[Chore] workflows

[Chore] Upgrade Dependencies

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,76 +0,0 @@
-name: Bug report
-description: Create a report to help us improve
-title: "[Bug] "
-body:
-  - type: checkboxes
-    id: ensure
-    attributes:
-      label: Verify steps
-      description: "
-在提交之前，请确认
-Please verify that you've followed these steps
-"
-      options:
-        - label: "
-如果你可以自己 debug 并解决的话，提交 PR 吧
-Is this something you can **debug and fix**? Send a pull request! Bug fixes and documentation fixes are welcome.
-"
-          required: true
-        - label: "
-我已经在 [Issue Tracker](……/) 中找过我要提出的问题
-I have searched on the [issue tracker](……/) for a related issue.
-"
-          required: true
-        - label: "
-我已经使用 dev 分支版本测试过，问题依旧存在
-I have tested using the dev branch, and the issue still exists.
-"
-          required: true
-        - label: "
-我已经仔细看过 [Documentation](https://github.com/Dreamacro/clash/wiki/) 并无法自行解决问题
-I have read the [documentation](https://github.com/Dreamacro/clash/wiki/) and was unable to solve the issue.
-"
-          required: true
-        - label: "
-这是 Clash 核心的问题，并非我所使用的 Clash 衍生版本（如 OpenClash、KoolClash 等）的特定问题
-This is an issue of the Clash core *per se*, not to the derivatives of Clash, like OpenClash or KoolClash.
-"
-          required: true
-  - type: input
-    attributes:
-      label: Clash version
-    validations:
-      required: true
-  - type: dropdown
-    id: os
-    attributes:
-      label: What OS are you seeing the problem on?
-      multiple: true
-      options:
-        - macOS
-        - Windows
-        - Linux
-        - OpenBSD/FreeBSD
-  - type: textarea
-    attributes:
-      render: yaml
-      label: "Clash config"
-      description: "
-在下方附上 Clash core 配置文件，请确保配置文件中没有敏感信息（比如：服务器地址，密码，端口等）
-Paste the Clash core configuration file below, please make sure that there is no sensitive information in the configuration file (e.g., server address/url, password, port)
-"
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      render: shell
-      label: Clash log
-      description: "
-在下方附上 Clash Core 的日志，log level 使用 DEBUG
-Paste the Clash core log below with the log level set to `DEBUG`.
-"
-  - type: textarea
-    attributes:
-      label: Description
-    validations:
-      required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -1,6 +0,0 @@
-blank_issues_enabled: false
-
-contact_links:
-  - name: Get help in GitHub Discussions
-    url: https://github.com/Dreamacro/clash/discussions
-    about: Have a question? Not sure if your issue affects everyone reproducibly? The quickest way to get help is on Clash's GitHub Discussions!

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -1,36 +0,0 @@
-name: Feature request
-description: Suggest an idea for this project
-title: "[Feature] "
-body:
-  - type: checkboxes
-    id: ensure
-    attributes:
-      label: Verify steps
-      description: "
-在提交之前，请确认
-Please verify that you've followed these steps
-"
-      options:
-        - label: "
-我已经在 [Issue Tracker](……/) 中找过我要提出的请求
-I have searched on the [issue tracker](……/) for a related feature request.
-"
-          required: true
-        - label: "
-我已经仔细看过 [Documentation](https://github.com/Dreamacro/clash/wiki/) 并无法自行解决问题
-I have read the [documentation](https://github.com/Dreamacro/clash/wiki/) and was unable to solve the issue.
-"
-          required: true
-  - type: textarea
-    attributes:
-      label: Description
-      description: 请详细、清晰地表达你要提出的论述，例如这个问题如何影响到你？你想实现什么功能？目前 Clash Core 的行为是什麽？
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Possible Solution
-      description: "
-此项非必须，但是如果你有想法的话欢迎提出。
-Not obligatory, but suggest a fix/reason for the bug, or ideas how to implement the addition or change
-"

.github/workflows/build.yaml

@@ -0,0 +1,20 @@
+name: Build All
+on:
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.18
+      - name: Check out code
+        uses: actions/checkout@v1
+      - name: Build
+        run: make all
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: bin/*
+          draft: true

.github/workflows/codeql-analysis.yml

@@ -1,30 +0,0 @@
-name: CodeQL
-
-on:
-  push:
-    branches: [master, dev]
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: ['go']
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2

.github/workflows/docker.yml

@@ -1,80 +0,0 @@
-name: Publish Docker Image
-on:
-  push:
-    branches:
-      - dev
-    tags:
-      - '*'
-jobs:
-
-  build:
-    name: Build
-    runs-on: ubuntu-latest
-    steps:
-
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-        with:
-          platforms: all
-
-      - name: Set up docker buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          version: latest
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      
-      - name: Login to Github Package
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: Dreamacro
-          password: ${{ secrets.PACKAGE_TOKEN }}
-
-      - name: Build dev branch and push
-        if: github.ref == 'refs/heads/dev'
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
-          push: true
-          tags: 'dreamacro/clash:dev,ghcr.io/dreamacro/clash:dev'
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Get all docker tags
-        if: startsWith(github.ref, 'refs/tags/')
-        uses: actions/github-script@v6
-        id: tags
-        with:
-          script: |
-            const ref = context.payload.ref.replace(/\/?refs\/tags\//, '')
-            const tags = [
-              'dreamacro/clash:latest',
-              `dreamacro/clash:${ref}`,
-              'ghcr.io/dreamacro/clash:latest',
-              `ghcr.io/dreamacro/clash:${ref}`
-            ]
-            return tags.join(',')
-          result-encoding: string
-
-      - name: Build release and push
-        if: startsWith(github.ref, 'refs/tags/')
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
-          push: true
-          tags: ${{steps.tags.outputs.result}}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max

.github/workflows/linter.yml

@@ -1,18 +0,0 @@
-name: Linter
-on: [push, pull_request]
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Setup Go
-        uses: actions/setup-go@v3
-        with:
-          check-latest: true
-          go-version: '1.19'
-
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: latest

.github/workflows/release.yml

@@ -1,14 +1,18 @@
 name: Release
 on: [push]
 jobs:
-  build:
+  Feature-build:
+    if: ${{ !contains(github.event.head_commit.message, '[Skip CI]') }}
     runs-on: ubuntu-latest
     steps:
+      - name: Get latest go version
+        id: version
+        run: |
+          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v2
         with:
-          check-latest: true
+          go-version: ${{ steps.version.outputs.go_version }}
-          go-version: '1.19'
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@v3
@@ -16,27 +20,52 @@ jobs:
       - name: Cache go module
         uses: actions/cache@v2
         with:
-          path: |
+          path: ~/go/pkg/mod
-            ~/go/pkg/mod
-            ~/.cache/go-build
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-
+      #      - name: Get dependencies, run test
-      - name: Get dependencies, run test
+      #        run: |
-        run: |
+      #          go test ./...
-          go test ./...
-
       - name: Build
-        if: startsWith(github.ref, 'refs/tags/')
+        if: success()
         env:
-          NAME: clash
+          NAME: Clash.Meta
           BINDIR: bin
         run: make -j releases
 
+      - name: Delete current release assets
+        uses: andreaswilli/delete-release-assets-action@v2.0.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: alpha
+          deleteOnlyFromDrafts: false
+
+      - name: Tag Repo
+        uses: richardsimko/update-tag@v1
+        with:
+          tag_name: v1.10.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Upload Release
         uses: softprops/action-gh-release@v1
-        if: startsWith(github.ref, 'refs/tags/')
+        if: ${{ env.GIT_BRANCH == 'Meta' && success() }}
         with:
+          tag: ${{ github.ref }}
+          tag_name: v1.10.0
           files: bin/*
-          draft: true
+          prerelease: false
+
+      - name: send telegram message on push
+        uses: appleboy/telegram-action@master
+        with:
+          to: ${{ secrets.TTELEGRAM_CHAT_ID }}
+          token: ${{ secrets.TELEGRAM_TOKEN }}
+          message: |
+            ${{ github.actor }} created commit:
+            Commit message: ${{ github.event.commits[0].message }}
+
+            Repository: ${{ github.repository }}
+
+            See changes: https://github.com/${{ github.repository }}/commit/${{github.sha}}

.github/workflows/stale.yml

@@ -1,18 +0,0 @@
-  
-name: Mark stale issues and pull requests
-
-on:
-  schedule:
-    - cron: "30 1 * * *"
-
-jobs:
-  stale:
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/stale@v5
-        with:
-          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days'
-          days-before-stale: 60
-          days-before-close: 5

.gitignore

@@ -23,3 +23,5 @@ vendor
 
 # test suite
 test/config/cache*
+/output
+/.vscode

.golangci.yaml

@@ -8,10 +8,9 @@ linters:
 
 linters-settings:
   gci:
-    custom-order: true
     sections:
       - standard
       - prefix(github.com/Dreamacro/clash)
       - default
   staticcheck:
-    go: '1.19'
+    go: '1.18'

Makefile

@@ -1,5 +1,6 @@
-NAME=clash
+NAME=Clash.Meta
 BINDIR=bin
+BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
 VERSION=$(shell git describe --tags || echo "unknown version")
 BUILDTIME=$(shell date -u)
 GOBUILD=CGO_ENABLED=0 go build -trimpath -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
@@ -7,57 +8,70 @@ GOBUILD=CGO_ENABLED=0 go build -trimpath -ldflags '-X "github.com/Dreamacro/clas
 		-w -s -buildid='
 
 PLATFORM_LIST = \
-	darwin-amd64 \
+	darwin-amd64v1 \
-	darwin-amd64-v3 \
+	darwin-amd64v2 \
+	darwin-amd64v3 \
 	darwin-arm64 \
-	linux-386 \
+	linux-amd64v1 \
-	linux-amd64 \
+	linux-amd64v2 \
-	linux-amd64-v3 \
+	linux-amd64v3 \
 	linux-armv5 \
 	linux-armv6 \
 	linux-armv7 \
-	linux-armv8 \
+	linux-arm64 \
+	linux-mips64 \
+	linux-mips64le \
 	linux-mips-softfloat \
 	linux-mips-hardfloat \
 	linux-mipsle-softfloat \
 	linux-mipsle-hardfloat \
-	linux-mips64 \
+	android-arm64 \
-	linux-mips64le \
 	freebsd-386 \
 	freebsd-amd64 \
-	freebsd-amd64-v3 \
 	freebsd-arm64
 
 WINDOWS_ARCH_LIST = \
 	windows-386 \
-	windows-amd64 \
+	windows-amd64v1 \
-	windows-amd64-v3 \
+	windows-amd64v2 \
+	windows-amd64v3 \
 	windows-arm64 \
     windows-arm32v7
 
-all: linux-amd64 darwin-amd64 windows-amd64 # Most used
+all:linux-amd64 linux-arm64\
+	darwin-amd64 darwin-arm64\
+ 	windows-amd64 windows-arm64\
 
 docker:
 	$(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-darwin-amd64:
+darwin-amd64v3:
-	GOARCH=amd64 GOOS=darwin $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
-
-darwin-amd64-v3:
 	GOARCH=amd64 GOOS=darwin GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
+darwin-amd64v2:
+	GOARCH=amd64 GOOS=darwin GOAMD64=v2 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+darwin-amd64v1:
+	GOARCH=amd64 GOOS=darwin GOAMD64=v1 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
 darwin-arm64:
 	GOARCH=arm64 GOOS=darwin $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
 linux-386:
 	GOARCH=386 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-linux-amd64:
+linux-amd64v3:
-	GOARCH=amd64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
-
-linux-amd64-v3:
 	GOARCH=amd64 GOOS=linux GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
+linux-amd64v2:
+	GOARCH=amd64 GOOS=linux GOAMD64=v2 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-amd64v1:
+	GOARCH=amd64 GOOS=linux GOAMD64=v1 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
+linux-arm64:
+	GOARCH=arm64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
 linux-armv5:
 	GOARCH=arm GOOS=linux GOARM=5 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
@@ -67,9 +81,6 @@ linux-armv6:
 linux-armv7:
 	GOARCH=arm GOOS=linux GOARM=7 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
-linux-armv8:
-	GOARCH=arm64 GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
-
 linux-mips-softfloat:
 	GOARCH=mips GOMIPS=softfloat GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
@@ -88,13 +99,13 @@ linux-mips64:
 linux-mips64le:
 	GOARCH=mips64le GOOS=linux $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
+android-arm64:
+	GOARCH=arm64 GOOS=android $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
+
 freebsd-386:
 	GOARCH=386 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
 freebsd-amd64:
-	GOARCH=amd64 GOOS=freebsd $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
-
-freebsd-amd64-v3:
 	GOARCH=amd64 GOOS=freebsd GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
 
 freebsd-arm64:
@@ -103,12 +114,15 @@ freebsd-arm64:
 windows-386:
 	GOARCH=386 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
 
-windows-amd64:
+windows-amd64v3:
-	GOARCH=amd64 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
-
-windows-amd64-v3:
 	GOARCH=amd64 GOOS=windows GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
 
+windows-amd64v2:
+	GOARCH=amd64 GOOS=windows GOAMD64=v2 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+
+windows-amd64v1:
+	GOARCH=amd64 GOOS=windows GOAMD64=v1 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
+
 windows-arm64:
 	GOARCH=arm64 GOOS=windows $(GOBUILD) -o $(BINDIR)/$(NAME)-$@.exe
 
@@ -129,12 +143,11 @@ all-arch: $(PLATFORM_LIST) $(WINDOWS_ARCH_LIST)
 
 releases: $(gz_releases) $(zip_releases)
 
+vet:
+	go test ./...
+
 lint:
-	GOOS=darwin golangci-lint run ./...
+	golangci-lint run ./...
-	GOOS=windows golangci-lint run ./...
-	GOOS=linux golangci-lint run ./...
-	GOOS=freebsd golangci-lint run ./...
-	GOOS=openbsd golangci-lint run ./...
 
 clean:
 	rm $(BINDIR)/*

README.md

@@ -1,23 +1,20 @@
 <h1 align="center">
-  <img src="https://github.com/Dreamacro/clash/raw/master/docs/logo.png" alt="Clash" width="200">
+  <img src="Meta.png" alt="Meta Kennel" width="200">
-  <br>Clash<br>
+  <br>Meta Kernel<br>
 </h1>
 
-<h4 align="center">A rule-based tunnel in Go.</h4>
+<h3 align="center">Another Clash Kernel.</h3>
 
 <p align="center">
-  <a href="https://github.com/Dreamacro/clash/actions">
+  <a href="https://goreportcard.com/report/github.com/Clash-Mini/Clash.Meta">
-    <img src="https://img.shields.io/github/workflow/status/Dreamacro/clash/Go?style=flat-square" alt="Github Actions">
+    <img src="https://goreportcard.com/badge/github.com/Clash-Mini/Clash.Meta?style=flat-square">
-  </a>
-  <a href="https://goreportcard.com/report/github.com/Dreamacro/clash">
-    <img src="https://goreportcard.com/badge/github.com/Dreamacro/clash?style=flat-square">
   </a>
   <img src="https://img.shields.io/github/go-mod/go-version/Dreamacro/clash?style=flat-square">
-  <a href="https://github.com/Dreamacro/clash/releases">
+  <a href="https://github.com/Clash-Mini/Clash.Meta/releases">
-    <img src="https://img.shields.io/github/release/Dreamacro/clash/all.svg?style=flat-square">
+    <img src="https://img.shields.io/github/release/Clash-Mini/Clash.Meta/all.svg?style=flat-square">
   </a>
-  <a href="https://github.com/Dreamacro/clash/releases/tag/premium">
+  <a href="https://github.com/Clash-Mini/Clash.Meta">
-    <img src="https://img.shields.io/badge/release-Premium-00b4f0?style=flat-square">
+    <img src="https://img.shields.io/badge/release-Meta-00b4f0?style=flat-square">
   </a>
 </p>
 
@@ -32,26 +29,267 @@
 - Netfilter TCP redirecting. Deploy Clash on your Internet gateway with `iptables`.
 - Comprehensive HTTP RESTful API controller
 
-## Premium Features
-
-- TUN mode on macOS, Linux and Windows. [Doc](https://github.com/Dreamacro/clash/wiki/premium-core-features#tun-device)
-- Match your tunnel by [Script](https://github.com/Dreamacro/clash/wiki/premium-core-features#script)
-- [Rule Provider](https://github.com/Dreamacro/clash/wiki/premium-core-features#rule-providers)
-
 ## Getting Started
 Documentations are now moved to [GitHub Wiki](https://github.com/Dreamacro/clash/wiki).
 
-## Premium Release
+## Advanced usage for this branch
-[Release](https://github.com/Dreamacro/clash/releases/tag/premium)
+
+### DNS configuration
+
+Support `geosite` with `fallback-filter`.
+
+Restore `Redir remote resolution`.
+
+Support resolve ip with a `Proxy Tunnel`.
+
+```yaml
+proxy-groups:
+
+  - name: DNS
+    type: url-test
+    use:
+      - HK
+    url: http://cp.cloudflare.com
+    interval: 180
+    lazy: true
+```
+```yaml
+dns:
+  enable: true
+  use-hosts: true
+  ipv6: false
+  enhanced-mode: redir-host
+  fake-ip-range: 198.18.0.1/16
+  listen: 127.0.0.1:6868
+  default-nameserver:
+    - 119.29.29.29
+    - 114.114.114.114
+  nameserver:
+    - https://doh.pub/dns-query
+    - tls://223.5.5.5:853
+  fallback:
+    - 'https://1.0.0.1/dns-query#DNS'  # append the proxy adapter name or group name to the end of DNS URL with '#' prefix.
+    - 'tls://8.8.4.4:853#DNS'
+  fallback-filter:
+    geoip: false
+    geosite:
+      - gfw  # `geosite` filter only use fallback server to resolve ip, prevent DNS leaks to unsafe DNS providers.
+    domain:
+      - +.example.com
+    ipcidr:
+      - 0.0.0.0/32
+```
+
+### TUN configuration
+
+Supports macOS, Linux and Windows.
+
+Built-in [Wintun](https://www.wintun.net) driver.
+
+```yaml
+# Enable the TUN listener
+tun:
+  enable: true
+  stack: gvisor #  only gvisor
+  dns-hijack: 
+    - 0.0.0.0:53 # additional dns server listen on TUN
+  auto-route: true # auto set global route
+```
+### Rules configuration
+- Support rule `GEOSITE`.
+- Support rule-providers `RULE-SET`.
+- Support `multiport` condition for rule `SRC-PORT` and `DST-PORT`.
+- Support `network` condition for all rules.
+- Support source IPCIDR condition for all rules, just append to the end.
+- The `GEOSITE` databases via https://github.com/Loyalsoldier/v2ray-rules-dat.
+```yaml
+rules:
+
+  # network(tcp/udp) condition for all rules
+  - DOMAIN-SUFFIX,bilibili.com,DIRECT,tcp
+  - DOMAIN-SUFFIX,bilibili.com,REJECT,udp
+    
+  # multiport condition for rules SRC-PORT and DST-PORT
+  - DST-PORT,123/136/137-139,DIRECT,udp
+  
+  # rule GEOSITE
+  - GEOSITE,category-ads-all,REJECT
+  - GEOSITE,icloud@cn,DIRECT
+  - GEOSITE,apple@cn,DIRECT
+  - GEOSITE,apple-cn,DIRECT
+  - GEOSITE,microsoft@cn,DIRECT
+  - GEOSITE,facebook,PROXY
+  - GEOSITE,youtube,PROXY
+  - GEOSITE,geolocation-cn,DIRECT
+  - GEOSITE,geolocation-!cn,PROXY
+    
+  # source IPCIDR condition for all rules in gateway proxy
+  #- GEOSITE,geolocation-!cn,REJECT,192.168.1.88/32,192.168.1.99/32
+
+  - GEOIP,telegram,PROXY,no-resolve
+  - GEOIP,private,DIRECT,no-resolve
+  - GEOIP,cn,DIRECT
+  
+  - MATCH,PROXY
+```
+
+
+### Proxies configuration
+
+Active health detection `urltest / fallback` (based on tcp handshake, multiple failures within a limited time will actively trigger health detection to use the node)
+
+Support `Policy Group Filter`
+
+```yaml
+proxy-groups:
+
+  - name: 🚀 HK Group
+    type: select
+    use:
+      - ALL
+    filter: 'HK'
+
+  - name: 🚀 US Group
+    type: select
+    use:
+      - ALL
+    filter: 'US'
+
+proxy-providers:
+  ALL:
+    type: http
+    url: "xxxxx"
+    interval: 3600
+    path: "xxxxx"
+    health-check:
+      enable: true
+      interval: 600
+      url: http://www.gstatic.com/generate_204
+
+```
+
+
+
+Support outbound transport protocol `VLESS`.
+
+The XTLS support (TCP/UDP) transport by the XRAY-CORE.
+```yaml
+proxies:
+  - name: "vless"
+    type: vless
+    server: server
+    port: 443
+    uuid: uuid
+    servername: example.com # AKA SNI
+    # flow: xtls-rprx-direct # xtls-rprx-origin  # enable XTLS
+    # skip-cert-verify: true
+    
+  - name: "vless-ws"
+    type: vless
+    server: server
+    port: 443
+    uuid: uuid
+    tls: true
+    udp: true
+    network: ws
+    servername: example.com # priority over wss host
+    # skip-cert-verify: true
+    ws-opts:
+      path: /path
+      headers: { Host: example.com, Edge: "12a00c4.fm.huawei.com:82897" }
+
+  - name: "vless-grpc"
+    type: vless
+    server: server
+    port: 443
+    uuid: uuid
+    tls: true
+    udp: true
+    network: grpc
+    servername: example.com # priority over wss host
+    # skip-cert-verify: true
+    grpc-opts: 
+      grpc-service-name: grpcname
+```
+
+### IPTABLES configuration
+Work on Linux OS who's supported `iptables`
+
+```yaml
+# Enable the TPROXY listener
+tproxy-port: 9898
+
+iptables:
+  enable: true # default is false
+  inbound-interface: eth0 # detect the inbound interface, default is 'lo'
+```
+
+
+### General installation guide for Linux  
++ Create user given name `clash-meta`
+
++ Download and decompress pre-built binaries from [releases](https://github.com/MetaCubeX/Clash.Meta/releases)  
+
++ Rename executable file to `Clash-Meta` and move to `/usr/local/bin/` 
+
++ Create folder `/etc/Clash-Meta/` as working directory 
+
+
+
+Run Meta Kernel by user `clash-meta` as a daemon.
+
+Create the systemd configuration file at `/etc/systemd/system/Clash-Meta.service`:
+
+```
+[Unit]
+Description=Clash-Meta Daemon, Another Clash Kernel.
+After=network.target NetworkManager.service systemd-networkd.service iwd.service
+
+[Service]
+Type=simple
+User=clash-meta
+Group=clash-meta
+LimitNPROC=500
+LimitNOFILE=1000000
+CapabilityBoundingSet=cap_net_admin
+AmbientCapabilities=cap_net_admin
+Restart=always
+ExecStartPre=/usr/bin/sleep 1s
+ExecStart=/usr/local/bin/Clash-Meta -d /etc/Clash-Meta
+
+[Install]
+WantedBy=multi-user.target
+```
+Launch clashd on system startup with:
+```shell
+$ systemctl enable Clash-Meta
+```
+Launch clashd immediately with:
+
+```shell
+$ systemctl start Clash-Meta
+```
+
+### Display Process name
+
+Clash add field `Process` to `Metadata` and prepare to get process name for Restful API `GET /connections`.
+
+To display process name in GUI please use [Dashboard For Meta](https://github.com/Clash-Mini/Dashboard).
+
+![img.png](https://github.com/Clash-Mini/Dashboard/raw/master/View/Dashboard-Process.png)
 
 ## Development
-If you want to build an application that uses clash as a library, check out the the [GitHub Wiki](https://github.com/Dreamacro/clash/wiki/use-clash-as-a-library)
+
+If you want to build an application that uses clash as a library, check out the
+the [GitHub Wiki](https://github.com/Dreamacro/clash/wiki/use-clash-as-a-library)
 
 ## Credits
 
+* [Dreamacro/clash](https://github.com/Dreamacro/clash)
 * [riobard/go-shadowsocks2](https://github.com/riobard/go-shadowsocks2)
 * [v2ray/v2ray-core](https://github.com/v2ray/v2ray-core)
 * [WireGuard/wireguard-go](https://github.com/WireGuard/wireguard-go)
+* [yaling888/clash-plus-pro](https://github.com/yaling888/clash)
 
 ## License
 

adapter/adapter.go

@@ -7,6 +7,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"strings"
 	"time"
 
 	"github.com/Dreamacro/clash/common/queue"
@@ -16,6 +17,8 @@ import (
 	"go.uber.org/atomic"
 )
 
+var UnifiedDelay = atomic.NewBool(false)
+
 type Proxy struct {
 	C.ProxyAdapter
 	history *queue.Queue
@@ -37,7 +40,11 @@ func (p *Proxy) Dial(metadata *C.Metadata) (C.Conn, error) {
 // DialContext implements C.ProxyAdapter
 func (p *Proxy) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	conn, err := p.ProxyAdapter.DialContext(ctx, metadata, opts...)
-	p.alive.Store(err == nil)
+	wasCancel := false
+	if err != nil {
+		wasCancel = strings.Contains(err.Error(), "operation was canceled")
+	}
+	p.alive.Store(err == nil || wasCancel)
 	return conn, err
 }
 
@@ -114,6 +121,8 @@ func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 		}
 	}()
 
+	unifiedDelay := UnifiedDelay.Load()
+
 	addr, err := urlToMetadata(url)
 	if err != nil {
 		return
@@ -150,11 +159,19 @@ func (p *Proxy) URLTest(ctx context.Context, url string) (t uint16, err error) {
 		},
 	}
 	defer client.CloseIdleConnections()
-
 	resp, err := client.Do(req)
 	if err != nil {
 		return
 	}
+
+	if unifiedDelay {
+		start = time.Now()
+		resp, err = client.Do(req)
+		if err != nil {
+			return
+		}
+	}
+
 	resp.Body.Close()
 	t = uint16(time.Since(start) / time.Millisecond)
 	return
@@ -184,6 +201,7 @@ func urlToMetadata(rawURL string) (addr C.Metadata, err error) {
 	}
 
 	addr = C.Metadata{
+		AddrType: C.AtypDomainName,
 		Host:     u.Hostname(),
 		DstIP:    nil,
 		DstPort:  port,

adapter/inbound/socket.go

@@ -20,3 +20,26 @@ func NewSocket(target socks5.Addr, conn net.Conn, source C.Type) *context.ConnCo
 
 	return context.NewConnContext(conn, metadata)
 }
+
+func NewInner(conn net.Conn, dst string, host string) *context.ConnContext {
+	metadata := &C.Metadata{}
+	metadata.NetWork = C.TCP
+	metadata.Type = C.INNER
+	metadata.DNSMode = C.DNSMapping
+	metadata.Host = host
+	metadata.AddrType = C.AtypDomainName
+	metadata.Process = C.ClashName
+	if ip, port, err := parseAddr(dst); err == nil {
+		metadata.DstPort = port
+		if host == "" {
+			metadata.DstIP = ip
+			if ip.To4() == nil {
+				metadata.AddrType = C.AtypIPv6
+			} else {
+				metadata.AddrType = C.AtypIPv4
+			}
+		}
+	}
+
+	return context.NewConnContext(conn, metadata)
+}

adapter/inbound/util.go

@@ -11,7 +11,9 @@ import (
 )
 
 func parseSocksAddr(target socks5.Addr) *C.Metadata {
-	metadata := &C.Metadata{}
+	metadata := &C.Metadata{
+		AddrType: int(target[0]),
+	}
 
 	switch target[0] {
 	case socks5.AtypDomainName:
@@ -43,12 +45,20 @@ func parseHTTPAddr(request *http.Request) *C.Metadata {
 
 	metadata := &C.Metadata{
 		NetWork:  C.TCP,
+		AddrType: C.AtypDomainName,
 		Host:     host,
 		DstIP:    nil,
 		DstPort:  port,
 	}
 
-	if ip := net.ParseIP(host); ip != nil {
+	ip := net.ParseIP(host)
+	if ip != nil {
+		switch {
+		case ip.To4() == nil:
+			metadata.AddrType = C.AtypIPv6
+		default:
+			metadata.AddrType = C.AtypIPv4
+		}
 		metadata.DstIP = ip
 	}
 

adapter/outbound/direct.go

@@ -14,6 +14,7 @@ type Direct struct {
 
 // DialContext implements C.ProxyAdapter
 func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
+	opts = append(opts, dialer.WithDirect())
 	c, err := dialer.DialContext(ctx, "tcp", metadata.RemoteAddress(), d.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
@@ -24,6 +25,7 @@ func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata, opts ...
 
 // ListenPacketContext implements C.ProxyAdapter
 func (d *Direct) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
+	opts = append(opts, dialer.WithDirect())
 	pc, err := dialer.ListenPacket(ctx, "udp", "", d.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
@@ -44,3 +46,23 @@ func NewDirect() *Direct {
 		},
 	}
 }
+
+func NewCompatible() *Direct {
+	return &Direct{
+		Base: &Base{
+			name: "COMPATIBLE",
+			tp:   C.Compatible,
+			udp:  true,
+		},
+	}
+}
+
+func NewPass() *Direct {
+	return &Direct{
+		Base: &Base{
+			name: "Pass",
+			tp:   C.Pass,
+			udp:  true,
+		},
+	}
+}

adapter/outbound/http.go

@@ -40,9 +40,7 @@ type HttpOption struct {
 func (h *Http) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	if h.tlsConfig != nil {
 		cc := tls.Client(c, h.tlsConfig)
-		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
+		err := cc.Handshake()
-		defer cancel()
-		err := cc.HandshakeContext(ctx)
 		c = cc
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", h.addr, err)

adapter/outbound/shadowsocks.go

@@ -10,10 +10,11 @@ import (
 	"github.com/Dreamacro/clash/common/structure"
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/transport/shadowsocks/core"
 	obfs "github.com/Dreamacro/clash/transport/simple-obfs"
 	"github.com/Dreamacro/clash/transport/socks5"
 	v2rayObfs "github.com/Dreamacro/clash/transport/v2ray-plugin"
+
+	"github.com/Dreamacro/go-shadowsocks2/core"
 )
 
 type ShadowSocks struct {

adapter/outbound/shadowsocksr.go

@@ -8,11 +8,12 @@ import (
 
 	"github.com/Dreamacro/clash/component/dialer"
 	C "github.com/Dreamacro/clash/constant"
-	"github.com/Dreamacro/clash/transport/shadowsocks/core"
-	"github.com/Dreamacro/clash/transport/shadowsocks/shadowaead"
-	"github.com/Dreamacro/clash/transport/shadowsocks/shadowstream"
 	"github.com/Dreamacro/clash/transport/ssr/obfs"
 	"github.com/Dreamacro/clash/transport/ssr/protocol"
+
+	"github.com/Dreamacro/go-shadowsocks2/core"
+	"github.com/Dreamacro/go-shadowsocks2/shadowaead"
+	"github.com/Dreamacro/go-shadowsocks2/shadowstream"
 )
 
 type ShadowSocksR struct {
@@ -91,12 +92,6 @@ func (ssr *ShadowSocksR) ListenPacketContext(ctx context.Context, metadata *C.Me
 }
 
 func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
-	// SSR protocol compatibility
-	// https://github.com/Dreamacro/clash/pull/2056
-	if option.Cipher == "none" {
-		option.Cipher = "dummy"
-	}
-
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	cipher := option.Cipher
 	password := option.Password
@@ -108,14 +103,13 @@ func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
 		ivSize int
 		key    []byte
 	)
-
 	if option.Cipher == "dummy" {
 		ivSize = 0
 		key = core.Kdf(option.Password, 16)
 	} else {
 		ciph, ok := coreCiph.(*core.StreamCipher)
 		if !ok {
-			return nil, fmt.Errorf("%s is not none or a supported stream cipher in ssr", cipher)
+			return nil, fmt.Errorf("%s is not dummy or a supported stream cipher in ssr", cipher)
 		}
 		ivSize = ciph.IVSize()
 		key = ciph.Key

adapter/outbound/socks5.go

@@ -39,9 +39,7 @@ type Socks5Option struct {
 func (ss *Socks5) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	if ss.tls {
 		cc := tls.Client(c, ss.tlsConfig)
-		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
+		err := cc.Handshake()
-		defer cancel()
-		err := cc.HandshakeContext(ctx)
 		c = cc
 		if err != nil {
 			return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
@@ -89,9 +87,7 @@ func (ss *Socks5) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 
 	if ss.tls {
 		cc := tls.Client(c, ss.tlsConfig)
-		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
+		err = cc.Handshake()
-		defer cancel()
-		err = cc.HandshakeContext(ctx)
 		c = cc
 	}
 

adapter/outbound/trojan.go

@@ -12,6 +12,7 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
 	"github.com/Dreamacro/clash/transport/trojan"
+	"github.com/Dreamacro/clash/transport/vless"
 
 	"golang.org/x/net/http2"
 )
@@ -40,6 +41,8 @@ type TrojanOption struct {
 	Network        string      `proxy:"network,omitempty"`
 	GrpcOpts       GrpcOptions `proxy:"grpc-opts,omitempty"`
 	WSOpts         WSOptions   `proxy:"ws-opts,omitempty"`
+	Flow           string      `proxy:"flow,omitempty"`
+	FlowShow       bool        `proxy:"flow-show,omitempty"`
 }
 
 func (t *Trojan) plainStream(c net.Conn) (net.Conn, error) {
@@ -82,6 +85,11 @@ func (t *Trojan) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error)
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
 
+	c, err = t.instance.PresetXTLSConn(c)
+	if err != nil {
+		return nil, err
+	}
+
 	err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata))
 	return c, err
 }
@@ -95,6 +103,12 @@ func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata, opts ...
 			return nil, err
 		}
 
+		c, err = t.instance.PresetXTLSConn(c)
+		if err != nil {
+			c.Close()
+			return nil, err
+		}
+
 		if err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata)); err != nil {
 			c.Close()
 			return nil, err
@@ -160,6 +174,17 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 		ALPN:           option.ALPN,
 		ServerName:     option.Server,
 		SkipCertVerify: option.SkipCertVerify,
+		FlowShow:       option.FlowShow,
+	}
+
+	if option.Network != "ws" && len(option.Flow) >= 16 {
+		option.Flow = option.Flow[:16]
+		switch option.Flow {
+		case vless.XRO, vless.XRD, vless.XRS:
+			tOption.Flow = option.Flow
+		default:
+			return nil, fmt.Errorf("unsupported xtls flow type: %s", option.Flow)
+		}
 	}
 
 	if option.SNI != "" {
@@ -196,7 +221,12 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 			ServerName:         tOption.ServerName,
 		}
 
+		if t.option.Flow != "" {
+			t.transport = gun.NewHTTP2XTLSClient(dialFn, tlsConfig)
+		} else {
 			t.transport = gun.NewHTTP2Client(dialFn, tlsConfig)
+		}
+
 		t.gunTLSConfig = tlsConfig
 		t.gunConfig = &gun.Config{
 			ServiceName: option.GrpcOpts.GrpcServiceName,

adapter/outbound/util.go

@@ -2,8 +2,11 @@ package outbound
 
 import (
 	"bytes"
+	"crypto/tls"
+	xtls "github.com/xtls/go"
 	"net"
 	"strconv"
+	"sync"
 	"time"
 
 	"github.com/Dreamacro/clash/component/resolver"
@@ -11,6 +14,12 @@ import (
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 
+var (
+	globalClientSessionCache  tls.ClientSessionCache
+	globalClientXSessionCache xtls.ClientSessionCache
+	once                      sync.Once
+)
+
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
 		tcp.SetKeepAlive(true)
@@ -18,13 +27,26 @@ func tcpKeepAlive(c net.Conn) {
 	}
 }
 
+func getClientSessionCache() tls.ClientSessionCache {
+	once.Do(func() {
+		globalClientSessionCache = tls.NewLRUClientSessionCache(128)
+	})
+	return globalClientSessionCache
+}
+
+func getClientXSessionCache() xtls.ClientSessionCache {
+	once.Do(func() {
+		globalClientXSessionCache = xtls.NewLRUClientSessionCache(128)
+	})
+	return globalClientXSessionCache
+}
+
 func serializesSocksAddr(metadata *C.Metadata) []byte {
 	var buf [][]byte
-	addrType := metadata.AddrType()
+	aType := uint8(metadata.AddrType)
-	aType := uint8(addrType)
 	p, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
 	port := []byte{uint8(p >> 8), uint8(p & 0xff)}
-	switch addrType {
+	switch metadata.AddrType {
 	case socks5.AtypDomainName:
 		len := uint8(len(metadata.Host))
 		host := []byte(metadata.Host)
@@ -45,7 +67,7 @@ func resolveUDPAddr(network, address string) (*net.UDPAddr, error) {
 		return nil, err
 	}
 
-	ip, err := resolver.ResolveIP(host)
+	ip, err := resolver.ResolveProxyServerHost(host)
 	if err != nil {
 		return nil, err
 	}

adapter/outbound/vless.go

@@ -0,0 +1,446 @@
+package outbound
+
+import (
+	"context"
+	"crypto/tls"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"strconv"
+	"sync"
+
+	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/component/resolver"
+	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/transport/gun"
+	"github.com/Dreamacro/clash/transport/vless"
+	"github.com/Dreamacro/clash/transport/vmess"
+
+	"golang.org/x/net/http2"
+)
+
+const (
+	// max packet length
+	maxLength = 1024 << 3
+)
+
+type Vless struct {
+	*Base
+	client *vless.Client
+	option *VlessOption
+
+	// for gun mux
+	gunTLSConfig *tls.Config
+	gunConfig    *gun.Config
+	transport    *http2.Transport
+}
+
+type VlessOption struct {
+	BasicOption
+	Name           string            `proxy:"name"`
+	Server         string            `proxy:"server"`
+	Port           int               `proxy:"port"`
+	UUID           string            `proxy:"uuid"`
+	Flow           string            `proxy:"flow,omitempty"`
+	FlowShow       bool              `proxy:"flow-show,omitempty"`
+	TLS            bool              `proxy:"tls,omitempty"`
+	UDP            bool              `proxy:"udp,omitempty"`
+	Network        string            `proxy:"network,omitempty"`
+	HTTPOpts       HTTPOptions       `proxy:"http-opts,omitempty"`
+	HTTP2Opts      HTTP2Options      `proxy:"h2-opts,omitempty"`
+	GrpcOpts       GrpcOptions       `proxy:"grpc-opts,omitempty"`
+	WSOpts         WSOptions         `proxy:"ws-opts,omitempty"`
+	WSPath         string            `proxy:"ws-path,omitempty"`
+	WSHeaders      map[string]string `proxy:"ws-headers,omitempty"`
+	SkipCertVerify bool              `proxy:"skip-cert-verify,omitempty"`
+	ServerName     string            `proxy:"servername,omitempty"`
+}
+
+func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
+	var err error
+	switch v.option.Network {
+	case "ws":
+
+		host, port, _ := net.SplitHostPort(v.addr)
+		wsOpts := &vmess.WebsocketConfig{
+			Host:                host,
+			Port:                port,
+			Path:                v.option.WSOpts.Path,
+			MaxEarlyData:        v.option.WSOpts.MaxEarlyData,
+			EarlyDataHeaderName: v.option.WSOpts.EarlyDataHeaderName,
+		}
+
+		if len(v.option.WSOpts.Headers) != 0 {
+			header := http.Header{}
+			for key, value := range v.option.WSOpts.Headers {
+				header.Add(key, value)
+			}
+			wsOpts.Headers = header
+		}
+
+		wsOpts.TLS = true
+		wsOpts.TLSConfig = &tls.Config{
+			MinVersion:         tls.VersionTLS12,
+			ServerName:         host,
+			InsecureSkipVerify: v.option.SkipCertVerify,
+			NextProtos:         []string{"http/1.1"},
+		}
+		if v.option.ServerName != "" {
+			wsOpts.TLSConfig.ServerName = v.option.ServerName
+		} else if host := wsOpts.Headers.Get("Host"); host != "" {
+			wsOpts.TLSConfig.ServerName = host
+		}
+		c, err = vmess.StreamWebsocketConn(c, wsOpts)
+	case "http":
+		// readability first, so just copy default TLS logic
+		c, err = v.streamTLSOrXTLSConn(c, false)
+		if err != nil {
+			return nil, err
+		}
+
+		host, _, _ := net.SplitHostPort(v.addr)
+		httpOpts := &vmess.HTTPConfig{
+			Host:    host,
+			Method:  v.option.HTTPOpts.Method,
+			Path:    v.option.HTTPOpts.Path,
+			Headers: v.option.HTTPOpts.Headers,
+		}
+
+		c = vmess.StreamHTTPConn(c, httpOpts)
+	case "h2":
+		c, err = v.streamTLSOrXTLSConn(c, true)
+		if err != nil {
+			return nil, err
+		}
+
+		h2Opts := &vmess.H2Config{
+			Hosts: v.option.HTTP2Opts.Host,
+			Path:  v.option.HTTP2Opts.Path,
+		}
+
+		c, err = vmess.StreamH2Conn(c, h2Opts)
+	case "grpc":
+		if v.isXTLSEnabled() {
+			c, err = gun.StreamGunWithXTLSConn(c, v.gunTLSConfig, v.gunConfig)
+		} else {
+			c, err = gun.StreamGunWithConn(c, v.gunTLSConfig, v.gunConfig)
+		}
+	default:
+		// default tcp network
+		// handle TLS And XTLS
+		c, err = v.streamTLSOrXTLSConn(c, false)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	return v.client.StreamConn(c, parseVlessAddr(metadata))
+}
+
+func (v *Vless) streamTLSOrXTLSConn(conn net.Conn, isH2 bool) (net.Conn, error) {
+	host, _, _ := net.SplitHostPort(v.addr)
+
+	if v.isXTLSEnabled() {
+		xtlsOpts := vless.XTLSConfig{
+			Host:           host,
+			SkipCertVerify: v.option.SkipCertVerify,
+		}
+
+		if isH2 {
+			xtlsOpts.NextProtos = []string{"h2"}
+		}
+
+		if v.option.ServerName != "" {
+			xtlsOpts.Host = v.option.ServerName
+		}
+
+		return vless.StreamXTLSConn(conn, &xtlsOpts)
+
+	} else if v.option.TLS {
+		tlsOpts := vmess.TLSConfig{
+			Host:           host,
+			SkipCertVerify: v.option.SkipCertVerify,
+		}
+
+		if isH2 {
+			tlsOpts.NextProtos = []string{"h2"}
+		}
+
+		if v.option.ServerName != "" {
+			tlsOpts.Host = v.option.ServerName
+		}
+
+		return vmess.StreamTLSConn(conn, &tlsOpts)
+	}
+
+	return conn, nil
+}
+
+func (v *Vless) isXTLSEnabled() bool {
+	return v.client.Addons != nil
+}
+
+// DialContext implements C.ProxyAdapter
+func (v *Vless) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
+	// gun transport
+	if v.transport != nil && len(opts) == 0 {
+		c, err := gun.StreamGunWithTransport(v.transport, v.gunConfig)
+		if err != nil {
+			return nil, err
+		}
+		defer safeConnClose(c, err)
+
+		c, err = v.client.StreamConn(c, parseVlessAddr(metadata))
+		if err != nil {
+			return nil, err
+		}
+
+		return NewConn(c, v), nil
+	}
+
+	c, err := dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
+	}
+	tcpKeepAlive(c)
+	defer safeConnClose(c, err)
+
+	c, err = v.StreamConn(c, metadata)
+	return NewConn(c, v), err
+}
+
+// ListenPacketContext implements C.ProxyAdapter
+func (v *Vless) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
+	// vless use stream-oriented udp with a special address, so we needs a net.UDPAddr
+	if !metadata.Resolved() {
+		ip, err := resolver.ResolveIP(metadata.Host)
+		if err != nil {
+			return nil, errors.New("can't resolve ip")
+		}
+		metadata.DstIP = ip
+	}
+
+	var c net.Conn
+	// gun transport
+	if v.transport != nil && len(opts) == 0 {
+		c, err = gun.StreamGunWithTransport(v.transport, v.gunConfig)
+		if err != nil {
+			return nil, err
+		}
+		defer safeConnClose(c, err)
+
+		c, err = v.client.StreamConn(c, parseVlessAddr(metadata))
+	} else {
+		c, err = dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
+		if err != nil {
+			return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
+		}
+		tcpKeepAlive(c)
+		defer safeConnClose(c, err)
+
+		c, err = v.StreamConn(c, metadata)
+	}
+
+	if err != nil {
+		return nil, fmt.Errorf("new vless client error: %v", err)
+	}
+
+	return newPacketConn(&vlessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
+}
+
+func parseVlessAddr(metadata *C.Metadata) *vless.DstAddr {
+	var addrType byte
+	var addr []byte
+	switch metadata.AddrType {
+	case C.AtypIPv4:
+		addrType = byte(vless.AtypIPv4)
+		addr = make([]byte, net.IPv4len)
+		copy(addr[:], metadata.DstIP.To4())
+	case C.AtypIPv6:
+		addrType = byte(vless.AtypIPv6)
+		addr = make([]byte, net.IPv6len)
+		copy(addr[:], metadata.DstIP.To16())
+	case C.AtypDomainName:
+		addrType = byte(vless.AtypDomainName)
+		addr = make([]byte, len(metadata.Host)+1)
+		addr[0] = byte(len(metadata.Host))
+		copy(addr[1:], []byte(metadata.Host))
+	}
+
+	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
+	return &vless.DstAddr{
+		UDP:      metadata.NetWork == C.UDP,
+		AddrType: addrType,
+		Addr:     addr,
+		Port:     uint(port),
+	}
+}
+
+type vlessPacketConn struct {
+	net.Conn
+	rAddr  net.Addr
+	remain int
+	mux    sync.Mutex
+	cache  [2]byte
+}
+
+func (c *vlessPacketConn) writePacket(payload []byte) (int, error) {
+	binary.BigEndian.PutUint16(c.cache[:], uint16(len(payload)))
+
+	if _, err := c.Conn.Write(c.cache[:]); err != nil {
+		return 0, err
+	}
+
+	return c.Conn.Write(payload)
+}
+
+func (c *vlessPacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
+	total := len(b)
+	if total == 0 {
+		return 0, nil
+	}
+
+	if total <= maxLength {
+		return c.writePacket(b)
+	}
+
+	offset := 0
+
+	for offset < total {
+		cursor := offset + maxLength
+		if cursor > total {
+			cursor = total
+		}
+
+		n, err := c.writePacket(b[offset:cursor])
+		if err != nil {
+			return offset + n, err
+		}
+
+		offset = cursor
+		if offset == total {
+			break
+		}
+	}
+
+	return total, nil
+}
+
+func (c *vlessPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
+	c.mux.Lock()
+	defer c.mux.Unlock()
+
+	if c.remain > 0 {
+		length := len(b)
+		if c.remain < length {
+			length = c.remain
+		}
+
+		n, err := c.Conn.Read(b[:length])
+		if err != nil {
+			return 0, c.rAddr, err
+		}
+
+		c.remain -= n
+		return n, c.rAddr, nil
+	}
+
+	if _, err := c.Conn.Read(b[:2]); err != nil {
+		return 0, c.rAddr, err
+	}
+
+	total := int(binary.BigEndian.Uint16(b[:2]))
+	if total == 0 {
+		return 0, c.rAddr, nil
+	}
+
+	length := len(b)
+	if length > total {
+		length = total
+	}
+
+	if _, err := io.ReadFull(c.Conn, b[:length]); err != nil {
+		return 0, c.rAddr, errors.New("read packet error")
+	}
+
+	c.remain = total - length
+
+	return length, c.rAddr, nil
+}
+
+func NewVless(option VlessOption) (*Vless, error) {
+	var addons *vless.Addons
+	if option.Network != "ws" && len(option.Flow) >= 16 {
+		option.Flow = option.Flow[:16]
+		switch option.Flow {
+		case vless.XRO, vless.XRD, vless.XRS:
+			addons = &vless.Addons{
+				Flow: option.Flow,
+			}
+		default:
+			return nil, fmt.Errorf("unsupported xtls flow type: %s", option.Flow)
+		}
+	}
+
+	client, err := vless.NewClient(option.UUID, addons, option.FlowShow)
+	if err != nil {
+		return nil, err
+	}
+
+	v := &Vless{
+		Base: &Base{
+			name:  option.Name,
+			addr:  net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
+			tp:    C.Vless,
+			udp:   option.UDP,
+			iface: option.Interface,
+		},
+		client: client,
+		option: &option,
+	}
+
+	switch option.Network {
+	case "h2":
+		if len(option.HTTP2Opts.Host) == 0 {
+			option.HTTP2Opts.Host = append(option.HTTP2Opts.Host, "www.example.com")
+		}
+	case "grpc":
+		dialFn := func(network, addr string) (net.Conn, error) {
+			c, err := dialer.DialContext(context.Background(), "tcp", v.addr, v.Base.DialOptions()...)
+			if err != nil {
+				return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
+			}
+			tcpKeepAlive(c)
+			return c, nil
+		}
+
+		gunConfig := &gun.Config{
+			ServiceName: v.option.GrpcOpts.GrpcServiceName,
+			Host:        v.option.ServerName,
+		}
+		tlsConfig := &tls.Config{
+			InsecureSkipVerify: v.option.SkipCertVerify,
+			ServerName:         v.option.ServerName,
+		}
+
+		if v.option.ServerName == "" {
+			host, _, _ := net.SplitHostPort(v.addr)
+			tlsConfig.ServerName = host
+			gunConfig.Host = host
+		}
+
+		v.gunTLSConfig = tlsConfig
+		v.gunConfig = gunConfig
+		if v.isXTLSEnabled() {
+			v.transport = gun.NewHTTP2XTLSClient(dialFn, tlsConfig)
+		} else {
+			v.transport = gun.NewHTTP2Client(dialFn, tlsConfig)
+		}
+	}
+
+	return v, nil
+}

adapter/outbound/vmess.go

@@ -14,7 +14,6 @@ import (
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
-	"github.com/Dreamacro/clash/transport/socks5"
 	"github.com/Dreamacro/clash/transport/vmess"
 
 	"golang.org/x/net/http2"
@@ -48,6 +47,10 @@ type VmessOption struct {
 	HTTP2Opts      HTTP2Options `proxy:"h2-opts,omitempty"`
 	GrpcOpts       GrpcOptions  `proxy:"grpc-opts,omitempty"`
 	WSOpts         WSOptions    `proxy:"ws-opts,omitempty"`
+
+	// TODO: compatible with VMESS WS older version configurations
+	WSHeaders map[string]string `proxy:"ws-headers,omitempty"`
+	WSPath    string            `proxy:"ws-path,omitempty"`
 }
 
 type HTTPOptions struct {
@@ -77,6 +80,13 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	var err error
 	switch v.option.Network {
 	case "ws":
+		if v.option.WSOpts.Path == "" {
+			v.option.WSOpts.Path = v.option.WSPath
+		}
+		if len(v.option.WSOpts.Headers) == 0 {
+			v.option.WSOpts.Headers = v.option.WSHeaders
+		}
+
 		host, port, _ := net.SplitHostPort(v.addr)
 		wsOpts := &vmess.WebsocketConfig{
 			Host:                host,
@@ -328,16 +338,16 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 func parseVmessAddr(metadata *C.Metadata) *vmess.DstAddr {
 	var addrType byte
 	var addr []byte
-	switch metadata.AddrType() {
+	switch metadata.AddrType {
-	case socks5.AtypIPv4:
+	case C.AtypIPv4:
 		addrType = byte(vmess.AtypIPv4)
 		addr = make([]byte, net.IPv4len)
 		copy(addr[:], metadata.DstIP.To4())
-	case socks5.AtypIPv6:
+	case C.AtypIPv6:
 		addrType = byte(vmess.AtypIPv6)
 		addr = make([]byte, net.IPv6len)
 		copy(addr[:], metadata.DstIP.To16())
-	case socks5.AtypDomainName:
+	case C.AtypDomainName:
 		addrType = byte(vmess.AtypDomainName)
 		addr = make([]byte, len(metadata.Host)+1)
 		addr[0] = byte(len(metadata.Host))

adapter/outboundgroup/common.go

@@ -1,6 +1,8 @@
 package outboundgroup
 
 import (
+	"github.com/Dreamacro/clash/tunnel"
+	"github.com/dlclark/regexp2"
 	"time"
 
 	C "github.com/Dreamacro/clash/constant"
@@ -11,7 +13,7 @@ const (
 	defaultGetProxiesDuration = time.Second * 5
 )
 
-func getProvidersProxies(providers []provider.ProxyProvider, touch bool) []C.Proxy {
+func getProvidersProxies(providers []provider.ProxyProvider, touch bool, filter string) []C.Proxy {
 	proxies := []C.Proxy{}
 	for _, provider := range providers {
 		if touch {
@@ -20,5 +22,34 @@ func getProvidersProxies(providers []provider.ProxyProvider, touch bool) []C.Pro
 			proxies = append(proxies, provider.Proxies()...)
 		}
 	}
+
+	var filterReg *regexp2.Regexp = nil
+	var matchedProxies []C.Proxy
+	if len(filter) > 0 {
+		//filterReg = regexp.MustCompile(filter)
+		filterReg = regexp2.MustCompile(filter, 0)
+		for _, p := range proxies {
+			if p.Type() < 8 {
+				matchedProxies = append(matchedProxies, p)
+			}
+
+			//if filterReg.MatchString(p.Name()) {
+			if mat, _ := filterReg.FindStringMatch(p.Name()); mat != nil {
+				matchedProxies = append(matchedProxies, p)
+			}
+		}
+
+		if len(matchedProxies) > 0 {
+			return matchedProxies
+		} else {
+			return append([]C.Proxy{}, tunnel.Proxies()["COMPATIBLE"])
+		}
+	} else {
+		if len(proxies) == 0 {
+			return append(proxies, tunnel.Proxies()["COMPATIBLE"])
+		} else {
 			return proxies
 		}
+	}
+
+}

adapter/outboundgroup/fallback.go

@@ -3,6 +3,9 @@ package outboundgroup
 import (
 	"context"
 	"encoding/json"
+	"github.com/Dreamacro/clash/log"
+	"go.uber.org/atomic"
+	"time"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/common/singledo"
@@ -14,8 +17,11 @@ import (
 type Fallback struct {
 	*outbound.Base
 	disableUDP  bool
+	filter      string
 	single      *singledo.Single
 	providers   []provider.ProxyProvider
+	failedTimes *atomic.Int32
+	failedTime  *atomic.Int64
 }
 
 func (f *Fallback) Now() string {
@@ -29,7 +35,12 @@ func (f *Fallback) DialContext(ctx context.Context, metadata *C.Metadata, opts .
 	c, err := proxy.DialContext(ctx, metadata, f.Base.DialOptions(opts...)...)
 	if err == nil {
 		c.AppendToChains(f)
+		f.failedTimes.Store(-1)
+		f.failedTime.Store(-1)
+	} else {
+		f.onDialFailed()
 	}
+
 	return c, err
 }
 
@@ -39,10 +50,41 @@ func (f *Fallback) ListenPacketContext(ctx context.Context, metadata *C.Metadata
 	pc, err := proxy.ListenPacketContext(ctx, metadata, f.Base.DialOptions(opts...)...)
 	if err == nil {
 		pc.AppendToChains(f)
+		f.failedTimes.Store(-1)
+		f.failedTime.Store(-1)
+	} else {
+		f.onDialFailed()
 	}
+
 	return pc, err
 }
 
+func (f *Fallback) onDialFailed() {
+	if f.failedTime.Load() == -1 {
+		log.Warnln("%s first failed", f.Name())
+		now := time.Now().UnixMilli()
+		f.failedTime.Store(now)
+		f.failedTimes.Store(1)
+	} else {
+		if f.failedTime.Load()-time.Now().UnixMilli() > 5*time.Second.Milliseconds() {
+			f.failedTimes.Store(-1)
+			f.failedTime.Store(-1)
+		} else {
+			failedCount := f.failedTimes.Inc()
+			log.Warnln("%s failed count: %d", f.Name(), failedCount)
+			if failedCount >= 5 {
+				log.Warnln("because %s failed multiple times, active health check", f.Name())
+				for _, proxyProvider := range f.providers {
+					go proxyProvider.HealthCheck()
+				}
+
+				f.failedTimes.Store(-1)
+				f.failedTime.Store(-1)
+			}
+		}
+	}
+}
+
 // SupportUDP implements C.ProxyAdapter
 func (f *Fallback) SupportUDP() bool {
 	if f.disableUDP {
@@ -55,7 +97,7 @@ func (f *Fallback) SupportUDP() bool {
 
 // MarshalJSON implements C.ProxyAdapter
 func (f *Fallback) MarshalJSON() ([]byte, error) {
-	var all []string
+	all := []string{}
 	for _, proxy := range f.proxies(false) {
 		all = append(all, proxy.Name())
 	}
@@ -74,7 +116,7 @@ func (f *Fallback) Unwrap(metadata *C.Metadata) C.Proxy {
 
 func (f *Fallback) proxies(touch bool) []C.Proxy {
 	elm, _, _ := f.single.Do(func() (any, error) {
-		return getProvidersProxies(f.providers, touch), nil
+		return getProvidersProxies(f.providers, touch, f.filter), nil
 	})
 
 	return elm.([]C.Proxy)
@@ -102,5 +144,8 @@ func NewFallback(option *GroupCommonOption, providers []provider.ProxyProvider)
 		single:      singledo.NewSingle(defaultGetProxiesDuration),
 		providers:   providers,
 		disableUDP:  option.DisableUDP,
+		filter:      option.Filter,
+		failedTimes: atomic.NewInt32(-1),
+		failedTime:  atomic.NewInt64(-1),
 	}
 }

adapter/outboundgroup/loadbalance.go

@@ -23,6 +23,7 @@ type LoadBalance struct {
 	*outbound.Base
 	disableUDP bool
 	single     *singledo.Single
+	filter     string
 	providers  []provider.ProxyProvider
 	strategyFn strategyFn
 }
@@ -30,9 +31,11 @@ type LoadBalance struct {
 var errStrategy = errors.New("unsupported strategy")
 
 func parseStrategy(config map[string]any) string {
-	if strategy, ok := config["strategy"].(string); ok {
+	if elm, ok := config["strategy"]; ok {
+		if strategy, ok := elm.(string); ok {
 			return strategy
 		}
+	}
 	return "consistent-hashing"
 }
 
@@ -127,13 +130,6 @@ func strategyConsistentHashing() strategyFn {
 			}
 		}
 
-		// when availability is poor, traverse the entire list to get the available nodes
-		for _, proxy := range proxies {
-			if proxy.Alive() {
-				return proxy
-			}
-		}
-
 		return proxies[0]
 	}
 }
@@ -146,7 +142,7 @@ func (lb *LoadBalance) Unwrap(metadata *C.Metadata) C.Proxy {
 
 func (lb *LoadBalance) proxies(touch bool) []C.Proxy {
 	elm, _, _ := lb.single.Do(func() (any, error) {
-		return getProvidersProxies(lb.providers, touch), nil
+		return getProvidersProxies(lb.providers, touch, lb.filter), nil
 	})
 
 	return elm.([]C.Proxy)
@@ -154,7 +150,7 @@ func (lb *LoadBalance) proxies(touch bool) []C.Proxy {
 
 // MarshalJSON implements C.ProxyAdapter
 func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
-	var all []string
+	all := []string{}
 	for _, proxy := range lb.proxies(false) {
 		all = append(all, proxy.Name())
 	}
@@ -185,5 +181,6 @@ func NewLoadBalance(option *GroupCommonOption, providers []provider.ProxyProvide
 		providers:  providers,
 		strategyFn: strategyFn,
 		disableUDP: option.DisableUDP,
+		filter:     option.Filter,
 	}, nil
 }

adapter/outboundgroup/parser.go

@@ -29,6 +29,7 @@ type GroupCommonOption struct {
 	Interval   int      `group:"interval,omitempty"`
 	Lazy       bool     `group:"lazy,omitempty"`
 	DisableUDP bool     `group:"disable-udp,omitempty"`
+	Filter     string   `group:"filter,omitempty"`
 }
 
 func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, providersMap map[string]types.ProxyProvider) (C.ProxyAdapter, error) {
@@ -95,6 +96,8 @@ func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, provide
 			return nil, err
 		}
 		providers = append(providers, list...)
+	} else {
+		groupOption.Filter = ""
 	}
 
 	var group C.ProxyAdapter

adapter/outboundgroup/relay.go

@@ -16,13 +16,14 @@ type Relay struct {
 	*outbound.Base
 	single    *singledo.Single
 	providers []provider.ProxyProvider
+	filter    string
 }
 
 // DialContext implements C.ProxyAdapter
 func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
 	var proxies []C.Proxy
 	for _, proxy := range r.proxies(metadata, true) {
-		if proxy.Type() != C.Direct {
+		if proxy.Type() != C.Direct && proxy.Type() != C.Compatible {
 			proxies = append(proxies, proxy)
 		}
 	}
@@ -68,7 +69,7 @@ func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 
 // MarshalJSON implements C.ProxyAdapter
 func (r *Relay) MarshalJSON() ([]byte, error) {
-	var all []string
+	all := []string{}
 	for _, proxy := range r.rawProxies(false) {
 		all = append(all, proxy.Name())
 	}
@@ -80,7 +81,7 @@ func (r *Relay) MarshalJSON() ([]byte, error) {
 
 func (r *Relay) rawProxies(touch bool) []C.Proxy {
 	elm, _, _ := r.single.Do(func() (any, error) {
-		return getProvidersProxies(r.providers, touch), nil
+		return getProvidersProxies(r.providers, touch, r.filter), nil
 	})
 
 	return elm.([]C.Proxy)
@@ -110,5 +111,6 @@ func NewRelay(option *GroupCommonOption, providers []provider.ProxyProvider) *Re
 		}),
 		single:    singledo.NewSingle(defaultGetProxiesDuration),
 		providers: providers,
+		filter:    option.Filter,
 	}
 }

adapter/outboundgroup/selector.go

@@ -17,6 +17,7 @@ type Selector struct {
 	disableUDP bool
 	single     *singledo.Single
 	selected   string
+	filter     string
 	providers  []provider.ProxyProvider
 }
 
@@ -49,8 +50,8 @@ func (s *Selector) SupportUDP() bool {
 
 // MarshalJSON implements C.ProxyAdapter
 func (s *Selector) MarshalJSON() ([]byte, error) {
-	var all []string
+	all := []string{}
-	for _, proxy := range getProvidersProxies(s.providers, false) {
+	for _, proxy := range getProvidersProxies(s.providers, false, s.filter) {
 		all = append(all, proxy.Name())
 	}
 
@@ -66,7 +67,7 @@ func (s *Selector) Now() string {
 }
 
 func (s *Selector) Set(name string) error {
-	for _, proxy := range getProvidersProxies(s.providers, false) {
+	for _, proxy := range getProvidersProxies(s.providers, false, s.filter) {
 		if proxy.Name() == name {
 			s.selected = name
 			s.single.Reset()
@@ -78,13 +79,13 @@ func (s *Selector) Set(name string) error {
 }
 
 // Unwrap implements C.ProxyAdapter
-func (s *Selector) Unwrap(metadata *C.Metadata) C.Proxy {
+func (s *Selector) Unwrap(*C.Metadata) C.Proxy {
 	return s.selectedProxy(true)
 }
 
 func (s *Selector) selectedProxy(touch bool) C.Proxy {
 	elm, _, _ := s.single.Do(func() (any, error) {
-		proxies := getProvidersProxies(s.providers, touch)
+		proxies := getProvidersProxies(s.providers, touch, s.filter)
 		for _, proxy := range proxies {
 			if proxy.Name() == s.selected {
 				return proxy, nil
@@ -98,7 +99,6 @@ func (s *Selector) selectedProxy(touch bool) C.Proxy {
 }
 
 func NewSelector(option *GroupCommonOption, providers []provider.ProxyProvider) *Selector {
-	selected := providers[0].Proxies()[0].Name()
 	return &Selector{
 		Base: outbound.NewBase(outbound.BaseOption{
 			Name:        option.Name,
@@ -108,7 +108,8 @@ func NewSelector(option *GroupCommonOption, providers []provider.ProxyProvider)
 		}),
 		single:     singledo.NewSingle(defaultGetProxiesDuration),
 		providers:  providers,
-		selected:   selected,
+		selected:   "COMPATIBLE",
 		disableUDP: option.DisableUDP,
+		filter:     option.Filter,
 	}
 }

adapter/outboundgroup/urltest.go

@@ -3,6 +3,8 @@ package outboundgroup
 import (
 	"context"
 	"encoding/json"
+	"github.com/Dreamacro/clash/log"
+	"go.uber.org/atomic"
 	"time"
 
 	"github.com/Dreamacro/clash/adapter/outbound"
@@ -25,9 +27,12 @@ type URLTest struct {
 	tolerance   uint16
 	disableUDP  bool
 	fastNode    C.Proxy
+	filter      string
 	single      *singledo.Single
 	fastSingle  *singledo.Single
 	providers   []provider.ProxyProvider
+	failedTimes *atomic.Int32
+	failedTime  *atomic.Int64
 }
 
 func (u *URLTest) Now() string {
@@ -39,6 +44,10 @@ func (u *URLTest) DialContext(ctx context.Context, metadata *C.Metadata, opts ..
 	c, err = u.fast(true).DialContext(ctx, metadata, u.Base.DialOptions(opts...)...)
 	if err == nil {
 		c.AppendToChains(u)
+		u.failedTimes.Store(-1)
+		u.failedTime.Store(-1)
+	} else {
+		u.onDialFailed()
 	}
 	return c, err
 }
@@ -48,18 +57,22 @@ func (u *URLTest) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 	pc, err := u.fast(true).ListenPacketContext(ctx, metadata, u.Base.DialOptions(opts...)...)
 	if err == nil {
 		pc.AppendToChains(u)
+		u.failedTimes.Store(-1)
+		u.failedTime.Store(-1)
+	} else {
+		u.onDialFailed()
 	}
 	return pc, err
 }
 
 // Unwrap implements C.ProxyAdapter
-func (u *URLTest) Unwrap(metadata *C.Metadata) C.Proxy {
+func (u *URLTest) Unwrap(*C.Metadata) C.Proxy {
 	return u.fast(true)
 }
 
 func (u *URLTest) proxies(touch bool) []C.Proxy {
 	elm, _, _ := u.single.Do(func() (any, error) {
-		return getProvidersProxies(u.providers, touch), nil
+		return getProvidersProxies(u.providers, touch, u.filter), nil
 	})
 
 	return elm.([]C.Proxy)
@@ -110,7 +123,7 @@ func (u *URLTest) SupportUDP() bool {
 
 // MarshalJSON implements C.ProxyAdapter
 func (u *URLTest) MarshalJSON() ([]byte, error) {
-	var all []string
+	all := []string{}
 	for _, proxy := range u.proxies(false) {
 		all = append(all, proxy.Name())
 	}
@@ -121,13 +134,41 @@ func (u *URLTest) MarshalJSON() ([]byte, error) {
 	})
 }
 
+func (u *URLTest) onDialFailed() {
+	if u.failedTime.Load() == -1 {
+		log.Warnln("%s first failed", u.Name())
+		now := time.Now().UnixMilli()
+		u.failedTime.Store(now)
+		u.failedTimes.Store(1)
+	} else {
+		if u.failedTime.Load()-time.Now().UnixMilli() > 5*1000 {
+			u.failedTimes.Store(-1)
+			u.failedTime.Store(-1)
+		} else {
+			failedCount := u.failedTimes.Inc()
+			log.Warnln("%s failed count: %d", u.Name(), failedCount)
+			if failedCount >= 5 {
+				log.Warnln("because %s failed multiple times, active health check", u.Name())
+				for _, proxyProvider := range u.providers {
+					go proxyProvider.HealthCheck()
+				}
+
+				u.failedTimes.Store(-1)
+				u.failedTime.Store(-1)
+			}
+		}
+	}
+}
+
 func parseURLTestOption(config map[string]any) []urlTestOption {
 	opts := []urlTestOption{}
 
 	// tolerance
-	if tolerance, ok := config["tolerance"].(int); ok {
+	if elm, ok := config["tolerance"]; ok {
+		if tolerance, ok := elm.(int); ok {
 			opts = append(opts, urlTestWithTolerance(uint16(tolerance)))
 		}
+	}
 
 	return opts
 }
@@ -144,6 +185,9 @@ func NewURLTest(option *GroupCommonOption, providers []provider.ProxyProvider, o
 		fastSingle:  singledo.NewSingle(time.Second * 10),
 		providers:   providers,
 		disableUDP:  option.DisableUDP,
+		filter:      option.Filter,
+		failedTimes: atomic.NewInt32(-1),
+		failedTime:  atomic.NewInt64(-1),
 	}
 
 	for _, option := range options {

adapter/outboundgroup/util.go

@@ -18,6 +18,7 @@ func addrToMetadata(rawAddress string) (addr *C.Metadata, err error) {
 	ip := net.ParseIP(host)
 	if ip == nil {
 		addr = &C.Metadata{
+			AddrType: C.AtypDomainName,
 			Host:     host,
 			DstIP:    nil,
 			DstPort:  port,
@@ -25,6 +26,7 @@ func addrToMetadata(rawAddress string) (addr *C.Metadata, err error) {
 		return
 	} else if ip4 := ip.To4(); ip4 != nil {
 		addr = &C.Metadata{
+			AddrType: C.AtypIPv4,
 			Host:     "",
 			DstIP:    ip4,
 			DstPort:  port,
@@ -33,6 +35,7 @@ func addrToMetadata(rawAddress string) (addr *C.Metadata, err error) {
 	}
 
 	addr = &C.Metadata{
+		AddrType: C.AtypIPv6,
 		Host:     "",
 		DstIP:    ip,
 		DstPort:  port,

adapter/parser.go

@@ -60,6 +60,13 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 			break
 		}
 		proxy, err = outbound.NewVmess(*vmessOption)
+	case "vless":
+		vlessOption := &outbound.VlessOption{}
+		err = decoder.Decode(mapping, vlessOption)
+		if err != nil {
+			break
+		}
+		proxy, err = outbound.NewVless(*vlessOption)
 	case "snell":
 		snellOption := &outbound.SnellOption{}
 		err = decoder.Decode(mapping, snellOption)

adapter/provider/healthcheck.go

@@ -31,7 +31,13 @@ type HealthCheck struct {
 func (hc *HealthCheck) process() {
 	ticker := time.NewTicker(time.Duration(hc.interval) * time.Second)
 
-	go hc.check()
+	go func() {
+		t := time.NewTicker(30 * time.Second)
+		<-t.C
+		t.Stop()
+		hc.check()
+	}()
+
 	for {
 		select {
 		case <-ticker.C:

adapter/provider/provider.go

@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"regexp"
+	"github.com/dlclark/regexp2"
 	"runtime"
 	"time"
 
@@ -12,7 +12,7 @@ import (
 	C "github.com/Dreamacro/clash/constant"
 	types "github.com/Dreamacro/clash/constant/provider"
 
-	"gopkg.in/yaml.v3"
+	"gopkg.in/yaml.v2"
 )
 
 const (
@@ -40,6 +40,7 @@ func (pp *proxySetProvider) MarshalJSON() ([]byte, error) {
 		"type":        pp.Type().String(),
 		"vehicleType": pp.VehicleType().String(),
 		"proxies":     pp.Proxies(),
+		//TODO maybe error because year value overflow
 		"updatedAt": pp.updatedAt,
 	})
 }
@@ -67,6 +68,10 @@ func (pp *proxySetProvider) Initial() error {
 	}
 
 	pp.onUpdate(elm)
+	if pp.healthCheck.auto() {
+		go pp.healthCheck.process()
+	}
+
 	return nil
 }
 
@@ -97,15 +102,12 @@ func stopProxyProvider(pd *ProxySetProvider) {
 }
 
 func NewProxySetProvider(name string, interval time.Duration, filter string, vehicle types.Vehicle, hc *HealthCheck) (*ProxySetProvider, error) {
-	filterReg, err := regexp.Compile(filter)
+	//filterReg, err := regexp.Compile(filter)
+	filterReg, err := regexp2.Compile(filter, 0)
 	if err != nil {
 		return nil, fmt.Errorf("invalid filter regex: %w", err)
 	}
 
-	if hc.auto() {
-		go hc.process()
-	}
-
 	pd := &proxySetProvider{
 		proxies:     []C.Proxy{},
 		healthCheck: hc,
@@ -129,7 +131,9 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, veh
 
 		proxies := []C.Proxy{}
 		for idx, mapping := range schema.Proxies {
-			if name, ok := mapping["name"].(string); ok && len(filter) > 0 && !filterReg.MatchString(name) {
+			name, ok := mapping["name"]
+			mat, _ := filterReg.FindStringMatch(name.(string))
+			if ok && len(filter) > 0 && mat == nil {
 				continue
 			}
 			proxy, err := adapter.ParseProxy(mapping)
@@ -190,6 +194,10 @@ func (cp *compatibleProvider) Update() error {
 }
 
 func (cp *compatibleProvider) Initial() error {
+	if cp.healthCheck.auto() {
+		go cp.healthCheck.process()
+	}
+
 	return nil
 }
 
@@ -219,10 +227,6 @@ func NewCompatibleProvider(name string, proxies []C.Proxy, hc *HealthCheck) (*Co
 		return nil, errors.New("provider need one proxy at least")
 	}
 
-	if hc.auto() {
-		go hc.process()
-	}
-
 	pd := &compatibleProvider{
 		name:        name,
 		proxies:     proxies,

adapter/provider/vehicle.go

@@ -2,6 +2,8 @@ package provider
 
 import (
 	"context"
+	"github.com/Dreamacro/clash/component/dialer"
+	"github.com/Dreamacro/clash/listener/inner"
 	"io"
 	"net"
 	"net/http"
@@ -9,7 +11,7 @@ import (
 	"os"
 	"time"
 
-	"github.com/Dreamacro/clash/component/dialer"
+	netHttp "github.com/Dreamacro/clash/common/net"
 	types "github.com/Dreamacro/clash/constant/provider"
 )
 
@@ -56,6 +58,8 @@ func (h *HTTPVehicle) Read() ([]byte, error) {
 	}
 
 	req, err := http.NewRequest(http.MethodGet, uri.String(), nil)
+	req.Header.Set("user-agent", netHttp.UA)
+
 	if err != nil {
 		return nil, err
 	}
@@ -74,15 +78,22 @@ func (h *HTTPVehicle) Read() ([]byte, error) {
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {
-			return dialer.DialContext(ctx, network, address)
+			conn := inner.HandleTcp(address, uri.Hostname())
+			return conn, nil
 		},
 	}
 
 	client := http.Client{Transport: transport}
 	resp, err := client.Do(req)
+	if err != nil {
+		transport.DialContext = func(ctx context.Context, network, address string) (net.Conn, error) {
+			return dialer.DialContext(ctx, network, address)
+		}
+		resp, err = client.Do(req)
 		if err != nil {
 			return nil, err
 		}
+	}
 	defer resp.Body.Close()
 
 	buf, err := io.ReadAll(resp.Body)

common/cache/cache.go

@@ -0,0 +1,106 @@
+package cache
+
+import (
+	"runtime"
+	"sync"
+	"time"
+)
+
+// Cache store element with a expired time
+type Cache struct {
+	*cache
+}
+
+type cache struct {
+	mapping sync.Map
+	janitor *janitor
+}
+
+type element struct {
+	Expired time.Time
+	Payload any
+}
+
+// Put element in Cache with its ttl
+func (c *cache) Put(key any, payload any, ttl time.Duration) {
+	c.mapping.Store(key, &element{
+		Payload: payload,
+		Expired: time.Now().Add(ttl),
+	})
+}
+
+// Get element in Cache, and drop when it expired
+func (c *cache) Get(key any) any {
+	item, exist := c.mapping.Load(key)
+	if !exist {
+		return nil
+	}
+	elm := item.(*element)
+	// expired
+	if time.Since(elm.Expired) > 0 {
+		c.mapping.Delete(key)
+		return nil
+	}
+	return elm.Payload
+}
+
+// GetWithExpire element in Cache with Expire Time
+func (c *cache) GetWithExpire(key any) (payload any, expired time.Time) {
+	item, exist := c.mapping.Load(key)
+	if !exist {
+		return
+	}
+	elm := item.(*element)
+	// expired
+	if time.Since(elm.Expired) > 0 {
+		c.mapping.Delete(key)
+		return
+	}
+	return elm.Payload, elm.Expired
+}
+
+func (c *cache) cleanup() {
+	c.mapping.Range(func(k, v any) bool {
+		key := k.(string)
+		elm := v.(*element)
+		if time.Since(elm.Expired) > 0 {
+			c.mapping.Delete(key)
+		}
+		return true
+	})
+}
+
+type janitor struct {
+	interval time.Duration
+	stop     chan struct{}
+}
+
+func (j *janitor) process(c *cache) {
+	ticker := time.NewTicker(j.interval)
+	for {
+		select {
+		case <-ticker.C:
+			c.cleanup()
+		case <-j.stop:
+			ticker.Stop()
+			return
+		}
+	}
+}
+
+func stopJanitor(c *Cache) {
+	c.janitor.stop <- struct{}{}
+}
+
+// New return *Cache
+func New(interval time.Duration) *Cache {
+	j := &janitor{
+		interval: interval,
+		stop:     make(chan struct{}),
+	}
+	c := &cache{janitor: j}
+	go j.process(c)
+	C := &Cache{c}
+	runtime.SetFinalizer(C, stopJanitor)
+	return C
+}

common/cache/cache_test.go

@@ -0,0 +1,70 @@
+package cache
+
+import (
+	"runtime"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCache_Basic(t *testing.T) {
+	interval := 200 * time.Millisecond
+	ttl := 20 * time.Millisecond
+	c := New(interval)
+	c.Put("int", 1, ttl)
+	c.Put("string", "a", ttl)
+
+	i := c.Get("int")
+	assert.Equal(t, i.(int), 1, "should recv 1")
+
+	s := c.Get("string")
+	assert.Equal(t, s.(string), "a", "should recv 'a'")
+}
+
+func TestCache_TTL(t *testing.T) {
+	interval := 200 * time.Millisecond
+	ttl := 20 * time.Millisecond
+	now := time.Now()
+	c := New(interval)
+	c.Put("int", 1, ttl)
+	c.Put("int2", 2, ttl)
+
+	i := c.Get("int")
+	_, expired := c.GetWithExpire("int2")
+	assert.Equal(t, i.(int), 1, "should recv 1")
+	assert.True(t, now.Before(expired))
+
+	time.Sleep(ttl * 2)
+	i = c.Get("int")
+	j, _ := c.GetWithExpire("int2")
+	assert.Nil(t, i, "should recv nil")
+	assert.Nil(t, j, "should recv nil")
+}
+
+func TestCache_AutoCleanup(t *testing.T) {
+	interval := 10 * time.Millisecond
+	ttl := 15 * time.Millisecond
+	c := New(interval)
+	c.Put("int", 1, ttl)
+
+	time.Sleep(ttl * 2)
+	i := c.Get("int")
+	j, _ := c.GetWithExpire("int")
+	assert.Nil(t, i, "should recv nil")
+	assert.Nil(t, j, "should recv nil")
+}
+
+func TestCache_AutoGC(t *testing.T) {
+	sign := make(chan struct{})
+	go func() {
+		interval := 10 * time.Millisecond
+		ttl := 15 * time.Millisecond
+		c := New(interval)
+		c.Put("int", 1, ttl)
+		sign <- struct{}{}
+	}()
+
+	<-sign
+	runtime.GC()
+}

common/cache/lrucache.go

@@ -64,8 +64,8 @@ type LruCache struct {
 	onEvict        EvictCallback
 }
 
-// New creates an LruCache
+// NewLRUCache creates an LruCache
-func New(options ...Option) *LruCache {
+func NewLRUCache(options ...Option) *LruCache {
 	lc := &LruCache{
 		lru:   list.New(),
 		cache: make(map[any]*list.Element),
@@ -216,6 +216,15 @@ func (c *LruCache) deleteElement(le *list.Element) {
 	}
 }
 
+func (c *LruCache) Clear() error {
+	c.mu.Lock()
+
+	c.cache = make(map[any]*list.Element)
+
+	c.mu.Unlock()
+	return nil
+}
+
 type entry struct {
 	key     any
 	value   any

common/cache/lrucache_test.go

@@ -19,7 +19,7 @@ var entries = []struct {
 }
 
 func TestLRUCache(t *testing.T) {
-	c := New()
+	c := NewLRUCache()
 
 	for _, e := range entries {
 		c.Set(e.key, e.value)
@@ -45,7 +45,7 @@ func TestLRUCache(t *testing.T) {
 }
 
 func TestLRUMaxAge(t *testing.T) {
-	c := New(WithAge(86400))
+	c := NewLRUCache(WithAge(86400))
 
 	now := time.Now().Unix()
 	expected := now + 86400
@@ -88,7 +88,7 @@ func TestLRUMaxAge(t *testing.T) {
 }
 
 func TestLRUpdateOnGet(t *testing.T) {
-	c := New(WithAge(86400), WithUpdateAgeOnGet())
+	c := NewLRUCache(WithAge(86400), WithUpdateAgeOnGet())
 
 	now := time.Now().Unix()
 	expires := now + 86400/2
@@ -103,7 +103,7 @@ func TestLRUpdateOnGet(t *testing.T) {
 }
 
 func TestMaxSize(t *testing.T) {
-	c := New(WithSize(2))
+	c := NewLRUCache(WithSize(2))
 	// Add one expired entry
 	c.Set("foo", "bar")
 	_, ok := c.Get("foo")
@@ -117,7 +117,7 @@ func TestMaxSize(t *testing.T) {
 }
 
 func TestExist(t *testing.T) {
-	c := New(WithSize(1))
+	c := NewLRUCache(WithSize(1))
 	c.Set(1, 2)
 	assert.True(t, c.Exist(1))
 	c.Set(2, 3)
@@ -130,7 +130,7 @@ func TestEvict(t *testing.T) {
 		temp = key.(int) + value.(int)
 	}
 
-	c := New(WithEvict(evict), WithSize(1))
+	c := NewLRUCache(WithEvict(evict), WithSize(1))
 	c.Set(1, 2)
 	c.Set(2, 3)
 
@@ -138,7 +138,7 @@ func TestEvict(t *testing.T) {
 }
 
 func TestSetWithExpire(t *testing.T) {
-	c := New(WithAge(1))
+	c := NewLRUCache(WithAge(1))
 	now := time.Now().Unix()
 
 	tenSecBefore := time.Unix(now-10, 0)
@@ -152,7 +152,7 @@ func TestSetWithExpire(t *testing.T) {
 }
 
 func TestStale(t *testing.T) {
-	c := New(WithAge(1), WithStale(true))
+	c := NewLRUCache(WithAge(1), WithStale(true))
 	now := time.Now().Unix()
 
 	tenSecBefore := time.Unix(now-10, 0)
@@ -165,11 +165,11 @@ func TestStale(t *testing.T) {
 }
 
 func TestCloneTo(t *testing.T) {
-	o := New(WithSize(10))
+	o := NewLRUCache(WithSize(10))
 	o.Set("1", 1)
 	o.Set("2", 2)
 
-	n := New(WithSize(2))
+	n := NewLRUCache(WithSize(2))
 	n.Set("3", 3)
 	n.Set("4", 4)
 

common/cmd/cmd.go

@@ -0,0 +1,36 @@
+package cmd
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+)
+
+func ExecCmd(cmdStr string) (string, error) {
+	args := splitArgs(cmdStr)
+
+	var cmd *exec.Cmd
+	if len(args) == 1 {
+		cmd = exec.Command(args[0])
+	} else {
+		cmd = exec.Command(args[0], args[1:]...)
+
+	}
+	prepareBackgroundCommand(cmd)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return "", fmt.Errorf("%v, %s", err, string(out))
+	}
+	return string(out), nil
+}
+
+func splitArgs(cmd string) []string {
+	args := strings.Split(cmd, " ")
+
+	// use in pipeline
+	if len(args) > 2 && strings.ContainsAny(cmd, "|") {
+		suffix := strings.Join(args[2:], " ")
+		args = append(args[:2], suffix)
+	}
+	return args
+}

common/cmd/cmd_other.go

@@ -0,0 +1,11 @@
+//go:build !windows
+
+package cmd
+
+import (
+	"os/exec"
+)
+
+func prepareBackgroundCommand(cmd *exec.Cmd) {
+
+}

common/cmd/cmd_test.go

@@ -0,0 +1,40 @@
+package cmd
+
+import (
+	"runtime"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSplitArgs(t *testing.T) {
+	args := splitArgs("ls")
+	args1 := splitArgs("ls -la")
+	args2 := splitArgs("bash -c ls")
+	args3 := splitArgs("bash -c ls -lahF | grep 'cmd'")
+
+	assert.Equal(t, 1, len(args))
+	assert.Equal(t, 2, len(args1))
+	assert.Equal(t, 3, len(args2))
+	assert.Equal(t, 3, len(args3))
+}
+
+func TestExecCmd(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		_, err := ExecCmd("dir")
+		assert.Nil(t, err)
+		return
+	}
+
+	_, err := ExecCmd("ls")
+	_, err1 := ExecCmd("ls -la")
+	_, err2 := ExecCmd("bash -c ls")
+	_, err3 := ExecCmd("bash -c ls -la")
+	_, err4 := ExecCmd("bash -c ls -la | grep 'cmd'")
+
+	assert.Nil(t, err)
+	assert.Nil(t, err1)
+	assert.Nil(t, err2)
+	assert.Nil(t, err3)
+	assert.Nil(t, err4)
+}

common/cmd/cmd_windows.go

@@ -0,0 +1,12 @@
+//go:build windows
+
+package cmd
+
+import (
+	"os/exec"
+	"syscall"
+)
+
+func prepareBackgroundCommand(cmd *exec.Cmd) {
+	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
+}

common/collections/stack.go

@@ -0,0 +1,56 @@
+package collections
+
+import "sync"
+
+type (
+	stack struct {
+		top    *node
+		length int
+		lock   *sync.RWMutex
+	}
+
+	node struct {
+		value interface{}
+		prev  *node
+	}
+)
+
+// NewStack Create a new stack
+func NewStack() *stack {
+	return &stack{nil, 0, &sync.RWMutex{}}
+}
+
+// Len Return the number of items in the stack
+func (this *stack) Len() int {
+	return this.length
+}
+
+// Peek View the top item on the stack
+func (this *stack) Peek() interface{} {
+	if this.length == 0 {
+		return nil
+	}
+	return this.top.value
+}
+
+// Pop the top item of the stack and return it
+func (this *stack) Pop() interface{} {
+	this.lock.Lock()
+	defer this.lock.Unlock()
+	if this.length == 0 {
+		return nil
+	}
+	n := this.top
+	this.top = n.prev
+	this.length--
+	return n.value
+}
+
+// Push a value onto the top of the stack
+func (this *stack) Push(value interface{}) {
+	this.lock.Lock()
+	defer this.lock.Unlock()
+	n := &node{value, this.top}
+	this.top = n
+	this.length++
+}

common/net/http.go

@@ -0,0 +1,5 @@
+package net
+
+const (
+	UA = "Clash"
+)

common/net/relay.go

@@ -1,24 +0,0 @@
-package net
-
-import (
-	"io"
-	"net"
-	"time"
-)
-
-// Relay copies between left and right bidirectionally.
-func Relay(leftConn, rightConn net.Conn) {
-	ch := make(chan error)
-
-	go func() {
-		// Wrapping to avoid using *net.TCPConn.(ReadFrom)
-		// See also https://github.com/Dreamacro/clash/pull/1209
-		_, err := io.Copy(WriteOnlyWriter{Writer: leftConn}, ReadOnlyReader{Reader: rightConn})
-		leftConn.SetReadDeadline(time.Now())
-		ch <- err
-	}()
-
-	io.Copy(WriteOnlyWriter{Writer: rightConn}, ReadOnlyReader{Reader: leftConn})
-	rightConn.SetReadDeadline(time.Now())
-	<-ch
-}

common/net/tcpip.go

@@ -0,0 +1,46 @@
+package net
+
+import (
+	"fmt"
+	"net"
+	"strings"
+)
+
+func SplitNetworkType(s string) (string, string, error) {
+	var (
+		shecme   string
+		hostPort string
+	)
+	result := strings.Split(s, "://")
+	if len(result) == 2 {
+		shecme = result[0]
+		hostPort = result[1]
+	} else if len(result) == 1 {
+		hostPort = result[0]
+	} else {
+		return "", "", fmt.Errorf("tcp/udp style error")
+	}
+
+	if len(shecme) == 0 {
+		shecme = "udp"
+	}
+
+	if shecme != "tcp" && shecme != "udp" {
+		return "", "", fmt.Errorf("scheme should be tcp:// or udp://")
+	} else {
+		return shecme, hostPort, nil
+	}
+}
+
+func SplitHostPort(s string) (host, port string, hasPort bool, err error) {
+	temp := s
+	hasPort = true
+
+	if !strings.Contains(s, ":") && !strings.Contains(s, "]:") {
+		temp += ":0"
+		hasPort = false
+	}
+
+	host, port, err = net.SplitHostPort(temp)
+	return
+}

common/pool/alloc.go

@@ -52,8 +52,8 @@ func (alloc *Allocator) Put(buf []byte) error {
 		return errors.New("allocator Put() incorrect buffer size")
 	}
 
-	//nolint
 	//lint:ignore SA6002 ignore temporarily
+	//nolint
 	alloc.buffers[bits].Put(buf)
 	return nil
 }

common/singledo/singledo.go

@@ -25,6 +25,7 @@ type Result struct {
 }
 
 // Do single.Do likes sync.singleFlight
+//lint:ignore ST1008 it likes sync.singleFlight
 func (s *Single) Do(fn func() (any, error)) (v any, err error, shared bool) {
 	s.mux.Lock()
 	now := time.Now()

common/structure/structure.go

@@ -159,19 +159,9 @@ func (d *Decoder) decodeSlice(name string, data any, val reflect.Value) error {
 		for valSlice.Len() <= i {
 			valSlice = reflect.Append(valSlice, reflect.Zero(valElemType))
 		}
-		fieldName := fmt.Sprintf("%s[%d]", name, i)
-		if currentData == nil {
-			// in weakly type mode, null will convert to zero value
-			if d.option.WeaklyTypedInput {
-				continue
-			}
-			// in non-weakly type mode, null will convert to nil if element's zero value is nil, otherwise return an error
-			if elemKind := valElemType.Kind(); elemKind == reflect.Map || elemKind == reflect.Slice {
-				continue
-			}
-			return fmt.Errorf("'%s' can not be null", fieldName)
-		}
 		currentField := valSlice.Index(i)
+
+		fieldName := fmt.Sprintf("%s[%d]", name, i)
 		if err := d.decode(fieldName, currentData, currentField); err != nil {
 			return err
 		}

common/structure/structure_test.go

@@ -137,45 +137,3 @@ func TestStructure_Nest(t *testing.T) {
 	assert.Nil(t, err)
 	assert.Equal(t, s.BazOptional, goal)
 }
-
-func TestStructure_SliceNilValue(t *testing.T) {
-	rawMap := map[string]any{
-		"foo": 1,
-		"bar": []any{"bar", nil},
-	}
-
-	goal := &BazSlice{
-		Foo: 1,
-		Bar: []string{"bar", ""},
-	}
-
-	s := &BazSlice{}
-	err := weakTypeDecoder.Decode(rawMap, s)
-	assert.Nil(t, err)
-	assert.Equal(t, goal.Bar, s.Bar)
-
-	s = &BazSlice{}
-	err = decoder.Decode(rawMap, s)
-	assert.NotNil(t, err)
-}
-
-func TestStructure_SliceNilValueComplex(t *testing.T) {
-	rawMap := map[string]any{
-		"bar": []any{map[string]any{"bar": "foo"}, nil},
-	}
-
-	s := &struct {
-		Bar []map[string]any `test:"bar"`
-	}{}
-
-	err := decoder.Decode(rawMap, s)
-	assert.Nil(t, err)
-	assert.Nil(t, s.Bar[1])
-
-	ss := &struct {
-		Bar []Baz `test:"bar"`
-	}{}
-
-	err = decoder.Decode(rawMap, ss)
-	assert.NotNil(t, err)
-}

component/dialer/dialer.go

@@ -9,6 +9,19 @@ import (
 )
 
 func DialContext(ctx context.Context, network, address string, options ...Option) (net.Conn, error) {
+	opt := &option{
+		interfaceName: DefaultInterface.Load(),
+		routingMark:   int(DefaultRoutingMark.Load()),
+	}
+
+	for _, o := range DefaultOptions {
+		o(opt)
+	}
+
+	for _, o := range options {
+		o(opt)
+	}
+
 	switch network {
 	case "tcp4", "tcp6", "udp4", "udp6":
 		host, port, err := net.SplitHostPort(address)
@@ -19,17 +32,25 @@ func DialContext(ctx context.Context, network, address string, options ...Option
 		var ip net.IP
 		switch network {
 		case "tcp4", "udp4":
+			if !opt.direct {
+				ip, err = resolver.ResolveIPv4ProxyServerHost(host)
+			} else {
 				ip, err = resolver.ResolveIPv4(host)
+			}
 		default:
+			if !opt.direct {
+				ip, err = resolver.ResolveIPv6ProxyServerHost(host)
+			} else {
 				ip, err = resolver.ResolveIPv6(host)
 			}
+		}
 		if err != nil {
 			return nil, err
 		}
 
-		return dialContext(ctx, network, ip, port, options)
+		return dialContext(ctx, network, ip, port, opt)
 	case "tcp", "udp":
-		return dualStackDialContext(ctx, network, address, options)
+		return dualStackDialContext(ctx, network, address, opt)
 	default:
 		return nil, errors.New("network invalid")
 	}
@@ -67,20 +88,7 @@ func ListenPacket(ctx context.Context, network, address string, options ...Optio
 	return lc.ListenPacket(ctx, network, address)
 }
 
-func dialContext(ctx context.Context, network string, destination net.IP, port string, options []Option) (net.Conn, error) {
+func dialContext(ctx context.Context, network string, destination net.IP, port string, opt *option) (net.Conn, error) {
-	opt := &option{
-		interfaceName: DefaultInterface.Load(),
-		routingMark:   int(DefaultRoutingMark.Load()),
-	}
-
-	for _, o := range DefaultOptions {
-		o(opt)
-	}
-
-	for _, o := range options {
-		o(opt)
-	}
-
 	dialer := &net.Dialer{}
 	if opt.interfaceName != "" {
 		if err := bindIfaceToDialer(opt.interfaceName, dialer, network, destination); err != nil {
@@ -94,7 +102,7 @@ func dialContext(ctx context.Context, network string, destination net.IP, port s
 	return dialer.DialContext(ctx, network, net.JoinHostPort(destination.String(), port))
 }
 
-func dualStackDialContext(ctx context.Context, network, address string, options []Option) (net.Conn, error) {
+func dualStackDialContext(ctx context.Context, network, address string, opt *option) (net.Conn, error) {
 	host, port, err := net.SplitHostPort(address)
 	if err != nil {
 		return nil, err
@@ -113,7 +121,7 @@ func dualStackDialContext(ctx context.Context, network, address string, options
 	results := make(chan dialResult)
 	var primary, fallback dialResult
 
-	startRacer := func(ctx context.Context, network, host string, ipv6 bool) {
+	startRacer := func(ctx context.Context, network, host string, direct bool, ipv6 bool) {
 		result := dialResult{ipv6: ipv6, done: true}
 		defer func() {
 			select {
@@ -127,20 +135,28 @@ func dualStackDialContext(ctx context.Context, network, address string, options
 
 		var ip net.IP
 		if ipv6 {
+			if !direct {
+				ip, result.error = resolver.ResolveIPv6ProxyServerHost(host)
+			} else {
 				ip, result.error = resolver.ResolveIPv6(host)
+			}
+		} else {
+			if !direct {
+				ip, result.error = resolver.ResolveIPv4ProxyServerHost(host)
 			} else {
 				ip, result.error = resolver.ResolveIPv4(host)
 			}
+		}
 		if result.error != nil {
 			return
 		}
 		result.resolved = true
 
-		result.Conn, result.error = dialContext(ctx, network, ip, port, options)
+		result.Conn, result.error = dialContext(ctx, network, ip, port, opt)
 	}
 
-	go startRacer(ctx, network+"4", host, false)
+	go startRacer(ctx, network+"4", host, opt.direct, false)
-	go startRacer(ctx, network+"6", host, true)
+	go startRacer(ctx, network+"6", host, opt.direct, true)
 
 	for res := range results {
 		if res.error == nil {

component/dialer/mark_linux.go

@@ -31,13 +31,13 @@ func bindMarkToControl(mark int, chain controlFn) controlFn {
 			}
 		}
 
-		var innerErr error
+		return c.Control(func(fd uintptr) {
-		err = c.Control(func(fd uintptr) {
+			switch network {
-			innerErr = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, mark)
+			case "tcp4", "udp4":
+				syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, mark)
+			case "tcp6", "udp6":
+				syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, mark)
+			}
 		})
-		if innerErr != nil {
-			err = innerErr
-		}
-		return
 	}
 }

component/dialer/options.go

@@ -12,6 +12,7 @@ type option struct {
 	interfaceName string
 	addrReuse     bool
 	routingMark   int
+	direct        bool
 }
 
 type Option func(opt *option)
@@ -33,3 +34,9 @@ func WithRoutingMark(mark int) Option {
 		opt.routingMark = mark
 	}
 }
+
+func WithDirect() Option {
+	return func(opt *option) {
+		opt.direct = true
+	}
+}

component/dialer/resolver.go

@@ -0,0 +1,28 @@
+package dialer
+
+import (
+	"context"
+	"net"
+)
+
+func init() {
+	// We must use this DialContext to query DNS
+	// when using net default resolver.
+	net.DefaultResolver.PreferGo = true
+	net.DefaultResolver.Dial = resolverDialContext
+}
+
+func resolverDialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	d := &net.Dialer{}
+
+	interfaceName := DefaultInterface.Load()
+
+	if interfaceName != "" {
+		dstIP := net.ParseIP(address)
+		if dstIP != nil {
+			bindIfaceToDialer(interfaceName, d, network, dstIP)
+		}
+	}
+
+	return d.DialContext(ctx, network, address)
+}

component/fakeip/cachefile.go

@@ -53,3 +53,8 @@ func (c *cachefileStore) Exist(ip net.IP) bool {
 // CloneTo implements store.CloneTo
 // already persistence
 func (c *cachefileStore) CloneTo(store store) {}
+
+// FlushFakeIP implements store.FlushFakeIP
+func (c *cachefileStore) FlushFakeIP() error {
+	return c.cache.FlushFakeIP()
+}

component/fakeip/memory.go

@@ -67,3 +67,8 @@ func (m *memoryStore) CloneTo(store store) {
 		m.cache.CloneTo(ms.cache)
 	}
 }
+
+// FlushFakeIP implements store.FlushFakeIP
+func (m *memoryStore) FlushFakeIP() error {
+	return m.cache.Clear()
+}

component/fakeip/pool.go

@@ -3,7 +3,6 @@ package fakeip
 import (
 	"errors"
 	"net"
-	"strings"
 	"sync"
 
 	"github.com/Dreamacro/clash/common/cache"
@@ -19,6 +18,7 @@ type store interface {
 	DelByIP(ip net.IP)
 	Exist(ip net.IP) bool
 	CloneTo(store)
+	FlushFakeIP() error
 }
 
 // Pool is a implementation about fake ip generator without storage
@@ -26,6 +26,7 @@ type Pool struct {
 	max       uint32
 	min       uint32
 	gateway   uint32
+	broadcast uint32
 	offset    uint32
 	mux       sync.Mutex
 	host      *trie.DomainTrie
@@ -37,9 +38,6 @@ type Pool struct {
 func (p *Pool) Lookup(host string) net.IP {
 	p.mux.Lock()
 	defer p.mux.Unlock()
-
-	// RFC4343: DNS Case Insensitive, we SHOULD return result with all cases.
-	host = strings.ToLower(host)
 	if ip, exist := p.store.GetByHost(host); exist {
 		return ip
 	}
@@ -86,6 +84,11 @@ func (p *Pool) Gateway() net.IP {
 	return uintToIP(p.gateway)
 }
 
+// Broadcast return broadcast ip
+func (p *Pool) Broadcast() net.IP {
+	return uintToIP(p.broadcast)
+}
+
 // IPNet return raw ipnet
 func (p *Pool) IPNet() *net.IPNet {
 	return p.ipnet
@@ -118,6 +121,10 @@ func (p *Pool) get(host string) net.IP {
 	return ip
 }
 
+func (p *Pool) FlushFakeIP() error {
+	return p.store.FlushFakeIP()
+}
+
 func ipToUint(ip net.IP) uint32 {
 	v := uint32(ip[0]) << 24
 	v += uint32(ip[1]) << 16
@@ -145,10 +152,10 @@ type Options struct {
 
 // New return Pool instance
 func New(options Options) (*Pool, error) {
-	min := ipToUint(options.IPNet.IP) + 2
+	min := ipToUint(options.IPNet.IP) + 3
 
 	ones, bits := options.IPNet.Mask.Size()
-	total := 1<<uint(bits-ones) - 2
+	total := 1<<uint(bits-ones) - 4
 
 	if total <= 0 {
 		return nil, errors.New("ipnet don't have valid ip")
@@ -158,7 +165,8 @@ func New(options Options) (*Pool, error) {
 	pool := &Pool{
 		min:       min,
 		max:       max,
-		gateway: min - 1,
+		gateway:   min - 2,
+		broadcast: max + 1,
 		host:      options.Host,
 		ipnet:     options.IPNet,
 	}
@@ -168,7 +176,7 @@ func New(options Options) (*Pool, error) {
 		}
 	} else {
 		pool.store = &memoryStore{
-			cache: cache.New(cache.WithSize(options.Size * 2)),
+			cache: cache.NewLRUCache(cache.WithSize(options.Size * 2)),
 		}
 	}
 

component/fakeip/pool_test.go

@@ -49,7 +49,7 @@ func createCachefileStore(options Options) (*Pool, string, error) {
 }
 
 func TestPool_Basic(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/29")
+	_, ipnet, _ := net.ParseCIDR("192.168.0.0/28")
 	pools, tempfile, err := createPools(Options{
 		IPNet: ipnet,
 		Size:  10,
@@ -62,42 +62,22 @@ func TestPool_Basic(t *testing.T) {
 		last := pool.Lookup("bar.com")
 		bar, exist := pool.LookBack(last)
 
-		assert.True(t, first.Equal(net.IP{192, 168, 0, 2}))
+		assert.True(t, first.Equal(net.IP{192, 168, 0, 3}))
-		assert.Equal(t, pool.Lookup("foo.com"), net.IP{192, 168, 0, 2})
+		assert.Equal(t, pool.Lookup("foo.com"), net.IP{192, 168, 0, 3})
-		assert.True(t, last.Equal(net.IP{192, 168, 0, 3}))
+		assert.True(t, last.Equal(net.IP{192, 168, 0, 4}))
 		assert.True(t, exist)
 		assert.Equal(t, bar, "bar.com")
 		assert.Equal(t, pool.Gateway(), net.IP{192, 168, 0, 1})
+		assert.Equal(t, pool.Broadcast(), net.IP{192, 168, 0, 15})
 		assert.Equal(t, pool.IPNet().String(), ipnet.String())
-		assert.True(t, pool.Exist(net.IP{192, 168, 0, 3}))
+		assert.True(t, pool.Exist(net.IP{192, 168, 0, 4}))
-		assert.False(t, pool.Exist(net.IP{192, 168, 0, 4}))
+		assert.False(t, pool.Exist(net.IP{192, 168, 0, 5}))
 		assert.False(t, pool.Exist(net.ParseIP("::1")))
 	}
 }
 
-func TestPool_Case_Insensitive(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/29")
-	pools, tempfile, err := createPools(Options{
-		IPNet: ipnet,
-		Size:  10,
-	})
-	assert.Nil(t, err)
-	defer os.Remove(tempfile)
-
-	for _, pool := range pools {
-		first := pool.Lookup("foo.com")
-		last := pool.Lookup("Foo.Com")
-		foo, exist := pool.LookBack(last)
-
-		assert.True(t, first.Equal(pool.Lookup("Foo.Com")))
-		assert.Equal(t, pool.Lookup("fOo.cOM"), first)
-		assert.True(t, exist)
-		assert.Equal(t, foo, "foo.com")
-	}
-}
-
 func TestPool_CycleUsed(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/29")
+	_, ipnet, _ := net.ParseCIDR("192.168.0.16/28")
 	pools, tempfile, err := createPools(Options{
 		IPNet: ipnet,
 		Size:  10,
@@ -108,7 +88,7 @@ func TestPool_CycleUsed(t *testing.T) {
 	for _, pool := range pools {
 		foo := pool.Lookup("foo.com")
 		bar := pool.Lookup("bar.com")
-		for i := 0; i < 3; i++ {
+		for i := 0; i < 9; i++ {
 			pool.Lookup(fmt.Sprintf("%d.com", i))
 		}
 		baz := pool.Lookup("baz.com")
@@ -119,7 +99,7 @@ func TestPool_CycleUsed(t *testing.T) {
 }
 
 func TestPool_Skip(t *testing.T) {
-	_, ipnet, _ := net.ParseCIDR("192.168.0.1/30")
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/29")
 	tree := trie.New()
 	tree.Insert("example.com", tree)
 	pools, tempfile, err := createPools(Options{
@@ -190,8 +170,8 @@ func TestPool_Clone(t *testing.T) {
 
 	first := pool.Lookup("foo.com")
 	last := pool.Lookup("bar.com")
-	assert.True(t, first.Equal(net.IP{192, 168, 0, 2}))
+	assert.True(t, first.Equal(net.IP{192, 168, 0, 3}))
-	assert.True(t, last.Equal(net.IP{192, 168, 0, 3}))
+	assert.True(t, last.Equal(net.IP{192, 168, 0, 4}))
 
 	newPool, _ := New(Options{
 		IPNet: ipnet,
@@ -213,3 +193,59 @@ func TestPool_Error(t *testing.T) {
 
 	assert.Error(t, err)
 }
+
+func TestPool_FlushFileCache(t *testing.T) {
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/28")
+	pools, tempfile, err := createPools(Options{
+		IPNet: ipnet,
+		Size:  10,
+	})
+	assert.Nil(t, err)
+	defer os.Remove(tempfile)
+
+	for _, pool := range pools {
+		foo := pool.Lookup("foo.com")
+		bar := pool.Lookup("baz.com")
+		bax := pool.Lookup("baz.com")
+		fox := pool.Lookup("foo.com")
+
+		err = pool.FlushFakeIP()
+		assert.Nil(t, err)
+
+		baz := pool.Lookup("foo.com")
+		next := pool.Lookup("baz.com")
+		nero := pool.Lookup("foo.com")
+
+		assert.Equal(t, foo, fox)
+		assert.NotEqual(t, foo, baz)
+		assert.Equal(t, bar, bax)
+		assert.NotEqual(t, bar, next)
+		assert.Equal(t, baz, nero)
+	}
+}
+
+func TestPool_FlushMemoryCache(t *testing.T) {
+	_, ipnet, _ := net.ParseCIDR("192.168.0.1/28")
+	pool, _ := New(Options{
+		IPNet: ipnet,
+		Size:  10,
+	})
+
+	foo := pool.Lookup("foo.com")
+	bar := pool.Lookup("baz.com")
+	bax := pool.Lookup("baz.com")
+	fox := pool.Lookup("foo.com")
+
+	err := pool.FlushFakeIP()
+	assert.Nil(t, err)
+
+	baz := pool.Lookup("foo.com")
+	next := pool.Lookup("baz.com")
+	nero := pool.Lookup("foo.com")
+
+	assert.Equal(t, foo, fox)
+	assert.NotEqual(t, foo, baz)
+	assert.Equal(t, bar, bax)
+	assert.NotEqual(t, bar, next)
+	assert.Equal(t, baz, nero)
+}

component/geodata/attr.go

@@ -0,0 +1,51 @@
+package geodata
+
+import (
+	"strings"
+
+	"github.com/Dreamacro/clash/component/geodata/router"
+)
+
+type AttributeList struct {
+	matcher []AttributeMatcher
+}
+
+func (al *AttributeList) Match(domain *router.Domain) bool {
+	for _, matcher := range al.matcher {
+		if !matcher.Match(domain) {
+			return false
+		}
+	}
+	return true
+}
+
+func (al *AttributeList) IsEmpty() bool {
+	return len(al.matcher) == 0
+}
+
+func parseAttrs(attrs []string) *AttributeList {
+	al := new(AttributeList)
+	for _, attr := range attrs {
+		trimmedAttr := strings.ToLower(strings.TrimSpace(attr))
+		if len(trimmedAttr) == 0 {
+			continue
+		}
+		al.matcher = append(al.matcher, BooleanMatcher(trimmedAttr))
+	}
+	return al
+}
+
+type AttributeMatcher interface {
+	Match(*router.Domain) bool
+}
+
+type BooleanMatcher string
+
+func (m BooleanMatcher) Match(domain *router.Domain) bool {
+	for _, attr := range domain.Attribute {
+		if strings.EqualFold(attr.GetKey(), string(m)) {
+			return true
+		}
+	}
+	return false
+}

component/geodata/geodata.go

@@ -0,0 +1,87 @@
+package geodata
+
+import (
+	"errors"
+	"fmt"
+	C "github.com/Dreamacro/clash/constant"
+	"strings"
+
+	"github.com/Dreamacro/clash/component/geodata/router"
+	"github.com/Dreamacro/clash/log"
+)
+
+type loader struct {
+	LoaderImplementation
+}
+
+func (l *loader) LoadGeoSite(list string) ([]*router.Domain, error) {
+	return l.LoadGeoSiteWithAttr(C.GeositeName, list)
+}
+
+func (l *loader) LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*router.Domain, error) {
+	parts := strings.Split(siteWithAttr, "@")
+	if len(parts) == 0 {
+		return nil, errors.New("empty rule")
+	}
+	list := strings.TrimSpace(parts[0])
+	attrVal := parts[1:]
+
+	if len(list) == 0 {
+		return nil, fmt.Errorf("empty listname in rule: %s", siteWithAttr)
+	}
+
+	domains, err := l.LoadSite(file, list)
+	if err != nil {
+		return nil, err
+	}
+
+	attrs := parseAttrs(attrVal)
+	if attrs.IsEmpty() {
+		if strings.Contains(siteWithAttr, "@") {
+			log.Warnln("empty attribute list: %s", siteWithAttr)
+		}
+		return domains, nil
+	}
+
+	filteredDomains := make([]*router.Domain, 0, len(domains))
+	hasAttrMatched := false
+	for _, domain := range domains {
+		if attrs.Match(domain) {
+			hasAttrMatched = true
+			filteredDomains = append(filteredDomains, domain)
+		}
+	}
+	if !hasAttrMatched {
+		log.Warnln("attribute match no rule: geosite: %s", siteWithAttr)
+	}
+
+	return filteredDomains, nil
+}
+
+func (l *loader) LoadGeoIP(country string) ([]*router.CIDR, error) {
+	return l.LoadIP(C.GeoipName, country)
+}
+
+var loaders map[string]func() LoaderImplementation
+
+func RegisterGeoDataLoaderImplementationCreator(name string, loader func() LoaderImplementation) {
+	if loaders == nil {
+		loaders = map[string]func() LoaderImplementation{}
+	}
+	loaders[name] = loader
+}
+
+func getGeoDataLoaderImplementation(name string) (LoaderImplementation, error) {
+	if geoLoader, ok := loaders[name]; ok {
+		return geoLoader(), nil
+	}
+	return nil, fmt.Errorf("unable to locate GeoData loader %s", name)
+}
+
+func GetGeoDataLoader(name string) (Loader, error) {
+	loadImpl, err := getGeoDataLoaderImplementation(name)
+	if err == nil {
+		return &loader{loadImpl}, nil
+	}
+	return nil, err
+}

component/geodata/geodataproto.go

@@ -0,0 +1,17 @@
+package geodata
+
+import (
+	"github.com/Dreamacro/clash/component/geodata/router"
+)
+
+type LoaderImplementation interface {
+	LoadSite(filename, list string) ([]*router.Domain, error)
+	LoadIP(filename, country string) ([]*router.CIDR, error)
+}
+
+type Loader interface {
+	LoaderImplementation
+	LoadGeoSite(list string) ([]*router.Domain, error)
+	LoadGeoSiteWithAttr(file string, siteWithAttr string) ([]*router.Domain, error)
+	LoadGeoIP(country string) ([]*router.CIDR, error)
+}

component/geodata/memconservative/cache.go

@@ -0,0 +1,142 @@
+package memconservative
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/Dreamacro/clash/component/geodata/router"
+	C "github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/log"
+	"google.golang.org/protobuf/proto"
+)
+
+type GeoIPCache map[string]*router.GeoIP
+
+func (g GeoIPCache) Has(key string) bool {
+	return !(g.Get(key) == nil)
+}
+
+func (g GeoIPCache) Get(key string) *router.GeoIP {
+	if g == nil {
+		return nil
+	}
+	return g[key]
+}
+
+func (g GeoIPCache) Set(key string, value *router.GeoIP) {
+	if g == nil {
+		g = make(map[string]*router.GeoIP)
+	}
+	g[key] = value
+}
+
+func (g GeoIPCache) Unmarshal(filename, code string) (*router.GeoIP, error) {
+	asset := C.Path.GetAssetLocation(filename)
+	idx := strings.ToLower(asset + ":" + code)
+	if g.Has(idx) {
+		return g.Get(idx), nil
+	}
+
+	geoipBytes, err := Decode(asset, code)
+	switch err {
+	case nil:
+		var geoip router.GeoIP
+		if err := proto.Unmarshal(geoipBytes, &geoip); err != nil {
+			return nil, err
+		}
+		g.Set(idx, &geoip)
+		return &geoip, nil
+
+	case errCodeNotFound:
+		return nil, fmt.Errorf("country code %s%s%s", code, " not found in ", filename)
+
+	case errFailedToReadBytes, errFailedToReadExpectedLenBytes,
+		errInvalidGeodataFile, errInvalidGeodataVarintLength:
+		log.Warnln("failed to decode geoip file: %s%s", filename, ", fallback to the original ReadFile method")
+		geoipBytes, err = os.ReadFile(asset)
+		if err != nil {
+			return nil, err
+		}
+		var geoipList router.GeoIPList
+		if err := proto.Unmarshal(geoipBytes, &geoipList); err != nil {
+			return nil, err
+		}
+		for _, geoip := range geoipList.GetEntry() {
+			if strings.EqualFold(code, geoip.GetCountryCode()) {
+				g.Set(idx, geoip)
+				return geoip, nil
+			}
+		}
+
+	default:
+		return nil, err
+	}
+
+	return nil, fmt.Errorf("country code %s%s%s", code, " not found in ", filename)
+}
+
+type GeoSiteCache map[string]*router.GeoSite
+
+func (g GeoSiteCache) Has(key string) bool {
+	return !(g.Get(key) == nil)
+}
+
+func (g GeoSiteCache) Get(key string) *router.GeoSite {
+	if g == nil {
+		return nil
+	}
+	return g[key]
+}
+
+func (g GeoSiteCache) Set(key string, value *router.GeoSite) {
+	if g == nil {
+		g = make(map[string]*router.GeoSite)
+	}
+	g[key] = value
+}
+
+func (g GeoSiteCache) Unmarshal(filename, code string) (*router.GeoSite, error) {
+	asset := C.Path.GetAssetLocation(filename)
+	idx := strings.ToLower(asset + ":" + code)
+	if g.Has(idx) {
+		return g.Get(idx), nil
+	}
+
+	geositeBytes, err := Decode(asset, code)
+	switch err {
+	case nil:
+		var geosite router.GeoSite
+		if err := proto.Unmarshal(geositeBytes, &geosite); err != nil {
+			return nil, err
+		}
+		g.Set(idx, &geosite)
+		return &geosite, nil
+
+	case errCodeNotFound:
+		return nil, fmt.Errorf("list %s%s%s", code, " not found in ", filename)
+
+	case errFailedToReadBytes, errFailedToReadExpectedLenBytes,
+		errInvalidGeodataFile, errInvalidGeodataVarintLength:
+		log.Warnln("failed to decode geoip file: %s%s", filename, ", fallback to the original ReadFile method")
+		geositeBytes, err = os.ReadFile(asset)
+		if err != nil {
+			return nil, err
+		}
+		var geositeList router.GeoSiteList
+		if err := proto.Unmarshal(geositeBytes, &geositeList); err != nil {
+			return nil, err
+		}
+		for _, geosite := range geositeList.GetEntry() {
+			if strings.EqualFold(code, geosite.GetCountryCode()) {
+				g.Set(idx, geosite)
+				return geosite, nil
+			}
+		}
+
+	default:
+		return nil, err
+	}
+
+	return nil, fmt.Errorf("list %s%s%s", code, " not found in ", filename)
+}

component/geodata/memconservative/decode.go

@@ -0,0 +1,107 @@
+package memconservative
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"google.golang.org/protobuf/encoding/protowire"
+)
+
+var (
+	errFailedToReadBytes            = errors.New("failed to read bytes")
+	errFailedToReadExpectedLenBytes = errors.New("failed to read expected length of bytes")
+	errInvalidGeodataFile           = errors.New("invalid geodata file")
+	errInvalidGeodataVarintLength   = errors.New("invalid geodata varint length")
+	errCodeNotFound                 = errors.New("code not found")
+)
+
+func emitBytes(f io.ReadSeeker, code string) ([]byte, error) {
+	count := 1
+	isInner := false
+	tempContainer := make([]byte, 0, 5)
+
+	var result []byte
+	var advancedN uint64 = 1
+	var geoDataVarintLength, codeVarintLength, varintLenByteLen uint64 = 0, 0, 0
+
+Loop:
+	for {
+		container := make([]byte, advancedN)
+		bytesRead, err := f.Read(container)
+		if err == io.EOF {
+			return nil, errCodeNotFound
+		}
+		if err != nil {
+			return nil, errFailedToReadBytes
+		}
+		if bytesRead != len(container) {
+			return nil, errFailedToReadExpectedLenBytes
+		}
+
+		switch count {
+		case 1, 3: // data type ((field_number << 3) | wire_type)
+			if container[0] != 10 { // byte `0A` equals to `10` in decimal
+				return nil, errInvalidGeodataFile
+			}
+			advancedN = 1
+			count++
+		case 2, 4: // data length
+			tempContainer = append(tempContainer, container...)
+			if container[0] > 127 { // max one-byte-length byte `7F`(0FFF FFFF) equals to `127` in decimal
+				advancedN = 1
+				goto Loop
+			}
+			lenVarint, n := protowire.ConsumeVarint(tempContainer)
+			if n < 0 {
+				return nil, errInvalidGeodataVarintLength
+			}
+			tempContainer = nil
+			if !isInner {
+				isInner = true
+				geoDataVarintLength = lenVarint
+				advancedN = 1
+			} else {
+				isInner = false
+				codeVarintLength = lenVarint
+				varintLenByteLen = uint64(n)
+				advancedN = codeVarintLength
+			}
+			count++
+		case 5: // data value
+			if strings.EqualFold(string(container), code) {
+				count++
+				offset := -(1 + int64(varintLenByteLen) + int64(codeVarintLength))
+				_, _ = f.Seek(offset, 1)        // back to the start of GeoIP or GeoSite varint
+				advancedN = geoDataVarintLength // the number of bytes to be read in next round
+			} else {
+				count = 1
+				offset := int64(geoDataVarintLength) - int64(codeVarintLength) - int64(varintLenByteLen) - 1
+				_, _ = f.Seek(offset, 1) // skip the unmatched GeoIP or GeoSite varint
+				advancedN = 1            // the next round will be the start of another GeoIPList or GeoSiteList
+			}
+		case 6: // matched GeoIP or GeoSite varint
+			result = container
+			break Loop
+		}
+	}
+	return result, nil
+}
+
+func Decode(filename, code string) ([]byte, error) {
+	f, err := os.Open(filename)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open file: %s, base error: %s", filename, err.Error())
+	}
+	defer func(f *os.File) {
+		_ = f.Close()
+	}(f)
+
+	geoBytes, err := emitBytes(f, code)
+	if err != nil {
+		return nil, err
+	}
+	return geoBytes, nil
+}

component/geodata/memconservative/memc.go

@@ -0,0 +1,40 @@
+package memconservative
+
+import (
+	"fmt"
+	"runtime"
+
+	"github.com/Dreamacro/clash/component/geodata"
+	"github.com/Dreamacro/clash/component/geodata/router"
+)
+
+type memConservativeLoader struct {
+	geoipcache   GeoIPCache
+	geositecache GeoSiteCache
+}
+
+func (m *memConservativeLoader) LoadIP(filename, country string) ([]*router.CIDR, error) {
+	defer runtime.GC()
+	geoip, err := m.geoipcache.Unmarshal(filename, country)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decode geodata file: %s, base error: %s", filename, err.Error())
+	}
+	return geoip.Cidr, nil
+}
+
+func (m *memConservativeLoader) LoadSite(filename, list string) ([]*router.Domain, error) {
+	defer runtime.GC()
+	geosite, err := m.geositecache.Unmarshal(filename, list)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decode geodata file: %s, base error: %s", filename, err.Error())
+	}
+	return geosite.Domain, nil
+}
+
+func newMemConservativeLoader() geodata.LoaderImplementation {
+	return &memConservativeLoader{make(map[string]*router.GeoIP), make(map[string]*router.GeoSite)}
+}
+
+func init() {
+	geodata.RegisterGeoDataLoaderImplementationCreator("memconservative", newMemConservativeLoader)
+}

component/geodata/package_info.go

@@ -0,0 +1,4 @@
+// Modified from: https://github.com/v2fly/v2ray-core/tree/master/infra/conf/geodata
+// License: MIT
+
+package geodata

component/geodata/router/condition.go

@@ -0,0 +1,350 @@
+package router
+
+import (
+	"encoding/binary"
+	"fmt"
+	"net"
+	"sort"
+	"strings"
+
+	"github.com/Dreamacro/clash/component/geodata/strmatcher"
+)
+
+var matcherTypeMap = map[Domain_Type]strmatcher.Type{
+	Domain_Plain:  strmatcher.Substr,
+	Domain_Regex:  strmatcher.Regex,
+	Domain_Domain: strmatcher.Domain,
+	Domain_Full:   strmatcher.Full,
+}
+
+func domainToMatcher(domain *Domain) (strmatcher.Matcher, error) {
+	matcherType, f := matcherTypeMap[domain.Type]
+	if !f {
+		return nil, fmt.Errorf("unsupported domain type %v", domain.Type)
+	}
+
+	matcher, err := matcherType.New(domain.Value)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create domain matcher, base error: %s", err.Error())
+	}
+
+	return matcher, nil
+}
+
+type DomainMatcher struct {
+	matchers strmatcher.IndexMatcher
+}
+
+func NewMphMatcherGroup(domains []*Domain) (*DomainMatcher, error) {
+	g := strmatcher.NewMphMatcherGroup()
+	for _, d := range domains {
+		matcherType, f := matcherTypeMap[d.Type]
+		if !f {
+			return nil, fmt.Errorf("unsupported domain type %v", d.Type)
+		}
+		_, err := g.AddPattern(d.Value, matcherType)
+		if err != nil {
+			return nil, err
+		}
+	}
+	g.Build()
+	return &DomainMatcher{
+		matchers: g,
+	}, nil
+}
+
+// NewDomainMatcher new domain matcher.
+func NewDomainMatcher(domains []*Domain) (*DomainMatcher, error) {
+	g := new(strmatcher.MatcherGroup)
+	for _, d := range domains {
+		m, err := domainToMatcher(d)
+		if err != nil {
+			return nil, err
+		}
+		g.Add(m)
+	}
+
+	return &DomainMatcher{
+		matchers: g,
+	}, nil
+}
+
+func (m *DomainMatcher) ApplyDomain(domain string) bool {
+	return len(m.matchers.Match(strings.ToLower(domain))) > 0
+}
+
+// CIDRList is an alias of []*CIDR to provide sort.Interface.
+type CIDRList []*CIDR
+
+// Len implements sort.Interface.
+func (l *CIDRList) Len() int {
+	return len(*l)
+}
+
+// Less implements sort.Interface.
+func (l *CIDRList) Less(i int, j int) bool {
+	ci := (*l)[i]
+	cj := (*l)[j]
+
+	if len(ci.Ip) < len(cj.Ip) {
+		return true
+	}
+
+	if len(ci.Ip) > len(cj.Ip) {
+		return false
+	}
+
+	for k := 0; k < len(ci.Ip); k++ {
+		if ci.Ip[k] < cj.Ip[k] {
+			return true
+		}
+
+		if ci.Ip[k] > cj.Ip[k] {
+			return false
+		}
+	}
+
+	return ci.Prefix < cj.Prefix
+}
+
+// Swap implements sort.Interface.
+func (l *CIDRList) Swap(i int, j int) {
+	(*l)[i], (*l)[j] = (*l)[j], (*l)[i]
+}
+
+type ipv6 struct {
+	a uint64
+	b uint64
+}
+
+type GeoIPMatcher struct {
+	countryCode  string
+	reverseMatch bool
+	ip4          []uint32
+	prefix4      []uint8
+	ip6          []ipv6
+	prefix6      []uint8
+}
+
+func normalize4(ip uint32, prefix uint8) uint32 {
+	return (ip >> (32 - prefix)) << (32 - prefix)
+}
+
+func normalize6(ip ipv6, prefix uint8) ipv6 {
+	if prefix <= 64 {
+		ip.a = (ip.a >> (64 - prefix)) << (64 - prefix)
+		ip.b = 0
+	} else {
+		ip.b = (ip.b >> (128 - prefix)) << (128 - prefix)
+	}
+	return ip
+}
+
+func (m *GeoIPMatcher) Init(cidrs []*CIDR) error {
+	ip4Count := 0
+	ip6Count := 0
+
+	for _, cidr := range cidrs {
+		ip := cidr.Ip
+		switch len(ip) {
+		case 4:
+			ip4Count++
+		case 16:
+			ip6Count++
+		default:
+			return fmt.Errorf("unexpect ip length: %d", len(ip))
+		}
+	}
+
+	cidrList := CIDRList(cidrs)
+	sort.Sort(&cidrList)
+
+	m.ip4 = make([]uint32, 0, ip4Count)
+	m.prefix4 = make([]uint8, 0, ip4Count)
+	m.ip6 = make([]ipv6, 0, ip6Count)
+	m.prefix6 = make([]uint8, 0, ip6Count)
+
+	for _, cidr := range cidrs {
+		ip := cidr.Ip
+		prefix := uint8(cidr.Prefix)
+		switch len(ip) {
+		case 4:
+			m.ip4 = append(m.ip4, normalize4(binary.BigEndian.Uint32(ip), prefix))
+			m.prefix4 = append(m.prefix4, prefix)
+		case 16:
+			ip6 := ipv6{
+				a: binary.BigEndian.Uint64(ip[0:8]),
+				b: binary.BigEndian.Uint64(ip[8:16]),
+			}
+			ip6 = normalize6(ip6, prefix)
+
+			m.ip6 = append(m.ip6, ip6)
+			m.prefix6 = append(m.prefix6, prefix)
+		}
+	}
+
+	return nil
+}
+
+func (m *GeoIPMatcher) SetReverseMatch(isReverseMatch bool) {
+	m.reverseMatch = isReverseMatch
+}
+
+func (m *GeoIPMatcher) match4(ip uint32) bool {
+	if len(m.ip4) == 0 {
+		return false
+	}
+
+	if ip < m.ip4[0] {
+		return false
+	}
+
+	size := uint32(len(m.ip4))
+	l := uint32(0)
+	r := size
+	for l < r {
+		x := ((l + r) >> 1)
+		if ip < m.ip4[x] {
+			r = x
+			continue
+		}
+
+		nip := normalize4(ip, m.prefix4[x])
+		if nip == m.ip4[x] {
+			return true
+		}
+
+		l = x + 1
+	}
+
+	return l > 0 && normalize4(ip, m.prefix4[l-1]) == m.ip4[l-1]
+}
+
+func less6(a ipv6, b ipv6) bool {
+	return a.a < b.a || (a.a == b.a && a.b < b.b)
+}
+
+func (m *GeoIPMatcher) match6(ip ipv6) bool {
+	if len(m.ip6) == 0 {
+		return false
+	}
+
+	if less6(ip, m.ip6[0]) {
+		return false
+	}
+
+	size := uint32(len(m.ip6))
+	l := uint32(0)
+	r := size
+	for l < r {
+		x := (l + r) / 2
+		if less6(ip, m.ip6[x]) {
+			r = x
+			continue
+		}
+
+		if normalize6(ip, m.prefix6[x]) == m.ip6[x] {
+			return true
+		}
+
+		l = x + 1
+	}
+
+	return l > 0 && normalize6(ip, m.prefix6[l-1]) == m.ip6[l-1]
+}
+
+// Match returns true if the given ip is included by the GeoIP.
+func (m *GeoIPMatcher) Match(ip net.IP) bool {
+	switch len(ip) {
+	case 4:
+		if m.reverseMatch {
+			return !m.match4(binary.BigEndian.Uint32(ip))
+		}
+		return m.match4(binary.BigEndian.Uint32(ip))
+	case 16:
+		if m.reverseMatch {
+			return !m.match6(ipv6{
+				a: binary.BigEndian.Uint64(ip[0:8]),
+				b: binary.BigEndian.Uint64(ip[8:16]),
+			})
+		}
+		return m.match6(ipv6{
+			a: binary.BigEndian.Uint64(ip[0:8]),
+			b: binary.BigEndian.Uint64(ip[8:16]),
+		})
+	default:
+		return false
+	}
+}
+
+// GeoIPMatcherContainer is a container for GeoIPMatchers. It keeps unique copies of GeoIPMatcher by country code.
+type GeoIPMatcherContainer struct {
+	matchers []*GeoIPMatcher
+}
+
+// Add adds a new GeoIP set into the container.
+// If the country code of GeoIP is not empty, GeoIPMatcherContainer will try to find an existing one, instead of adding a new one.
+func (c *GeoIPMatcherContainer) Add(geoip *GeoIP) (*GeoIPMatcher, error) {
+	if len(geoip.CountryCode) > 0 {
+		for _, m := range c.matchers {
+			if m.countryCode == geoip.CountryCode && m.reverseMatch == geoip.ReverseMatch {
+				return m, nil
+			}
+		}
+	}
+
+	m := &GeoIPMatcher{
+		countryCode:  geoip.CountryCode,
+		reverseMatch: geoip.ReverseMatch,
+	}
+	if err := m.Init(geoip.Cidr); err != nil {
+		return nil, err
+	}
+	if len(geoip.CountryCode) > 0 {
+		c.matchers = append(c.matchers, m)
+	}
+	return m, nil
+}
+
+var globalGeoIPContainer GeoIPMatcherContainer
+
+type MultiGeoIPMatcher struct {
+	matchers []*GeoIPMatcher
+}
+
+func NewGeoIPMatcher(geoip *GeoIP) (*GeoIPMatcher, error) {
+	matcher, err := globalGeoIPContainer.Add(geoip)
+	if err != nil {
+		return nil, err
+	}
+
+	return matcher, nil
+}
+
+func (m *MultiGeoIPMatcher) ApplyIp(ip net.IP) bool {
+
+	for _, matcher := range m.matchers {
+		if matcher.Match(ip) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func NewMultiGeoIPMatcher(geoips []*GeoIP) (*MultiGeoIPMatcher, error) {
+	var matchers []*GeoIPMatcher
+	for _, geoip := range geoips {
+		matcher, err := globalGeoIPContainer.Add(geoip)
+		if err != nil {
+			return nil, err
+		}
+		matchers = append(matchers, matcher)
+	}
+
+	matcher := &MultiGeoIPMatcher{
+		matchers: matchers,
+	}
+
+	return matcher, nil
+}

component/geodata/router/config.pb.go

@@ -0,0 +1,725 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.28.0
+// 	protoc        v3.19.1
+// source: component/geodata/router/config.proto
+
+package router
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Type of domain value.
+type Domain_Type int32
+
+const (
+	// The value is used as is.
+	Domain_Plain Domain_Type = 0
+	// The value is used as a regular expression.
+	Domain_Regex Domain_Type = 1
+	// The value is a root domain.
+	Domain_Domain Domain_Type = 2
+	// The value is a domain.
+	Domain_Full Domain_Type = 3
+)
+
+// Enum value maps for Domain_Type.
+var (
+	Domain_Type_name = map[int32]string{
+		0: "Plain",
+		1: "Regex",
+		2: "Domain",
+		3: "Full",
+	}
+	Domain_Type_value = map[string]int32{
+		"Plain":  0,
+		"Regex":  1,
+		"Domain": 2,
+		"Full":   3,
+	}
+)
+
+func (x Domain_Type) Enum() *Domain_Type {
+	p := new(Domain_Type)
+	*p = x
+	return p
+}
+
+func (x Domain_Type) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Domain_Type) Descriptor() protoreflect.EnumDescriptor {
+	return file_component_geodata_router_config_proto_enumTypes[0].Descriptor()
+}
+
+func (Domain_Type) Type() protoreflect.EnumType {
+	return &file_component_geodata_router_config_proto_enumTypes[0]
+}
+
+func (x Domain_Type) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Domain_Type.Descriptor instead.
+func (Domain_Type) EnumDescriptor() ([]byte, []int) {
+	return file_component_geodata_router_config_proto_rawDescGZIP(), []int{0, 0}
+}
+
+// Domain for routing decision.
+type Domain struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Domain matching type.
+	Type Domain_Type `protobuf:"varint,1,opt,name=type,proto3,enum=clash.component.geodata.router.Domain_Type" json:"type,omitempty"`
+	// Domain value.
+	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+	// Attributes of this domain. May be used for filtering.
+	Attribute []*Domain_Attribute `protobuf:"bytes,3,rep,name=attribute,proto3" json:"attribute,omitempty"`
+}
+
+func (x *Domain) Reset() {
+	*x = Domain{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_component_geodata_router_config_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Domain) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Domain) ProtoMessage() {}
+
+func (x *Domain) ProtoReflect() protoreflect.Message {
+	mi := &file_component_geodata_router_config_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Domain.ProtoReflect.Descriptor instead.
+func (*Domain) Descriptor() ([]byte, []int) {
+	return file_component_geodata_router_config_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Domain) GetType() Domain_Type {
+	if x != nil {
+		return x.Type
+	}
+	return Domain_Plain
+}
+
+func (x *Domain) GetValue() string {
+	if x != nil {
+		return x.Value
+	}
+	return ""
+}
+
+func (x *Domain) GetAttribute() []*Domain_Attribute {
+	if x != nil {
+		return x.Attribute
+	}
+	return nil
+}
+
+// IP for routing decision, in CIDR form.
+type CIDR struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// IP address, should be either 4 or 16 bytes.
+	Ip []byte `protobuf:"bytes,1,opt,name=ip,proto3" json:"ip,omitempty"`
+	// Number of leading ones in the network mask.
+	Prefix uint32 `protobuf:"varint,2,opt,name=prefix,proto3" json:"prefix,omitempty"`
+}
+
+func (x *CIDR) Reset() {
+	*x = CIDR{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_component_geodata_router_config_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CIDR) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CIDR) ProtoMessage() {}
+
+func (x *CIDR) ProtoReflect() protoreflect.Message {
+	mi := &file_component_geodata_router_config_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CIDR.ProtoReflect.Descriptor instead.
+func (*CIDR) Descriptor() ([]byte, []int) {
+	return file_component_geodata_router_config_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *CIDR) GetIp() []byte {
+	if x != nil {
+		return x.Ip
+	}
+	return nil
+}
+
+func (x *CIDR) GetPrefix() uint32 {
+	if x != nil {
+		return x.Prefix
+	}
+	return 0
+}
+
+type GeoIP struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	CountryCode  string  `protobuf:"bytes,1,opt,name=country_code,json=countryCode,proto3" json:"country_code,omitempty"`
+	Cidr         []*CIDR `protobuf:"bytes,2,rep,name=cidr,proto3" json:"cidr,omitempty"`
+	ReverseMatch bool    `protobuf:"varint,3,opt,name=reverse_match,json=reverseMatch,proto3" json:"reverse_match,omitempty"`
+}
+
+func (x *GeoIP) Reset() {
+	*x = GeoIP{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_component_geodata_router_config_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GeoIP) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GeoIP) ProtoMessage() {}
+
+func (x *GeoIP) ProtoReflect() protoreflect.Message {
+	mi := &file_component_geodata_router_config_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GeoIP.ProtoReflect.Descriptor instead.
+func (*GeoIP) Descriptor() ([]byte, []int) {
+	return file_component_geodata_router_config_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *GeoIP) GetCountryCode() string {
+	if x != nil {
+		return x.CountryCode
+	}
+	return ""
+}
+
+func (x *GeoIP) GetCidr() []*CIDR {
+	if x != nil {
+		return x.Cidr
+	}
+	return nil
+}
+
+func (x *GeoIP) GetReverseMatch() bool {
+	if x != nil {
+		return x.ReverseMatch
+	}
+	return false
+}
+
+type GeoIPList struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Entry []*GeoIP `protobuf:"bytes,1,rep,name=entry,proto3" json:"entry,omitempty"`
+}
+
+func (x *GeoIPList) Reset() {
+	*x = GeoIPList{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_component_geodata_router_config_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GeoIPList) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GeoIPList) ProtoMessage() {}
+
+func (x *GeoIPList) ProtoReflect() protoreflect.Message {
+	mi := &file_component_geodata_router_config_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GeoIPList.ProtoReflect.Descriptor instead.
+func (*GeoIPList) Descriptor() ([]byte, []int) {
+	return file_component_geodata_router_config_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GeoIPList) GetEntry() []*GeoIP {
+	if x != nil {
+		return x.Entry
+	}
+	return nil
+}
+
+type GeoSite struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	CountryCode string    `protobuf:"bytes,1,opt,name=country_code,json=countryCode,proto3" json:"country_code,omitempty"`
+	Domain      []*Domain `protobuf:"bytes,2,rep,name=domain,proto3" json:"domain,omitempty"`
+}
+
+func (x *GeoSite) Reset() {
+	*x = GeoSite{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_component_geodata_router_config_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GeoSite) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GeoSite) ProtoMessage() {}
+
+func (x *GeoSite) ProtoReflect() protoreflect.Message {
+	mi := &file_component_geodata_router_config_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GeoSite.ProtoReflect.Descriptor instead.
+func (*GeoSite) Descriptor() ([]byte, []int) {
+	return file_component_geodata_router_config_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *GeoSite) GetCountryCode() string {
+	if x != nil {
+		return x.CountryCode
+	}
+	return ""
+}
+
+func (x *GeoSite) GetDomain() []*Domain {
+	if x != nil {
+		return x.Domain
+	}
+	return nil
+}
+
+type GeoSiteList struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Entry []*GeoSite `protobuf:"bytes,1,rep,name=entry,proto3" json:"entry,omitempty"`
+}
+
+func (x *GeoSiteList) Reset() {
+	*x = GeoSiteList{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_component_geodata_router_config_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GeoSiteList) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GeoSiteList) ProtoMessage() {}
+
+func (x *GeoSiteList) ProtoReflect() protoreflect.Message {
+	mi := &file_component_geodata_router_config_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GeoSiteList.ProtoReflect.Descriptor instead.
+func (*GeoSiteList) Descriptor() ([]byte, []int) {
+	return file_component_geodata_router_config_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *GeoSiteList) GetEntry() []*GeoSite {
+	if x != nil {
+		return x.Entry
+	}
+	return nil
+}
+
+type Domain_Attribute struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+	// Types that are assignable to TypedValue:
+	//	*Domain_Attribute_BoolValue
+	//	*Domain_Attribute_IntValue
+	TypedValue isDomain_Attribute_TypedValue `protobuf_oneof:"typed_value"`
+}
+
+func (x *Domain_Attribute) Reset() {
+	*x = Domain_Attribute{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_component_geodata_router_config_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Domain_Attribute) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Domain_Attribute) ProtoMessage() {}
+
+func (x *Domain_Attribute) ProtoReflect() protoreflect.Message {
+	mi := &file_component_geodata_router_config_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Domain_Attribute.ProtoReflect.Descriptor instead.
+func (*Domain_Attribute) Descriptor() ([]byte, []int) {
+	return file_component_geodata_router_config_proto_rawDescGZIP(), []int{0, 0}
+}
+
+func (x *Domain_Attribute) GetKey() string {
+	if x != nil {
+		return x.Key
+	}
+	return ""
+}
+
+func (m *Domain_Attribute) GetTypedValue() isDomain_Attribute_TypedValue {
+	if m != nil {
+		return m.TypedValue
+	}
+	return nil
+}
+
+func (x *Domain_Attribute) GetBoolValue() bool {
+	if x, ok := x.GetTypedValue().(*Domain_Attribute_BoolValue); ok {
+		return x.BoolValue
+	}
+	return false
+}
+
+func (x *Domain_Attribute) GetIntValue() int64 {
+	if x, ok := x.GetTypedValue().(*Domain_Attribute_IntValue); ok {
+		return x.IntValue
+	}
+	return 0
+}
+
+type isDomain_Attribute_TypedValue interface {
+	isDomain_Attribute_TypedValue()
+}
+
+type Domain_Attribute_BoolValue struct {
+	BoolValue bool `protobuf:"varint,2,opt,name=bool_value,json=boolValue,proto3,oneof"`
+}
+
+type Domain_Attribute_IntValue struct {
+	IntValue int64 `protobuf:"varint,3,opt,name=int_value,json=intValue,proto3,oneof"`
+}
+
+func (*Domain_Attribute_BoolValue) isDomain_Attribute_TypedValue() {}
+
+func (*Domain_Attribute_IntValue) isDomain_Attribute_TypedValue() {}
+
+var File_component_geodata_router_config_proto protoreflect.FileDescriptor
+
+var file_component_geodata_router_config_proto_rawDesc = []byte{
+	0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x2f, 0x67, 0x65, 0x6f, 0x64,
+	0x61, 0x74, 0x61, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x63, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x63,
+	0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x2e, 0x67, 0x65, 0x6f, 0x64, 0x61, 0x74, 0x61,
+	0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x22, 0xd1, 0x02, 0x0a, 0x06, 0x44, 0x6f, 0x6d, 0x61,
+	0x69, 0x6e, 0x12, 0x3f, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x2b, 0x2e, 0x63, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65,
+	0x6e, 0x74, 0x2e, 0x67, 0x65, 0x6f, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65,
+	0x72, 0x2e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74,
+	0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x4e, 0x0a, 0x09, 0x61, 0x74, 0x74,
+	0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x63,
+	0x6c, 0x61, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x2e, 0x67,
+	0x65, 0x6f, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2e, 0x44, 0x6f,
+	0x6d, 0x61, 0x69, 0x6e, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x09,
+	0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x1a, 0x6c, 0x0a, 0x09, 0x41, 0x74, 0x74,
+	0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x1f, 0x0a, 0x0a, 0x62, 0x6f, 0x6f, 0x6c,
+	0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x09,
+	0x62, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1d, 0x0a, 0x09, 0x69, 0x6e, 0x74,
+	0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x48, 0x00, 0x52, 0x08,
+	0x69, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x0d, 0x0a, 0x0b, 0x74, 0x79, 0x70, 0x65,
+	0x64, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x32, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12,
+	0x09, 0x0a, 0x05, 0x50, 0x6c, 0x61, 0x69, 0x6e, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x52, 0x65,
+	0x67, 0x65, 0x78, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x10,
+	0x02, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x75, 0x6c, 0x6c, 0x10, 0x03, 0x22, 0x2e, 0x0a, 0x04, 0x43,
+	0x49, 0x44, 0x52, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
+	0x02, 0x69, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0x89, 0x01, 0x0a, 0x05,
+	0x47, 0x65, 0x6f, 0x49, 0x50, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x72, 0x79,
+	0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x38, 0x0a, 0x04, 0x63, 0x69, 0x64, 0x72,
+	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x63, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x63,
+	0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x2e, 0x67, 0x65, 0x6f, 0x64, 0x61, 0x74, 0x61,
+	0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2e, 0x43, 0x49, 0x44, 0x52, 0x52, 0x04, 0x63, 0x69,
+	0x64, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x5f, 0x6d, 0x61,
+	0x74, 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x72, 0x65, 0x76, 0x65, 0x72,
+	0x73, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x22, 0x48, 0x0a, 0x09, 0x47, 0x65, 0x6f, 0x49, 0x50,
+	0x4c, 0x69, 0x73, 0x74, 0x12, 0x3b, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x63, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x70,
+	0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x2e, 0x67, 0x65, 0x6f, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x72, 0x6f,
+	0x75, 0x74, 0x65, 0x72, 0x2e, 0x47, 0x65, 0x6f, 0x49, 0x50, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x22, 0x6c, 0x0a, 0x07, 0x47, 0x65, 0x6f, 0x53, 0x69, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c,
+	0x63, 0x6f, 0x75, 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x64, 0x65, 0x12,
+	0x3e, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x26, 0x2e, 0x63, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e,
+	0x74, 0x2e, 0x67, 0x65, 0x6f, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72,
+	0x2e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x22,
+	0x4c, 0x0a, 0x0b, 0x47, 0x65, 0x6f, 0x53, 0x69, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x3d,
+	0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e,
+	0x63, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x2e,
+	0x67, 0x65, 0x6f, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2e, 0x47,
+	0x65, 0x6f, 0x53, 0x69, 0x74, 0x65, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x7c, 0x0a,
+	0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x63, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x70, 0x6f,
+	0x6e, 0x65, 0x6e, 0x74, 0x2e, 0x67, 0x65, 0x6f, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x72, 0x6f, 0x75,
+	0x74, 0x65, 0x72, 0x50, 0x01, 0x5a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
+	0x6d, 0x2f, 0x44, 0x72, 0x65, 0x61, 0x6d, 0x61, 0x63, 0x72, 0x6f, 0x2f, 0x63, 0x6c, 0x61, 0x73,
+	0x68, 0x2f, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x2f, 0x67, 0x65, 0x6f, 0x64,
+	0x61, 0x74, 0x61, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0xaa, 0x02, 0x1e, 0x43, 0x6c, 0x61,
+	0x73, 0x68, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x2e, 0x47, 0x65, 0x6f,
+	0x64, 0x61, 0x74, 0x61, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
+}
+
+var (
+	file_component_geodata_router_config_proto_rawDescOnce sync.Once
+	file_component_geodata_router_config_proto_rawDescData = file_component_geodata_router_config_proto_rawDesc
+)
+
+func file_component_geodata_router_config_proto_rawDescGZIP() []byte {
+	file_component_geodata_router_config_proto_rawDescOnce.Do(func() {
+		file_component_geodata_router_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_component_geodata_router_config_proto_rawDescData)
+	})
+	return file_component_geodata_router_config_proto_rawDescData
+}
+
+var file_component_geodata_router_config_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_component_geodata_router_config_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
+var file_component_geodata_router_config_proto_goTypes = []interface{}{
+	(Domain_Type)(0),         // 0: clash.component.geodata.router.Domain.Type
+	(*Domain)(nil),           // 1: clash.component.geodata.router.Domain
+	(*CIDR)(nil),             // 2: clash.component.geodata.router.CIDR
+	(*GeoIP)(nil),            // 3: clash.component.geodata.router.GeoIP
+	(*GeoIPList)(nil),        // 4: clash.component.geodata.router.GeoIPList
+	(*GeoSite)(nil),          // 5: clash.component.geodata.router.GeoSite
+	(*GeoSiteList)(nil),      // 6: clash.component.geodata.router.GeoSiteList
+	(*Domain_Attribute)(nil), // 7: clash.component.geodata.router.Domain.Attribute
+}
+var file_component_geodata_router_config_proto_depIdxs = []int32{
+	0, // 0: clash.component.geodata.router.Domain.type:type_name -> clash.component.geodata.router.Domain.Type
+	7, // 1: clash.component.geodata.router.Domain.attribute:type_name -> clash.component.geodata.router.Domain.Attribute
+	2, // 2: clash.component.geodata.router.GeoIP.cidr:type_name -> clash.component.geodata.router.CIDR
+	3, // 3: clash.component.geodata.router.GeoIPList.entry:type_name -> clash.component.geodata.router.GeoIP
+	1, // 4: clash.component.geodata.router.GeoSite.domain:type_name -> clash.component.geodata.router.Domain
+	5, // 5: clash.component.geodata.router.GeoSiteList.entry:type_name -> clash.component.geodata.router.GeoSite
+	6, // [6:6] is the sub-list for method output_type
+	6, // [6:6] is the sub-list for method input_type
+	6, // [6:6] is the sub-list for extension type_name
+	6, // [6:6] is the sub-list for extension extendee
+	0, // [0:6] is the sub-list for field type_name
+}
+
+func init() { file_component_geodata_router_config_proto_init() }
+func file_component_geodata_router_config_proto_init() {
+	if File_component_geodata_router_config_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_component_geodata_router_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Domain); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_component_geodata_router_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CIDR); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_component_geodata_router_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GeoIP); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_component_geodata_router_config_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GeoIPList); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_component_geodata_router_config_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GeoSite); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_component_geodata_router_config_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GeoSiteList); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_component_geodata_router_config_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Domain_Attribute); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_component_geodata_router_config_proto_msgTypes[6].OneofWrappers = []interface{}{
+		(*Domain_Attribute_BoolValue)(nil),
+		(*Domain_Attribute_IntValue)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_component_geodata_router_config_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   7,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_component_geodata_router_config_proto_goTypes,
+		DependencyIndexes: file_component_geodata_router_config_proto_depIdxs,
+		EnumInfos:         file_component_geodata_router_config_proto_enumTypes,
+		MessageInfos:      file_component_geodata_router_config_proto_msgTypes,
+	}.Build()
+	File_component_geodata_router_config_proto = out.File
+	file_component_geodata_router_config_proto_rawDesc = nil
+	file_component_geodata_router_config_proto_goTypes = nil
+	file_component_geodata_router_config_proto_depIdxs = nil
+}

component/geodata/router/config.proto

@@ -0,0 +1,68 @@
+syntax = "proto3";
+
+package clash.component.geodata.router;
+option csharp_namespace = "Clash.Component.Geodata.Router";
+option go_package = "github.com/Dreamacro/clash/component/geodata/router";
+option java_package = "com.clash.component.geodata.router";
+option java_multiple_files = true;
+
+// Domain for routing decision.
+message Domain {
+  // Type of domain value.
+  enum Type {
+    // The value is used as is.
+    Plain = 0;
+    // The value is used as a regular expression.
+    Regex = 1;
+    // The value is a root domain.
+    Domain = 2;
+    // The value is a domain.
+    Full = 3;
+  }
+
+  // Domain matching type.
+  Type type = 1;
+
+  // Domain value.
+  string value = 2;
+
+  message Attribute {
+    string key = 1;
+
+    oneof typed_value {
+      bool bool_value = 2;
+      int64 int_value = 3;
+    }
+  }
+
+  // Attributes of this domain. May be used for filtering.
+  repeated Attribute attribute = 3;
+}
+
+// IP for routing decision, in CIDR form.
+message CIDR {
+  // IP address, should be either 4 or 16 bytes.
+  bytes ip = 1;
+
+  // Number of leading ones in the network mask.
+  uint32 prefix = 2;
+}
+
+message GeoIP {
+  string country_code = 1;
+  repeated CIDR cidr = 2;
+  bool reverse_match = 3;
+}
+
+message GeoIPList {
+  repeated GeoIP entry = 1;
+}
+
+message GeoSite {
+  string country_code = 1;
+  repeated Domain domain = 2;
+}
+
+message GeoSiteList {
+  repeated GeoSite entry = 1;
+}

component/geodata/standard/standard.go

@@ -0,0 +1,84 @@
+package standard
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/Dreamacro/clash/component/geodata"
+	"github.com/Dreamacro/clash/component/geodata/router"
+	C "github.com/Dreamacro/clash/constant"
+
+	"google.golang.org/protobuf/proto"
+)
+
+func ReadFile(path string) ([]byte, error) {
+	reader, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer func(reader *os.File) {
+		_ = reader.Close()
+	}(reader)
+
+	return io.ReadAll(reader)
+}
+
+func ReadAsset(file string) ([]byte, error) {
+	return ReadFile(C.Path.GetAssetLocation(file))
+}
+
+func loadIP(filename, country string) ([]*router.CIDR, error) {
+	geoipBytes, err := ReadAsset(filename)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open file: %s, base error: %s", filename, err.Error())
+	}
+	var geoipList router.GeoIPList
+	if err := proto.Unmarshal(geoipBytes, &geoipList); err != nil {
+		return nil, err
+	}
+
+	for _, geoip := range geoipList.Entry {
+		if strings.EqualFold(geoip.CountryCode, country) {
+			return geoip.Cidr, nil
+		}
+	}
+
+	return nil, fmt.Errorf("country not found in %s%s%s", filename, ": ", country)
+}
+
+func loadSite(filename, list string) ([]*router.Domain, error) {
+	geositeBytes, err := ReadAsset(filename)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open file: %s, base error: %s", filename, err.Error())
+	}
+	var geositeList router.GeoSiteList
+	if err := proto.Unmarshal(geositeBytes, &geositeList); err != nil {
+		return nil, err
+	}
+
+	for _, site := range geositeList.Entry {
+		if strings.EqualFold(site.CountryCode, list) {
+			return site.Domain, nil
+		}
+	}
+
+	return nil, fmt.Errorf("list not found in %s%s%s", filename, ": ", list)
+}
+
+type standardLoader struct{}
+
+func (d standardLoader) LoadSite(filename, list string) ([]*router.Domain, error) {
+	return loadSite(filename, list)
+}
+
+func (d standardLoader) LoadIP(filename, country string) ([]*router.CIDR, error) {
+	return loadIP(filename, country)
+}
+
+func init() {
+	geodata.RegisterGeoDataLoaderImplementationCreator("standard", func() geodata.LoaderImplementation {
+		return standardLoader{}
+	})
+}

component/geodata/strmatcher/ac_automaton_matcher.go

@@ -0,0 +1,241 @@
+package strmatcher
+
+import (
+	"container/list"
+)
+
+const validCharCount = 53
+
+type MatchType struct {
+	matchType Type
+	exist     bool
+}
+
+const (
+	TrieEdge bool = true
+	FailEdge bool = false
+)
+
+type Edge struct {
+	edgeType bool
+	nextNode int
+}
+
+type ACAutomaton struct {
+	trie   [][validCharCount]Edge
+	fail   []int
+	exists []MatchType
+	count  int
+}
+
+func newNode() [validCharCount]Edge {
+	var s [validCharCount]Edge
+	for i := range s {
+		s[i] = Edge{
+			edgeType: FailEdge,
+			nextNode: 0,
+		}
+	}
+	return s
+}
+
+var char2Index = []int{
+	'A':  0,
+	'a':  0,
+	'B':  1,
+	'b':  1,
+	'C':  2,
+	'c':  2,
+	'D':  3,
+	'd':  3,
+	'E':  4,
+	'e':  4,
+	'F':  5,
+	'f':  5,
+	'G':  6,
+	'g':  6,
+	'H':  7,
+	'h':  7,
+	'I':  8,
+	'i':  8,
+	'J':  9,
+	'j':  9,
+	'K':  10,
+	'k':  10,
+	'L':  11,
+	'l':  11,
+	'M':  12,
+	'm':  12,
+	'N':  13,
+	'n':  13,
+	'O':  14,
+	'o':  14,
+	'P':  15,
+	'p':  15,
+	'Q':  16,
+	'q':  16,
+	'R':  17,
+	'r':  17,
+	'S':  18,
+	's':  18,
+	'T':  19,
+	't':  19,
+	'U':  20,
+	'u':  20,
+	'V':  21,
+	'v':  21,
+	'W':  22,
+	'w':  22,
+	'X':  23,
+	'x':  23,
+	'Y':  24,
+	'y':  24,
+	'Z':  25,
+	'z':  25,
+	'!':  26,
+	'$':  27,
+	'&':  28,
+	'\'': 29,
+	'(':  30,
+	')':  31,
+	'*':  32,
+	'+':  33,
+	',':  34,
+	';':  35,
+	'=':  36,
+	':':  37,
+	'%':  38,
+	'-':  39,
+	'.':  40,
+	'_':  41,
+	'~':  42,
+	'0':  43,
+	'1':  44,
+	'2':  45,
+	'3':  46,
+	'4':  47,
+	'5':  48,
+	'6':  49,
+	'7':  50,
+	'8':  51,
+	'9':  52,
+}
+
+func NewACAutomaton() *ACAutomaton {
+	ac := new(ACAutomaton)
+	ac.trie = append(ac.trie, newNode())
+	ac.fail = append(ac.fail, 0)
+	ac.exists = append(ac.exists, MatchType{
+		matchType: Full,
+		exist:     false,
+	})
+	return ac
+}
+
+func (ac *ACAutomaton) Add(domain string, t Type) {
+	node := 0
+	for i := len(domain) - 1; i >= 0; i-- {
+		idx := char2Index[domain[i]]
+		if ac.trie[node][idx].nextNode == 0 {
+			ac.count++
+			if len(ac.trie) < ac.count+1 {
+				ac.trie = append(ac.trie, newNode())
+				ac.fail = append(ac.fail, 0)
+				ac.exists = append(ac.exists, MatchType{
+					matchType: Full,
+					exist:     false,
+				})
+			}
+			ac.trie[node][idx] = Edge{
+				edgeType: TrieEdge,
+				nextNode: ac.count,
+			}
+		}
+		node = ac.trie[node][idx].nextNode
+	}
+	ac.exists[node] = MatchType{
+		matchType: t,
+		exist:     true,
+	}
+	switch t {
+	case Domain:
+		ac.exists[node] = MatchType{
+			matchType: Full,
+			exist:     true,
+		}
+		idx := char2Index['.']
+		if ac.trie[node][idx].nextNode == 0 {
+			ac.count++
+			if len(ac.trie) < ac.count+1 {
+				ac.trie = append(ac.trie, newNode())
+				ac.fail = append(ac.fail, 0)
+				ac.exists = append(ac.exists, MatchType{
+					matchType: Full,
+					exist:     false,
+				})
+			}
+			ac.trie[node][idx] = Edge{
+				edgeType: TrieEdge,
+				nextNode: ac.count,
+			}
+		}
+		node = ac.trie[node][idx].nextNode
+		ac.exists[node] = MatchType{
+			matchType: t,
+			exist:     true,
+		}
+	default:
+		break
+	}
+}
+
+func (ac *ACAutomaton) Build() {
+	queue := list.New()
+	for i := 0; i < validCharCount; i++ {
+		if ac.trie[0][i].nextNode != 0 {
+			queue.PushBack(ac.trie[0][i])
+		}
+	}
+	for {
+		front := queue.Front()
+		if front == nil {
+			break
+		} else {
+			node := front.Value.(Edge).nextNode
+			queue.Remove(front)
+			for i := 0; i < validCharCount; i++ {
+				if ac.trie[node][i].nextNode != 0 {
+					ac.fail[ac.trie[node][i].nextNode] = ac.trie[ac.fail[node]][i].nextNode
+					queue.PushBack(ac.trie[node][i])
+				} else {
+					ac.trie[node][i] = Edge{
+						edgeType: FailEdge,
+						nextNode: ac.trie[ac.fail[node]][i].nextNode,
+					}
+				}
+			}
+		}
+	}
+}
+
+func (ac *ACAutomaton) Match(s string) bool {
+	node := 0
+	fullMatch := true
+	// 1. the match string is all through trie edge. FULL MATCH or DOMAIN
+	// 2. the match string is through a fail edge. NOT FULL MATCH
+	// 2.1 Through a fail edge, but there exists a valid node. SUBSTR
+	for i := len(s) - 1; i >= 0; i-- {
+		idx := char2Index[s[i]]
+		fullMatch = fullMatch && ac.trie[node][idx].edgeType
+		node = ac.trie[node][idx].nextNode
+		switch ac.exists[node].matchType {
+		case Substr:
+			return true
+		case Domain:
+			if fullMatch {
+				return true
+			}
+		}
+	}
+	return fullMatch && ac.exists[node].exist
+}

component/geodata/strmatcher/domain_matcher.go

@@ -0,0 +1,98 @@
+package strmatcher
+
+import "strings"
+
+func breakDomain(domain string) []string {
+	return strings.Split(domain, ".")
+}
+
+type node struct {
+	values []uint32
+	sub    map[string]*node
+}
+
+// DomainMatcherGroup is a IndexMatcher for a large set of Domain matchers.
+// Visible for testing only.
+type DomainMatcherGroup struct {
+	root *node
+}
+
+func (g *DomainMatcherGroup) Add(domain string, value uint32) {
+	if g.root == nil {
+		g.root = new(node)
+	}
+
+	current := g.root
+	parts := breakDomain(domain)
+	for i := len(parts) - 1; i >= 0; i-- {
+		part := parts[i]
+		if current.sub == nil {
+			current.sub = make(map[string]*node)
+		}
+		next := current.sub[part]
+		if next == nil {
+			next = new(node)
+			current.sub[part] = next
+		}
+		current = next
+	}
+
+	current.values = append(current.values, value)
+}
+
+func (g *DomainMatcherGroup) addMatcher(m domainMatcher, value uint32) {
+	g.Add(string(m), value)
+}
+
+func (g *DomainMatcherGroup) Match(domain string) []uint32 {
+	if domain == "" {
+		return nil
+	}
+
+	current := g.root
+	if current == nil {
+		return nil
+	}
+
+	nextPart := func(idx int) int {
+		for i := idx - 1; i >= 0; i-- {
+			if domain[i] == '.' {
+				return i
+			}
+		}
+		return -1
+	}
+
+	matches := [][]uint32{}
+	idx := len(domain)
+	for {
+		if idx == -1 || current.sub == nil {
+			break
+		}
+
+		nidx := nextPart(idx)
+		part := domain[nidx+1 : idx]
+		next := current.sub[part]
+		if next == nil {
+			break
+		}
+		current = next
+		idx = nidx
+		if len(current.values) > 0 {
+			matches = append(matches, current.values)
+		}
+	}
+	switch len(matches) {
+	case 0:
+		return nil
+	case 1:
+		return matches[0]
+	default:
+		result := []uint32{}
+		for idx := range matches {
+			// Insert reversely, the subdomain that matches further ranks higher
+			result = append(result, matches[len(matches)-1-idx]...)
+		}
+		return result
+	}
+}

component/geodata/strmatcher/full_matcher.go

@@ -0,0 +1,25 @@
+package strmatcher
+
+type FullMatcherGroup struct {
+	matchers map[string][]uint32
+}
+
+func (g *FullMatcherGroup) Add(domain string, value uint32) {
+	if g.matchers == nil {
+		g.matchers = make(map[string][]uint32)
+	}
+
+	g.matchers[domain] = append(g.matchers[domain], value)
+}
+
+func (g *FullMatcherGroup) addMatcher(m fullMatcher, value uint32) {
+	g.Add(string(m), value)
+}
+
+func (g *FullMatcherGroup) Match(str string) []uint32 {
+	if g.matchers == nil {
+		return nil
+	}
+
+	return g.matchers[str]
+}

component/geodata/strmatcher/matchers.go

@@ -0,0 +1,52 @@
+package strmatcher
+
+import (
+	"regexp"
+	"strings"
+)
+
+type fullMatcher string
+
+func (m fullMatcher) Match(s string) bool {
+	return string(m) == s
+}
+
+func (m fullMatcher) String() string {
+	return "full:" + string(m)
+}
+
+type substrMatcher string
+
+func (m substrMatcher) Match(s string) bool {
+	return strings.Contains(s, string(m))
+}
+
+func (m substrMatcher) String() string {
+	return "keyword:" + string(m)
+}
+
+type domainMatcher string
+
+func (m domainMatcher) Match(s string) bool {
+	pattern := string(m)
+	if !strings.HasSuffix(s, pattern) {
+		return false
+	}
+	return len(s) == len(pattern) || s[len(s)-len(pattern)-1] == '.'
+}
+
+func (m domainMatcher) String() string {
+	return "domain:" + string(m)
+}
+
+type regexMatcher struct {
+	pattern *regexp.Regexp
+}
+
+func (m *regexMatcher) Match(s string) bool {
+	return m.pattern.MatchString(s)
+}
+
+func (m *regexMatcher) String() string {
+	return "regexp:" + m.pattern.String()
+}

component/geodata/strmatcher/mph_matcher.go

@@ -0,0 +1,304 @@
+package strmatcher
+
+import (
+	"math/bits"
+	"regexp"
+	"sort"
+	"strings"
+	"unsafe"
+)
+
+// PrimeRK is the prime base used in Rabin-Karp algorithm.
+const PrimeRK = 16777619
+
+// calculate the rolling murmurHash of given string
+func RollingHash(s string) uint32 {
+	h := uint32(0)
+	for i := len(s) - 1; i >= 0; i-- {
+		h = h*PrimeRK + uint32(s[i])
+	}
+	return h
+}
+
+// A MphMatcherGroup is divided into three parts:
+// 1. `full` and `domain` patterns are matched by Rabin-Karp algorithm and minimal perfect hash table;
+// 2. `substr` patterns are matched by ac automaton;
+// 3. `regex` patterns are matched with the regex library.
+type MphMatcherGroup struct {
+	ac            *ACAutomaton
+	otherMatchers []matcherEntry
+	rules         []string
+	level0        []uint32
+	level0Mask    int
+	level1        []uint32
+	level1Mask    int
+	count         uint32
+	ruleMap       *map[string]uint32
+}
+
+func (g *MphMatcherGroup) AddFullOrDomainPattern(pattern string, t Type) {
+	h := RollingHash(pattern)
+	switch t {
+	case Domain:
+		(*g.ruleMap)["."+pattern] = h*PrimeRK + uint32('.')
+		fallthrough
+	case Full:
+		(*g.ruleMap)[pattern] = h
+	default:
+	}
+}
+
+func NewMphMatcherGroup() *MphMatcherGroup {
+	return &MphMatcherGroup{
+		ac:            nil,
+		otherMatchers: nil,
+		rules:         nil,
+		level0:        nil,
+		level0Mask:    0,
+		level1:        nil,
+		level1Mask:    0,
+		count:         1,
+		ruleMap:       &map[string]uint32{},
+	}
+}
+
+// AddPattern adds a pattern to MphMatcherGroup
+func (g *MphMatcherGroup) AddPattern(pattern string, t Type) (uint32, error) {
+	switch t {
+	case Substr:
+		if g.ac == nil {
+			g.ac = NewACAutomaton()
+		}
+		g.ac.Add(pattern, t)
+	case Full, Domain:
+		pattern = strings.ToLower(pattern)
+		g.AddFullOrDomainPattern(pattern, t)
+	case Regex:
+		r, err := regexp.Compile(pattern)
+		if err != nil {
+			return 0, err
+		}
+		g.otherMatchers = append(g.otherMatchers, matcherEntry{
+			m:  &regexMatcher{pattern: r},
+			id: g.count,
+		})
+	default:
+		panic("Unknown type")
+	}
+	return g.count, nil
+}
+
+// Build builds a minimal perfect hash table and ac automaton from insert rules
+func (g *MphMatcherGroup) Build() {
+	if g.ac != nil {
+		g.ac.Build()
+	}
+	keyLen := len(*g.ruleMap)
+	if keyLen == 0 {
+		keyLen = 1
+		(*g.ruleMap)["empty___"] = RollingHash("empty___")
+	}
+	g.level0 = make([]uint32, nextPow2(keyLen/4))
+	g.level0Mask = len(g.level0) - 1
+	g.level1 = make([]uint32, nextPow2(keyLen))
+	g.level1Mask = len(g.level1) - 1
+	sparseBuckets := make([][]int, len(g.level0))
+	var ruleIdx int
+	for rule, hash := range *g.ruleMap {
+		n := int(hash) & g.level0Mask
+		g.rules = append(g.rules, rule)
+		sparseBuckets[n] = append(sparseBuckets[n], ruleIdx)
+		ruleIdx++
+	}
+	g.ruleMap = nil
+	var buckets []indexBucket
+	for n, vals := range sparseBuckets {
+		if len(vals) > 0 {
+			buckets = append(buckets, indexBucket{n, vals})
+		}
+	}
+	sort.Sort(bySize(buckets))
+
+	occ := make([]bool, len(g.level1))
+	var tmpOcc []int
+	for _, bucket := range buckets {
+		seed := uint32(0)
+		for {
+			findSeed := true
+			tmpOcc = tmpOcc[:0]
+			for _, i := range bucket.vals {
+				n := int(strhashFallback(unsafe.Pointer(&g.rules[i]), uintptr(seed))) & g.level1Mask
+				if occ[n] {
+					for _, n := range tmpOcc {
+						occ[n] = false
+					}
+					seed++
+					findSeed = false
+					break
+				}
+				occ[n] = true
+				tmpOcc = append(tmpOcc, n)
+				g.level1[n] = uint32(i)
+			}
+			if findSeed {
+				g.level0[bucket.n] = seed
+				break
+			}
+		}
+	}
+}
+
+func nextPow2(v int) int {
+	if v <= 1 {
+		return 1
+	}
+	const MaxUInt = ^uint(0)
+	n := (MaxUInt >> bits.LeadingZeros(uint(v))) + 1
+	return int(n)
+}
+
+// Lookup searches for s in t and returns its index and whether it was found.
+func (g *MphMatcherGroup) Lookup(h uint32, s string) bool {
+	i0 := int(h) & g.level0Mask
+	seed := g.level0[i0]
+	i1 := int(strhashFallback(unsafe.Pointer(&s), uintptr(seed))) & g.level1Mask
+	n := g.level1[i1]
+	return s == g.rules[int(n)]
+}
+
+// Match implements IndexMatcher.Match.
+func (g *MphMatcherGroup) Match(pattern string) []uint32 {
+	result := []uint32{}
+	hash := uint32(0)
+	for i := len(pattern) - 1; i >= 0; i-- {
+		hash = hash*PrimeRK + uint32(pattern[i])
+		if pattern[i] == '.' {
+			if g.Lookup(hash, pattern[i:]) {
+				result = append(result, 1)
+				return result
+			}
+		}
+	}
+	if g.Lookup(hash, pattern) {
+		result = append(result, 1)
+		return result
+	}
+	if g.ac != nil && g.ac.Match(pattern) {
+		result = append(result, 1)
+		return result
+	}
+	for _, e := range g.otherMatchers {
+		if e.m.Match(pattern) {
+			result = append(result, e.id)
+			return result
+		}
+	}
+	return nil
+}
+
+type indexBucket struct {
+	n    int
+	vals []int
+}
+
+type bySize []indexBucket
+
+func (s bySize) Len() int           { return len(s) }
+func (s bySize) Less(i, j int) bool { return len(s[i].vals) > len(s[j].vals) }
+func (s bySize) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
+
+type stringStruct struct {
+	str unsafe.Pointer
+	len int
+}
+
+func strhashFallback(a unsafe.Pointer, h uintptr) uintptr {
+	x := (*stringStruct)(a)
+	return memhashFallback(x.str, h, uintptr(x.len))
+}
+
+const (
+	// Constants for multiplication: four random odd 64-bit numbers.
+	m1 = 16877499708836156737
+	m2 = 2820277070424839065
+	m3 = 9497967016996688599
+	m4 = 15839092249703872147
+)
+
+var hashkey = [4]uintptr{1, 1, 1, 1}
+
+func memhashFallback(p unsafe.Pointer, seed, s uintptr) uintptr {
+	h := uint64(seed + s*hashkey[0])
+tail:
+	switch {
+	case s == 0:
+	case s < 4:
+		h ^= uint64(*(*byte)(p))
+		h ^= uint64(*(*byte)(add(p, s>>1))) << 8
+		h ^= uint64(*(*byte)(add(p, s-1))) << 16
+		h = rotl31(h*m1) * m2
+	case s <= 8:
+		h ^= uint64(readUnaligned32(p))
+		h ^= uint64(readUnaligned32(add(p, s-4))) << 32
+		h = rotl31(h*m1) * m2
+	case s <= 16:
+		h ^= readUnaligned64(p)
+		h = rotl31(h*m1) * m2
+		h ^= readUnaligned64(add(p, s-8))
+		h = rotl31(h*m1) * m2
+	case s <= 32:
+		h ^= readUnaligned64(p)
+		h = rotl31(h*m1) * m2
+		h ^= readUnaligned64(add(p, 8))
+		h = rotl31(h*m1) * m2
+		h ^= readUnaligned64(add(p, s-16))
+		h = rotl31(h*m1) * m2
+		h ^= readUnaligned64(add(p, s-8))
+		h = rotl31(h*m1) * m2
+	default:
+		v1 := h
+		v2 := uint64(seed * hashkey[1])
+		v3 := uint64(seed * hashkey[2])
+		v4 := uint64(seed * hashkey[3])
+		for s >= 32 {
+			v1 ^= readUnaligned64(p)
+			v1 = rotl31(v1*m1) * m2
+			p = add(p, 8)
+			v2 ^= readUnaligned64(p)
+			v2 = rotl31(v2*m2) * m3
+			p = add(p, 8)
+			v3 ^= readUnaligned64(p)
+			v3 = rotl31(v3*m3) * m4
+			p = add(p, 8)
+			v4 ^= readUnaligned64(p)
+			v4 = rotl31(v4*m4) * m1
+			p = add(p, 8)
+			s -= 32
+		}
+		h = v1 ^ v2 ^ v3 ^ v4
+		goto tail
+	}
+
+	h ^= h >> 29
+	h *= m3
+	h ^= h >> 32
+	return uintptr(h)
+}
+
+func add(p unsafe.Pointer, x uintptr) unsafe.Pointer {
+	return unsafe.Pointer(uintptr(p) + x)
+}
+
+func readUnaligned32(p unsafe.Pointer) uint32 {
+	q := (*[4]byte)(p)
+	return uint32(q[0]) | uint32(q[1])<<8 | uint32(q[2])<<16 | uint32(q[3])<<24
+}
+
+func rotl31(x uint64) uint64 {
+	return (x << 31) | (x >> (64 - 31))
+}
+
+func readUnaligned64(p unsafe.Pointer) uint64 {
+	q := (*[8]byte)(p)
+	return uint64(q[0]) | uint64(q[1])<<8 | uint64(q[2])<<16 | uint64(q[3])<<24 | uint64(q[4])<<32 | uint64(q[5])<<40 | uint64(q[6])<<48 | uint64(q[7])<<56
+}

component/geodata/strmatcher/package_info.go

@@ -0,0 +1,4 @@
+// Modified from: https://github.com/v2fly/v2ray-core/tree/master/common/strmatcher
+// License: MIT
+
+package strmatcher

component/geodata/strmatcher/strmatcher.go

@@ -0,0 +1,107 @@
+package strmatcher
+
+import (
+	"regexp"
+)
+
+// Matcher is the interface to determine a string matches a pattern.
+type Matcher interface {
+	// Match returns true if the given string matches a predefined pattern.
+	Match(string) bool
+	String() string
+}
+
+// Type is the type of the matcher.
+type Type byte
+
+const (
+	// Full is the type of matcher that the input string must exactly equal to the pattern.
+	Full Type = iota
+	// Substr is the type of matcher that the input string must contain the pattern as a sub-string.
+	Substr
+	// Domain is the type of matcher that the input string must be a sub-domain or itself of the pattern.
+	Domain
+	// Regex is the type of matcher that the input string must matches the regular-expression pattern.
+	Regex
+)
+
+// New creates a new Matcher based on the given pattern.
+func (t Type) New(pattern string) (Matcher, error) {
+	// 1. regex matching is case-sensitive
+	switch t {
+	case Full:
+		return fullMatcher(pattern), nil
+	case Substr:
+		return substrMatcher(pattern), nil
+	case Domain:
+		return domainMatcher(pattern), nil
+	case Regex:
+		r, err := regexp.Compile(pattern)
+		if err != nil {
+			return nil, err
+		}
+		return &regexMatcher{
+			pattern: r,
+		}, nil
+	default:
+		panic("Unknown type")
+	}
+}
+
+// IndexMatcher is the interface for matching with a group of matchers.
+type IndexMatcher interface {
+	// Match returns the index of a matcher that matches the input. It returns empty array if no such matcher exists.
+	Match(input string) []uint32
+}
+
+type matcherEntry struct {
+	m  Matcher
+	id uint32
+}
+
+// MatcherGroup is an implementation of IndexMatcher.
+// Empty initialization works.
+type MatcherGroup struct {
+	count         uint32
+	fullMatcher   FullMatcherGroup
+	domainMatcher DomainMatcherGroup
+	otherMatchers []matcherEntry
+}
+
+// Add adds a new Matcher into the MatcherGroup, and returns its index. The index will never be 0.
+func (g *MatcherGroup) Add(m Matcher) uint32 {
+	g.count++
+	c := g.count
+
+	switch tm := m.(type) {
+	case fullMatcher:
+		g.fullMatcher.addMatcher(tm, c)
+	case domainMatcher:
+		g.domainMatcher.addMatcher(tm, c)
+	default:
+		g.otherMatchers = append(g.otherMatchers, matcherEntry{
+			m:  m,
+			id: c,
+		})
+	}
+
+	return c
+}
+
+// Match implements IndexMatcher.Match.
+func (g *MatcherGroup) Match(pattern string) []uint32 {
+	result := []uint32{}
+	result = append(result, g.fullMatcher.Match(pattern)...)
+	result = append(result, g.domainMatcher.Match(pattern)...)
+	for _, e := range g.otherMatchers {
+		if e.m.Match(pattern) {
+			result = append(result, e.id)
+		}
+	}
+	return result
+}
+
+// Size returns the number of matchers in the MatcherGroup.
+func (g *MatcherGroup) Size() uint32 {
+	return g.count
+}

component/geodata/utils.go

@@ -0,0 +1,81 @@
+package geodata
+
+import (
+	"github.com/Dreamacro/clash/component/geodata/router"
+	C "github.com/Dreamacro/clash/constant"
+	"strings"
+)
+
+var geoLoaderName = "memconservative"
+
+//  geoLoaderName = "standard"
+
+func LoaderName() string {
+	return geoLoaderName
+}
+
+func SetLoader(newLoader string) {
+	geoLoaderName = newLoader
+}
+
+func Verify(name string) bool {
+	switch name {
+	case C.GeositeName:
+		_, _, err := LoadGeoSiteMatcher("CN")
+		return err == nil
+	case C.GeoipName:
+		_, _, err := LoadGeoIPMatcher("CN")
+		return err == nil
+	default:
+		return false
+	}
+}
+
+func LoadGeoSiteMatcher(countryCode string) (*router.DomainMatcher, int, error) {
+	geoLoader, err := GetGeoDataLoader(geoLoaderName)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	domains, err := geoLoader.LoadGeoSite(countryCode)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	/**
+	linear: linear algorithm
+	matcher, err := router.NewDomainMatcher(domains)
+	mph：minimal perfect hash algorithm
+	*/
+	matcher, err := router.NewMphMatcherGroup(domains)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	return matcher, len(domains), nil
+}
+
+func LoadGeoIPMatcher(country string) (*router.GeoIPMatcher, int, error) {
+	geoLoader, err := GetGeoDataLoader(geoLoaderName)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	records, err := geoLoader.LoadGeoIP(strings.ReplaceAll(country, "!", ""))
+	if err != nil {
+		return nil, 0, err
+	}
+
+	geoIP := &router.GeoIP{
+		CountryCode:  country,
+		Cidr:         records,
+		ReverseMatch: strings.Contains(country, "!"),
+	}
+
+	matcher, err := router.NewGeoIPMatcher(geoIP)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	return matcher, len(records), nil
+}

component/mmdb/mmdb.go

@@ -1,12 +1,11 @@
 package mmdb
 
 import (
+	"github.com/oschwald/geoip2-golang"
 	"sync"
 
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
-
-	"github.com/oschwald/geoip2-golang"
 )
 
 var (

component/pool/pool_test.go

@@ -34,7 +34,7 @@ func TestPool_MaxSize(t *testing.T) {
 	size := 5
 	pool := New(g, WithSize(size))
 
-	items := []any{}
+	var items []any
 
 	for i := 0; i < size; i++ {
 		item, _ := pool.Get()

component/process/process.go

@@ -3,6 +3,8 @@ package process
 import (
 	"errors"
 	"net"
+
+	C "github.com/Dreamacro/clash/constant"
 )
 
 var (
@@ -19,3 +21,49 @@ const (
 func FindProcessName(network string, srcIP net.IP, srcPort int) (string, error) {
 	return findProcessName(network, srcIP, srcPort)
 }
+
+func ShouldFindProcess(metadata *C.Metadata) bool {
+	if metadata.Process != "" {
+		return false
+	}
+	for _, ip := range localIPs {
+		if ip.Equal(metadata.SrcIP) {
+			return true
+		}
+	}
+	return false
+}
+
+func AppendLocalIPs(ip ...net.IP) {
+	localIPs = append(ip, localIPs...)
+}
+
+func getLocalIPs() []net.IP {
+	ips := []net.IP{net.IPv4zero, net.IPv6zero}
+
+	netInterfaces, err := net.Interfaces()
+	if err != nil {
+		ips = append(ips, net.IPv4(127, 0, 0, 1), net.IPv6loopback)
+		return ips
+	}
+
+	for i := 0; i < len(netInterfaces); i++ {
+		if (netInterfaces[i].Flags & net.FlagUp) != 0 {
+			adds, _ := netInterfaces[i].Addrs()
+
+			for _, address := range adds {
+				if ipNet, ok := address.(*net.IPNet); ok {
+					ips = append(ips, ipNet.IP)
+				}
+			}
+		}
+	}
+
+	return ips
+}
+
+var localIPs []net.IP
+
+func init() {
+	localIPs = getLocalIPs()
+}

component/process/process_android.go

@@ -0,0 +1,230 @@
+package process
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"net"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"syscall"
+	"unicode"
+	"unsafe"
+
+	"github.com/Dreamacro/clash/common/pool"
+)
+
+// from https://github.com/vishvananda/netlink/blob/bca67dfc8220b44ef582c9da4e9172bf1c9ec973/nl/nl_linux.go#L52-L62
+var nativeEndian = func() binary.ByteOrder {
+	var x uint32 = 0x01020304
+	if *(*byte)(unsafe.Pointer(&x)) == 0x01 {
+		return binary.BigEndian
+	}
+
+	return binary.LittleEndian
+}()
+
+const (
+	sizeOfSocketDiagRequest = syscall.SizeofNlMsghdr + 8 + 48
+	socketDiagByFamily      = 20
+	pathProc                = "/proc"
+)
+
+func findProcessName(network string, ip net.IP, srcPort int) (string, error) {
+	inode, uid, err := resolveSocketByNetlink(network, ip, srcPort)
+	if err != nil {
+		return "", err
+	}
+
+	return resolveProcessNameByProcSearch(inode, uid)
+}
+
+func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int32, error) {
+	var family byte
+	var protocol byte
+
+	switch network {
+	case TCP:
+		protocol = syscall.IPPROTO_TCP
+	case UDP:
+		protocol = syscall.IPPROTO_UDP
+	default:
+		return 0, 0, ErrInvalidNetwork
+	}
+
+	if ip.To4() != nil {
+		family = syscall.AF_INET
+	} else {
+		family = syscall.AF_INET6
+	}
+
+	req := packSocketDiagRequest(family, protocol, ip, uint16(srcPort))
+
+	socket, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_DGRAM, syscall.NETLINK_INET_DIAG)
+	if err != nil {
+		return 0, 0, fmt.Errorf("dial netlink: %w", err)
+	}
+	defer syscall.Close(socket)
+
+	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100})
+	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100})
+
+	if err := syscall.Connect(socket, &syscall.SockaddrNetlink{
+		Family: syscall.AF_NETLINK,
+		Pad:    0,
+		Pid:    0,
+		Groups: 0,
+	}); err != nil {
+		return 0, 0, err
+	}
+
+	if _, err := syscall.Write(socket, req); err != nil {
+		return 0, 0, fmt.Errorf("write request: %w", err)
+	}
+
+	rb := pool.Get(pool.RelayBufferSize)
+	defer pool.Put(rb)
+
+	n, err := syscall.Read(socket, rb)
+	if err != nil {
+		return 0, 0, fmt.Errorf("read response: %w", err)
+	}
+
+	messages, err := syscall.ParseNetlinkMessage(rb[:n])
+	if err != nil {
+		return 0, 0, fmt.Errorf("parse netlink message: %w", err)
+	} else if len(messages) == 0 {
+		return 0, 0, fmt.Errorf("unexcepted netlink response")
+	}
+
+	message := messages[0]
+	if message.Header.Type&syscall.NLMSG_ERROR != 0 {
+		return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR")
+	}
+
+	uid, inode := unpackSocketDiagResponse(&messages[0])
+	if uid < 0 || inode < 0 {
+		return 0, 0, fmt.Errorf("invalid uid(%d) or inode(%d)", uid, inode)
+	}
+
+	return uid, inode, nil
+}
+
+func packSocketDiagRequest(family, protocol byte, source net.IP, sourcePort uint16) []byte {
+	s := make([]byte, 16)
+
+	if v4 := source.To4(); v4 != nil {
+		copy(s, v4)
+	} else {
+		copy(s, source)
+	}
+
+	buf := make([]byte, sizeOfSocketDiagRequest)
+
+	nativeEndian.PutUint32(buf[0:4], sizeOfSocketDiagRequest)
+	nativeEndian.PutUint16(buf[4:6], socketDiagByFamily)
+	nativeEndian.PutUint16(buf[6:8], syscall.NLM_F_REQUEST|syscall.NLM_F_DUMP)
+	nativeEndian.PutUint32(buf[8:12], 0)
+	nativeEndian.PutUint32(buf[12:16], 0)
+
+	buf[16] = family
+	buf[17] = protocol
+	buf[18] = 0
+	buf[19] = 0
+	nativeEndian.PutUint32(buf[20:24], 0xFFFFFFFF)
+
+	binary.BigEndian.PutUint16(buf[24:26], sourcePort)
+	binary.BigEndian.PutUint16(buf[26:28], 0)
+
+	copy(buf[28:44], s)
+	copy(buf[44:60], net.IPv6zero)
+
+	nativeEndian.PutUint32(buf[60:64], 0)
+	nativeEndian.PutUint64(buf[64:72], 0xFFFFFFFFFFFFFFFF)
+
+	return buf
+}
+
+func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid int32) {
+	if len(msg.Data) < 72 {
+		return 0, 0
+	}
+
+	data := msg.Data
+
+	uid = int32(nativeEndian.Uint32(data[64:68]))
+	inode = int32(nativeEndian.Uint32(data[68:72]))
+
+	return
+}
+
+func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
+	files, err := os.ReadDir(pathProc)
+	if err != nil {
+		return "", err
+	}
+
+	buffer := make([]byte, syscall.PathMax)
+	socket := []byte(fmt.Sprintf("socket:[%d]", inode))
+
+	for _, f := range files {
+		if !f.IsDir() || !isPid(f.Name()) {
+			continue
+		}
+
+		info, err := f.Info()
+		if err != nil {
+			return "", err
+		}
+		if info.Sys().(*syscall.Stat_t).Uid != uint32(uid) {
+			continue
+		}
+
+		processPath := path.Join(pathProc, f.Name())
+		fdPath := path.Join(processPath, "fd")
+
+		fds, err := os.ReadDir(fdPath)
+		if err != nil {
+			continue
+		}
+
+		for _, fd := range fds {
+			n, err := syscall.Readlink(path.Join(fdPath, fd.Name()), buffer)
+			if err != nil {
+				continue
+			}
+
+			if bytes.Equal(buffer[:n], socket) {
+				cmdline, err := os.ReadFile(path.Join(processPath, "cmdline"))
+				if err != nil {
+					return "", err
+				}
+
+				return splitCmdline(cmdline), nil
+			}
+		}
+	}
+
+	return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
+}
+
+func splitCmdline(cmdline []byte) string {
+	cmdline = bytes.Trim(cmdline, " ")
+
+	idx := bytes.IndexFunc(cmdline, func(r rune) bool {
+		return unicode.IsControl(r) || unicode.IsSpace(r)
+	})
+
+	if idx == -1 {
+		return filepath.Base(string(cmdline))
+	}
+	return filepath.Base(string(cmdline[:idx]))
+}
+
+func isPid(s string) bool {
+	return strings.IndexFunc(s, func(r rune) bool {
+		return !unicode.IsDigit(r)
+	}) == -1
+}

component/process/process_darwin.go

@@ -44,8 +44,6 @@ func findProcessName(network string, ip net.IP, port int) (string, error) {
 		// rup8(sizeof(xtcpcb_n))
 		itemSize += 208
 	}
-
-	var fallbackUDPProcess string
 	// skip the first xinpgen(24 bytes) block
 	for i := 24; i+itemSize <= len(buf); i += itemSize {
 		// offset of xinpcb_n and xsocket_n
@@ -59,15 +57,11 @@ func findProcessName(network string, ip net.IP, port int) (string, error) {
 		// xinpcb_n.inp_vflag
 		flag := buf[inp+44]
 
-		var (
+		var srcIP net.IP
-			srcIP     net.IP
-			srcIsIPv4 bool
-		)
 		switch {
 		case flag&0x1 > 0 && isIPv4:
 			// ipv4
 			srcIP = net.IP(buf[inp+76 : inp+80])
-			srcIsIPv4 = true
 		case flag&0x2 > 0 && !isIPv4:
 			// ipv6
 			srcIP = net.IP(buf[inp+64 : inp+80])
@@ -75,22 +69,15 @@ func findProcessName(network string, ip net.IP, port int) (string, error) {
 			continue
 		}
 
-		if ip.Equal(srcIP) {
+		if !ip.Equal(srcIP) && (network == TCP || !srcIP.IsUnspecified()) {
+			continue
+		}
+
 		// xsocket_n.so_last_pid
 		pid := readNativeUint32(buf[so+68 : so+72])
 		return getExecPathFromPID(pid)
 	}
 
-		// udp packet connection may be not equal with srcIP
-		if network == UDP && srcIP.IsUnspecified() && isIPv4 == srcIsIPv4 {
-			fallbackUDPProcess, _ = getExecPathFromPID(readNativeUint32(buf[so+68 : so+72]))
-		}
-	}
-
-	if network == UDP && fallbackUDPProcess != "" {
-		return fallbackUDPProcess, nil
-	}
-
 	return "", ErrNotFound
 }
 

component/process/process_linux.go

@@ -1,3 +1,5 @@
+//go:build !android
+
 package process
 
 import (
@@ -166,7 +168,7 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
 	}
 
 	buffer := make([]byte, syscall.PathMax)
-	socket := fmt.Appendf(nil, "socket:[%d]", inode)
+	socket := []byte(fmt.Sprintf("socket:[%d]", inode))
 
 	for _, f := range files {
 		if !f.IsDir() || !isPid(f.Name()) {

component/process/process_windows.go

@@ -215,7 +215,7 @@ func getExecPathFromPID(pid uint32) (string, error) {
 		uintptr(1),
 		uintptr(unsafe.Pointer(&buf[0])),
 		uintptr(unsafe.Pointer(&size)),
-	)
+		0, 0)
 	if r1 == 0 {
 		return "", err
 	}

component/profile/cachefile/cache.go

@@ -132,6 +132,17 @@ func (c *CacheFile) GetFakeip(key []byte) []byte {
 	return bucket.Get(key)
 }
 
+func (c *CacheFile) FlushFakeIP() error {
+	err := c.DB.Batch(func(t *bbolt.Tx) error {
+		bucket := t.Bucket(bucketFakeip)
+		if bucket == nil {
+			return nil
+		}
+		return t.DeleteBucket(bucketFakeip)
+	})
+	return err
+}
+
 func (c *CacheFile) Close() error {
 	return c.DB.Close()
 }

component/resolver/defaults.go

@@ -1,12 +0,0 @@
-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-
-package resolver
-
-import _ "unsafe"
-
-//go:linkname defaultNS net.defaultNS
-var defaultNS []string
-
-func init() {
-	defaultNS = []string{"114.114.114.114:53", "8.8.8.8:53"}
-}

component/resolver/enhancer.go

@@ -10,8 +10,10 @@ type Enhancer interface {
 	FakeIPEnabled() bool
 	MappingEnabled() bool
 	IsFakeIP(net.IP) bool
+	IsFakeBroadcastIP(net.IP) bool
 	IsExistFakeIP(net.IP) bool
 	FindHostByIP(net.IP) (string, bool)
+	FlushFakeIP() error
 }
 
 func FakeIPEnabled() bool {
@@ -38,6 +40,14 @@ func IsFakeIP(ip net.IP) bool {
 	return false
 }
 
+func IsFakeBroadcastIP(ip net.IP) bool {
+	if mapper := DefaultHostMapper; mapper != nil {
+		return mapper.IsFakeBroadcastIP(ip)
+	}
+
+	return false
+}
+
 func IsExistFakeIP(ip net.IP) bool {
 	if mapper := DefaultHostMapper; mapper != nil {
 		return mapper.IsExistFakeIP(ip)
@@ -53,3 +63,10 @@ func FindHostByIP(ip net.IP) (string, bool) {
 
 	return "", false
 }
+
+func FlushFakeIP() error {
+	if mapper := DefaultHostMapper; mapper != nil {
+		return mapper.FlushFakeIP()
+	}
+	return nil
+}

component/resolver/patch.go

@@ -0,0 +1,18 @@
+package resolver
+
+import D "github.com/miekg/dns"
+
+var DefaultLocalServer LocalServer
+
+type LocalServer interface {
+	ServeMsg(msg *D.Msg) (*D.Msg, error)
+}
+
+// ServeMsg with a dns.Msg, return resolve dns.Msg
+func ServeMsg(msg *D.Msg) (*D.Msg, error) {
+	if server := DefaultLocalServer; server != nil {
+		return server.ServeMsg(msg)
+	}
+
+	return nil, ErrIPNotFound
+}

component/resolver/resolver.go

@@ -3,7 +3,6 @@ package resolver
 import (
 	"context"
 	"errors"
-	"fmt"
 	"math/rand"
 	"net"
 	"strings"
@@ -16,6 +15,9 @@ var (
 	// DefaultResolver aim to resolve ip
 	DefaultResolver Resolver
 
+	// ProxyServerHostResolver resolve ip to proxies server host
+	ProxyServerHostResolver Resolver
+
 	// DisableIPv6 means don't resolve ipv6 host
 	// default value is true
 	DisableIPv6 = true
@@ -34,34 +36,36 @@ var (
 )
 
 type Resolver interface {
-	LookupIP(ctx context.Context, host string) ([]net.IP, error)
-	LookupIPv4(ctx context.Context, host string) ([]net.IP, error)
-	LookupIPv6(ctx context.Context, host string) ([]net.IP, error)
 	ResolveIP(host string) (ip net.IP, err error)
 	ResolveIPv4(host string) (ip net.IP, err error)
 	ResolveIPv6(host string) (ip net.IP, err error)
 }
 
-// LookupIPv4 with a host, return ipv4 list
+// ResolveIPv4 with a host, return ipv4
-func LookupIPv4(ctx context.Context, host string) ([]net.IP, error) {
+func ResolveIPv4(host string) (net.IP, error) {
+	return ResolveIPv4WithResolver(host, DefaultResolver)
+}
+
+func ResolveIPv4WithResolver(host string, r Resolver) (net.IP, error) {
 	if node := DefaultHosts.Search(host); node != nil {
 		if ip := node.Data.(net.IP).To4(); ip != nil {
-			return []net.IP{ip}, nil
+			return ip, nil
 		}
 	}
 
 	ip := net.ParseIP(host)
 	if ip != nil {
 		if !strings.Contains(host, ":") {
-			return []net.IP{ip}, nil
+			return ip, nil
 		}
 		return nil, ErrIPVersion
 	}
 
-	if DefaultResolver != nil {
+	if r != nil {
-		return DefaultResolver.LookupIPv4(ctx, host)
+		return r.ResolveIPv4(host)
 	}
 
+	if DefaultResolver == nil {
 		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
 		defer cancel()
 		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip4", host)
@@ -71,44 +75,41 @@ func LookupIPv4(ctx context.Context, host string) ([]net.IP, error) {
 			return nil, ErrIPNotFound
 		}
 
-	return ipAddrs, nil
+		return ipAddrs[rand.Intn(len(ipAddrs))], nil
 	}
 
-// ResolveIPv4 with a host, return ipv4
+	return nil, ErrIPNotFound
-func ResolveIPv4(host string) (net.IP, error) {
-	ips, err := LookupIPv4(context.Background(), host)
-	if err != nil {
-		return nil, err
-	} else if len(ips) == 0 {
-		return nil, fmt.Errorf("%w: %s", ErrIPNotFound, host)
-	}
-	return ips[rand.Intn(len(ips))], nil
 }
 
-// LookupIPv6 with a host, return ipv6 list
+// ResolveIPv6 with a host, return ipv6
-func LookupIPv6(ctx context.Context, host string) ([]net.IP, error) {
+func ResolveIPv6(host string) (net.IP, error) {
+	return ResolveIPv6WithResolver(host, DefaultResolver)
+}
+
+func ResolveIPv6WithResolver(host string, r Resolver) (net.IP, error) {
 	if DisableIPv6 {
 		return nil, ErrIPv6Disabled
 	}
 
 	if node := DefaultHosts.Search(host); node != nil {
 		if ip := node.Data.(net.IP).To16(); ip != nil {
-			return []net.IP{ip}, nil
+			return ip, nil
 		}
 	}
 
 	ip := net.ParseIP(host)
 	if ip != nil {
 		if strings.Contains(host, ":") {
-			return []net.IP{ip}, nil
+			return ip, nil
 		}
 		return nil, ErrIPVersion
 	}
 
-	if DefaultResolver != nil {
+	if r != nil {
-		return DefaultResolver.LookupIPv6(ctx, host)
+		return r.ResolveIPv6(host)
 	}
 
+	if DefaultResolver == nil {
 		ctx, cancel := context.WithTimeout(context.Background(), DefaultDNSTimeout)
 		defer cancel()
 		ipAddrs, err := net.DefaultResolver.LookupIP(ctx, "ip6", host)
@@ -118,62 +119,69 @@ func LookupIPv6(ctx context.Context, host string) ([]net.IP, error) {
 			return nil, ErrIPNotFound
 		}
 
-	return ipAddrs, nil
+		return ipAddrs[rand.Intn(len(ipAddrs))], nil
 	}
 
-// ResolveIPv6 with a host, return ipv6
+	return nil, ErrIPNotFound
-func ResolveIPv6(host string) (net.IP, error) {
-	ips, err := LookupIPv6(context.Background(), host)
-	if err != nil {
-		return nil, err
-	} else if len(ips) == 0 {
-		return nil, fmt.Errorf("%w: %s", ErrIPNotFound, host)
-	}
-	return ips[rand.Intn(len(ips))], nil
 }
 
-// LookupIPWithResolver same as ResolveIP, but with a resolver
+// ResolveIPWithResolver same as ResolveIP, but with a resolver
-func LookupIPWithResolver(ctx context.Context, host string, r Resolver) ([]net.IP, error) {
+func ResolveIPWithResolver(host string, r Resolver) (net.IP, error) {
 	if node := DefaultHosts.Search(host); node != nil {
-		return []net.IP{node.Data.(net.IP)}, nil
+		return node.Data.(net.IP), nil
 	}
 
 	if r != nil {
 		if DisableIPv6 {
-			return r.LookupIPv4(ctx, host)
+			return r.ResolveIPv4(host)
 		}
-		return r.LookupIP(ctx, host)
+		return r.ResolveIP(host)
 	} else if DisableIPv6 {
-		return LookupIPv4(ctx, host)
+		return ResolveIPv4(host)
 	}
 
 	ip := net.ParseIP(host)
 	if ip != nil {
-		return []net.IP{ip}, nil
+		return ip, nil
 	}
 
-	ips, err := net.DefaultResolver.LookupIP(ctx, "ip", host)
+	if DefaultResolver == nil {
+		ipAddr, err := net.ResolveIPAddr("ip", host)
 		if err != nil {
 			return nil, err
-	} else if len(ips) == 0 {
+		}
+
+		return ipAddr.IP, nil
+	}
+
 	return nil, ErrIPNotFound
 }
 
-	return ips, nil
-}
-
-// ResolveIP with a host, return ip
-func LookupIP(ctx context.Context, host string) ([]net.IP, error) {
-	return LookupIPWithResolver(ctx, host, DefaultResolver)
-}
-
 // ResolveIP with a host, return ip
 func ResolveIP(host string) (net.IP, error) {
-	ips, err := LookupIP(context.Background(), host)
+	return ResolveIPWithResolver(host, DefaultResolver)
-	if err != nil {
-		return nil, err
-	} else if len(ips) == 0 {
-		return nil, fmt.Errorf("%w: %s", ErrIPNotFound, host)
 }
-	return ips[rand.Intn(len(ips))], nil
+
+// ResolveIPv4ProxyServerHost proxies server host only
+func ResolveIPv4ProxyServerHost(host string) (net.IP, error) {
+	if ProxyServerHostResolver != nil {
+		return ResolveIPv4WithResolver(host, ProxyServerHostResolver)
+	}
+	return ResolveIPv4(host)
+}
+
+// ResolveIPv6ProxyServerHost proxies server host only
+func ResolveIPv6ProxyServerHost(host string) (net.IP, error) {
+	if ProxyServerHostResolver != nil {
+		return ResolveIPv6WithResolver(host, ProxyServerHostResolver)
+	}
+	return ResolveIPv6(host)
+}
+
+// ResolveProxyServerHost proxies server host only
+func ResolveProxyServerHost(host string) (net.IP, error) {
+	if ProxyServerHostResolver != nil {
+		return ResolveIPWithResolver(host, ProxyServerHostResolver)
+	}
+	return ResolveIP(host)
 }

component/trie/ipcidr_node.go

@@ -0,0 +1,44 @@
+package trie
+
+import "errors"
+
+var (
+	ErrorOverMaxValue = errors.New("the value don't over max value")
+)
+
+type IpCidrNode struct {
+	Mark     bool
+	child    map[uint32]*IpCidrNode
+	maxValue uint32
+}
+
+func NewIpCidrNode(mark bool, maxValue uint32) *IpCidrNode {
+	ipCidrNode := &IpCidrNode{
+		Mark:     mark,
+		child:    map[uint32]*IpCidrNode{},
+		maxValue: maxValue,
+	}
+
+	return ipCidrNode
+}
+
+func (n *IpCidrNode) addChild(value uint32) error {
+	if value > n.maxValue {
+		return ErrorOverMaxValue
+	}
+
+	n.child[value] = NewIpCidrNode(false, n.maxValue)
+	return nil
+}
+
+func (n *IpCidrNode) hasChild(value uint32) bool {
+	return n.getChild(value) != nil
+}
+
+func (n *IpCidrNode) getChild(value uint32) *IpCidrNode {
+	if value <= n.maxValue {
+		return n.child[value]
+	}
+
+	return nil
+}

component/trie/ipcidr_trie.go

@@ -0,0 +1,255 @@
+package trie
+
+import (
+	"github.com/Dreamacro/clash/log"
+	"net"
+)
+
+type IPV6 bool
+
+const (
+	ipv4GroupMaxValue = 0xFF
+	ipv6GroupMaxValue = 0xFFFF
+)
+
+type IpCidrTrie struct {
+	ipv4Trie *IpCidrNode
+	ipv6Trie *IpCidrNode
+}
+
+func NewIpCidrTrie() *IpCidrTrie {
+	return &IpCidrTrie{
+		ipv4Trie: NewIpCidrNode(false, ipv4GroupMaxValue),
+		ipv6Trie: NewIpCidrNode(false, ipv6GroupMaxValue),
+	}
+}
+
+func (trie *IpCidrTrie) AddIpCidr(ipCidr *net.IPNet) error {
+	subIpCidr, subCidr, isIpv4, err := ipCidrToSubIpCidr(ipCidr)
+	if err != nil {
+		return err
+	}
+
+	for _, sub := range subIpCidr {
+		addIpCidr(trie, isIpv4, sub, subCidr/8)
+	}
+
+	return nil
+}
+
+func (trie *IpCidrTrie) AddIpCidrForString(ipCidr string) error {
+	_, ipNet, err := net.ParseCIDR(ipCidr)
+	if err != nil {
+		return err
+	}
+
+	return trie.AddIpCidr(ipNet)
+}
+
+func (trie *IpCidrTrie) IsContain(ip net.IP) bool {
+	ip, isIpv4 := checkAndConverterIp(ip)
+	if ip == nil {
+		return false
+	}
+
+	var groupValues []uint32
+	var ipCidrNode *IpCidrNode
+
+	if isIpv4 {
+		ipCidrNode = trie.ipv4Trie
+		for _, group := range ip {
+			groupValues = append(groupValues, uint32(group))
+		}
+	} else {
+		ipCidrNode = trie.ipv6Trie
+		for i := 0; i < len(ip); i += 2 {
+			groupValues = append(groupValues, getIpv6GroupValue(ip[i], ip[i+1]))
+		}
+	}
+
+	return search(ipCidrNode, groupValues) != nil
+}
+
+func (trie *IpCidrTrie) IsContainForString(ipString string) bool {
+	return trie.IsContain(net.ParseIP(ipString))
+}
+
+func ipCidrToSubIpCidr(ipNet *net.IPNet) ([]net.IP, int, bool, error) {
+	maskSize, _ := ipNet.Mask.Size()
+	var (
+		ipList      []net.IP
+		newMaskSize int
+		isIpv4      bool
+		err         error
+	)
+
+	ip, isIpv4 := checkAndConverterIp(ipNet.IP)
+	ipList, newMaskSize, err = subIpCidr(ip, maskSize, isIpv4)
+
+	return ipList, newMaskSize, isIpv4, err
+}
+
+func subIpCidr(ip net.IP, maskSize int, isIpv4 bool) ([]net.IP, int, error) {
+	var subIpCidrList []net.IP
+	groupSize := 8
+	if !isIpv4 {
+		groupSize = 16
+	}
+
+	if maskSize%groupSize == 0 {
+		return append(subIpCidrList, ip), maskSize, nil
+	}
+
+	lastByteMaskSize := maskSize % 8
+	lastByteMaskIndex := maskSize / 8
+	subIpCidrNum := 0xFF >> lastByteMaskSize
+	for i := 0; i <= subIpCidrNum; i++ {
+		subIpCidr := make([]byte, len(ip))
+		copy(subIpCidr, ip)
+		subIpCidr[lastByteMaskIndex] += byte(i)
+		subIpCidrList = append(subIpCidrList, subIpCidr)
+	}
+
+	newMaskSize := (lastByteMaskIndex + 1) * 8
+	if !isIpv4 {
+		newMaskSize = (lastByteMaskIndex/2 + 1) * 16
+	}
+
+	return subIpCidrList, newMaskSize, nil
+}
+
+func addIpCidr(trie *IpCidrTrie, isIpv4 bool, ip net.IP, groupSize int) {
+	if isIpv4 {
+		addIpv4Cidr(trie, ip, groupSize)
+	} else {
+		addIpv6Cidr(trie, ip, groupSize)
+	}
+}
+
+func addIpv4Cidr(trie *IpCidrTrie, ip net.IP, groupSize int) {
+	preNode := trie.ipv4Trie
+	node := preNode.getChild(uint32(ip[0]))
+	if node == nil {
+		err := preNode.addChild(uint32(ip[0]))
+		if err != nil {
+			return
+		}
+
+		node = preNode.getChild(uint32(ip[0]))
+	}
+
+	for i := 1; i < groupSize; i++ {
+		if node.Mark {
+			return
+		}
+
+		groupValue := uint32(ip[i])
+		if !node.hasChild(groupValue) {
+			err := node.addChild(groupValue)
+			if err != nil {
+				log.Errorln(err.Error())
+			}
+		}
+
+		preNode = node
+		node = node.getChild(groupValue)
+		if node == nil {
+			err := preNode.addChild(uint32(ip[i-1]))
+			if err != nil {
+				return
+			}
+
+			node = preNode.getChild(uint32(ip[i-1]))
+		}
+	}
+
+	node.Mark = true
+	cleanChild(node)
+}
+
+func addIpv6Cidr(trie *IpCidrTrie, ip net.IP, groupSize int) {
+	preNode := trie.ipv6Trie
+	node := preNode.getChild(getIpv6GroupValue(ip[0], ip[1]))
+	if node == nil {
+		err := preNode.addChild(getIpv6GroupValue(ip[0], ip[1]))
+		if err != nil {
+			return
+		}
+
+		node = preNode.getChild(getIpv6GroupValue(ip[0], ip[1]))
+	}
+
+	for i := 2; i < groupSize; i += 2 {
+		if node.Mark {
+			return
+		}
+
+		groupValue := getIpv6GroupValue(ip[i], ip[i+1])
+		if !node.hasChild(groupValue) {
+			err := node.addChild(groupValue)
+			if err != nil {
+				log.Errorln(err.Error())
+			}
+		}
+
+		preNode = node
+		node = node.getChild(groupValue)
+		if node == nil {
+			err := preNode.addChild(getIpv6GroupValue(ip[i-2], ip[i-1]))
+			if err != nil {
+				return
+			}
+
+			node = preNode.getChild(getIpv6GroupValue(ip[i-2], ip[i-1]))
+		}
+	}
+
+	node.Mark = true
+	cleanChild(node)
+}
+
+func getIpv6GroupValue(high, low byte) uint32 {
+	return (uint32(high) << 8) | uint32(low)
+}
+
+func cleanChild(node *IpCidrNode) {
+	for i := uint32(0); i < uint32(len(node.child)); i++ {
+		delete(node.child, i)
+	}
+}
+
+func search(root *IpCidrNode, groupValues []uint32) *IpCidrNode {
+	node := root.getChild(groupValues[0])
+	if node == nil || node.Mark {
+		return node
+	}
+
+	for _, value := range groupValues[1:] {
+		if !node.hasChild(value) {
+			return nil
+		}
+
+		node = node.getChild(value)
+
+		if node == nil || node.Mark {
+			return node
+		}
+	}
+
+	return nil
+}
+
+// return net.IP To4 or To16 and is ipv4
+func checkAndConverterIp(ip net.IP) (net.IP, bool) {
+	ipResult := ip.To4()
+	if ipResult == nil {
+		ipResult = ip.To16()
+		if ipResult == nil {
+			return nil, false
+		}
+
+		return ipResult, false
+	}
+
+	return ipResult, true
+}

component/trie/trie_test.go

@@ -0,0 +1,100 @@
+package trie
+
+import (
+	"net"
+	"testing"
+)
+import "github.com/stretchr/testify/assert"
+
+func TestIpv4AddSuccess(t *testing.T) {
+	trie := NewIpCidrTrie()
+	err := trie.AddIpCidrForString("10.0.0.2/16")
+	assert.Equal(t, nil, err)
+}
+
+func TestIpv4AddFail(t *testing.T) {
+	trie := NewIpCidrTrie()
+	err := trie.AddIpCidrForString("333.00.23.2/23")
+	assert.IsType(t, new(net.ParseError), err)
+
+	err = trie.AddIpCidrForString("22.3.34.2/222")
+	assert.IsType(t, new(net.ParseError), err)
+
+	err = trie.AddIpCidrForString("2.2.2.2")
+	assert.IsType(t, new(net.ParseError), err)
+}
+
+func TestIpv4Search(t *testing.T) {
+	trie := NewIpCidrTrie()
+	// Boundary testing
+	assert.NoError(t, trie.AddIpCidrForString("149.154.160.0/20"))
+	assert.Equal(t, true, trie.IsContainForString("149.154.160.0"))
+	assert.Equal(t, true, trie.IsContainForString("149.154.175.255"))
+	assert.Equal(t, false, trie.IsContainForString("149.154.176.0"))
+	assert.Equal(t, false, trie.IsContainForString("149.154.159.255"))
+
+	assert.NoError(t, trie.AddIpCidrForString("129.2.36.0/16"))
+	assert.NoError(t, trie.AddIpCidrForString("10.2.36.0/18"))
+	assert.NoError(t, trie.AddIpCidrForString("16.2.23.0/24"))
+	assert.NoError(t, trie.AddIpCidrForString("11.2.13.2/26"))
+	assert.NoError(t, trie.AddIpCidrForString("55.5.6.3/8"))
+	assert.NoError(t, trie.AddIpCidrForString("66.23.25.4/6"))
+
+	assert.Equal(t, true, trie.IsContainForString("129.2.3.65"))
+	assert.Equal(t, false, trie.IsContainForString("15.2.3.1"))
+	assert.Equal(t, true, trie.IsContainForString("11.2.13.1"))
+	assert.Equal(t, true, trie.IsContainForString("55.0.0.0"))
+	assert.Equal(t, true, trie.IsContainForString("64.0.0.0"))
+	assert.Equal(t, false, trie.IsContainForString("128.0.0.0"))
+
+	assert.Equal(t, false, trie.IsContain(net.ParseIP("22")))
+	assert.Equal(t, false, trie.IsContain(net.ParseIP("")))
+
+}
+
+func TestIpv6AddSuccess(t *testing.T) {
+	trie := NewIpCidrTrie()
+	err := trie.AddIpCidrForString("2001:0db8:02de:0000:0000:0000:0000:0e13/32")
+	assert.Equal(t, nil, err)
+
+	err = trie.AddIpCidrForString("2001:1db8:f2de::0e13/18")
+	assert.Equal(t, nil, err)
+}
+
+func TestIpv6AddFail(t *testing.T) {
+	trie := NewIpCidrTrie()
+	err := trie.AddIpCidrForString("2001::25de::cade/23")
+	assert.IsType(t, new(net.ParseError), err)
+
+	err = trie.AddIpCidrForString("2001:0fa3:25de::cade/222")
+	assert.IsType(t, new(net.ParseError), err)
+
+	err = trie.AddIpCidrForString("2001:0fa3:25de::cade")
+	assert.IsType(t, new(net.ParseError), err)
+}
+
+func TestIpv6Search(t *testing.T) {
+	trie := NewIpCidrTrie()
+
+	// Boundary testing
+	assert.NoError(t, trie.AddIpCidrForString("2a0a:f280::/32"))
+	assert.Equal(t, true, trie.IsContainForString("2a0a:f280:0000:0000:0000:0000:0000:0000"))
+	assert.Equal(t, true, trie.IsContainForString("2a0a:f280:ffff:ffff:ffff:ffff:ffff:ffff"))
+	assert.Equal(t, false, trie.IsContainForString("2a0a:f279:ffff:ffff:ffff:ffff:ffff:ffff"))
+	assert.Equal(t, false, trie.IsContainForString("2a0a:f281:0000:0000:0000:0000:0000:0000"))
+
+	assert.NoError(t, trie.AddIpCidrForString("2001:b28:f23d:f001::e/128"))
+	assert.NoError(t, trie.AddIpCidrForString("2001:67c:4e8:f002::e/12"))
+	assert.NoError(t, trie.AddIpCidrForString("2001:b28:f23d:f003::e/96"))
+	assert.NoError(t, trie.AddIpCidrForString("2001:67c:4e8:f002::a/32"))
+	assert.NoError(t, trie.AddIpCidrForString("2001:67c:4e8:f004::a/60"))
+	assert.NoError(t, trie.AddIpCidrForString("2001:b28:f23f:f005::a/64"))
+	assert.Equal(t, true, trie.IsContainForString("2001:b28:f23d:f001::e"))
+	assert.Equal(t, false, trie.IsContainForString("2222::fff2"))
+	assert.Equal(t, true, trie.IsContainForString("2000::ffa0"))
+	assert.Equal(t, true, trie.IsContainForString("2001:b28:f23f:f005:5662::"))
+	assert.Equal(t, true, trie.IsContainForString("2001:67c:4e8:9666::1213"))
+
+	assert.Equal(t, false, trie.IsContain(net.ParseIP("22233:22")))
+
+}

config/config.go

@@ -1,28 +1,37 @@
 package config
 
 import (
+	"container/list"
 	"errors"
 	"fmt"
+	R "github.com/Dreamacro/clash/rule"
+	RP "github.com/Dreamacro/clash/rule/provider"
 	"net"
+	"net/netip"
 	"net/url"
 	"os"
+	"runtime"
 	"strings"
+	"time"
 
 	"github.com/Dreamacro/clash/adapter"
 	"github.com/Dreamacro/clash/adapter/outbound"
 	"github.com/Dreamacro/clash/adapter/outboundgroup"
 	"github.com/Dreamacro/clash/adapter/provider"
 	"github.com/Dreamacro/clash/component/auth"
+	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/fakeip"
+	"github.com/Dreamacro/clash/component/geodata"
+	"github.com/Dreamacro/clash/component/geodata/router"
 	"github.com/Dreamacro/clash/component/trie"
 	C "github.com/Dreamacro/clash/constant"
 	providerTypes "github.com/Dreamacro/clash/constant/provider"
 	"github.com/Dreamacro/clash/dns"
+	"github.com/Dreamacro/clash/listener/tun/ipstack/commons"
 	"github.com/Dreamacro/clash/log"
-	R "github.com/Dreamacro/clash/rule"
 	T "github.com/Dreamacro/clash/tunnel"
 
-	"gopkg.in/yaml.v3"
+	"gopkg.in/yaml.v2"
 )
 
 // General config
@@ -30,13 +39,16 @@ type General struct {
 	Inbound
 	Controller
 	Mode          T.TunnelMode `json:"mode"`
+	UnifiedDelay  bool
 	LogLevel      log.LogLevel `json:"log-level"`
 	IPv6          bool         `json:"ipv6"`
 	Interface     string       `json:"-"`
 	RoutingMark   int          `json:"-"`
+	GeodataMode   bool         `json:"geodata-mode"`
+	GeodataLoader string       `json:"geodata-loader"`
 }
 
-// Inbound
+// Inbound config
 type Inbound struct {
 	Port           int      `json:"port"`
 	SocksPort      int      `json:"socks-port"`
@@ -48,7 +60,7 @@ type Inbound struct {
 	BindAddress    string   `json:"bind-address"`
 }
 
-// Controller
+// Controller config
 type Controller struct {
 	ExternalController string `json:"-"`
 	ExternalUI         string `json:"-"`
@@ -68,6 +80,7 @@ type DNS struct {
 	FakeIPRange           *fakeip.Pool
 	Hosts                 *trie.DomainTrie
 	NameServerPolicy      map[string]dns.NameServer
+	ProxyServerNameserver []dns.NameServer
 }
 
 // FallbackFilter config
@@ -76,20 +89,51 @@ type FallbackFilter struct {
 	GeoIPCode string                  `yaml:"geoip-code"`
 	IPCIDR    []*net.IPNet            `yaml:"ipcidr"`
 	Domain    []string                `yaml:"domain"`
+	GeoSite   []*router.DomainMatcher `yaml:"geosite"`
 }
 
+var (
+	GroupsList             = list.New()
+	ProxiesList            = list.New()
+	ParsingProxiesCallback func(groupsList *list.List, proxiesList *list.List)
+)
+
 // Profile config
 type Profile struct {
 	StoreSelected bool `yaml:"store-selected"`
 	StoreFakeIP   bool `yaml:"store-fake-ip"`
 }
 
+// Tun config
+type Tun struct {
+	Enable    bool             `yaml:"enable" json:"enable"`
+	Device    string           `yaml:"device" json:"device"`
+	Stack     C.TUNStack       `yaml:"stack" json:"stack"`
+	DNSHijack []netip.AddrPort `yaml:"dns-hijack" json:"dns-hijack"`
+	AutoRoute bool             `yaml:"auto-route" json:"auto-route"`
+}
+
+// Script config
+type Script struct {
+	MainCode      string            `yaml:"code" json:"code"`
+	ShortcutsCode map[string]string `yaml:"shortcuts" json:"shortcuts"`
+}
+
+// IPTables config
+type IPTables struct {
+	Enable           bool     `yaml:"enable" json:"enable"`
+	InboundInterface string   `yaml:"inbound-interface" json:"inbound-interface"`
+	Bypass           []string `yaml:"bypass" json:"bypass"`
+}
+
 // Experimental config
 type Experimental struct{}
 
 // Config is clash config manager
 type Config struct {
 	General       *General
+	Tun           *Tun
+	IPTables      *IPTables
 	DNS           *DNS
 	Experimental  *Experimental
 	Hosts         *trie.DomainTrie
@@ -98,6 +142,7 @@ type Config struct {
 	Users         []auth.AuthUser
 	Proxies       map[string]C.Proxy
 	Providers     map[string]providerTypes.ProxyProvider
+	RuleProviders map[string]*providerTypes.RuleProvider
 }
 
 type RawDNS struct {
@@ -113,6 +158,7 @@ type RawDNS struct {
 	FakeIPFilter          []string          `yaml:"fake-ip-filter"`
 	DefaultNameserver     []string          `yaml:"default-nameserver"`
 	NameServerPolicy      map[string]string `yaml:"nameserver-policy"`
+	ProxyServerNameserver []string          `yaml:"proxy-server-nameserver"`
 }
 
 type RawFallbackFilter struct {
@@ -120,6 +166,15 @@ type RawFallbackFilter struct {
 	GeoIPCode string   `yaml:"geoip-code"`
 	IPCIDR    []string `yaml:"ipcidr"`
 	Domain    []string `yaml:"domain"`
+	GeoSite   []string `yaml:"geosite"`
+}
+
+type RawTun struct {
+	Enable    bool       `yaml:"enable" json:"enable"`
+	Device    string     `yaml:"device" json:"device"`
+	Stack     C.TUNStack `yaml:"stack" json:"stack"`
+	DNSHijack []string   `yaml:"dns-hijack" json:"dns-hijack"`
+	AutoRoute bool       `yaml:"auto-route" json:"auto-route"`
 }
 
 type RawConfig struct {
@@ -132,6 +187,7 @@ type RawConfig struct {
 	AllowLan           bool         `yaml:"allow-lan"`
 	BindAddress        string       `yaml:"bind-address"`
 	Mode               T.TunnelMode `yaml:"mode"`
+	UnifiedDelay       bool         `yaml:"unified-delay"`
 	LogLevel           log.LogLevel `yaml:"log-level"`
 	IPv6               bool         `yaml:"ipv6"`
 	ExternalController string       `yaml:"external-controller"`
@@ -139,10 +195,15 @@ type RawConfig struct {
 	Secret             string       `yaml:"secret"`
 	Interface          string       `yaml:"interface-name"`
 	RoutingMark        int          `yaml:"routing-mark"`
+	GeodataMode        bool         `yaml:"geodata-mode"`
+	GeodataLoader      string       `yaml:"geodata-loader"`
 
 	ProxyProvider map[string]map[string]any `yaml:"proxy-providers"`
+	RuleProvider  map[string]map[string]any `yaml:"rule-providers"`
 	Hosts         map[string]string         `yaml:"hosts"`
 	DNS           RawDNS                    `yaml:"dns"`
+	Tun           RawTun                    `yaml:"tun"`
+	IPTables      IPTables                  `yaml:"iptables"`
 	Experimental  Experimental              `yaml:"experimental"`
 	Profile       Profile                   `yaml:"profile"`
 	Proxy         []map[string]any          `yaml:"proxies"`
@@ -166,24 +227,52 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 		AllowLan:       false,
 		BindAddress:    "*",
 		Mode:           T.Rule,
+		GeodataMode:    C.GeodataMode,
+		GeodataLoader:  "memconservative",
+		UnifiedDelay:   false,
 		Authentication: []string{},
 		LogLevel:       log.INFO,
 		Hosts:          map[string]string{},
 		Rule:           []string{},
 		Proxy:          []map[string]any{},
 		ProxyGroup:     []map[string]any{},
+		Tun: RawTun{
+			Enable:    false,
+			Device:    "",
+			Stack:     C.TunGvisor,
+			DNSHijack: []string{"0.0.0.0:53"}, // default hijack all dns query
+			AutoRoute: true,
+		},
+		IPTables: IPTables{
+			Enable:           false,
+			InboundInterface: "lo",
+			Bypass:           []string{},
+		},
 		DNS: RawDNS{
 			Enable:       false,
 			UseHosts:     true,
+			EnhancedMode: C.DNSMapping,
 			FakeIPRange:  "198.18.0.1/16",
 			FallbackFilter: RawFallbackFilter{
 				GeoIP:     true,
 				GeoIPCode: "CN",
 				IPCIDR:    []string{},
+				GeoSite:   []string{},
 			},
 			DefaultNameserver: []string{
 				"114.114.114.114",
+				"223.5.5.5",
 				"8.8.8.8",
+				"1.0.0.1",
+			},
+			NameServer: []string{
+				"https://doh.pub/dns-query",
+				"tls://223.5.5.5:853",
+			},
+			FakeIPFilter: []string{
+				"dns.msftnsci.com",
+				"www.msftnsci.com",
+				"www.msftconnecttest.com",
 			},
 		},
 		Profile: Profile{
@@ -200,9 +289,11 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 
 func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	config := &Config{}
-
+	log.Infoln("Start initial configuration in progress") //Segment finished in xxm
+	startTime := time.Now()
 	config.Experimental = &rawCfg.Experimental
 	config.Profile = &rawCfg.Profile
+	config.IPTables = &rawCfg.IPTables
 
 	general, err := parseGeneral(rawCfg)
 	if err != nil {
@@ -210,6 +301,14 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	}
 	config.General = general
 
+	tunCfg, err := parseTun(rawCfg.Tun, config.General)
+	if err != nil {
+		return nil, err
+	}
+	config.Tun = tunCfg
+
+	dialer.DefaultInterface.Store(config.General.Interface)
+
 	proxies, providers, err := parseProxies(rawCfg)
 	if err != nil {
 		return nil, err
@@ -217,11 +316,12 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	config.Proxies = proxies
 	config.Providers = providers
 
-	rules, err := parseRules(rawCfg, proxies)
+	rules, ruleProviders, err := parseRules(rawCfg, proxies)
 	if err != nil {
 		return nil, err
 	}
 	config.Rules = rules
+	config.RuleProviders = ruleProviders
 
 	hosts, err := parseHosts(rawCfg)
 	if err != nil {
@@ -229,7 +329,7 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	}
 	config.Hosts = hosts
 
-	dnsCfg, err := parseDNS(rawCfg, hosts)
+	dnsCfg, err := parseDNS(rawCfg, hosts, rules)
 	if err != nil {
 		return nil, err
 	}
@@ -237,12 +337,14 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 
 	config.Users = parseAuthentication(rawCfg.Authentication)
 
+	elapsedTime := time.Since(startTime) / time.Millisecond                     // duration in ms
+	log.Infoln("Initial configuration complete, total time: %dms", elapsedTime) //Segment finished in xxm
 	return config, nil
 }
 
 func parseGeneral(cfg *RawConfig) (*General, error) {
 	externalUI := cfg.ExternalUI
-
+	geodata.SetLoader(cfg.GeodataLoader)
 	// checkout externalUI exist
 	if externalUI != "" {
 		externalUI = C.Path.Resolve(externalUI)
@@ -267,24 +369,32 @@ func parseGeneral(cfg *RawConfig) (*General, error) {
 			ExternalUI:         cfg.ExternalUI,
 			Secret:             cfg.Secret,
 		},
+		UnifiedDelay:  cfg.UnifiedDelay,
 		Mode:          cfg.Mode,
 		LogLevel:      cfg.LogLevel,
 		IPv6:          cfg.IPv6,
 		Interface:     cfg.Interface,
 		RoutingMark:   cfg.RoutingMark,
+		GeodataMode:   cfg.GeodataMode,
+		GeodataLoader: cfg.GeodataLoader,
 	}, nil
 }
 
 func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[string]providerTypes.ProxyProvider, err error) {
 	proxies = make(map[string]C.Proxy)
 	providersMap = make(map[string]providerTypes.ProxyProvider)
-	proxyList := []string{}
 	proxiesConfig := cfg.Proxy
 	groupsConfig := cfg.ProxyGroup
 	providersConfig := cfg.ProxyProvider
 
+	var proxyList []string
+	_proxiesList := list.New()
+	_groupsList := list.New()
+
 	proxies["DIRECT"] = adapter.NewProxy(outbound.NewDirect())
 	proxies["REJECT"] = adapter.NewProxy(outbound.NewReject())
+	proxies["COMPATIBLE"] = adapter.NewProxy(outbound.NewCompatible())
+	proxies["PASS"] = adapter.NewProxy(outbound.NewPass())
 	proxyList = append(proxyList, "DIRECT", "REJECT")
 
 	// parse proxy
@@ -299,6 +409,7 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 		}
 		proxies[proxy.Name()] = proxy
 		proxyList = append(proxyList, proxy.Name())
+		_proxiesList.PushBack(mapping)
 	}
 
 	// keep the original order of ProxyGroups in config file
@@ -308,6 +419,7 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 			return nil, nil, fmt.Errorf("proxy group %d: missing name", idx)
 		}
 		proxyList = append(proxyList, groupName)
+		_groupsList.PushBack(mapping)
 	}
 
 	// check if any loop exists and sort the ProxyGroups
@@ -329,13 +441,6 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 		providersMap[name] = pd
 	}
 
-	for _, provider := range providersMap {
-		log.Infoln("Start initial provider %s", provider.Name())
-		if err := provider.Initial(); err != nil {
-			return nil, nil, fmt.Errorf("initial proxy provider %s error: %w", provider.Name(), err)
-		}
-	}
-
 	// parse proxy group
 	for idx, mapping := range groupsConfig {
 		group, err := outboundgroup.ParseProxyGroup(mapping, proxies, providersMap)
@@ -351,20 +456,11 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 		proxies[groupName] = adapter.NewProxy(group)
 	}
 
-	// initial compatible provider
+	var ps []C.Proxy
-	for _, pd := range providersMap {
+	for _, v := range proxyList {
-		if pd.VehicleType() != providerTypes.Compatible {
+		if proxies[v].Type() == C.Pass {
 			continue
 		}
-
-		log.Infoln("Start initial compatible provider %s", pd.Name())
-		if err := pd.Initial(); err != nil {
-			return nil, nil, err
-		}
-	}
-
-	ps := []C.Proxy{}
-	for _, v := range proxyList {
 		ps = append(ps, proxies[v])
 	}
 	hc := provider.NewHealthCheck(ps, "", 0, true)
@@ -378,12 +474,32 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 		[]providerTypes.ProxyProvider{pd},
 	)
 	proxies["GLOBAL"] = adapter.NewProxy(global)
+	ProxiesList = _proxiesList
+	GroupsList = _groupsList
+	if ParsingProxiesCallback != nil {
+		// refresh tray menu
+		go ParsingProxiesCallback(GroupsList, ProxiesList)
+	}
 	return proxies, providersMap, nil
 }
 
-func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, error) {
+func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[string]*providerTypes.RuleProvider, error) {
-	rules := []C.Rule{}
+	ruleProviders := map[string]*providerTypes.RuleProvider{}
+	log.Infoln("Geodata Loader mode: %s", geodata.LoaderName())
+	// parse rule provider
+	for name, mapping := range cfg.RuleProvider {
+		rp, err := RP.ParseRuleProvider(name, mapping)
+		if err != nil {
+			return nil, nil, err
+		}
+
+		ruleProviders[name] = &rp
+		RP.SetRuleProvider(rp)
+	}
+
+	var rules []C.Rule
 	rulesConfig := cfg.Rule
+	mode := cfg.Mode
 
 	// parse rules
 	for idx, line := range rulesConfig {
@@ -391,39 +507,62 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, error) {
 		var (
 			payload  string
 			target   string
-			params  = []string{}
+			params   []string
+			ruleName = strings.ToUpper(rule[0])
 		)
 
-		switch l := len(rule); {
+		if mode == T.Script && ruleName != "GEOSITE" {
-		case l == 2:
+			continue
-			target = rule[1]
-		case l == 3:
-			payload = rule[1]
-			target = rule[2]
-		case l >= 4:
-			payload = rule[1]
-			target = rule[2]
-			params = rule[3:]
-		default:
-			return nil, fmt.Errorf("rules[%d] [%s] error: format invalid", idx, line)
 		}
 
-		if _, ok := proxies[target]; !ok {
+		l := len(rule)
-			return nil, fmt.Errorf("rules[%d] [%s] error: proxy [%s] not found", idx, line, target)
+
+		if ruleName == "NOT" || ruleName == "OR" || ruleName == "AND" {
+			target = rule[l-1]
+			payload = strings.Join(rule[1:l-1], ",")
+		} else {
+			if l < 2 {
+				return nil, nil, fmt.Errorf("rules[%d] [%s] error: format invalid", idx, line)
+			}
+			if l < 4 {
+				rule = append(rule, make([]string, 4-l)...)
+			}
+			if ruleName == "MATCH" {
+				l = 2
+			}
+			if l >= 3 {
+				l = 3
+				payload = rule[1]
+			}
+			target = rule[l-1]
+			params = rule[l:]
+		}
+
+		if _, ok := proxies[target]; mode != T.Script && !ok {
+			return nil, nil, fmt.Errorf("rules[%d] [%s] error: proxy [%s] not found", idx, line, target)
 		}
 
-		rule = trimArr(rule)
 		params = trimArr(params)
 
-		parsed, parseErr := R.ParseRule(rule[0], payload, target, params)
+		if ruleName == "GEOSITE" {
+			if err := initGeoSite(); err != nil {
+				return nil, nil, fmt.Errorf("can't initial GeoSite: %s", err)
+			}
+			initMode = false
+		}
+		parsed, parseErr := R.ParseRule(ruleName, payload, target, params)
 		if parseErr != nil {
-			return nil, fmt.Errorf("rules[%d] [%s] error: %s", idx, line, parseErr.Error())
+			return nil, nil, fmt.Errorf("rules[%d] [%s] error: %s", idx, line, parseErr.Error())
 		}
 
+		if mode != T.Script {
 			rules = append(rules, parsed)
 		}
+	}
 
-	return rules, nil
+	runtime.GC()
+
+	return rules, ruleProviders, nil
 }
 
 func parseHosts(cfg *RawConfig) (*trie.DomainTrie, error) {
@@ -440,7 +579,7 @@ func parseHosts(cfg *RawConfig) (*trie.DomainTrie, error) {
 			if ip == nil {
 				return nil, fmt.Errorf("%s is not a valid IP", ipStr)
 			}
-			tree.Insert(domain, ip)
+			_ = tree.Insert(domain, ip)
 		}
 	}
 
@@ -465,7 +604,7 @@ func hostWithDefaultPort(host string, defPort string) (string, error) {
 }
 
 func parseNameServer(servers []string) ([]dns.NameServer, error) {
-	nameservers := []dns.NameServer{}
+	var nameservers []dns.NameServer
 
 	for idx, server := range servers {
 		// parse without scheme .e.g 8.8.8.8:53
@@ -477,10 +616,6 @@ func parseNameServer(servers []string) ([]dns.NameServer, error) {
 			return nil, fmt.Errorf("DNS NameServer[%d] format error: %s", idx, err.Error())
 		}
 
-		// parse with specific interface
-		// .e.g 10.0.0.1#en0
-		interfaceName := u.Fragment
-
 		var addr, dnsNetType string
 		switch u.Scheme {
 		case "udp":
@@ -499,6 +634,9 @@ func parseNameServer(servers []string) ([]dns.NameServer, error) {
 		case "dhcp":
 			addr = u.Host
 			dnsNetType = "dhcp" // UDP from DHCP
+		case "quic":
+			addr, err = hostWithDefaultPort(u.Host, "784")
+			dnsNetType = "quic" // DNS over QUIC
 		default:
 			return nil, fmt.Errorf("DNS NameServer[%d] unsupport scheme: %s", idx, u.Scheme)
 		}
@@ -512,7 +650,8 @@ func parseNameServer(servers []string) ([]dns.NameServer, error) {
 			dns.NameServer{
 				Net:          dnsNetType,
 				Addr:         addr,
-				Interface: interfaceName,
+				ProxyAdapter: u.Fragment,
+				Interface:    dialer.DefaultInterface.Load(),
 			},
 		)
 	}
@@ -537,7 +676,7 @@ func parseNameServerPolicy(nsPolicy map[string]string) (map[string]dns.NameServe
 }
 
 func parseFallbackIPCIDR(ips []string) ([]*net.IPNet, error) {
-	ipNets := []*net.IPNet{}
+	var ipNets []*net.IPNet
 
 	for idx, ip := range ips {
 		_, ipnet, err := net.ParseCIDR(ip)
@@ -550,7 +689,42 @@ func parseFallbackIPCIDR(ips []string) ([]*net.IPNet, error) {
 	return ipNets, nil
 }
 
-func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie) (*DNS, error) {
+func parseFallbackGeoSite(countries []string, rules []C.Rule) ([]*router.DomainMatcher, error) {
+	var sites []*router.DomainMatcher
+	if len(countries) > 0 {
+		if err := initGeoSite(); err != nil {
+			return nil, fmt.Errorf("can't initial GeoSite: %s", err)
+		}
+	}
+
+	for _, country := range countries {
+		found := false
+		for _, rule := range rules {
+			if rule.RuleType() == C.GEOSITE {
+				if strings.EqualFold(country, rule.Payload()) {
+					found = true
+					sites = append(sites, rule.(C.RuleGeoSite).GetDomainMatcher())
+					log.Infoln("Start initial GeoSite dns fallback filter from rule `%s`", country)
+				}
+			}
+		}
+
+		if !found {
+			matcher, recordsCount, err := geodata.LoadGeoSiteMatcher(country)
+			if err != nil {
+				return nil, err
+			}
+
+			sites = append(sites, matcher)
+
+			log.Infoln("Start initial GeoSite dns fallback filter `%s`, records: %d", country, recordsCount)
+		}
+	}
+	runtime.GC()
+	return sites, nil
+}
+
+func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie, rules []C.Rule) (*DNS, error) {
 	cfg := rawCfg.DNS
 	if cfg.Enable && len(cfg.NameServer) == 0 {
 		return nil, fmt.Errorf("if DNS configuration is turned on, NameServer cannot be empty")
@@ -563,6 +737,7 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie) (*DNS, error) {
 		EnhancedMode: cfg.EnhancedMode,
 		FallbackFilter: FallbackFilter{
 			IPCIDR:  []*net.IPNet{},
+			GeoSite: []*router.DomainMatcher{},
 		},
 	}
 	var err error
@@ -578,6 +753,10 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie) (*DNS, error) {
 		return nil, err
 	}
 
+	if dnsCfg.ProxyServerNameserver, err = parseNameServer(cfg.ProxyServerNameserver); err != nil {
+		return nil, err
+	}
+
 	if len(cfg.DefaultNameserver) == 0 {
 		return nil, errors.New("default nameserver should have at least one nameserver")
 	}
@@ -603,7 +782,19 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie) (*DNS, error) {
 		if len(cfg.FakeIPFilter) != 0 {
 			host = trie.New()
 			for _, domain := range cfg.FakeIPFilter {
-				host.Insert(domain, true)
+				_ = host.Insert(domain, true)
+			}
+		}
+
+		if len(dnsCfg.Fallback) != 0 {
+			if host == nil {
+				host = trie.New()
+			}
+			for _, fb := range dnsCfg.Fallback {
+				if net.ParseIP(fb.Addr) != nil {
+					continue
+				}
+				_ = host.Insert(fb.Addr, true)
 			}
 		}
 
@@ -620,12 +811,19 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie) (*DNS, error) {
 		dnsCfg.FakeIPRange = pool
 	}
 
+	if len(cfg.Fallback) != 0 {
 		dnsCfg.FallbackFilter.GeoIP = cfg.FallbackFilter.GeoIP
 		dnsCfg.FallbackFilter.GeoIPCode = cfg.FallbackFilter.GeoIPCode
 		if fallbackip, err := parseFallbackIPCIDR(cfg.FallbackFilter.IPCIDR); err == nil {
 			dnsCfg.FallbackFilter.IPCIDR = fallbackip
 		}
 		dnsCfg.FallbackFilter.Domain = cfg.FallbackFilter.Domain
+		fallbackGeoSite, err := parseFallbackGeoSite(cfg.FallbackFilter.GeoSite, rules)
+		if err != nil {
+			return nil, fmt.Errorf("load GeoSite dns fallback filter error, %w", err)
+		}
+		dnsCfg.FallbackFilter.GeoSite = fallbackGeoSite
+	}
 
 	if cfg.UseHosts {
 		dnsCfg.Hosts = hosts
@@ -635,7 +833,7 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie) (*DNS, error) {
 }
 
 func parseAuthentication(rawRecords []string) []auth.AuthUser {
-	users := []auth.AuthUser{}
+	var users []auth.AuthUser
 	for _, line := range rawRecords {
 		if user, pass, found := strings.Cut(line, ":"); found {
 			users = append(users, auth.AuthUser{User: user, Pass: pass})
@@ -643,3 +841,39 @@ func parseAuthentication(rawRecords []string) []auth.AuthUser {
 	}
 	return users
 }
+
+func parseTun(rawTun RawTun, general *General) (*Tun, error) {
+	if (rawTun.Enable || general.TProxyPort != 0) && general.Interface == "" {
+		autoDetectInterfaceName, err := commons.GetAutoDetectInterface()
+		if err != nil || autoDetectInterfaceName == "" {
+			log.Warnln("Can not find auto detect interface.[%s]", err)
+		} else {
+			log.Warnln("Auto detect interface: %s", autoDetectInterfaceName)
+		}
+
+		general.Interface = autoDetectInterfaceName
+	}
+
+	var dnsHijack []netip.AddrPort
+
+	for _, d := range rawTun.DNSHijack {
+		if _, after, ok := strings.Cut(d, "://"); ok {
+			d = after
+		}
+
+		addrPort, err := netip.ParseAddrPort(d)
+		if err != nil {
+			return nil, fmt.Errorf("parse dns-hijack url error: %w", err)
+		}
+
+		dnsHijack = append(dnsHijack, addrPort)
+	}
+
+	return &Tun{
+		Enable:    rawTun.Enable,
+		Device:    rawTun.Device,
+		Stack:     rawTun.Stack,
+		DNSHijack: dnsHijack,
+		AutoRoute: rawTun.AutoRoute,
+	}, nil
+}

config/initial.go

@@ -2,17 +2,20 @@ package config
 
 import (
 	"fmt"
+	"github.com/Dreamacro/clash/component/geodata"
+	"github.com/Dreamacro/clash/component/mmdb"
 	"io"
 	"net/http"
 	"os"
 
-	"github.com/Dreamacro/clash/component/mmdb"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/log"
 )
 
+var initMode = true
+
 func downloadMMDB(path string) (err error) {
-	resp, err := http.Get("https://cdn.jsdelivr.net/gh/Dreamacro/maxmind-geoip@release/Country.mmdb")
+	resp, err := http.Get("https://raw.githubusercontents.com/Loyalsoldier/geoip/release/Country.mmdb")
 	if err != nil {
 		return
 	}
@@ -28,7 +31,84 @@ func downloadMMDB(path string) (err error) {
 	return err
 }
 
-func initMMDB() error {
+func downloadGeoIP(path string) (err error) {
+	resp, err := http.Get("https://raw.githubusercontents.com/Loyalsoldier/v2ray-rules-dat/release/geoip.dat")
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+
+	f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0o644)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	_, err = io.Copy(f, resp.Body)
+
+	return err
+}
+
+func downloadGeoSite(path string) (err error) {
+	resp, err := http.Get("https://raw.githubusercontents.com/Loyalsoldier/v2ray-rules-dat/release/geosite.dat")
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+
+	f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0o644)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	_, err = io.Copy(f, resp.Body)
+
+	return err
+}
+
+func initGeoSite() error {
+	if _, err := os.Stat(C.Path.GeoSite()); os.IsNotExist(err) {
+		log.Infoln("Can't find GeoSite.dat, start download")
+		if err := downloadGeoSite(C.Path.GeoSite()); err != nil {
+			return fmt.Errorf("can't download GeoSite.dat: %s", err.Error())
+		}
+		log.Infoln("Download GeoSite.dat finish")
+	}
+	if initMode {
+		if !geodata.Verify(C.GeositeName) {
+			log.Warnln("GeoSite.dat invalid, remove and download")
+			if err := os.Remove(C.Path.GeoSite()); err != nil {
+				return fmt.Errorf("can't remove invalid GeoSite.dat: %s", err.Error())
+			}
+			if err := downloadGeoSite(C.Path.GeoSite()); err != nil {
+				return fmt.Errorf("can't download GeoSite.dat: %s", err.Error())
+			}
+		}
+	}
+	return nil
+}
+
+func initGeoIP() error {
+	if C.GeodataMode {
+		if _, err := os.Stat(C.Path.GeoIP()); os.IsNotExist(err) {
+			log.Infoln("Can't find GeoIP.dat, start download")
+			if err := downloadGeoIP(C.Path.GeoIP()); err != nil {
+				return fmt.Errorf("can't download GeoIP.dat: %s", err.Error())
+			}
+			log.Infoln("Download GeoIP.dat finish")
+		}
+
+		if !geodata.Verify(C.GeoipName) {
+			log.Warnln("GeoIP.dat invalid, remove and download")
+			if err := os.Remove(C.Path.GeoIP()); err != nil {
+				return fmt.Errorf("can't remove invalid GeoIP.dat: %s", err.Error())
+			}
+			if err := downloadGeoIP(C.Path.GeoIP()); err != nil {
+				return fmt.Errorf("can't download GeoIP.dat: %s", err.Error())
+			}
+		}
+		return nil
+	}
+
 	if _, err := os.Stat(C.Path.MMDB()); os.IsNotExist(err) {
 		log.Infoln("Can't find MMDB, start download")
 		if err := downloadMMDB(C.Path.MMDB()); err != nil {
@@ -69,10 +149,20 @@ func Init(dir string) error {
 		f.Write([]byte(`mixed-port: 7890`))
 		f.Close()
 	}
-
+	buf, _ := os.ReadFile(C.Path.Config())
-	// initial mmdb
+	rawCfg, err := UnmarshalRawConfig(buf)
-	if err := initMMDB(); err != nil {
+	if err != nil {
-		return fmt.Errorf("can't initial MMDB: %w", err)
+		log.Errorln(err.Error())
+		fmt.Printf("configuration file %s test failed\n", C.Path.Config())
+		os.Exit(1)
 	}
+	if !C.GeodataMode {
+		C.GeodataMode = rawCfg.GeodataMode
+	}
+	// initial GeoIP
+	if err := initGeoIP(); err != nil {
+		return fmt.Errorf("can't initial GeoIP: %w", err)
+	}
+
 	return nil
 }

constant/adapters.go

@@ -13,6 +13,14 @@ import (
 const (
 	Direct AdapterType = iota
 	Reject
+	Compatible
+	Pass
+
+	Relay
+	Selector
+	Fallback
+	URLTest
+	LoadBalance
 
 	Shadowsocks
 	ShadowsocksR
@@ -20,13 +28,8 @@ const (
 	Socks5
 	Http
 	Vmess
+	Vless
 	Trojan
-
-	Relay
-	Selector
-	Fallback
-	URLTest
-	LoadBalance
 )
 
 const (
@@ -128,7 +131,10 @@ func (at AdapterType) String() string {
 		return "Direct"
 	case Reject:
 		return "Reject"
-
+	case Compatible:
+		return "Compatible"
+	case Pass:
+		return "Pass"
 	case Shadowsocks:
 		return "Shadowsocks"
 	case ShadowsocksR:
@@ -141,6 +147,8 @@ func (at AdapterType) String() string {
 		return "Http"
 	case Vmess:
 		return "Vmess"
+	case Vless:
+		return "Vless"
 	case Trojan:
 		return "Trojan"
 

constant/geodata.go

@@ -0,0 +1,3 @@
+package constant
+
+var GeodataMode bool