+		return err
+	}
+	i.Store(v)
+	return nil
+}
+
+func (i *Int32) String() string {
+	v := i.Load()
+	return strconv.FormatInt(int64(v), 10)
+}
+
+type Int64 struct {
+	atomic.Int64
+}
+
+func NewInt64(val int64) *Int64 {
+	i := &Int64{}
+	i.Store(val)
+	return i
+}
+
+func (i *Int64) MarshalJSON() ([]byte, error) {
+	return json.Marshal(i.Load())
+}
+
+func (i *Int64) UnmarshalJSON(b []byte) error {
+	var v int64
+	if err := json.Unmarshal(b, &v); err != nil {
+		return err
+	}
+	i.Store(v)
+	return nil
+}
+
+func (i *Int64) String() string {
+	v := i.Load()
+	return strconv.FormatInt(int64(v), 10)
+}
+
+type Uint32 struct {
+	atomic.Uint32
+}
+
+func NewUint32(val uint32) *Uint32 {
+	i := &Uint32{}
+	i.Store(val)
+	return i
+}
+
+func (i *Uint32) MarshalJSON() ([]byte, error) {
+	return json.Marshal(i.Load())
+}
+
+func (i *Uint32) UnmarshalJSON(b []byte) error {
+	var v uint32
+	if err := json.Unmarshal(b, &v); err != nil {
+		return err
+	}
+	i.Store(v)
+	return nil
+}
+
+func (i *Uint32) String() string {
+	v := i.Load()
+	return strconv.FormatUint(uint64(v), 10)
+}
+
+type Uint64 struct {
+	atomic.Uint64
+}
+
+func NewUint64(val uint64) *Uint64 {
+	i := &Uint64{}
+	i.Store(val)
+	return i
+}
+
+func (i *Uint64) MarshalJSON() ([]byte, error) {
+	return json.Marshal(i.Load())
+}
+
+func (i *Uint64) UnmarshalJSON(b []byte) error {
+	var v uint64
+	if err := json.Unmarshal(b, &v); err != nil {
+		return err
+	}
+	i.Store(v)
+	return nil
+}
+
+func (i *Uint64) String() string {
+	v := i.Load()
+	return strconv.FormatUint(uint64(v), 10)
+}
+
+type Uintptr struct {
+	atomic.Uintptr
+}
+
+func NewUintptr(val uintptr) *Uintptr {
+	i := &Uintptr{}
+	i.Store(val)
+	return i
+}
+
+func (i *Uintptr) MarshalJSON() ([]byte, error) {
+	return json.Marshal(i.Load())
+}
+
+func (i *Uintptr) UnmarshalJSON(b []byte) error {
+	var v uintptr
+	if err := json.Unmarshal(b, &v); err != nil {
+		return err
+	}
+	i.Store(v)
+	return nil
+}
+
+func (i *Uintptr) String() string {
+	v := i.Load()
+	return strconv.FormatUint(uint64(v), 10)
+}

common/atomic/value.go

@@ -0,0 +1,58 @@
+package atomic
+
+import (
+	"encoding/json"
+	"sync/atomic"
+)
+
+func DefaultValue[T any]() T {
+	var defaultValue T
+	return defaultValue
+}
+
+type TypedValue[T any] struct {
+	value atomic.Value
+}
+
+func (t *TypedValue[T]) Load() T {
+	value := t.value.Load()
+	if value == nil {
+		return DefaultValue[T]()
+	}
+	return value.(T)
+}
+
+func (t *TypedValue[T]) Store(value T) {
+	t.value.Store(value)
+}
+
+func (t *TypedValue[T]) Swap(new T) T {
+	old := t.value.Swap(new)
+	if old == nil {
+		return DefaultValue[T]()
+	}
+	return old.(T)
+}
+
+func (t *TypedValue[T]) CompareAndSwap(old, new T) bool {
+	return t.value.CompareAndSwap(old, new)
+}
+
+func (t *TypedValue[T]) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.Load())
+}
+
+func (t *TypedValue[T]) UnmarshalJSON(b []byte) error {
+	var v T
+	if err := json.Unmarshal(b, &v); err != nil {
+		return err
+	}
+	t.Store(v)
+	return nil
+}
+
+func NewTypedValue[T any](t T) *TypedValue[T] {
+	v := &TypedValue[T]{}
+	v.Store(t)
+	return v
+}

common/buf/sing.go

@@ -10,9 +10,11 @@ const BufferSize = buf.BufferSize
 type Buffer = buf.Buffer
 
 var New = buf.New
+var NewSize = buf.NewSize
 var StackNew = buf.StackNew
 var StackNewSize = buf.StackNewSize
 var With = buf.With
+var As = buf.As
 
 var KeepAlive = common.KeepAlive
 
@@ -21,5 +23,7 @@ func Dup[T any](obj T) T {
 	return common.Dup(obj)
 }
 
-var Must = common.Must
+var (
-var Error = common.Error
+	Must  = common.Must
+	Error = common.Error
+)

common/callback/callback.go

@@ -1,25 +1,55 @@
 package callback
 
 import (
+	"github.com/Dreamacro/clash/common/buf"
+	N "github.com/Dreamacro/clash/common/net"
 	C "github.com/Dreamacro/clash/constant"
 )
 
-type FirstWriteCallBackConn struct {
+type firstWriteCallBackConn struct {
 	C.Conn
-	Callback func(error)
+	callback func(error)
 	written  bool
 }
 
-func (c *FirstWriteCallBackConn) Write(b []byte) (n int, err error) {
+func (c *firstWriteCallBackConn) Write(b []byte) (n int, err error) {
 	defer func() {
 		if !c.written {
 			c.written = true
-			c.Callback(err)
+			c.callback(err)
 		}
 	}()
 	return c.Conn.Write(b)
 }
 
-func (c *FirstWriteCallBackConn) Upstream() any {
+func (c *firstWriteCallBackConn) WriteBuffer(buffer *buf.Buffer) (err error) {
+	defer func() {
+		if !c.written {
+			c.written = true
+			c.callback(err)
+		}
+	}()
+	return c.Conn.WriteBuffer(buffer)
+}
+
+func (c *firstWriteCallBackConn) Upstream() any {
 	return c.Conn
 }
+
+func (c *firstWriteCallBackConn) WriterReplaceable() bool {
+	return c.written
+}
+
+func (c *firstWriteCallBackConn) ReaderReplaceable() bool {
+	return true
+}
+
+var _ N.ExtendedConn = (*firstWriteCallBackConn)(nil)
+
+func NewFirstWriteCallBackConn(c C.Conn, callback func(error)) C.Conn {
+	return &firstWriteCallBackConn{
+		Conn:     c,
+		callback: callback,
+		written:  false,
+	}
+}

common/convert/converter.go

@@ -5,10 +5,11 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"github.com/Dreamacro/clash/log"
 	"net/url"
 	"strconv"
 	"strings"
+
+	"github.com/Dreamacro/clash/log"
 )
 
 // ConvertsV2Ray convert V2Ray subscribe proxies data to clash proxies config
@@ -201,7 +202,8 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 				vmess["servername"] = sni
 			}
 
-			network := strings.ToLower(values["net"].(string))
+			network, _ := values["net"].(string)
+			network = strings.ToLower(network)
 			if values["type"] == "http" {
 				network = "http"
 			} else if network == "http" {
@@ -209,10 +211,13 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			}
 			vmess["network"] = network
 
-			tls := strings.ToLower(values["tls"].(string))
+			tls, ok := values["tls"].(string)
+			if ok {
+				tls = strings.ToLower(tls)
 				if strings.HasSuffix(tls, "tls") {
 					vmess["tls"] = true
 				}
+			}
 
 			switch network {
 			case "http":

common/convert/util.go

@@ -294,8 +294,7 @@ var (
 )
 
 func RandHost() string {
-	id, _ := utils.UnsafeUUIDGenerator.NewV4()
+	base := strings.ToLower(base64.RawURLEncoding.EncodeToString(utils.NewUUIDV4().Bytes()))
-	base := strings.ToLower(base64.RawURLEncoding.EncodeToString(id.Bytes()))
 	base = strings.ReplaceAll(base, "-", "")
 	base = strings.ReplaceAll(base, "_", "")
 	buf := []byte(base)

common/convert/v.go

@@ -27,7 +27,7 @@ func handleVShareLink(names map[string]int, url *url.URL, scheme string, proxy m
 	proxy["skip-cert-verify"] = false
 	proxy["tls"] = false
 	tls := strings.ToLower(query.Get("security"))
-	if strings.HasSuffix(tls, "tls") {
+	if strings.HasSuffix(tls, "tls") || tls == "reality" {
 		proxy["tls"] = true
 		if fingerprint := query.Get("fp"); fingerprint == "" {
 			proxy["client-fingerprint"] = "chrome"
@@ -38,6 +38,12 @@ func handleVShareLink(names map[string]int, url *url.URL, scheme string, proxy m
 	if sni := query.Get("sni"); sni != "" {
 		proxy["servername"] = sni
 	}
+	if realityPublicKey := query.Get("pbk"); realityPublicKey != "" {
+		proxy["reality-opts"] = map[string]any{
+			"public-key": realityPublicKey,
+			"short-id":   query.Get("sid"),
+		}
+	}
 
 	switch query.Get("packetEncoding") {
 	case "none":

common/net/addr.go

@@ -0,0 +1,36 @@
+package net
+
+import (
+	"net"
+)
+
+type CustomAddr interface {
+	net.Addr
+	RawAddr() net.Addr
+}
+
+type customAddr struct {
+	networkStr string
+	addrStr    string
+	rawAddr    net.Addr
+}
+
+func (a customAddr) Network() string {
+	return a.networkStr
+}
+
+func (a customAddr) String() string {
+	return a.addrStr
+}
+
+func (a customAddr) RawAddr() net.Addr {
+	return a.rawAddr
+}
+
+func NewCustomAddr(networkStr string, addrStr string, rawAddr net.Addr) CustomAddr {
+	return customAddr{
+		networkStr: networkStr,
+		addrStr:    addrStr,
+		rawAddr:    rawAddr,
+	}
+}

common/net/bind.go

@@ -3,34 +3,43 @@ package net
 import "net"
 
 type bindPacketConn struct {
-	net.PacketConn
+	EnhancePacketConn
 	rAddr net.Addr
 }
 
-func (wpc *bindPacketConn) Read(b []byte) (n int, err error) {
+func (c *bindPacketConn) Read(b []byte) (n int, err error) {
-	n, _, err = wpc.PacketConn.ReadFrom(b)
+	n, _, err = c.EnhancePacketConn.ReadFrom(b)
 	return n, err
 }
 
-func (wpc *bindPacketConn) Write(b []byte) (n int, err error) {
+func (c *bindPacketConn) WaitRead() (data []byte, put func(), err error) {
-	return wpc.PacketConn.WriteTo(b, wpc.rAddr)
+	data, put, _, err = c.EnhancePacketConn.WaitReadFrom()
+	return
 }
 
-func (wpc *bindPacketConn) RemoteAddr() net.Addr {
+func (c *bindPacketConn) Write(b []byte) (n int, err error) {
-	return wpc.rAddr
+	return c.EnhancePacketConn.WriteTo(b, c.rAddr)
 }
 
-func (wpc *bindPacketConn) LocalAddr() net.Addr {
+func (c *bindPacketConn) RemoteAddr() net.Addr {
-	if wpc.PacketConn.LocalAddr() == nil {
+	return c.rAddr
+}
+
+func (c *bindPacketConn) LocalAddr() net.Addr {
+	if c.EnhancePacketConn.LocalAddr() == nil {
 		return &net.UDPAddr{IP: net.IPv4zero, Port: 0}
 	} else {
-		return wpc.PacketConn.LocalAddr()
+		return c.EnhancePacketConn.LocalAddr()
 	}
 }
 
+func (c *bindPacketConn) Upstream() any {
+	return c.EnhancePacketConn
+}
+
 func NewBindPacketConn(pc net.PacketConn, rAddr net.Addr) net.Conn {
 	return &bindPacketConn{
-		PacketConn: pc,
+		EnhancePacketConn: NewEnhancePacketConn(pc),
 		rAddr:             rAddr,
 	}
 }

common/net/bufconn.go

@@ -62,20 +62,35 @@ func (c *BufferedConn) Buffered() int {
 }
 
 func (c *BufferedConn) ReadBuffer(buffer *buf.Buffer) (err error) {
-	if c.r.Buffered() > 0 {
+	if c.r != nil && c.r.Buffered() > 0 {
 		_, err = buffer.ReadOnceFrom(c.r)
 		return
 	}
 	return c.ExtendedConn.ReadBuffer(buffer)
 }
 
+func (c *BufferedConn) ReadCached() *buf.Buffer { // call in sing/common/bufio.Copy
+	if c.r != nil && c.r.Buffered() > 0 {
+		length := c.r.Buffered()
+		b, _ := c.r.Peek(length)
+		_, _ = c.r.Discard(length)
+		c.r = nil // drop bufio.Reader to let gc can clean up its internal buf
+		return buf.As(b)
+	}
+	return nil
+}
+
 func (c *BufferedConn) Upstream() any {
 	return c.ExtendedConn
 }
 
 func (c *BufferedConn) ReaderReplaceable() bool {
-	if c.r.Buffered() > 0 {
+	if c.r != nil && c.r.Buffered() > 0 {
 		return false
 	}
 	return true
 }
+
+func (c *BufferedConn) WriterReplaceable() bool {
+	return true
+}

common/net/deadline/packet.go

@@ -0,0 +1,154 @@
+package deadline
+
+import (
+	"net"
+	"os"
+	"runtime"
+	"time"
+
+	"github.com/Dreamacro/clash/common/atomic"
+	"github.com/Dreamacro/clash/common/net/packet"
+)
+
+type readResult struct {
+	data []byte
+	addr net.Addr
+	err  error
+}
+
+type NetPacketConn struct {
+	net.PacketConn
+	deadline     atomic.TypedValue[time.Time]
+	pipeDeadline pipeDeadline
+	disablePipe  atomic.Bool
+	inRead       atomic.Bool
+	resultCh     chan any
+}
+
+func NewNetPacketConn(pc net.PacketConn) net.PacketConn {
+	npc := &NetPacketConn{
+		PacketConn:   pc,
+		pipeDeadline: makePipeDeadline(),
+		resultCh:     make(chan any, 1),
+	}
+	npc.resultCh <- nil
+	if enhancePC, isEnhance := pc.(packet.EnhancePacketConn); isEnhance {
+		epc := &EnhancePacketConn{
+			NetPacketConn: npc,
+			enhancePacketConn: enhancePacketConn{
+				netPacketConn:     npc,
+				enhancePacketConn: enhancePC,
+			},
+		}
+		if singPC, isSingPC := pc.(packet.SingPacketConn); isSingPC {
+			return &EnhanceSingPacketConn{
+				EnhancePacketConn: epc,
+				singPacketConn: singPacketConn{
+					netPacketConn:  npc,
+					singPacketConn: singPC,
+				},
+			}
+		}
+		return epc
+	}
+	if singPC, isSingPC := pc.(packet.SingPacketConn); isSingPC {
+		return &SingPacketConn{
+			NetPacketConn: npc,
+			singPacketConn: singPacketConn{
+				netPacketConn:  npc,
+				singPacketConn: singPC,
+			},
+		}
+	}
+	return npc
+}
+
+func (c *NetPacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+FOR:
+	for {
+		select {
+		case result := <-c.resultCh:
+			if result != nil {
+				if result, ok := result.(*readResult); ok {
+					n = copy(p, result.data)
+					addr = result.addr
+					err = result.err
+					c.resultCh <- nil // finish cache read
+					return
+				}
+				c.resultCh <- result // another type of read
+				runtime.Gosched()    // allowing other goroutines to run
+				continue FOR
+			} else {
+				c.resultCh <- nil
+				break FOR
+			}
+		case <-c.pipeDeadline.wait():
+			return 0, nil, os.ErrDeadlineExceeded
+		}
+	}
+
+	if c.disablePipe.Load() {
+		return c.PacketConn.ReadFrom(p)
+	} else if c.deadline.Load().IsZero() {
+		c.inRead.Store(true)
+		defer c.inRead.Store(false)
+		n, addr, err = c.PacketConn.ReadFrom(p)
+		return
+	}
+
+	<-c.resultCh
+	go c.pipeReadFrom(len(p))
+
+	return c.ReadFrom(p)
+}
+
+func (c *NetPacketConn) pipeReadFrom(size int) {
+	buffer := make([]byte, size)
+	n, addr, err := c.PacketConn.ReadFrom(buffer)
+	buffer = buffer[:n]
+	result := &readResult{}
+	result.data = buffer
+	result.addr = addr
+	result.err = err
+	c.resultCh <- result
+}
+
+func (c *NetPacketConn) SetReadDeadline(t time.Time) error {
+	if c.disablePipe.Load() {
+		return c.PacketConn.SetReadDeadline(t)
+	} else if c.inRead.Load() {
+		c.disablePipe.Store(true)
+		return c.PacketConn.SetReadDeadline(t)
+	}
+	c.deadline.Store(t)
+	c.pipeDeadline.set(t)
+	return nil
+}
+
+func (c *NetPacketConn) ReaderReplaceable() bool {
+	select {
+	case result := <-c.resultCh:
+		c.resultCh <- result
+		if result != nil {
+			return false // cache reading
+		} else {
+			break
+		}
+	default:
+		return false // pipe reading
+	}
+	return c.disablePipe.Load() || c.deadline.Load().IsZero()
+}
+
+func (c *NetPacketConn) WriterReplaceable() bool {
+	return true
+}
+
+func (c *NetPacketConn) Upstream() any {
+	return c.PacketConn
+}
+
+func (c *NetPacketConn) NeedAdditionalReadDeadline() bool {
+	return false
+}

common/net/deadline/packet_enhance.go

@@ -0,0 +1,83 @@
+package deadline
+
+import (
+	"net"
+	"os"
+	"runtime"
+
+	"github.com/Dreamacro/clash/common/net/packet"
+)
+
+type EnhancePacketConn struct {
+	*NetPacketConn
+	enhancePacketConn
+}
+
+var _ packet.EnhancePacketConn = (*EnhancePacketConn)(nil)
+
+func NewEnhancePacketConn(pc packet.EnhancePacketConn) packet.EnhancePacketConn {
+	return NewNetPacketConn(pc).(packet.EnhancePacketConn)
+}
+
+type enhanceReadResult struct {
+	data []byte
+	put  func()
+	addr net.Addr
+	err  error
+}
+
+type enhancePacketConn struct {
+	netPacketConn     *NetPacketConn
+	enhancePacketConn packet.EnhancePacketConn
+}
+
+func (c *enhancePacketConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err error) {
+FOR:
+	for {
+		select {
+		case result := <-c.netPacketConn.resultCh:
+			if result != nil {
+				if result, ok := result.(*enhanceReadResult); ok {
+					data = result.data
+					put = result.put
+					addr = result.addr
+					err = result.err
+					c.netPacketConn.resultCh <- nil // finish cache read
+					return
+				}
+				c.netPacketConn.resultCh <- result // another type of read
+				runtime.Gosched()                  // allowing other goroutines to run
+				continue FOR
+			} else {
+				c.netPacketConn.resultCh <- nil
+				break FOR
+			}
+		case <-c.netPacketConn.pipeDeadline.wait():
+			return nil, nil, nil, os.ErrDeadlineExceeded
+		}
+	}
+
+	if c.netPacketConn.disablePipe.Load() {
+		return c.enhancePacketConn.WaitReadFrom()
+	} else if c.netPacketConn.deadline.Load().IsZero() {
+		c.netPacketConn.inRead.Store(true)
+		defer c.netPacketConn.inRead.Store(false)
+		data, put, addr, err = c.enhancePacketConn.WaitReadFrom()
+		return
+	}
+
+	<-c.netPacketConn.resultCh
+	go c.pipeWaitReadFrom()
+
+	return c.WaitReadFrom()
+}
+
+func (c *enhancePacketConn) pipeWaitReadFrom() {
+	data, put, addr, err := c.enhancePacketConn.WaitReadFrom()
+	result := &enhanceReadResult{}
+	result.data = data
+	result.put = put
+	result.addr = addr
+	result.err = err
+	c.netPacketConn.resultCh <- result
+}

common/net/deadline/packet_sing.go

@@ -0,0 +1,177 @@
+package deadline
+
+import (
+	"os"
+	"runtime"
+
+	"github.com/Dreamacro/clash/common/net/packet"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type SingPacketConn struct {
+	*NetPacketConn
+	singPacketConn
+}
+
+var _ packet.SingPacketConn = (*SingPacketConn)(nil)
+
+func NewSingPacketConn(pc packet.SingPacketConn) packet.SingPacketConn {
+	return NewNetPacketConn(pc).(packet.SingPacketConn)
+}
+
+type EnhanceSingPacketConn struct {
+	*EnhancePacketConn
+	singPacketConn
+}
+
+func NewEnhanceSingPacketConn(pc packet.EnhanceSingPacketConn) packet.EnhanceSingPacketConn {
+	return NewNetPacketConn(pc).(packet.EnhanceSingPacketConn)
+}
+
+var _ packet.EnhanceSingPacketConn = (*EnhanceSingPacketConn)(nil)
+
+type singReadResult struct {
+	buffer      *buf.Buffer
+	destination M.Socksaddr
+	err         error
+}
+
+type singPacketConn struct {
+	netPacketConn  *NetPacketConn
+	singPacketConn packet.SingPacketConn
+}
+
+func (c *singPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+FOR:
+	for {
+		select {
+		case result := <-c.netPacketConn.resultCh:
+			if result != nil {
+				if result, ok := result.(*singReadResult); ok {
+					destination = result.destination
+					err = result.err
+					n, _ := buffer.Write(result.buffer.Bytes())
+					result.buffer.Advance(n)
+					if result.buffer.IsEmpty() {
+						result.buffer.Release()
+					}
+					c.netPacketConn.resultCh <- nil // finish cache read
+					return
+				}
+				c.netPacketConn.resultCh <- result // another type of read
+				runtime.Gosched()                  // allowing other goroutines to run
+				continue FOR
+			} else {
+				c.netPacketConn.resultCh <- nil
+				break FOR
+			}
+		case <-c.netPacketConn.pipeDeadline.wait():
+			return M.Socksaddr{}, os.ErrDeadlineExceeded
+		}
+	}
+
+	if c.netPacketConn.disablePipe.Load() {
+		return c.singPacketConn.ReadPacket(buffer)
+	} else if c.netPacketConn.deadline.Load().IsZero() {
+		c.netPacketConn.inRead.Store(true)
+		defer c.netPacketConn.inRead.Store(false)
+		destination, err = c.singPacketConn.ReadPacket(buffer)
+		return
+	}
+
+	<-c.netPacketConn.resultCh
+	go c.pipeReadPacket(buffer.FreeLen())
+
+	return c.ReadPacket(buffer)
+}
+
+func (c *singPacketConn) pipeReadPacket(pLen int) {
+	buffer := buf.NewSize(pLen)
+	destination, err := c.singPacketConn.ReadPacket(buffer)
+	result := &singReadResult{}
+	result.destination = destination
+	result.err = err
+	c.netPacketConn.resultCh <- result
+}
+
+func (c *singPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	return c.singPacketConn.WritePacket(buffer, destination)
+}
+
+func (c *singPacketConn) CreateReadWaiter() (N.PacketReadWaiter, bool) {
+	prw, isReadWaiter := bufio.CreatePacketReadWaiter(c.singPacketConn)
+	if isReadWaiter {
+		return &singPacketReadWaiter{
+			netPacketConn:    c.netPacketConn,
+			packetReadWaiter: prw,
+		}, true
+	}
+	return nil, false
+}
+
+var _ N.PacketReadWaiter = (*singPacketReadWaiter)(nil)
+
+type singPacketReadWaiter struct {
+	netPacketConn    *NetPacketConn
+	packetReadWaiter N.PacketReadWaiter
+}
+
+type singWaitReadResult singReadResult
+
+func (c *singPacketReadWaiter) InitializeReadWaiter(newBuffer func() *buf.Buffer) {
+	c.packetReadWaiter.InitializeReadWaiter(newBuffer)
+}
+
+func (c *singPacketReadWaiter) WaitReadPacket() (destination M.Socksaddr, err error) {
+FOR:
+	for {
+		select {
+		case result := <-c.netPacketConn.resultCh:
+			if result != nil {
+				if result, ok := result.(*singWaitReadResult); ok {
+					destination = result.destination
+					err = result.err
+					c.netPacketConn.resultCh <- nil // finish cache read
+					return
+				}
+				c.netPacketConn.resultCh <- result // another type of read
+				runtime.Gosched()                  // allowing other goroutines to run
+				continue FOR
+			} else {
+				c.netPacketConn.resultCh <- nil
+				break FOR
+			}
+		case <-c.netPacketConn.pipeDeadline.wait():
+			return M.Socksaddr{}, os.ErrDeadlineExceeded
+		}
+	}
+
+	if c.netPacketConn.disablePipe.Load() {
+		return c.packetReadWaiter.WaitReadPacket()
+	} else if c.netPacketConn.deadline.Load().IsZero() {
+		c.netPacketConn.inRead.Store(true)
+		defer c.netPacketConn.inRead.Store(false)
+		destination, err = c.packetReadWaiter.WaitReadPacket()
+		return
+	}
+
+	<-c.netPacketConn.resultCh
+	go c.pipeWaitReadPacket()
+
+	return c.WaitReadPacket()
+}
+
+func (c *singPacketReadWaiter) pipeWaitReadPacket() {
+	destination, err := c.packetReadWaiter.WaitReadPacket()
+	result := &singWaitReadResult{}
+	result.destination = destination
+	result.err = err
+	c.netPacketConn.resultCh <- result
+}
+
+func (c *singPacketReadWaiter) Upstream() any {
+	return c.packetReadWaiter
+}

common/net/deadline/pipe.go

@@ -0,0 +1,84 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package deadline
+
+import (
+	"sync"
+	"time"
+)
+
+// pipeDeadline is an abstraction for handling timeouts.
+type pipeDeadline struct {
+	mu     sync.Mutex // Guards timer and cancel
+	timer  *time.Timer
+	cancel chan struct{} // Must be non-nil
+}
+
+func makePipeDeadline() pipeDeadline {
+	return pipeDeadline{cancel: make(chan struct{})}
+}
+
+// set sets the point in time when the deadline will time out.
+// A timeout event is signaled by closing the channel returned by waiter.
+// Once a timeout has occurred, the deadline can be refreshed by specifying a
+// t value in the future.
+//
+// A zero value for t prevents timeout.
+func (d *pipeDeadline) set(t time.Time) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	if d.timer != nil && !d.timer.Stop() {
+		<-d.cancel // Wait for the timer callback to finish and close cancel
+	}
+	d.timer = nil
+
+	// Time is zero, then there is no deadline.
+	closed := isClosedChan(d.cancel)
+	if t.IsZero() {
+		if closed {
+			d.cancel = make(chan struct{})
+		}
+		return
+	}
+
+	// Time in the future, setup a timer to cancel in the future.
+	if dur := time.Until(t); dur > 0 {
+		if closed {
+			d.cancel = make(chan struct{})
+		}
+		d.timer = time.AfterFunc(dur, func() {
+			close(d.cancel)
+		})
+		return
+	}
+
+	// Time in the past, so close immediately.
+	if !closed {
+		close(d.cancel)
+	}
+}
+
+// wait returns a channel that is closed when the deadline is exceeded.
+func (d *pipeDeadline) wait() chan struct{} {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	return d.cancel
+}
+
+func isClosedChan(c <-chan struct{}) bool {
+	select {
+	case <-c:
+		return true
+	default:
+		return false
+	}
+}
+
+func makeFilledChan() chan struct{} {
+	ch := make(chan struct{}, 1)
+	ch <- struct{}{}
+	return ch
+}

common/net/packet.go

@@ -0,0 +1,18 @@
+package net
+
+import (
+	"github.com/Dreamacro/clash/common/net/deadline"
+	"github.com/Dreamacro/clash/common/net/packet"
+)
+
+type EnhancePacketConn = packet.EnhancePacketConn
+type WaitReadFrom = packet.WaitReadFrom
+
+var NewEnhancePacketConn = packet.NewEnhancePacketConn
+var NewThreadSafePacketConn = packet.NewThreadSafePacketConn
+var NewRefPacketConn = packet.NewRefPacketConn
+
+var NewDeadlineNetPacketConn = deadline.NewNetPacketConn
+var NewDeadlineEnhancePacketConn = deadline.NewEnhancePacketConn
+var NewDeadlineSingPacketConn = deadline.NewSingPacketConn
+var NewDeadlineEnhanceSingPacketConn = deadline.NewEnhanceSingPacketConn

common/net/packet/packet.go

@@ -0,0 +1,77 @@
+package packet
+
+import (
+	"net"
+
+	"github.com/Dreamacro/clash/common/pool"
+)
+
+type WaitReadFrom interface {
+	WaitReadFrom() (data []byte, put func(), addr net.Addr, err error)
+}
+
+type EnhancePacketConn interface {
+	net.PacketConn
+	WaitReadFrom
+}
+
+func NewEnhancePacketConn(pc net.PacketConn) EnhancePacketConn {
+	if udpConn, isUDPConn := pc.(*net.UDPConn); isUDPConn {
+		return &enhanceUDPConn{UDPConn: udpConn}
+	}
+	if enhancePC, isEnhancePC := pc.(EnhancePacketConn); isEnhancePC {
+		return enhancePC
+	}
+	if singPC, isSingPC := pc.(SingPacketConn); isSingPC {
+		return newEnhanceSingPacketConn(singPC)
+	}
+	return &enhancePacketConn{PacketConn: pc}
+}
+
+type enhancePacketConn struct {
+	net.PacketConn
+}
+
+func (c *enhancePacketConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err error) {
+	return waitReadFrom(c.PacketConn)
+}
+
+func (c *enhancePacketConn) Upstream() any {
+	return c.PacketConn
+}
+
+func (c *enhancePacketConn) WriterReplaceable() bool {
+	return true
+}
+
+func (c *enhancePacketConn) ReaderReplaceable() bool {
+	return true
+}
+
+func (c *enhanceUDPConn) Upstream() any {
+	return c.UDPConn
+}
+
+func (c *enhanceUDPConn) WriterReplaceable() bool {
+	return true
+}
+
+func (c *enhanceUDPConn) ReaderReplaceable() bool {
+	return true
+}
+
+func waitReadFrom(pc net.PacketConn) (data []byte, put func(), addr net.Addr, err error) {
+	readBuf := pool.Get(pool.UDPBufferSize)
+	put = func() {
+		_ = pool.Put(readBuf)
+	}
+	var readN int
+	readN, addr, err = pc.ReadFrom(readBuf)
+	if readN > 0 {
+		data = readBuf[:readN]
+	} else {
+		put()
+		put = nil
+	}
+	return
+}

common/net/packet/packet_posix.go

@@ -0,0 +1,65 @@
+//go:build !windows
+
+package packet
+
+import (
+	"net"
+	"strconv"
+	"syscall"
+
+	"github.com/Dreamacro/clash/common/pool"
+)
+
+type enhanceUDPConn struct {
+	*net.UDPConn
+	rawConn syscall.RawConn
+}
+
+func (c *enhanceUDPConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err error) {
+	if c.rawConn == nil {
+		c.rawConn, _ = c.UDPConn.SyscallConn()
+	}
+	var readErr error
+	err = c.rawConn.Read(func(fd uintptr) (done bool) {
+		readBuf := pool.Get(pool.UDPBufferSize)
+		put = func() {
+			_ = pool.Put(readBuf)
+		}
+		var readFrom syscall.Sockaddr
+		var readN int
+		readN, _, _, readFrom, readErr = syscall.Recvmsg(int(fd), readBuf, nil, 0)
+		if readN > 0 {
+			data = readBuf[:readN]
+		} else {
+			put()
+			put = nil
+			data = nil
+		}
+		if readErr == syscall.EAGAIN {
+			return false
+		}
+		if readFrom != nil {
+			switch from := readFrom.(type) {
+			case *syscall.SockaddrInet4:
+				ip := from.Addr // copy from.Addr; ip escapes, so this line allocates 4 bytes
+				addr = &net.UDPAddr{IP: ip[:], Port: from.Port}
+			case *syscall.SockaddrInet6:
+				ip := from.Addr // copy from.Addr; ip escapes, so this line allocates 16 bytes
+				addr = &net.UDPAddr{IP: ip[:], Port: from.Port, Zone: strconv.FormatInt(int64(from.ZoneId), 10)}
+			}
+		}
+		// udp should not convert readN == 0 to io.EOF
+		//if readN == 0 {
+		//	readErr = io.EOF
+		//}
+		return true
+	})
+	if err != nil {
+		return
+	}
+	if readErr != nil {
+		err = readErr
+		return
+	}
+	return
+}

common/net/packet/packet_sing.go

@@ -0,0 +1,79 @@
+package packet
+
+import (
+	"net"
+
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type SingPacketConn = N.NetPacketConn
+
+type EnhanceSingPacketConn interface {
+	SingPacketConn
+	EnhancePacketConn
+}
+
+type enhanceSingPacketConn struct {
+	SingPacketConn
+	packetReadWaiter N.PacketReadWaiter
+}
+
+func (c *enhanceSingPacketConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err error) {
+	var buff *buf.Buffer
+	var dest M.Socksaddr
+	newBuffer := func() *buf.Buffer {
+		buff = buf.NewPacket() // do not use stack buffer
+		return buff
+	}
+	if c.packetReadWaiter != nil {
+		c.packetReadWaiter.InitializeReadWaiter(newBuffer)
+		defer c.packetReadWaiter.InitializeReadWaiter(nil)
+		dest, err = c.packetReadWaiter.WaitReadPacket()
+	} else {
+		dest, err = c.SingPacketConn.ReadPacket(newBuffer())
+	}
+	if dest.IsFqdn() {
+		addr = dest
+	} else {
+		addr = dest.UDPAddr()
+	}
+	if err != nil {
+		if buff != nil {
+			buff.Release()
+		}
+		return
+	}
+	if buff == nil {
+		return
+	}
+	if buff.IsEmpty() {
+		buff.Release()
+		return
+	}
+	data = buff.Bytes()
+	put = buff.Release
+	return
+}
+
+func (c *enhanceSingPacketConn) Upstream() any {
+	return c.SingPacketConn
+}
+
+func (c *enhanceSingPacketConn) WriterReplaceable() bool {
+	return true
+}
+
+func (c *enhanceSingPacketConn) ReaderReplaceable() bool {
+	return true
+}
+
+func newEnhanceSingPacketConn(conn SingPacketConn) *enhanceSingPacketConn {
+	epc := &enhanceSingPacketConn{SingPacketConn: conn}
+	if readWaiter, isReadWaiter := bufio.CreatePacketReadWaiter(conn); isReadWaiter {
+		epc.packetReadWaiter = readWaiter
+	}
+	return epc
+}

common/net/packet/packet_windows.go

@@ -0,0 +1,15 @@
+//go:build windows
+
+package packet
+
+import (
+	"net"
+)
+
+type enhanceUDPConn struct {
+	*net.UDPConn
+}
+
+func (c *enhanceUDPConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err error) {
+	return waitReadFrom(c.UDPConn)
+}

common/net/packet/ref.go

@@ -0,0 +1,75 @@
+package packet
+
+import (
+	"net"
+	"runtime"
+	"time"
+)
+
+type refPacketConn struct {
+	pc  EnhancePacketConn
+	ref any
+}
+
+func (c *refPacketConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err error) {
+	defer runtime.KeepAlive(c.ref)
+	return c.pc.WaitReadFrom()
+}
+
+func (c *refPacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	defer runtime.KeepAlive(c.ref)
+	return c.pc.ReadFrom(p)
+}
+
+func (c *refPacketConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	defer runtime.KeepAlive(c.ref)
+	return c.pc.WriteTo(p, addr)
+}
+
+func (c *refPacketConn) Close() error {
+	defer runtime.KeepAlive(c.ref)
+	return c.pc.Close()
+}
+
+func (c *refPacketConn) LocalAddr() net.Addr {
+	defer runtime.KeepAlive(c.ref)
+	return c.pc.LocalAddr()
+}
+
+func (c *refPacketConn) SetDeadline(t time.Time) error {
+	defer runtime.KeepAlive(c.ref)
+	return c.pc.SetDeadline(t)
+}
+
+func (c *refPacketConn) SetReadDeadline(t time.Time) error {
+	defer runtime.KeepAlive(c.ref)
+	return c.pc.SetReadDeadline(t)
+}
+
+func (c *refPacketConn) SetWriteDeadline(t time.Time) error {
+	defer runtime.KeepAlive(c.ref)
+	return c.pc.SetWriteDeadline(t)
+}
+
+func (c *refPacketConn) Upstream() any {
+	return c.pc
+}
+
+func (c *refPacketConn) ReaderReplaceable() bool { // Relay() will handle reference
+	return true
+}
+
+func (c *refPacketConn) WriterReplaceable() bool { // Relay() will handle reference
+	return true
+}
+
+func NewRefPacketConn(pc net.PacketConn, ref any) EnhancePacketConn {
+	rPC := &refPacketConn{pc: NewEnhancePacketConn(pc), ref: ref}
+	if singPC, isSingPC := pc.(SingPacketConn); isSingPC {
+		return &refSingPacketConn{
+			refPacketConn:  rPC,
+			singPacketConn: singPC,
+		}
+	}
+	return rPC
+}

common/net/packet/ref_sing.go

@@ -0,0 +1,26 @@
+package packet
+
+import (
+	"runtime"
+
+	"github.com/sagernet/sing/common/buf"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type refSingPacketConn struct {
+	*refPacketConn
+	singPacketConn SingPacketConn
+}
+
+var _ N.NetPacketConn = (*refSingPacketConn)(nil)
+
+func (c *refSingPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	defer runtime.KeepAlive(c.ref)
+	return c.singPacketConn.WritePacket(buffer, destination)
+}
+
+func (c *refSingPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	defer runtime.KeepAlive(c.ref)
+	return c.singPacketConn.ReadPacket(buffer)
+}

common/net/packet/thread.go

@@ -0,0 +1,36 @@
+package packet
+
+import (
+	"net"
+	"sync"
+)
+
+type threadSafePacketConn struct {
+	EnhancePacketConn
+	access sync.Mutex
+}
+
+func (c *threadSafePacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+	c.access.Lock()
+	defer c.access.Unlock()
+	return c.EnhancePacketConn.WriteTo(b, addr)
+}
+
+func (c *threadSafePacketConn) Upstream() any {
+	return c.EnhancePacketConn
+}
+
+func (c *threadSafePacketConn) ReaderReplaceable() bool {
+	return true
+}
+
+func NewThreadSafePacketConn(pc net.PacketConn) EnhancePacketConn {
+	tsPC := &threadSafePacketConn{EnhancePacketConn: NewEnhancePacketConn(pc)}
+	if singPC, isSingPC := pc.(SingPacketConn); isSingPC {
+		return &threadSafeSingPacketConn{
+			threadSafePacketConn: tsPC,
+			singPacketConn:       singPC,
+		}
+	}
+	return tsPC
+}

common/net/packet/thread_sing.go

@@ -0,0 +1,24 @@
+package packet
+
+import (
+	"github.com/sagernet/sing/common/buf"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type threadSafeSingPacketConn struct {
+	*threadSafePacketConn
+	singPacketConn SingPacketConn
+}
+
+var _ N.NetPacketConn = (*threadSafeSingPacketConn)(nil)
+
+func (c *threadSafeSingPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	c.access.Lock()
+	defer c.access.Unlock()
+	return c.singPacketConn.WritePacket(buffer, destination)
+}
+
+func (c *threadSafeSingPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	return c.singPacketConn.ReadPacket(buffer)
+}

common/net/refconn.go

@@ -4,10 +4,12 @@ import (
 	"net"
 	"runtime"
 	"time"
+
+	"github.com/Dreamacro/clash/common/buf"
 )
 
 type refConn struct {
-	conn net.Conn
+	conn ExtendedConn
 	ref  any
 }
 
@@ -55,50 +57,26 @@ func (c *refConn) Upstream() any {
 	return c.conn
 }
 
+func (c *refConn) ReadBuffer(buffer *buf.Buffer) error {
+	defer runtime.KeepAlive(c.ref)
+	return c.conn.ReadBuffer(buffer)
+}
+
+func (c *refConn) WriteBuffer(buffer *buf.Buffer) error {
+	defer runtime.KeepAlive(c.ref)
+	return c.conn.WriteBuffer(buffer)
+}
+
+func (c *refConn) ReaderReplaceable() bool { // Relay() will handle reference
+	return true
+}
+
+func (c *refConn) WriterReplaceable() bool { // Relay() will handle reference
+	return true
+}
+
+var _ ExtendedConn = (*refConn)(nil)
+
 func NewRefConn(conn net.Conn, ref any) net.Conn {
-	return &refConn{conn: conn, ref: ref}
+	return &refConn{conn: NewExtendedConn(conn), ref: ref}
-}
-
-type refPacketConn struct {
-	pc  net.PacketConn
-	ref any
-}
-
-func (pc *refPacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
-	defer runtime.KeepAlive(pc.ref)
-	return pc.pc.ReadFrom(p)
-}
-
-func (pc *refPacketConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
-	defer runtime.KeepAlive(pc.ref)
-	return pc.pc.WriteTo(p, addr)
-}
-
-func (pc *refPacketConn) Close() error {
-	defer runtime.KeepAlive(pc.ref)
-	return pc.pc.Close()
-}
-
-func (pc *refPacketConn) LocalAddr() net.Addr {
-	defer runtime.KeepAlive(pc.ref)
-	return pc.pc.LocalAddr()
-}
-
-func (pc *refPacketConn) SetDeadline(t time.Time) error {
-	defer runtime.KeepAlive(pc.ref)
-	return pc.pc.SetDeadline(t)
-}
-
-func (pc *refPacketConn) SetReadDeadline(t time.Time) error {
-	defer runtime.KeepAlive(pc.ref)
-	return pc.pc.SetReadDeadline(t)
-}
-
-func (pc *refPacketConn) SetWriteDeadline(t time.Time) error {
-	defer runtime.KeepAlive(pc.ref)
-	return pc.pc.SetWriteDeadline(t)
-}
-
-func NewRefPacketConn(pc net.PacketConn, ref any) net.PacketConn {
-	return &refPacketConn{pc: pc, ref: ref}
 }

common/net/sing.go

@@ -3,9 +3,11 @@ package net
 import (
 	"context"
 	"net"
+	"runtime"
 
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/bufio"
+	"github.com/sagernet/sing/common/bufio/deadline"
 	"github.com/sagernet/sing/common/network"
 )
 
@@ -17,6 +19,10 @@ type ExtendedConn = network.ExtendedConn
 type ExtendedWriter = network.ExtendedWriter
 type ExtendedReader = network.ExtendedReader
 
+func NewDeadlineConn(conn net.Conn) ExtendedConn {
+	return deadline.NewFallbackConn(conn)
+}
+
 func NeedHandshake(conn any) bool {
 	if earlyConn, isEarlyConn := common.Cast[network.EarlyConn](conn); isEarlyConn && earlyConn.NeedHandshake() {
 		return true
@@ -24,7 +30,11 @@ func NeedHandshake(conn any) bool {
 	return false
 }
 
+type CountFunc = network.CountFunc
+
 // Relay copies between left and right bidirectionally.
 func Relay(leftConn, rightConn net.Conn) {
+	defer runtime.KeepAlive(leftConn)
+	defer runtime.KeepAlive(rightConn)
 	_ = bufio.CopyConn(context.TODO(), leftConn, rightConn)
 }

common/net/tls.go

@@ -11,7 +11,7 @@ import (
 )
 
 func ParseCert(certificate, privateKey string) (tls.Certificate, error) {
-	if certificate == "" || privateKey == "" {
+	if certificate == "" && privateKey == "" {
 		return newRandomTLSKeyPair()
 	}
 	cert, painTextErr := tls.X509KeyPair([]byte(certificate), []byte(privateKey))

common/observable/observable_test.go

@@ -5,8 +5,9 @@ import (
 	"testing"
 	"time"
 
+	"github.com/Dreamacro/clash/common/atomic"
+
 	"github.com/stretchr/testify/assert"
-	"go.uber.org/atomic"
 )
 
 func iterator[T any](item []T) chan T {
@@ -44,7 +45,7 @@ func TestObservable_MultiSubscribe(t *testing.T) {
 	wg.Add(2)
 	waitCh := func(ch <-chan int) {
 		for range ch {
-			count.Inc()
+			count.Add(1)
 		}
 		wg.Done()
 	}

common/pool/buffer_low_memory.go

@@ -0,0 +1,15 @@
+//go:build with_low_memory
+
+package pool
+
+const (
+	// io.Copy default buffer size is 32 KiB
+	// but the maximum packet size of vmess/shadowsocks is about 16 KiB
+	// so define a buffer of 20 KiB to reduce the memory of each TCP relay
+	RelayBufferSize = 16 * 1024
+
+	// RelayBufferSize uses 20KiB, but due to the allocator it will actually
+	// request 32Kib. Most UDPs are smaller than the MTU, and the TUN's MTU
+	// set to 9000, so the UDP Buffer size set to 16Kib
+	UDPBufferSize = 8 * 1024
+)

common/pool/buffer_standard.go

@@ -0,0 +1,15 @@
+//go:build !with_low_memory
+
+package pool
+
+const (
+	// io.Copy default buffer size is 32 KiB
+	// but the maximum packet size of vmess/shadowsocks is about 16 KiB
+	// so define a buffer of 20 KiB to reduce the memory of each TCP relay
+	RelayBufferSize = 20 * 1024
+
+	// RelayBufferSize uses 20KiB, but due to the allocator it will actually
+	// request 32Kib. Most UDPs are smaller than the MTU, and the TUN's MTU
+	// set to 9000, so the UDP Buffer size set to 16Kib
+	UDPBufferSize = 16 * 1024
+)

common/pool/pool.go

@@ -1,17 +1,5 @@
 package pool
 
-const (
-	// io.Copy default buffer size is 32 KiB
-	// but the maximum packet size of vmess/shadowsocks is about 16 KiB
-	// so define a buffer of 20 KiB to reduce the memory of each TCP relay
-	RelayBufferSize = 20 * 1024
-
-	// RelayBufferSize uses 20KiB, but due to the allocator it will actually
-	// request 32Kib. Most UDPs are smaller than the MTU, and the TUN's MTU
-	// set to 9000, so the UDP Buffer size set to 16Kib
-	UDPBufferSize = 16 * 1024
-)
-
 func Get(size int) []byte {
 	return defaultAllocator.Get(size)
 }

common/singledo/singledo_test.go

@@ -5,8 +5,9 @@ import (
 	"testing"
 	"time"
 
+	"github.com/Dreamacro/clash/common/atomic"
+
 	"github.com/stretchr/testify/assert"
-	"go.uber.org/atomic"
 )
 
 func TestBasic(t *testing.T) {
@@ -26,7 +27,7 @@ func TestBasic(t *testing.T) {
 		go func() {
 			_, _, shard := single.Do(call)
 			if shard {
-				shardCount.Inc()
+				shardCount.Add(1)
 			}
 			wg.Done()
 		}()

common/utils/global_id.go

@@ -0,0 +1,17 @@
+package utils
+
+import (
+	"hash/maphash"
+	"unsafe"
+)
+
+var globalSeed = maphash.MakeSeed()
+
+func GlobalID(material string) (id [8]byte) {
+	*(*uint64)(unsafe.Pointer(&id[0])) = maphash.String(globalSeed, material)
+	return
+}
+
+func MapHash(material string) uint64 {
+	return maphash.String(globalSeed, material)
+}

common/utils/range.go

@@ -9,36 +9,36 @@ type Range[T constraints.Ordered] struct {
 	end   T
 }
 
-func NewRange[T constraints.Ordered](start, end T) *Range[T] {
+func NewRange[T constraints.Ordered](start, end T) Range[T] {
 	if start > end {
-		return &Range[T]{
+		return Range[T]{
 			start: end,
 			end:   start,
 		}
 	}
 
-	return &Range[T]{
+	return Range[T]{
 		start: start,
 		end:   end,
 	}
 }
 
-func (r *Range[T]) Contains(t T) bool {
+func (r Range[T]) Contains(t T) bool {
 	return t >= r.start && t <= r.end
 }
 
-func (r *Range[T]) LeftContains(t T) bool {
+func (r Range[T]) LeftContains(t T) bool {
 	return t >= r.start && t < r.end
 }
 
-func (r *Range[T]) RightContains(t T) bool {
+func (r Range[T]) RightContains(t T) bool {
 	return t > r.start && t <= r.end
 }
 
-func (r *Range[T]) Start() T {
+func (r Range[T]) Start() T {
 	return r.start
 }
 
-func (r *Range[T]) End() T {
+func (r Range[T]) End() T {
 	return r.end
 }

common/utils/ranges.go

@@ -0,0 +1,77 @@
+package utils
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+
+	"golang.org/x/exp/constraints"
+)
+
+type IntRanges[T constraints.Integer] []Range[T]
+
+var errIntRanges = errors.New("intRanges error")
+
+func NewIntRanges[T constraints.Integer](expected string) (IntRanges[T], error) {
+	// example: 200 or 200/302 or 200-400 or 200/204/401-429/501-503
+	expected = strings.TrimSpace(expected)
+	if len(expected) == 0 || expected == "*" {
+		return nil, nil
+	}
+
+	list := strings.Split(expected, "/")
+	if len(list) > 28 {
+		return nil, fmt.Errorf("%w, too many ranges to use, maximum support 28 ranges", errIntRanges)
+	}
+
+	return NewIntRangesFromList[T](list)
+}
+
+func NewIntRangesFromList[T constraints.Integer](list []string) (IntRanges[T], error) {
+	var ranges IntRanges[T]
+	for _, s := range list {
+		if s == "" {
+			continue
+		}
+
+		status := strings.Split(s, "-")
+		statusLen := len(status)
+		if statusLen > 2 {
+			return nil, errIntRanges
+		}
+
+		start, err := strconv.ParseInt(strings.Trim(status[0], "[ ]"), 10, 64)
+		if err != nil {
+			return nil, errIntRanges
+		}
+
+		switch statusLen {
+		case 1:
+			ranges = append(ranges, NewRange(T(start), T(start)))
+		case 2:
+			end, err := strconv.ParseUint(strings.Trim(status[1], "[ ]"), 10, 64)
+			if err != nil {
+				return nil, errIntRanges
+			}
+
+			ranges = append(ranges, NewRange(T(start), T(end)))
+		}
+	}
+
+	return ranges, nil
+}
+
+func (ranges IntRanges[T]) Check(status T) bool {
+	if len(ranges) == 0 {
+		return true
+	}
+
+	for _, segment := range ranges {
+		if segment.Contains(status) {
+			return true
+		}
+	}
+
+	return false
+}

common/utils/string_unsafe.go

@@ -0,0 +1,49 @@
+package utils
+
+import "unsafe"
+
+// sliceHeader is equivalent to reflect.SliceHeader, but represents the pointer
+// to the underlying array as unsafe.Pointer rather than uintptr, allowing
+// sliceHeaders to be directly converted to slice objects.
+type sliceHeader struct {
+	Data unsafe.Pointer
+	Len  int
+	Cap  int
+}
+
+// slice returns a slice whose underlying array starts at ptr an which length
+// and capacity are len.
+func slice[T any](ptr *T, length int) []T {
+	var s []T
+	hdr := (*sliceHeader)(unsafe.Pointer(&s))
+	hdr.Data = unsafe.Pointer(ptr)
+	hdr.Len = length
+	hdr.Cap = length
+	return s
+}
+
+// stringHeader is equivalent to reflect.StringHeader, but represents the
+// pointer to the underlying array as unsafe.Pointer rather than uintptr,
+// allowing StringHeaders to be directly converted to strings.
+type stringHeader struct {
+	Data unsafe.Pointer
+	Len  int
+}
+
+// ImmutableBytesFromString is equivalent to []byte(s), except that it uses the
+// same memory backing s instead of making a heap-allocated copy. This is only
+// valid if the returned slice is never mutated.
+func ImmutableBytesFromString(s string) []byte {
+	shdr := (*stringHeader)(unsafe.Pointer(&s))
+	return slice((*byte)(shdr.Data), shdr.Len)
+}
+
+// StringFromImmutableBytes is equivalent to string(bs), except that it uses
+// the same memory backing bs instead of making a heap-allocated copy. This is
+// only valid if bs is never mutated after StringFromImmutableBytes returns.
+func StringFromImmutableBytes(bs []byte) string {
+	// This is cheaper than messing with StringHeader and SliceHeader, which as
+	// of this writing produces many dead stores of zeroes. Compare
+	// strings.Builder.String().
+	return *(*string)(unsafe.Pointer(&bs))
+}

common/utils/strings.go

@@ -0,0 +1,9 @@
+package utils
+
+func Reverse(s string) string {
+	a := []rune(s)
+	for i, j := 0, len(a)-1; i < j; i, j = i+1, j-1 {
+		a[i], a[j] = a[j], a[i]
+	}
+	return string(a)
+}

common/utils/uuid.go

@@ -1,7 +1,7 @@
 package utils
 
 import (
-	"github.com/gofrs/uuid"
+	"github.com/gofrs/uuid/v5"
 	"github.com/zhangyunhao116/fastrand"
 )
 
@@ -13,11 +13,39 @@ func (r fastRandReader) Read(p []byte) (int, error) {
 
 var UnsafeUUIDGenerator = uuid.NewGenWithOptions(uuid.WithRandomReader(fastRandReader{}))
 
+func NewUUIDV1() uuid.UUID {
+	u, _ := UnsafeUUIDGenerator.NewV1() // fastrand.Read wouldn't cause error, so ignore err is safe
+	return u
+}
+
+func NewUUIDV3(ns uuid.UUID, name string) uuid.UUID {
+	return UnsafeUUIDGenerator.NewV3(ns, name)
+}
+
+func NewUUIDV4() uuid.UUID {
+	u, _ := UnsafeUUIDGenerator.NewV4() // fastrand.Read wouldn't cause error, so ignore err is safe
+	return u
+}
+
+func NewUUIDV5(ns uuid.UUID, name string) uuid.UUID {
+	return UnsafeUUIDGenerator.NewV5(ns, name)
+}
+
+func NewUUIDV6() uuid.UUID {
+	u, _ := UnsafeUUIDGenerator.NewV6() // fastrand.Read wouldn't cause error, so ignore err is safe
+	return u
+}
+
+func NewUUIDV7() uuid.UUID {
+	u, _ := UnsafeUUIDGenerator.NewV7() // fastrand.Read wouldn't cause error, so ignore err is safe
+	return u
+}
+
 // UUIDMap https://github.com/XTLS/Xray-core/issues/158#issue-783294090
 func UUIDMap(str string) (uuid.UUID, error) {
 	u, err := uuid.FromString(str)
 	if err != nil {
-		return UnsafeUUIDGenerator.NewV5(uuid.Nil, str), nil
+		return NewUUIDV5(uuid.Nil, str), nil
 	}
 	return u, nil
 }

common/utils/uuid_test.go

@@ -1,7 +1,7 @@
 package utils
 
 import (
-	"github.com/gofrs/uuid"
+	"github.com/gofrs/uuid/v5"
 	"reflect"
 	"testing"
 )

component/dialer/bind.go

@@ -0,0 +1,51 @@
+package dialer
+
+import (
+	"net"
+	"net/netip"
+	"strings"
+
+	"github.com/Dreamacro/clash/component/iface"
+)
+
+func LookupLocalAddrFromIfaceName(ifaceName string, network string, destination netip.Addr, port int) (net.Addr, error) {
+	ifaceObj, err := iface.ResolveInterface(ifaceName)
+	if err != nil {
+		return nil, err
+	}
+
+	var addr *netip.Prefix
+	switch network {
+	case "udp4", "tcp4":
+		addr, err = ifaceObj.PickIPv4Addr(destination)
+	case "tcp6", "udp6":
+		addr, err = ifaceObj.PickIPv6Addr(destination)
+	default:
+		if destination.IsValid() {
+			if destination.Is4() || destination.Is4In6() {
+				addr, err = ifaceObj.PickIPv4Addr(destination)
+			} else {
+				addr, err = ifaceObj.PickIPv6Addr(destination)
+			}
+		} else {
+			addr, err = ifaceObj.PickIPv4Addr(destination)
+		}
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if strings.HasPrefix(network, "tcp") {
+		return &net.TCPAddr{
+			IP:   addr.Addr().AsSlice(),
+			Port: port,
+		}, nil
+	} else if strings.HasPrefix(network, "udp") {
+		return &net.UDPAddr{
+			IP:   addr.Addr().AsSlice(),
+			Port: port,
+		}, nil
+	}
+
+	return nil, iface.ErrAddrNotFound
+}

component/dialer/bind_others.go

@@ -7,52 +7,8 @@ import (
 	"net/netip"
 	"strconv"
 	"strings"
-
-	"github.com/Dreamacro/clash/component/iface"
 )
 
-func lookupLocalAddr(ifaceName string, network string, destination netip.Addr, port int) (net.Addr, error) {
-	ifaceObj, err := iface.ResolveInterface(ifaceName)
-	if err != nil {
-		return nil, err
-	}
-
-	var addr *netip.Prefix
-	switch network {
-	case "udp4", "tcp4":
-		addr, err = ifaceObj.PickIPv4Addr(destination)
-	case "tcp6", "udp6":
-		addr, err = ifaceObj.PickIPv6Addr(destination)
-	default:
-		if destination.IsValid() {
-			if destination.Is4() {
-				addr, err = ifaceObj.PickIPv4Addr(destination)
-			} else {
-				addr, err = ifaceObj.PickIPv6Addr(destination)
-			}
-		} else {
-			addr, err = ifaceObj.PickIPv4Addr(destination)
-		}
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	if strings.HasPrefix(network, "tcp") {
-		return &net.TCPAddr{
-			IP:   addr.Addr().AsSlice(),
-			Port: port,
-		}, nil
-	} else if strings.HasPrefix(network, "udp") {
-		return &net.UDPAddr{
-			IP:   addr.Addr().AsSlice(),
-			Port: port,
-		}, nil
-	}
-
-	return nil, iface.ErrAddrNotFound
-}
-
 func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, network string, destination netip.Addr) error {
 	if !destination.IsGlobalUnicast() {
 		return nil
@@ -66,7 +22,7 @@ func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, network string, des
 		}
 	}
 
-	addr, err := lookupLocalAddr(ifaceName, network, destination, int(local))
+	addr, err := LookupLocalAddrFromIfaceName(ifaceName, network, destination, int(local))
 	if err != nil {
 		return err
 	}
@@ -84,7 +40,7 @@ func bindIfaceToListenConfig(ifaceName string, _ *net.ListenConfig, network, add
 
 	local, _ := strconv.ParseUint(port, 10, 16)
 
-	addr, err := lookupLocalAddr(ifaceName, network, netip.Addr{}, int(local))
+	addr, err := LookupLocalAddrFromIfaceName(ifaceName, network, netip.Addr{}, int(local))
 	if err != nil {
 		return "", err
 	}

component/dialer/bind_windows.go

@@ -3,6 +3,7 @@ package dialer
 import (
 	"context"
 	"encoding/binary"
+	"fmt"
 	"net"
 	"net/netip"
 	"syscall"
@@ -20,11 +21,19 @@ func bind4(handle syscall.Handle, ifaceIdx int) error {
 	var bytes [4]byte
 	binary.BigEndian.PutUint32(bytes[:], uint32(ifaceIdx))
 	idx := *(*uint32)(unsafe.Pointer(&bytes[0]))
-	return syscall.SetsockoptInt(handle, syscall.IPPROTO_IP, IP_UNICAST_IF, int(idx))
+	err := syscall.SetsockoptInt(handle, syscall.IPPROTO_IP, IP_UNICAST_IF, int(idx))
+	if err != nil {
+		err = fmt.Errorf("bind4: %w", err)
+	}
+	return err
 }
 
 func bind6(handle syscall.Handle, ifaceIdx int) error {
-	return syscall.SetsockoptInt(handle, syscall.IPPROTO_IPV6, IPV6_UNICAST_IF, ifaceIdx)
+	err := syscall.SetsockoptInt(handle, syscall.IPPROTO_IPV6, IPV6_UNICAST_IF, ifaceIdx)
+	if err != nil {
+		err = fmt.Errorf("bind6: %w", err)
+	}
+	return err
 }
 
 func bindControl(ifaceIdx int) controlFn {
@@ -49,9 +58,9 @@ func bindControl(ifaceIdx int) controlFn {
 				if (!addrPort.Addr().IsValid() || addrPort.Addr().IsUnspecified()) && bind6err != nil {
 					// try bind ipv6, if failed, ignore. it's a workaround for windows disable interface ipv6
 					if bind4err != nil {
-						innerErr = bind6err
+						innerErr = fmt.Errorf("%w (%s)", bind6err, bind4err)
 					} else {
-						innerErr = bind4err
+						innerErr = nil
 					}
 				} else {
 					innerErr = bind6err

component/dialer/dialer.go

@@ -157,7 +157,7 @@ func concurrentDualStackDialContext(ctx context.Context, network string, ips []n
 }
 
 func dualStackDialContext(ctx context.Context, dialFn dialFunc, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error) {
-	ipv4s, ipv6s := sortationAddr(ips)
+	ipv4s, ipv6s := resolver.SortationAddr(ips)
 	preferIPVersion := opt.prefer
 
 	fallbackTicker := time.NewTicker(fallbackTimeout)
@@ -309,27 +309,16 @@ func parseAddr(ctx context.Context, network, address string, preferResolver reso
 	return ips, port, nil
 }
 
-func sortationAddr(ips []netip.Addr) (ipv4s, ipv6s []netip.Addr) {
-	for _, v := range ips {
-		if v.Is4() { // 4in6 parse was in parseAddr
-			ipv4s = append(ipv4s, v)
-		} else {
-			ipv6s = append(ipv6s, v)
-		}
-	}
-	return
-}
-
 type Dialer struct {
-	opt option
+	Opt option
 }
 
 func (d Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
-	return DialContext(ctx, network, address, WithOption(d.opt))
+	return DialContext(ctx, network, address, WithOption(d.Opt))
 }
 
 func (d Dialer) ListenPacket(ctx context.Context, network, address string, rAddrPort netip.AddrPort) (net.PacketConn, error) {
-	opt := WithOption(d.opt)
+	opt := WithOption(d.Opt)
 	if rAddrPort.Addr().Unmap().IsLoopback() {
 		// avoid "The requested address is not valid in its context."
 		opt = WithInterface("")
@@ -339,5 +328,5 @@ func (d Dialer) ListenPacket(ctx context.Context, network, address string, rAddr
 
 func NewDialer(options ...Option) Dialer {
 	opt := applyOptions(options...)
-	return Dialer{opt: *opt}
+	return Dialer{Opt: *opt}
 }

component/dialer/options.go

@@ -4,14 +4,13 @@ import (
 	"context"
 	"net"
 
+	"github.com/Dreamacro/clash/common/atomic"
 	"github.com/Dreamacro/clash/component/resolver"
-
-	"go.uber.org/atomic"
 )
 
 var (
 	DefaultOptions     []Option
-	DefaultInterface   = atomic.NewString("")
+	DefaultInterface   = atomic.NewTypedValue[string]("")
 	DefaultRoutingMark = atomic.NewInt32(0)
 )
 

component/dialer/tfo.go

@@ -18,10 +18,11 @@ type tfoConn struct {
 }
 
 func (c *tfoConn) Dial(earlyData []byte) (err error) {
-	c.Conn, err = c.dialFn(c.ctx, earlyData)
+	conn, err := c.dialFn(c.ctx, earlyData)
 	if err != nil {
 		return
 	}
+	c.Conn = conn
 	c.dialed <- true
 	return err
 }
@@ -105,10 +106,22 @@ func (c *tfoConn) Upstream() any {
 	return c.Conn
 }
 
+func (c *tfoConn) NeedAdditionalReadDeadline() bool {
+	return c.Conn == nil
+}
+
 func (c *tfoConn) NeedHandshake() bool {
 	return c.Conn == nil
 }
 
+func (c *tfoConn) ReaderReplaceable() bool {
+	return c.Conn != nil
+}
+
+func (c *tfoConn) WriterReplaceable() bool {
+	return c.Conn != nil
+}
+
 func dialTFO(ctx context.Context, netDialer net.Dialer, network, address string) (net.Conn, error) {
 	ctx, cancel := context.WithCancel(ctx)
 	dialer := tfo.Dialer{Dialer: netDialer, DisableTFO: false}

component/geodata/geodata.go

@@ -1,13 +1,10 @@
 package geodata
 
 import (
-	"errors"
 	"fmt"
-	C "github.com/Dreamacro/clash/constant"
-	"strings"
 
 	"github.com/Dreamacro/clash/component/geodata/router"
-	"github.com/Dreamacro/clash/log"
+	C "github.com/Dreamacro/clash/constant"
 )
 
 type loader struct {
@@ -15,47 +12,7 @@ type loader struct {
 }
 
 func (l *loader) LoadGeoSite(list string) ([]*router.Domain, error) {
-	return l.LoadGeoSiteWithAttr(C.GeositeName, list)
+	return l.LoadSiteByPath(C.GeositeName, list)
-}
-
-func (l *loader) LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*router.Domain, error) {
-	parts := strings.Split(siteWithAttr, "@")
-	if len(parts) == 0 {
-		return nil, errors.New("empty rule")
-	}
-	list := strings.TrimSpace(parts[0])
-	attrVal := parts[1:]
-
-	if len(list) == 0 {
-		return nil, fmt.Errorf("empty listname in rule: %s", siteWithAttr)
-	}
-
-	domains, err := l.LoadSiteByPath(file, list)
-	if err != nil {
-		return nil, err
-	}
-
-	attrs := parseAttrs(attrVal)
-	if attrs.IsEmpty() {
-		if strings.Contains(siteWithAttr, "@") {
-			log.Warnln("empty attribute list: %s", siteWithAttr)
-		}
-		return domains, nil
-	}
-
-	filteredDomains := make([]*router.Domain, 0, len(domains))
-	hasAttrMatched := false
-	for _, domain := range domains {
-		if attrs.Match(domain) {
-			hasAttrMatched = true
-			filteredDomains = append(filteredDomains, domain)
-		}
-	}
-	if !hasAttrMatched {
-		log.Warnln("attribute match no rule: geosite: %s", siteWithAttr)
-	}
-
-	return filteredDomains, nil
 }
 
 func (l *loader) LoadGeoIP(country string) ([]*router.CIDR, error) {

component/geodata/geodataproto.go

@@ -14,6 +14,5 @@ type LoaderImplementation interface {
 type Loader interface {
 	LoaderImplementation
 	LoadGeoSite(list string) ([]*router.Domain, error)
-	LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*router.Domain, error)
 	LoadGeoIP(country string) ([]*router.CIDR, error)
 }

component/geodata/init.go

@@ -1,13 +1,17 @@
 package geodata
 
 import (
+	"context"
 	"fmt"
-	"github.com/Dreamacro/clash/component/mmdb"
-	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/log"
 	"io"
 	"net/http"
 	"os"
+	"time"
+
+	clashHttp "github.com/Dreamacro/clash/component/http"
+	"github.com/Dreamacro/clash/component/mmdb"
+	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/log"
 )
 
 var initGeoSite bool
@@ -38,7 +42,9 @@ func InitGeoSite() error {
 }
 
 func downloadGeoSite(path string) (err error) {
-	resp, err := http.Get(C.GeoSiteUrl)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*90)
+	defer cancel()
+	resp, err := clashHttp.HttpRequest(ctx, C.GeoSiteUrl, http.MethodGet, http.Header{"User-Agent": {"clash"}}, nil)
 	if err != nil {
 		return
 	}
@@ -55,7 +61,9 @@ func downloadGeoSite(path string) (err error) {
 }
 
 func downloadGeoIP(path string) (err error) {
-	resp, err := http.Get(C.GeoIpUrl)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*90)
+	defer cancel()
+	resp, err := clashHttp.HttpRequest(ctx, C.GeoIpUrl, http.MethodGet, http.Header{"User-Agent": {"clash"}}, nil)
 	if err != nil {
 		return
 	}

component/geodata/memconservative/cache.go

@@ -118,7 +118,7 @@ func (g GeoSiteCache) Unmarshal(filename, code string) (*router.GeoSite, error)
 
 	case errFailedToReadBytes, errFailedToReadExpectedLenBytes,
 		errInvalidGeodataFile, errInvalidGeodataVarintLength:
-		log.Warnln("failed to decode geoip file: %s%s", filename, ", fallback to the original ReadFile method")
+		log.Warnln("failed to decode geosite file: %s%s", filename, ", fallback to the original ReadFile method")
 		geositeBytes, err = os.ReadFile(asset)
 		if err != nil {
 			return nil, err

component/geodata/strmatcher/mph_matcher.go

@@ -234,26 +234,26 @@ tail:
 	case s == 0:
 	case s < 4:
 		h ^= uint64(*(*byte)(p))
-		h ^= uint64(*(*byte)(add(p, s>>1))) << 8
+		h ^= uint64(*(*byte)(unsafe.Add(p, s>>1))) << 8
-		h ^= uint64(*(*byte)(add(p, s-1))) << 16
+		h ^= uint64(*(*byte)(unsafe.Add(p, s-1))) << 16
 		h = rotl31(h*m1) * m2
 	case s <= 8:
 		h ^= uint64(readUnaligned32(p))
-		h ^= uint64(readUnaligned32(add(p, s-4))) << 32
+		h ^= uint64(readUnaligned32(unsafe.Add(p, s-4))) << 32
 		h = rotl31(h*m1) * m2
 	case s <= 16:
 		h ^= readUnaligned64(p)
 		h = rotl31(h*m1) * m2
-		h ^= readUnaligned64(add(p, s-8))
+		h ^= readUnaligned64(unsafe.Add(p, s-8))
 		h = rotl31(h*m1) * m2
 	case s <= 32:
 		h ^= readUnaligned64(p)
 		h = rotl31(h*m1) * m2
-		h ^= readUnaligned64(add(p, 8))
+		h ^= readUnaligned64(unsafe.Add(p, 8))
 		h = rotl31(h*m1) * m2
-		h ^= readUnaligned64(add(p, s-16))
+		h ^= readUnaligned64(unsafe.Add(p, s-16))
 		h = rotl31(h*m1) * m2
-		h ^= readUnaligned64(add(p, s-8))
+		h ^= readUnaligned64(unsafe.Add(p, s-8))
 		h = rotl31(h*m1) * m2
 	default:
 		v1 := h
@@ -263,16 +263,16 @@ tail:
 		for s >= 32 {
 			v1 ^= readUnaligned64(p)
 			v1 = rotl31(v1*m1) * m2
-			p = add(p, 8)
+			p = unsafe.Add(p, 8)
 			v2 ^= readUnaligned64(p)
 			v2 = rotl31(v2*m2) * m3
-			p = add(p, 8)
+			p = unsafe.Add(p, 8)
 			v3 ^= readUnaligned64(p)
 			v3 = rotl31(v3*m3) * m4
-			p = add(p, 8)
+			p = unsafe.Add(p, 8)
 			v4 ^= readUnaligned64(p)
 			v4 = rotl31(v4*m4) * m1
-			p = add(p, 8)
+			p = unsafe.Add(p, 8)
 			s -= 32
 		}
 		h = v1 ^ v2 ^ v3 ^ v4
@@ -285,10 +285,6 @@ tail:
 	return uintptr(h)
 }
 
-func add(p unsafe.Pointer, x uintptr) unsafe.Pointer {
-	return unsafe.Pointer(uintptr(p) + x)
-}
-
 func readUnaligned32(p unsafe.Pointer) uint32 {
 	q := (*[4]byte)(p)
 	return uint32(q[0]) | uint32(q[1])<<8 | uint32(q[2])<<16 | uint32(q[3])<<24

component/geodata/utils.go

@@ -1,9 +1,14 @@
 package geodata
 
 import (
+	"errors"
 	"fmt"
+	"golang.org/x/sync/singleflight"
+	"strings"
+
 	"github.com/Dreamacro/clash/component/geodata/router"
 	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/log"
 )
 
 var geoLoaderName = "memconservative"
@@ -34,6 +39,8 @@ func Verify(name string) error {
 	}
 }
 
+var loadGeoSiteMatcherSF = singleflight.Group{}
+
 func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error) {
 	if len(countryCode) == 0 {
 		return nil, 0, fmt.Errorf("country code could not be empty")
@@ -44,16 +51,53 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 		not = true
 		countryCode = countryCode[1:]
 	}
+	countryCode = strings.ToLower(countryCode)
 
-	geoLoader, err := GetGeoDataLoader(geoLoaderName)
+	parts := strings.Split(countryCode, "@")
-	if err != nil {
+	if len(parts) == 0 {
-		return nil, 0, err
+		return nil, 0, errors.New("empty rule")
+	}
+	listName := strings.TrimSpace(parts[0])
+	attrVal := parts[1:]
+
+	if len(listName) == 0 {
+		return nil, 0, fmt.Errorf("empty listname in rule: %s", countryCode)
 	}
 
-	domains, err := geoLoader.LoadGeoSite(countryCode)
+	v, err, shared := loadGeoSiteMatcherSF.Do(listName, func() (interface{}, error) {
+		geoLoader, err := GetGeoDataLoader(geoLoaderName)
 		if err != nil {
+			return nil, err
+		}
+		return geoLoader.LoadGeoSite(listName)
+	})
+	if err != nil {
+		if !shared {
+			loadGeoSiteMatcherSF.Forget(listName) // don't store the error result
+		}
 		return nil, 0, err
 	}
+	domains := v.([]*router.Domain)
+
+	attrs := parseAttrs(attrVal)
+	if attrs.IsEmpty() {
+		if strings.Contains(countryCode, "@") {
+			log.Warnln("empty attribute list: %s", countryCode)
+		}
+	} else {
+		filteredDomains := make([]*router.Domain, 0, len(domains))
+		hasAttrMatched := false
+		for _, domain := range domains {
+			if attrs.Match(domain) {
+				hasAttrMatched = true
+				filteredDomains = append(filteredDomains, domain)
+			}
+		}
+		if !hasAttrMatched {
+			log.Warnln("attribute match no rule: geosite: %s", countryCode)
+		}
+		domains = filteredDomains
+	}
 
 	/**
 	linear: linear algorithm
@@ -68,25 +112,34 @@ func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error)
 	return matcher, len(domains), nil
 }
 
+var loadGeoIPMatcherSF = singleflight.Group{}
+
 func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
 	if len(country) == 0 {
 		return nil, 0, fmt.Errorf("country code could not be empty")
 	}
-	geoLoader, err := GetGeoDataLoader(geoLoaderName)
-	if err != nil {
-		return nil, 0, err
-	}
 
 	not := false
 	if country[0] == '!' {
 		not = true
 		country = country[1:]
 	}
+	country = strings.ToLower(country)
 
-	records, err := geoLoader.LoadGeoIP(country)
+	v, err, shared := loadGeoIPMatcherSF.Do(country, func() (interface{}, error) {
+		geoLoader, err := GetGeoDataLoader(geoLoaderName)
 		if err != nil {
+			return nil, err
+		}
+		return geoLoader.LoadGeoIP(country)
+	})
+	if err != nil {
+		if !shared {
+			loadGeoIPMatcherSF.Forget(country) // don't store the error result
+		}
 		return nil, 0, err
 	}
+	records := v.([]*router.CIDR)
 
 	geoIP := &router.GeoIP{
 		CountryCode:  country,
@@ -98,6 +151,10 @@ func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
 	if err != nil {
 		return nil, 0, err
 	}
-
 	return matcher, len(records), nil
 }
+
+func ClearCache() {
+	loadGeoSiteMatcherSF = singleflight.Group{}
+	loadGeoIPMatcherSF = singleflight.Group{}
+}

component/http/http.go

@@ -2,14 +2,15 @@ package http
 
 import (
 	"context"
-	"github.com/Dreamacro/clash/component/tls"
-	"github.com/Dreamacro/clash/listener/inner"
 	"io"
 	"net"
 	"net/http"
 	URL "net/url"
 	"strings"
 	"time"
+
+	"github.com/Dreamacro/clash/component/tls"
+	"github.com/Dreamacro/clash/listener/inner"
 )
 
 const (
@@ -52,8 +53,12 @@ func HttpRequest(ctx context.Context, url, method string, header map[string][]st
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {
-			conn := inner.HandleTcp(address, urlRes.Hostname())
+			if conn, err := inner.HandleTcp(address); err == nil {
 				return conn, nil
+			} else {
+				d := net.Dialer{}
+				return d.DialContext(ctx, network, address)
+			}
 		},
 		TLSClientConfig: tls.GetDefaultTLSConfig(),
 	}

component/iface/iface.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 	"net"
 	"net/netip"
+	"strings"
 	"time"
 
 	"github.com/Dreamacro/clash/common/singledo"
@@ -23,6 +24,8 @@ var (
 
 var interfaces = singledo.NewSingle[map[string]*Interface](time.Second * 20)
 
+const FlagRunning = 32 // interface is in running state, compatibility with golang<1.20
+
 func ResolveInterface(name string) (*Interface, error) {
 	value, err, _ := interfaces.Do(func() (map[string]*Interface, error) {
 		ifaces, err := net.Interfaces()
@@ -37,12 +40,21 @@ func ResolveInterface(name string) (*Interface, error) {
 			if err != nil {
 				continue
 			}
+			// if not available device like Meta, dummy0, docker0, etc.
+			if (iface.Flags&net.FlagMulticast == 0) || (iface.Flags&net.FlagPointToPoint != 0) || (iface.Flags&FlagRunning == 0) {
+				continue
+			}
 
 			ipNets := make([]*netip.Prefix, 0, len(addrs))
 			for _, addr := range addrs {
 				ipNet := addr.(*net.IPNet)
 				ip, _ := netip.AddrFromSlice(ipNet.IP)
 
+				//unavailable IPv6 Address
+				if ip.Is6() && strings.HasPrefix(ip.String(), "fe80") {
+					continue
+				}
+
 				ones, bits := ipNet.Mask.Size()
 				if bits == 32 {
 					ip = ip.Unmap()

component/mmdb/mmdb.go

@@ -1,14 +1,18 @@
 package mmdb
 
 import (
-	"github.com/oschwald/geoip2-golang"
+	"context"
 	"io"
 	"net/http"
 	"os"
 	"sync"
+	"time"
 
+	clashHttp "github.com/Dreamacro/clash/component/http"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
+
+	"github.com/oschwald/geoip2-golang"
 )
 
 var (
@@ -47,7 +51,9 @@ func Instance() *geoip2.Reader {
 }
 
 func DownloadMMDB(path string) (err error) {
-	resp, err := http.Get(C.MmdbUrl)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*90)
+	defer cancel()
+	resp, err := clashHttp.HttpRequest(ctx, C.MmdbUrl, http.MethodGet, http.Header{"User-Agent": {"clash"}}, nil)
 	if err != nil {
 		return
 	}

component/nat/proxy.go

@@ -0,0 +1,26 @@
+package nat
+
+import (
+	"net"
+
+	"github.com/Dreamacro/clash/common/atomic"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+type writeBackProxy struct {
+	wb atomic.TypedValue[C.WriteBack]
+}
+
+func (w *writeBackProxy) WriteBack(b []byte, addr net.Addr) (n int, err error) {
+	return w.wb.Load().WriteBack(b, addr)
+}
+
+func (w *writeBackProxy) UpdateWriteBack(wb C.WriteBack) {
+	w.wb.Store(wb)
+}
+
+func NewWriteBackProxy(wb C.WriteBack) C.WriteBackProxy {
+	w := &writeBackProxy{}
+	w.UpdateWriteBack(wb)
+	return w
+}

component/nat/table.go

@@ -13,22 +13,24 @@ type Table struct {
 
 type Entry struct {
 	PacketConn      C.PacketConn
+	WriteBackProxy  C.WriteBackProxy
 	LocalUDPConnMap sync.Map
 }
 
-func (t *Table) Set(key string, e C.PacketConn) {
+func (t *Table) Set(key string, e C.PacketConn, w C.WriteBackProxy) {
 	t.mapping.Store(key, &Entry{
 		PacketConn:      e,
+		WriteBackProxy:  w,
 		LocalUDPConnMap: sync.Map{},
 	})
 }
 
-func (t *Table) Get(key string) C.PacketConn {
+func (t *Table) Get(key string) (C.PacketConn, C.WriteBackProxy) {
 	entry, exist := t.getEntry(key)
 	if !exist {
-		return nil
+		return nil, nil
 	}
-	return entry.PacketConn
+	return entry.PacketConn, entry.WriteBackProxy
 }
 
 func (t *Table) GetOrCreateLock(key string) (*sync.Cond, bool) {

component/process/process_windows.go

@@ -67,7 +67,7 @@ func findProcessName(network string, ip netip.Addr, srcPort int) (uint32, string
 		err := initWin32API()
 		if err != nil {
 			log.Errorln("Initialize PROCESS-NAME failed: %s", err.Error())
-			log.Warnln("All PROCESS-NAMES rules will be skiped")
+			log.Warnln("All PROCESS-NAMES rules will be skipped")
 			return
 		}
 	})

component/profile/profile.go

@@ -1,7 +1,7 @@
 package profile
 
 import (
-	"go.uber.org/atomic"
+	"github.com/Dreamacro/clash/common/atomic"
 )
 
 // StoreSelected is a global switch for storing selected proxy to cache

component/proxydialer/proxydialer.go

@@ -0,0 +1,96 @@
+package proxydialer
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"net/netip"
+	"strings"
+
+	N "github.com/Dreamacro/clash/common/net"
+	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/resolver"
+	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/tunnel"
+	"github.com/Dreamacro/clash/tunnel/statistic"
+)
+
+type proxyDialer struct {
+	proxy     C.ProxyAdapter
+	dialer    C.Dialer
+	statistic bool
+}
+
+func New(proxy C.ProxyAdapter, dialer C.Dialer, statistic bool) C.Dialer {
+	return proxyDialer{proxy: proxy, dialer: dialer, statistic: statistic}
+}
+
+func NewByName(proxyName string, dialer C.Dialer) (C.Dialer, error) {
+	proxies := tunnel.Proxies()
+	if proxy, ok := proxies[proxyName]; ok {
+		return New(proxy, dialer, true), nil
+	}
+	return nil, fmt.Errorf("proxyName[%s] not found", proxyName)
+}
+
+func (p proxyDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	currentMeta := &C.Metadata{Type: C.INNER}
+	if err := currentMeta.SetRemoteAddress(address); err != nil {
+		return nil, err
+	}
+	if strings.Contains(network, "udp") { // using in wireguard outbound
+		if !currentMeta.Resolved() {
+			ip, err := resolver.ResolveIP(ctx, currentMeta.Host)
+			if err != nil {
+				return nil, errors.New("can't resolve ip")
+			}
+			currentMeta.DstIP = ip
+		}
+		pc, err := p.listenPacket(ctx, currentMeta)
+		if err != nil {
+			return nil, err
+		}
+		return N.NewBindPacketConn(pc, currentMeta.UDPAddr()), nil
+	}
+	var conn C.Conn
+	var err error
+	if d, ok := p.dialer.(dialer.Dialer); ok { // first using old function to let mux work
+		conn, err = p.proxy.DialContext(ctx, currentMeta, dialer.WithOption(d.Opt))
+	} else {
+		conn, err = p.proxy.DialContextWithDialer(ctx, p.dialer, currentMeta)
+	}
+	if err != nil {
+		return nil, err
+	}
+	if p.statistic {
+		conn = statistic.NewTCPTracker(conn, statistic.DefaultManager, currentMeta, nil, 0, 0, false)
+	}
+	return conn, err
+}
+
+func (p proxyDialer) ListenPacket(ctx context.Context, network, address string, rAddrPort netip.AddrPort) (net.PacketConn, error) {
+	currentMeta := &C.Metadata{Type: C.INNER}
+	if err := currentMeta.SetRemoteAddress(rAddrPort.String()); err != nil {
+		return nil, err
+	}
+	return p.listenPacket(ctx, currentMeta)
+}
+
+func (p proxyDialer) listenPacket(ctx context.Context, currentMeta *C.Metadata) (C.PacketConn, error) {
+	var pc C.PacketConn
+	var err error
+	currentMeta.NetWork = C.UDP
+	if d, ok := p.dialer.(dialer.Dialer); ok { // first using old function to let mux work
+		pc, err = p.proxy.ListenPacketContext(ctx, currentMeta, dialer.WithOption(d.Opt))
+	} else {
+		pc, err = p.proxy.ListenPacketWithDialer(ctx, p.dialer, currentMeta)
+	}
+	if err != nil {
+		return nil, err
+	}
+	if p.statistic {
+		pc = statistic.NewUDPTracker(pc, statistic.DefaultManager, currentMeta, nil, 0, 0, false)
+	}
+	return pc, nil
+}

component/resolver/host.go

@@ -2,12 +2,12 @@ package resolver
 
 import (
 	"errors"
-	"math/rand"
 	"net/netip"
 	"strings"
 
 	"github.com/Dreamacro/clash/common/utils"
 	"github.com/Dreamacro/clash/component/trie"
+	"github.com/zhangyunhao116/fastrand"
 )
 
 type Hosts struct {
@@ -20,6 +20,7 @@ func NewHosts(hosts *trie.DomainTrie[HostValue]) Hosts {
 	}
 }
 
+// Return the search result and whether to match the parameter `isDomain`
 func (h *Hosts) Search(domain string, isDomain bool) (*HostValue, bool) {
 	value := h.DomainTrie.Search(domain)
 	if value == nil {
@@ -108,5 +109,5 @@ func (hv HostValue) RandIP() (netip.Addr, error) {
 	if hv.IsDomain {
 		return netip.Addr{}, errors.New("value type is error")
 	}
-	return hv.IPs[rand.Intn(len(hv.IPs)-1)], nil
+	return hv.IPs[fastrand.Intn(len(hv.IPs))], nil
 }

component/resolver/resolver.go

@@ -44,10 +44,8 @@ type Resolver interface {
 	LookupIP(ctx context.Context, host string) (ips []netip.Addr, err error)
 	LookupIPv4(ctx context.Context, host string) (ips []netip.Addr, err error)
 	LookupIPv6(ctx context.Context, host string) (ips []netip.Addr, err error)
-	ResolveIP(ctx context.Context, host string) (ip netip.Addr, err error)
-	ResolveIPv4(ctx context.Context, host string) (ip netip.Addr, err error)
-	ResolveIPv6(ctx context.Context, host string) (ip netip.Addr, err error)
 	ExchangeContext(ctx context.Context, m *dns.Msg) (msg *dns.Msg, err error)
+	Invalid() bool
 }
 
 // LookupIPv4WithResolver same as LookupIPv4, but with a resolver
@@ -68,7 +66,7 @@ func LookupIPv4WithResolver(ctx context.Context, host string, r Resolver) ([]net
 		return []netip.Addr{}, ErrIPVersion
 	}
 
-	if r != nil {
+	if r != nil && r.Invalid() {
 		return r.LookupIPv4(ctx, host)
 	}
 
@@ -124,7 +122,7 @@ func LookupIPv6WithResolver(ctx context.Context, host string, r Resolver) ([]net
 		return nil, ErrIPVersion
 	}
 
-	if r != nil {
+	if r != nil && r.Invalid() {
 		return r.LookupIPv6(ctx, host)
 	}
 
@@ -164,7 +162,7 @@ func LookupIPWithResolver(ctx context.Context, host string, r Resolver) ([]netip
 		return node.IPs, nil
 	}
 
-	if r != nil {
+	if r != nil && r.Invalid() {
 		if DisableIPv6 {
 			return r.LookupIPv4(ctx, host)
 		}
@@ -200,10 +198,14 @@ func ResolveIPWithResolver(ctx context.Context, host string, r Resolver) (netip.
 	} else if len(ips) == 0 {
 		return netip.Addr{}, fmt.Errorf("%w: %s", ErrIPNotFound, host)
 	}
-	return ips[fastrand.Intn(len(ips))], nil
+	ipv4s, ipv6s := SortationAddr(ips)
+	if len(ipv4s) > 0 {
+		return ipv4s[fastrand.Intn(len(ipv4s))], nil
+	}
+	return ipv6s[fastrand.Intn(len(ipv6s))], nil
 }
 
-// ResolveIP with a host, return ip
+// ResolveIP with a host, return ip and priority return TypeA
 func ResolveIP(ctx context.Context, host string) (netip.Addr, error) {
 	return ResolveIPWithResolver(ctx, host, DefaultResolver)
 }
@@ -264,3 +266,14 @@ func LookupIPProxyServerHost(ctx context.Context, host string) ([]netip.Addr, er
 	}
 	return LookupIP(ctx, host)
 }
+
+func SortationAddr(ips []netip.Addr) (ipv4s, ipv6s []netip.Addr) {
+	for _, v := range ips {
+		if v.Unmap().Is4() {
+			ipv4s = append(ipv4s, v)
+		} else {
+			ipv6s = append(ipv6s, v)
+		}
+	}
+	return
+}

component/sniffer/base_sniffer.go

@@ -10,11 +10,11 @@ import (
 
 type SnifferConfig struct {
 	OverrideDest bool
-	Ports        []utils.Range[uint16]
+	Ports        utils.IntRanges[uint16]
 }
 
 type BaseSniffer struct {
-	ports              []utils.Range[uint16]
+	ports              utils.IntRanges[uint16]
 	supportNetworkType constant.NetWork
 }
 
@@ -35,15 +35,10 @@ func (bs *BaseSniffer) SupportNetwork() constant.NetWork {
 
 // SupportPort implements sniffer.Sniffer
 func (bs *BaseSniffer) SupportPort(port uint16) bool {
-	for _, portRange := range bs.ports {
+	return bs.ports.Check(port)
-		if portRange.Contains(port) {
-			return true
-		}
-	}
-	return false
 }
 
-func NewBaseSniffer(ports []utils.Range[uint16], networkType constant.NetWork) *BaseSniffer {
+func NewBaseSniffer(ports utils.IntRanges[uint16], networkType constant.NetWork) *BaseSniffer {
 	return &BaseSniffer{
 		ports:              ports,
 		supportNetworkType: networkType,

component/sniffer/dispatcher.go

@@ -28,8 +28,8 @@ var Dispatcher *SnifferDispatcher
 type SnifferDispatcher struct {
 	enable           bool
 	sniffers         map[sniffer.Sniffer]SnifferConfig
-	forceDomain     *trie.DomainTrie[struct{}]
+	forceDomain      *trie.DomainSet
-	skipSNI         *trie.DomainTrie[struct{}]
+	skipSNI          *trie.DomainSet
 	skipList         *cache.LruCache[string, uint8]
 	rwMux            sync.RWMutex
 	forceDnsMapping  bool
@@ -37,7 +37,7 @@ type SnifferDispatcher struct {
 }
 
 func (sd *SnifferDispatcher) TCPSniff(conn *N.BufferedConn, metadata *C.Metadata) {
-	if (metadata.Host == "" && sd.parsePureIp) || sd.forceDomain.Search(metadata.Host) != nil || (metadata.DNSMode == C.DNSMapping && sd.forceDnsMapping) {
+	if (metadata.Host == "" && sd.parsePureIp) || sd.forceDomain.Has(metadata.Host) || (metadata.DNSMode == C.DNSMapping && sd.forceDnsMapping) {
 		port, err := strconv.ParseUint(metadata.DstPort, 10, 16)
 		if err != nil {
 			log.Debugln("[Sniffer] Dst port is error")
@@ -74,7 +74,7 @@ func (sd *SnifferDispatcher) TCPSniff(conn *N.BufferedConn, metadata *C.Metadata
 			log.Debugln("[Sniffer] All sniffing sniff failed with from [%s:%s] to [%s:%s]", metadata.SrcIP, metadata.SrcPort, metadata.String(), metadata.DstPort)
 			return
 		} else {
-			if sd.skipSNI.Search(host) != nil {
+			if sd.skipSNI.Has(host) {
 				log.Debugln("[Sniffer] Skip sni[%s]", host)
 				return
 			}
@@ -166,8 +166,8 @@ func NewCloseSnifferDispatcher() (*SnifferDispatcher, error) {
 	return &dispatcher, nil
 }
 
-func NewSnifferDispatcher(snifferConfig map[sniffer.Type]SnifferConfig, forceDomain *trie.DomainTrie[struct{}],
+func NewSnifferDispatcher(snifferConfig map[sniffer.Type]SnifferConfig,
-	skipSNI *trie.DomainTrie[struct{}],
+	forceDomain *trie.DomainSet, skipSNI *trie.DomainSet,
 	forceDnsMapping bool, parsePureIp bool) (*SnifferDispatcher, error) {
 	dispatcher := SnifferDispatcher{
 		enable:          true,