documentation: Bump version

Fix http.FileServer short write
Fix toolchain version
2026-04-12 01:57:18 +10:00 · 2025-02-18 21:57:28 +08:00 · 2025-02-18 21:57:28 +08:00 · 2025-02-18 21:57:28 +08:00 · 2025-02-18 21:57:23 +08:00 · 2025-02-18 21:57:23 +08:00
42 changed files with 137 additions and 545 deletions
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -24,6 +24,7 @@ builds:
      - with_tailscale
    env:
      - CGO_ENABLED=0
+      - GOTOOLCHAIN=local
    targets:
      - linux_386
      - linux_amd64_v1
@@ -62,6 +63,7 @@ builds:
    <<: *template
    env:
      - CGO_ENABLED=1
+      - GOTOOLCHAIN=local
    overrides:
      - goos: android
        goarch: arm
--- a/7
+++ b/7
@@ -18,14 +18,17 @@ PREFIX ?= $(shell go env GOPATH)
 .PHONY: test release docs build

 build:
+	export GOTOOLCHAIN=local && \
 	go build $(MAIN_PARAMS) $(MAIN)

 ci_build_go120:
-	go build $(PARAMS) $(MAIN)
+	export GOTOOLCHAIN=local && \
+	go build $(PARAMS) $(MAIN) && \
 	go build $(PARAMS) -tags "$(TAGS_GO120)" $(MAIN)

 ci_build:
-	go build $(PARAMS) $(MAIN)
+	export GOTOOLCHAIN=local && \
+	go build $(PARAMS) $(MAIN) && \
 	go build $(MAIN_PARAMS) $(MAIN)

 generate_completions:
--- a/adapter/outbound.go
+++ b/adapter/outbound.go
@@ -5,7 +5,6 @@ import (

 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-tun"
 	N "github.com/sagernet/sing/common/network"
 )

@@ -19,11 +18,6 @@ type Outbound interface {
 	N.Dialer
 }

-type DirectRouteOutbound interface {
-	Outbound
-	NewDirectRouteConnection(metadata InboundContext, routeContext tun.DirectRouteContext) (tun.DirectRouteDestination, error)
-}
-
 type OutboundRegistry interface {
 	option.OutboundOptionsRegistry
 	CreateOutbound(ctx context.Context, router Router, logger log.ContextLogger, tag string, outboundType string, options any) (Outbound, error)
--- a/adapter/router.go
+++ b/adapter/router.go
@@ -8,7 +8,6 @@ import (
 	"sync"

 	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-tun"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 	"github.com/sagernet/sing/common/ntp"
@@ -20,7 +19,7 @@ import (
 type Router interface {
 	Lifecycle
 	ConnectionRouter
-	PreMatch(metadata InboundContext, context tun.DirectRouteContext) (tun.DirectRouteDestination, error)
+	PreMatch(metadata InboundContext) error
 	ConnectionRouterEx
 	RuleSet(tag string) (RuleSet, bool)
 	NeedWIFIState() bool
--- a/common/sniff/quic_test.go
+++ b/common/sniff/quic_test.go
@@ -12,6 +12,26 @@ import (
 	"github.com/stretchr/testify/require"
 )

+func TestSniffQUICChromeNew(t *testing.T) {
+	t.Parallel()
+	pkt, err := hex.DecodeString("ca0000000108e241a0c601413b4f004046006d8f15dae9999edf39d58df6762822b9a2ab996d7f6a10044338af3b51b1814bc4ac0fa5a87c34c6ae604af8cabc5957c5240174deefc8e378719ffdab2ae4e15bf4514bea4489ad89c322f75f9a383c90d126a0b21104cb519c2bb32e6a134e86896452e942b26c519b8c7ac9e4c99fae5e1f65cf08fb98443b30e4567932e8fb0789820d8f33037b59ac8113530258c9467dfb52489396dae01f099d28b234efa107fa411f2a1ffa2abe74988e03d662d4296024e95ce0fe1671724937157f77b84990478a2d4060676cf0827b4e8c600654111750414dafa0cccb332f3020c2922a015f445df5edc9c7d2d1ceea9fddcc9ff821c9183aa39a70da20fcc057579e1051c1c899148d6cf9d08b4919822082d040d1ce03ca4f216be6cb7ef03db6df0993ef1ccce5c8c648980554f41704526e1809d2545739f5872e75ec797db1c99f5682e2eda9363cb32aa367b7b363c782ddbacf874183cc15c8a2db068dd4093eebdd096ad33832a7939deb0a872279744f5a56dc001ba62fac973bf680f3b362bdd336add4dd102f462b773bf70bfce1921070a802a92025273a177186d1a643081b42175eb789ccddadb71033ef4feacbf6fd282ab622cf61669d73cda559e411c6ccdd8f003443b6933b7729b7a357aa4aa2fba0f365f829a4d497afb5dc2648a53bc9f3e786d955069d0a4781088a5463747dfe9958ea19ea444eae947ec6a67640955f710f93640084f3fbb8ad259b68dbc0ee0b7fab2d81bffd83ed8a6d33522dbfef43bec0a0fb4bdf1cb712dc4ced0680c0687fa240fd157baa232b1c84e14adce6421cf9270f9b3972f98fc67b344b8a4f1fb551e26f7f76d484ed9f8197f231dc5d9a44cc0ddce73d7f810a620851f4e97eb5037ab5135d7c3be5b80cc32d19910b8387aca64c93c02dc3e35238b78e6aff470722078982e58802844932b6041446bfdcc97ba640cbb86721bcd0f40f27b77aa6287ce5674ec1720134b9302875482c3269787e004b9edb483d44f326eef38c0e83cb46af96488c2e696bc2524567fb29c1e8edcd5a73615496d172d46a9d29e0505c0018b7bbb00165eca0389e09c4b1d73b6cc4a2f735a720650134a2e98e8105e20695cf231b92586237dfe0f99c897414e51c21627496276535f07abb53fb2b554376fe520fa45a3e944fd91dfe7a72aead08842b6b63d8edf861fb911954c83bd9a896eb9da4af5eff646455069d747facd4e77c254096843bff7c3e9031dbdf8dc37ea45f1122922fcbc322ec1378f3c7c1af0da62e1052e6210f1b23073f93a82d90e14cb20bc4501d487a1c848674d57a7c269b13590b3a99d8b8b4f6d0dfbd1d2cbbe7a32c0d5c84ae7ec438b0b19f3862d8fabaa828d06c7e3c6967405cd56a1ae90f38633e2ee0e3ecfca3df399fe12f029e0860a1a30da010300d0c94f0bf56091d00011488c1429928b21c739ebf50ba8be91116315d3173f6d2c56735722478c4d74392ba84d1727036b3d64e8c2263b0f33cb8086be587ca6b3940259c06afa2683868856529303ae12e91d7ca874568be7f2bfaa0656dfab0ed31ed90eaea10fb7f3433ec59a334abe6211d547fa0c825ac45d3691e749d15432008de83e9f6d98f368359137ae803d9189b3386f800c7c0cf4b615d1983cf82d9981a8105b60a80fe66c9b0d439b5ba153dd19e9e7483a01cf3b02b4597540b38e658d4eb8455e030b2bf2690bdd78c23f16fe5")
+	require.NoError(t, err)
+	var metadata adapter.InboundContext
+	err = sniff.QUICClientHello(context.Background(), &metadata, pkt)
+	require.Equal(t, metadata.Protocol, C.ProtocolQUIC)
+	require.Equal(t, metadata.Client, C.ClientChromium)
+	require.ErrorIs(t, err, sniff.ErrClientHelloFragmented)
+	pkt, err = hex.DecodeString("cc0000000108e241a0c601413b4f004046006d8f15dae9999edf39d58df6762822b9a2ab996d7f6a10044338af3b51b1814bc4ac0fa5a87c34c6ae604af8cabc5957c5240174deefc8e378719ffdab2ae4e15bf4514bea44894b626c685cd5d5c965f7e97b3a1bdc520b75813e747f37a3ae83ad38b9ca2acb0de4fc9424839a50c8fb815a62b498609fbbc59145698860e0509cc08a04d1b119daef844ba2f09c16e2665e5cc0b47624b71f7b950c54fd56b4a1fbb826cba44eeeee3949ced8f5de60d4c81b19ee59f75aa1abb33f22c6b13c27095eb1e99cff01fdc93e6e88da2622ee18c08a79f508befd7e33e99bca60e64bef9a47b764384bd93823daeeb6fcb4d7cfbc4ab53eff59b3636f6dcaaf229b5a94941b5712807166b9bd5e82cb4a9708a71451c4cd6f6e33fb2fe40c8c70dd51a30b37ff9c5e35783debde0093fde19ce074b4887b3c90980b107b9c0f32cf61a66f37c251b789abc4d27fc421207966846c8cc7faa42d9af6ad355a6bc94cb78223b612be8b3e2a4df61fee83a674a0ceb8b7c3a29b97102cda22fecdf6a4628e5b612bc17eab64d6f75feedd0b106c0419e484e66725759964cb5935ac5125e5ae920cd280bd40df57c1d7ae1845700bd4eb7b7ab12bc0850950bfe6e69edd6ac1daa5db2c2b07484327196e561c513462d72872dc6771c39f6b60d46a1f2c92343b7338450a0ef8e39f97fa70652b3a12cd04043698951627aaaa82cc95e76df92021d30e8014c984f12eea0143de8b17e5e4a36ec07bf4814251b391f168a59ef75afcd2319249aaba930f06bb7a11b9491e6f71b3d5774a6503a965e94edd0a67737282fc9cb0271779ff14151b7aa9267bb8f7d643185512515aeea513c0c98bfae782381a3317064195d8825cf8b25c17cdab5fced02612a3f2870e40df57e6ca3f08228a2b04e8de1425eb4b970118f9bbdc212223ff86a5d6b648cdf2366722f21de4b14a1014879eadb69215cdb1aa2a9f4f310ecfe3116214fe3ab0a23f4775a0a54b48d7dfd8f7283ed687b3ac7e1a7e42a0bdc3478aba8651c03e1e9cc9df17d106b8130afe854269b0103b7a696f452721887b19d8181830073c9f10684c65f96d3a6c6efbae044eec03d6399e001fa44d54635dc72f9b8ea6b87d0f452cad1e1e32273e2b47c40f2730235adcae8523b8282f86b8cf1ab63ae54aaa06130df3bbf6ecac7d7d1d43d2a87aea837267ff8ccfaa4b7e47b7ded909e6603d0b928a304f8915c839153598adc4178eb48bc0e98ad7793d7980275e1e491ba4847a4a04ae30fe7f5cc7d4b6f4f63a525e9964d72245860ca76a668a4654adb6619f16e9db79131e5675b93cafb96c92f1da8464d4fef2a22e7f9db695965fe2cc27ea30974629c8fe17cfa2f860179e1eb9faaa88a91ec9ce6da28c1a2894c3b932b5e1c807146718cc77ca13c61eaae00c7c99e019f599772064b198c5c2c5e863336367673630b417ac845ddb7c93b0856317e5d64bab208c5730abc2c63536784fbeaaec139dffc917e775715f1e42164ddef5138d4d163609ab3fbdcab968f8738385c0e7e34ff3cf7771a1dc5ba25a8850fdf96dabafa21f9065f307457ce9af4b7a73450c9d20a3b46fa8d3a1163d22bd01a7d17f0ec274181bf9640fa941427694bfeb1346089f7a851efe0fbb7a2041fa6bb6541ccbad77dd3e1a97999fc05f1fef070e7b5c4b385b8b2a8cc32483fdeba6a373970de2fa4139ba18e5916f949aab0aab2894")
+	require.NoError(t, err)
+	err = sniff.QUICClientHello(context.Background(), &metadata, pkt)
+	require.ErrorIs(t, err, sniff.ErrClientHelloFragmented)
+	pkt, err = hex.DecodeString("c20000000108e241a0c601413b4f004046006d8f15dae9999edf39d58df6762822b9a2ab996d7f6a10044338af3b51b1814bc4ac0fa5a87c34c6ae604af8cabc5957c5240174deefc8e378719ffdab2ae4e15bf4514bea4489e2ff30c43a5f63beb2e4501ce7754085bcbe838003a0b4bccb53863c0766df7eac073c2bdc170772b157997945acdc2ab2e84750cc9aa0ffa0fdc023da7fc565a14f87f7c563dbc9183dd226aab79957d263f66e64b85a1b15a24516bd2c7c04eea4fa0a34ef9849c21585db2e4adb7c05e265c4f38d8ffe4cbed0f3b0e68f3693bf1f726c3fb135b8e32a5d22931d7c55fc2ff4b9a354933ab14544df3cdaf3e3217dfb8d7feb3465dc34df6320ea486f12e5b2d609aaa5f4515c20c86fc440f8087be0ee3d339835746ae2573c2afdee6bb6ef7e9eb541feae9209391b2902cfb0bdaccd9da8d290714638b7da588d4a656ca6eabba78b7363922d6037cf060b161a42019d4feb4156459103cffdeefd0e63114af2b0e0c39e70ebc7fecb8dd1ebb8d60b2137f509bb7dcef5f1d3e06ab1d391466652d57440a410fb4f58a6ce1fb62feb453241f64e110709f59a3d9ebdac94f811337d0e4a80fd6b56b2a70cd6eebbf98e1661291da6bf5beb8b8afc376dfd20eb76afe709e8e8f28e0ef82105954e346546ad25973df43f4acddbec0ffd9b215f62abebebf71305b5ea993560316f69430bf5afe50420340622f802b5830f3bcebffff04980c75a59d28902879e5d51a4fb21062a4ae13c42297075b21d54ee04303879c1157e7470c1451673c98a2f3921f2f3e8f6acfe85b01caaca66b59e5ebffbfe68e5e9ab17e9a1b857eb409df91cb76767fc1814fd3c522a9b117edd0b02526e469cb4afb291a4dcc74c79b47ec6e7ce558c597129366f83ec306b11d2598c705fd4ee9ee99df6b7039bef13b08fc6f26853ad213829d24f895747d45a47414f931c583fb6c3e4f6c27d0c2b81a5f3cee390ec6314e1fec637e8d28b675e97caafdfbf8c25d34a635083a7553d219dd80dbb39087d74c6ad6192ca6f48a3ff8d47db41b2a492c63fcd780012780931dae0a325f9dcbd772d09a700f132c4bc1d9809b25b9751b694eb72a8ba4db7208d2b1bab63e1845208e4f841ea30218a559db98751589716b6d059ca673378f5fe7c7d8a1c82e14a561c47313bbcc278412ba86ffb2b87ec308eab9df696f5b4b54f8e361731bf232820a02a35fda7e5d4bf01b8f005ad299a055116e7b23c181f15a66442cf6032ca477bccc55b79d424eb4f245847bd81a581dc369dd20b1a4892733bde3c38e492c0039f69f2b947a4dc251a49ee7ccc0f36b3b75a555fa1d126db75f94dab60f52f6b15a877a0c380b59f82d35c570bc5f8051e9ef87db51f52383d47b50829b7f9e947ccc67aa280566aa48b4a85c1c7eca6f542789d8abcc050f1aa3cc221b6859656a21454aa21c7bfb9d12115f61c3ed46263ade68a8d3679fa62a659a5da7817406bd16618fccf33ed208ada1b03584e8b485d3cb6ed80a0774e60b6cd55aff64169ea998cf8235997049515abac58e0169ca07fb1c8c4c8b2803ba9d27b44c045d0a1cac86e5e188195c68001f53eb44851b6d821fc01ccbb41e27f38e6ddd66540c2d62ed6e0d551e22c0f26b60078c74a6302a1ed3d9e8fc0861257a63f6ac4e759fd54bff088becd28e30944a6c15db4fc8ae6244346869add946d9d92c430d737e042fa18b28a8ed64d1e8987ad9061cdc1335f")
+	require.NoError(t, err)
+	err = sniff.QUICClientHello(context.Background(), &metadata, pkt)
+	require.NoError(t, err)
+	require.Equal(t, "www.google.com", metadata.Domain)
+}
+
 func TestSniffQUICChromium(t *testing.T) {
 	t.Parallel()
 	pkt, err := hex.DecodeString("c30000000108f40d654cc09b27f5000044d08a94548e57e43cc5483f129986187c432d58d46674830442988f869566a6e31e2ae37c9f7acbf61cc81621594fab0b3dfdc1635460b32389563dc8e74006315661cd22694114612973c1c45910621713a48b375854f095e8a77ccf3afa64e972f0f7f7002f50e0b014b1b146ea47c07fb20b73ad5587872b51a0b3fafdf1c4cf4fe6f8b112142392efa25d993abe2f42582be145148bdfe12edcd96c3655b65a4781b093e5594ba8e3ae5320f12e8314fc3ca374128cc43381046c322b964681ed4395c813b28534505118201459665a44b8f0abead877de322e9040631d20b05f15b81fa7ff785d4041aecc37c7e2ccdc5d1532787ce566517e8985fd5c200dbfd1e67bc255efaba94cfc07bb52fea4a90887413b134f2715b5643542aa897c6116486f428d82da64d2a2c1e1bdd40bd592558901a554b003d6966ac5a7b8b9413eddbf6ef21f28386c74981e3ce1d724c341e95494907626659692720c81114ca4acea35a14c402cfa3dc2228446e78dc1b81fa4325cf7e314a9cad6a6bdff33b3351dcba74eb15fae67f1227283aa4cdd64bcadf8f19358333f8549b596f4350297b5c65274565869d497398339947b9d3d064e5b06d39d34b436d8a41c1a3880de10bd26c3b1c5b4e2a49b0d4d07b8d90cd9e92bc611564d19ea8ec33099e92033caf21f5307dbeaa4708b99eb313bff99e2081ac25fd12d6a72e8335e0724f6718fe023cd0ad0d6e6a6309f09c9c391eec2bc08e9c3210a043c08e1759f354c121f6517fff4d6e20711a871e41285d48d930352fddffb92c96ba57df045ce99f8bfdfa8edc0969ce68a51e9fbb4f54b956d9df74a9e4af27ed2b27839bce1cffeca8333c0aaee81a570217442f9029ba8fedb84a2cf4be4d910982d891ea00e816c7fb98e8020e896a9c6fdd9106611da0a99dde18df1b7a8f6327acb1eed9ad93314451e48cb0dfb9571728521ca3db2ac0968159d5622556a55d51a422d11995b650949aaefc5d24c16080446dfc4fbc10353f9f93ce161ab513367bb89ab83988e0630b689e174e27bcfcc31996ee7b0bca909e251b82d69a28fee5a5d662e127508cd19dbbe5097b7d5b62a49203d66764197a527e472e2627e44a93d44177dace9d60e7d0e03305ddf4cfe47cdf2362e14de79ef46a6763ce696cd7854a48d9419a0817507a4713ffd4977b906d4f2b5fb6dbe1bd15bc505d5fea582190bf531a45d5ee026da8918547fd5105f15e5d061c7b0cf80a34990366ed8e91e13c2f0d85e5dad537298808d193cf54b7eaac33f10051f74cb6b75e52f81618c36f03d86aef613ba237a1a793ba1539938a38f62ccaf7bd5f6c5e0ce53cde4012fcf2b758214a0422d2faaa798e86e19d7481b42df2b36a73d287ff28c20cce01ce598771fec16a8f1f00305c06010126013a6c1de9f589b4e79d693717cd88ad1c42a2d99fa96617ba0bc6365b68e21a70ebc447904aa27979e1514433cfd83bfec09f137c747d47582cb63eb28f873fb94cf7a59ff764ddfbb687d79a58bb10f85949269f7f72c611a5e0fbb52adfa298ff060ec2eb7216fd7302ea8fb07798cbb3be25cb53ac8161aac2b5bbcfbcfb01c113d28bd1cb0333fb89ac82a95930f7abded0a2f5a623cc6a1f62bf3f38ef1b81c1e50a634f657dbb6770e4af45879e2fb1e00c742e7b52205c8015b5c0f5b1e40186ff9aa7288ab3e01a51fb87761f9bc6837082af109b39cc9f620")
--- a/dns/transport/fakeip/fakeip.go
+++ b/dns/transport/fakeip/fakeip.go
@@ -55,7 +55,7 @@ func (t *Transport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg,
 	if question.Qtype != mDNS.TypeA && question.Qtype != mDNS.TypeAAAA {
 		return nil, E.New("only IP queries are supported by fakeip")
 	}
-	address, err := t.store.Create(question.Name, question.Qtype == mDNS.TypeAAAA)
+	address, err := t.store.Create(dns.FqdnToDomain(question.Name), question.Qtype == mDNS.TypeAAAA)
 	if err != nil {
 		return nil, err
 	}
--- a/dns/transport/quic/http3.go
+++ b/dns/transport/quic/http3.go
@@ -72,7 +72,7 @@ func NewHTTP3(ctx context.Context, logger log.ContextLogger, tag string, options
 		}
 	}
 	destinationURL := url.URL{
-		Scheme: "HTTP3",
+		Scheme: "https",
 		Host:   host,
 	}
 	if destinationURL.Host == "" {
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -2,7 +2,7 @@
 icon: material/alert-decagram
 ---

-#### 1.12.0-alpha.8
+#### 1.12.0-alpha.9

 * Fixes and improvements

--- a/experimental/clashapi/server.go
+++ b/experimental/clashapi/server.go
@@ -131,7 +131,7 @@ func NewServer(ctx context.Context, logFactory log.ObservableFactory, options op
 		s.externalUI = filemanager.BasePath(ctx, os.ExpandEnv(options.ExternalUI))
 		chiRouter.Group(func(r chi.Router) {
 			r.Get("/ui", http.RedirectHandler("/ui/", http.StatusMovedPermanently).ServeHTTP)
-			r.Handle("/ui/*", http.StripPrefix("/ui/", http.FileServer(http.Dir(s.externalUI))))
+			r.Handle("/ui/*", http.StripPrefix("/ui/", http.FileServer(Dir(s.externalUI))))
 		})
 	}
 	return s, nil
--- a/experimental/clashapi/server_fs.go
+++ b/experimental/clashapi/server_fs.go
@@ -0,0 +1,18 @@
+package clashapi
+
+import "net/http"
+
+type Dir http.Dir
+
+func (d Dir) Open(name string) (http.File, error) {
+	file, err := http.Dir(d).Open(name)
+	if err != nil {
+		return nil, err
+	}
+	return &fileWrapper{file}, nil
+}
+
+// workaround for #2345 #2596
+type fileWrapper struct {
+	http.File
+}
--- a/experimental/clashapi/server_resources.go
+++ b/experimental/clashapi/server_resources.go
@@ -43,7 +43,6 @@ func (s *Server) downloadExternalUI() error {
 	} else {
 		downloadURL = "https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip"
 	}
-	s.logger.Info("downloading external ui")
 	var detour adapter.Outbound
 	if s.externalUIDownloadDetour != "" {
 		outbound, loaded := s.outbound.Outbound(s.externalUIDownloadDetour)
@@ -55,6 +54,7 @@ func (s *Server) downloadExternalUI() error {
 		outbound := s.outbound.Default()
 		detour = outbound
 	}
+	s.logger.Info("downloading external ui using outbound/", detour.Type(), "[", detour.Tag(), "]")
 	httpClient := &http.Client{
 		Transport: &http.Transport{
 			ForceAttemptHTTP2:   true,
--- a/go.mod
+++ b/go.mod
@@ -2,8 +2,6 @@ module github.com/sagernet/sing-box

 go 1.23.1

-toolchain go1.24.0
-
 require (
 	github.com/caddyserver/certmagic v0.21.7
 	github.com/cloudflare/circl v1.6.0
@@ -25,16 +23,16 @@ require (
 	github.com/sagernet/cors v1.2.1
 	github.com/sagernet/fswatch v0.1.1
 	github.com/sagernet/gomobile v0.1.4
-	github.com/sagernet/gvisor v0.0.0-20250217052116-ed66b6946f72
+	github.com/sagernet/gvisor v0.0.0-20241123041152-536d05261cff
 	github.com/sagernet/quic-go v0.49.0-beta.1
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691
-	github.com/sagernet/sing v0.6.2-0.20250210105917-3464ed3babc0
+	github.com/sagernet/sing v0.6.2-0.20250210072154-8dff604468ff
 	github.com/sagernet/sing-mux v0.3.1
 	github.com/sagernet/sing-quic v0.4.1-beta.1
 	github.com/sagernet/sing-shadowsocks v0.2.7
 	github.com/sagernet/sing-shadowsocks2 v0.2.0
 	github.com/sagernet/sing-shadowtls v0.2.0
-	github.com/sagernet/sing-tun v0.6.2-0.20250217135654-784bb584392f
+	github.com/sagernet/sing-tun v0.6.1
 	github.com/sagernet/sing-vmess v0.2.0
 	github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7
 	github.com/sagernet/tailscale v1.79.0-mod.1
--- a/go.sum
+++ b/go.sum
@@ -171,8 +171,8 @@ github.com/sagernet/fswatch v0.1.1 h1:YqID+93B7VRfqIH3PArW/XpJv5H4OLEVWDfProGoRQ
 github.com/sagernet/fswatch v0.1.1/go.mod h1:nz85laH0mkQqJfaOrqPpkwtU1znMFNVTpT/5oRsVz/o=
 github.com/sagernet/gomobile v0.1.4 h1:WzX9ka+iHdupMgy2Vdich+OAt7TM8C2cZbIbzNjBrJY=
 github.com/sagernet/gomobile v0.1.4/go.mod h1:Pqq2+ZVvs10U7xK+UwJgwYWUykewi8H6vlslAO73n9E=
-github.com/sagernet/gvisor v0.0.0-20250217052116-ed66b6946f72 h1:Jgv6N59yiVMEwimTcFV1EVcu2Aa7R2Wh1ZAYNzWP2qA=
-github.com/sagernet/gvisor v0.0.0-20250217052116-ed66b6946f72/go.mod h1:ehZwnT2UpmOWAHFL48XdBhnd4Qu4hN2O3Ji0us3ZHMw=
+github.com/sagernet/gvisor v0.0.0-20241123041152-536d05261cff h1:mlohw3360Wg1BNGook/UHnISXhUx4Gd/3tVLs5T0nSs=
+github.com/sagernet/gvisor v0.0.0-20241123041152-536d05261cff/go.mod h1:ehZwnT2UpmOWAHFL48XdBhnd4Qu4hN2O3Ji0us3ZHMw=
 github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZNjr6sGeT00J8uU7JF4cNUdb44/Duis=
 github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
 github.com/sagernet/nftables v0.3.0-beta.4 h1:kbULlAwAC3jvdGAC1P5Fa3GSxVwQJibNenDW2zaXr8I=
@@ -182,8 +182,8 @@ github.com/sagernet/quic-go v0.49.0-beta.1/go.mod h1:uesWD1Ihrldq1M3XtjuEvIUqi8W
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byLGkEnIYp6grlXfo1QYUfiYFGjewIdc=
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.2.18/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo=
-github.com/sagernet/sing v0.6.2-0.20250210105917-3464ed3babc0 h1:8gTBdpb2JeNq4oAb8AHCisUI+mZlrpD0qMRrsb9EnAo=
-github.com/sagernet/sing v0.6.2-0.20250210105917-3464ed3babc0/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing v0.6.2-0.20250210072154-8dff604468ff h1:5UGghwx8cI14qFa0ienrLekAYfhdKAiWvJUkY7rHmsI=
+github.com/sagernet/sing v0.6.2-0.20250210072154-8dff604468ff/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/sagernet/sing-mux v0.3.1 h1:kvCc8HyGAskDHDQ0yQvoTi/7J4cZPB/VJMsAM3MmdQI=
 github.com/sagernet/sing-mux v0.3.1/go.mod h1:Mkdz8LnDstthz0HWuA/5foncnDIdcNN5KZ6AdJX+x78=
 github.com/sagernet/sing-quic v0.4.1-beta.1 h1:V2VfMckT3EQR3ZdfSzJgZZDsvfZZH42QAZpnOnHKa0s=
@@ -194,8 +194,8 @@ github.com/sagernet/sing-shadowsocks2 v0.2.0 h1:wpZNs6wKnR7mh1wV9OHwOyUr21VkS3wK
 github.com/sagernet/sing-shadowsocks2 v0.2.0/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
 github.com/sagernet/sing-shadowtls v0.2.0 h1:cLKe4OAOFwuhmAIuPLj//CIL7Q9js+pIDardhJ+/osk=
 github.com/sagernet/sing-shadowtls v0.2.0/go.mod h1:agU+Fw5X+xnWVyRHyFthoZCX3MfWKCFPm4JUf+1oaxo=
-github.com/sagernet/sing-tun v0.6.2-0.20250217135654-784bb584392f h1:VEtmCNfk8RuZcYz/Xx63F2QjcgG3z/7Pa0uiJciQo+Y=
-github.com/sagernet/sing-tun v0.6.2-0.20250217135654-784bb584392f/go.mod h1:UiOi1ombGaAzWkGSgH4qcP7Zpq8FjWc1uQmleK8oPCE=
+github.com/sagernet/sing-tun v0.6.1 h1:4l0+gnEKcGjlWfUVTD+W0BRApqIny/lU2ZliurE+VMo=
+github.com/sagernet/sing-tun v0.6.1/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
 github.com/sagernet/sing-vmess v0.2.0 h1:pCMGUXN2k7RpikQV65/rtXtDHzb190foTfF9IGTMZrI=
 github.com/sagernet/sing-vmess v0.2.0/go.mod h1:jDAZ0A0St1zVRkyvhAPRySOFfhC+4SQtO5VYyeFotgA=
 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxeq2z31Fpv8CQqqrUwTbrIRumZqQ=
--- a/option/dns_record.go
+++ b/option/dns_record.go
@@ -8,6 +8,7 @@ import (
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/json"
 	"github.com/sagernet/sing/common/json/badoption"
+	M "github.com/sagernet/sing/common/metadata"

 	"github.com/miekg/dns"
 )
@@ -135,6 +136,9 @@ func (o *DNSRecordOptions) UnmarshalJSON(data []byte) error {
 	if err != nil {
 		return err
 	}
+	if a, isA := record.(*dns.A); isA {
+		a.A = M.AddrFromIP(a.A).Unmap().AsSlice()
+	}
 	o.RR = record
 	return nil
 }
--- a/option/types.go
+++ b/option/types.go
@@ -12,11 +12,6 @@ import (
 	mDNS "github.com/miekg/dns"
 )

-var (
-	DefaultNetworks   = []string{N.NetworkTCP, N.NetworkUDP}
-	DefaultIPNetworks = []string{N.NetworkTCP, N.NetworkUDP, N.NetworkICMPv4, N.NetworkICMPv6}
-)
-
 type NetworkList string

 func (v *NetworkList) UnmarshalJSON(content []byte) error {
@@ -42,9 +37,9 @@ func (v *NetworkList) UnmarshalJSON(content []byte) error {
 	return nil
 }

-func (v NetworkList) Build(defaultNetworks []string) []string {
+func (v NetworkList) Build() []string {
 	if v == "" {
-		return defaultNetworks
+		return []string{N.NetworkTCP, N.NetworkUDP}
 	}
 	return strings.Split(string(v), "\n")
 }
--- a/protocol/direct/inbound.go
+++ b/protocol/direct/inbound.go
@@ -60,7 +60,7 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 	inbound.listener = listener.New(listener.Options{
 		Context:           ctx,
 		Logger:            logger,
-		Network:           options.Network.Build(option.DefaultIPNetworks),
+		Network:           options.Network.Build(),
 		Listen:            options.ListenOptions,
 		ConnectionHandler: inbound,
 		PacketHandler:     inbound,
--- a/protocol/direct/outbound.go
+++ b/protocol/direct/outbound.go
@@ -2,7 +2,6 @@ package direct

 import (
 	"context"
-	"github.com/sagernet/sing-tun"
 	"net"
 	"net/netip"
 	"time"
@@ -28,7 +27,6 @@ func RegisterOutbound(registry *outbound.Registry) {
 var (
 	_ N.ParallelDialer             = (*Outbound)(nil)
 	_ dialer.ParallelNetworkDialer = (*Outbound)(nil)
-	_ adapter.DirectRouteOutbound  = (*Outbound)(nil)
 )

 type Outbound struct {
@@ -52,7 +50,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 		return nil, err
 	}
 	outbound := &Outbound{
-		Adapter: outbound.NewAdapterWithDialerOptions(C.TypeDirect, tag, option.DefaultIPNetworks, options.DialerOptions),
+		Adapter: outbound.NewAdapterWithDialerOptions(C.TypeDirect, tag, []string{N.NetworkTCP, N.NetworkUDP}, options.DialerOptions),
 		logger:  logger,
 		//nolint:staticcheck
 		domainStrategy: C.DomainStrategy(options.DomainStrategy),
@@ -244,10 +242,6 @@ func (h *Outbound) ListenSerialNetworkPacket(ctx context.Context, destination M.
 	return conn, newDestination, nil
 }

-func (h *Outbound) NewDirectRouteConnection(metadata adapter.InboundContext, routeContext tun.DirectRouteContext) (tun.DirectRouteDestination, error) {
-	
-}
-
 /*func (h *Outbound) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
 	if h.loopBack.CheckConn(metadata.Source.AddrPort(), M.AddrPortFromNet(conn.LocalAddr())) {
 		return E.New("reject loopback connection to ", metadata.Destination)
--- a/protocol/hysteria/outbound.go
+++ b/protocol/hysteria/outbound.go
@@ -52,7 +52,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 	if err != nil {
 		return nil, err
 	}
-	networkList := options.Network.Build(option.DefaultIPNetworks)
+	networkList := options.Network.Build()
 	var password string
 	if options.AuthString != "" {
 		password = options.AuthString
--- a/protocol/hysteria2/outbound.go
+++ b/protocol/hysteria2/outbound.go
@@ -64,7 +64,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 	if err != nil {
 		return nil, err
 	}
-	networkList := options.Network.Build(option.DefaultIPNetworks)
+	networkList := options.Network.Build()
 	client, err := hysteria2.NewClient(hysteria2.ClientOptions{
 		Context:            ctx,
 		Dialer:             outboundDialer,
--- a/protocol/naive/inbound.go
+++ b/protocol/naive/inbound.go
@@ -57,7 +57,7 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 			Listen:  options.ListenOptions,
 		}),
 		networkIsDefault: options.Network == "",
-		network:          options.Network.Build(option.DefaultIPNetworks),
+		network:          options.Network.Build(),
 		authenticator:    auth.NewAuthenticator(options.Users),
 	}
 	if common.Contains(inbound.network, N.NetworkUDP) {
--- a/protocol/redirect/tproxy.go
+++ b/protocol/redirect/tproxy.go
@@ -53,7 +53,7 @@ func NewTProxy(ctx context.Context, router adapter.Router, logger log.ContextLog
 	tproxy.listener = listener.New(listener.Options{
 		Context:           ctx,
 		Logger:            logger,
-		Network:           options.Network.Build(option.DefaultIPNetworks),
+		Network:           options.Network.Build(),
 		Listen:            options.ListenOptions,
 		ConnectionHandler: tproxy,
 		OOBPacketHandler:  tproxy,
--- a/protocol/shadowsocks/inbound.go
+++ b/protocol/shadowsocks/inbound.go
@@ -84,7 +84,7 @@ func newInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 	inbound.listener = listener.New(listener.Options{
 		Context:                  ctx,
 		Logger:                   logger,
-		Network:                  options.Network.Build(option.DefaultIPNetworks),
+		Network:                  options.Network.Build(),
 		Listen:                   options.ListenOptions,
 		ConnectionHandler:        inbound,
 		PacketHandler:            inbound,
--- a/protocol/shadowsocks/inbound_multi.go
+++ b/protocol/shadowsocks/inbound_multi.go
@@ -92,7 +92,7 @@ func newMultiInbound(ctx context.Context, router adapter.Router, logger log.Cont
 	inbound.listener = listener.New(listener.Options{
 		Context:                  ctx,
 		Logger:                   logger,
-		Network:                  options.Network.Build(option.DefaultIPNetworks),
+		Network:                  options.Network.Build(),
 		Listen:                   options.ListenOptions,
 		ConnectionHandler:        inbound,
 		PacketHandler:            inbound,
--- a/protocol/shadowsocks/inbound_relay.go
+++ b/protocol/shadowsocks/inbound_relay.go
@@ -77,7 +77,7 @@ func newRelayInbound(ctx context.Context, router adapter.Router, logger log.Cont
 	inbound.listener = listener.New(listener.Options{
 		Context:                  ctx,
 		Logger:                   logger,
-		Network:                  options.Network.Build(option.DefaultIPNetworks),
+		Network:                  options.Network.Build(),
 		Listen:                   options.ListenOptions,
 		ConnectionHandler:        inbound,
 		PacketHandler:            inbound,
--- a/protocol/shadowsocks/outbound.go
+++ b/protocol/shadowsocks/outbound.go
@@ -49,7 +49,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 		return nil, err
 	}
 	outbound := &Outbound{
-		Adapter:    outbound.NewAdapterWithDialerOptions(C.TypeShadowsocks, tag, options.Network.Build(option.DefaultIPNetworks), options.DialerOptions),
+		Adapter:    outbound.NewAdapterWithDialerOptions(C.TypeShadowsocks, tag, options.Network.Build(), options.DialerOptions),
 		logger:     logger,
 		dialer:     outboundDialer,
 		method:     method,
--- a/protocol/socks/outbound.go
+++ b/protocol/socks/outbound.go
@@ -51,7 +51,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 		return nil, err
 	}
 	outbound := &Outbound{
-		Adapter:   outbound.NewAdapterWithDialerOptions(C.TypeSOCKS, tag, options.Network.Build(option.DefaultIPNetworks), options.DialerOptions),
+		Adapter:   outbound.NewAdapterWithDialerOptions(C.TypeSOCKS, tag, options.Network.Build(), options.DialerOptions),
 		dnsRouter: service.FromContext[adapter.DNSRouter](ctx),
 		logger:    logger,
 		client:    socks.NewClient(outboundDialer, options.ServerOptions.Build(), version, options.Username, options.Password),
--- a/protocol/tailscale/endpoint.go
+++ b/protocol/tailscale/endpoint.go
@@ -18,7 +18,6 @@ import (
 	"github.com/sagernet/gvisor/pkg/tcpip/adapters/gonet"
 	"github.com/sagernet/gvisor/pkg/tcpip/header"
 	"github.com/sagernet/gvisor/pkg/tcpip/stack"
-	"github.com/sagernet/gvisor/pkg/tcpip/transport/icmp"
 	"github.com/sagernet/gvisor/pkg/tcpip/transport/tcp"
 	"github.com/sagernet/gvisor/pkg/tcpip/transport/udp"
 	"github.com/sagernet/sing-box/adapter"
@@ -206,10 +205,8 @@ func (t *Endpoint) Start(stage adapter.StartStage) error {

 	ipStack := t.server.ExportNetstack().ExportIPStack()
 	ipStack.SetTransportProtocolHandler(tcp.ProtocolNumber, tun.NewTCPForwarder(t.ctx, ipStack, t).HandlePacket)
-	ipStack.SetTransportProtocolHandler(udp.ProtocolNumber, tun.NewUDPForwarder(t.ctx, ipStack, t, t.udpTimeout).HandlePacket)
-	icmpForwarder := tun.NewICMPForwarder(t.ctx, ipStack, t, t.udpTimeout)
-	ipStack.SetTransportProtocolHandler(icmp.ProtocolNumber4, icmpForwarder.HandlePacket)
-	ipStack.SetTransportProtocolHandler(icmp.ProtocolNumber6, icmpForwarder.HandlePacket)
+	udpForwarder := tun.NewUDPForwarder(t.ctx, ipStack, t, t.udpTimeout)
+	ipStack.SetTransportProtocolHandler(udp.ProtocolNumber, udpForwarder.HandlePacket)
 	t.stack = ipStack

 	localBackend := t.server.ExportLocalBackend()
@@ -380,7 +377,7 @@ func (t *Endpoint) ListenPacket(ctx context.Context, destination M.Socksaddr) (n
 	return udpConn, nil
 }

-func (t *Endpoint) PrepareConnection(network string, source M.Socksaddr, destination M.Socksaddr, routeContext tun.DirectRouteContext) (tun.DirectRouteDestination, error) {
+func (t *Endpoint) PrepareConnection(network string, source M.Socksaddr, destination M.Socksaddr) error {
 	tsFilter := t.filter.Load()
 	if tsFilter != nil {
 		var ipProto ipproto.Proto
@@ -393,9 +390,9 @@ func (t *Endpoint) PrepareConnection(network string, source M.Socksaddr, destina
 		response := tsFilter.Check(source.Addr, destination.Addr, destination.Port, ipProto)
 		switch response {
 		case filter.Drop:
-			return nil, syscall.ECONNREFUSED
+			return syscall.ECONNRESET
 		case filter.DropSilently:
-			return nil, tun.ErrDrop
+			return tun.ErrDrop
 		}
 	}
 	return t.router.PreMatch(adapter.InboundContext{
@@ -404,7 +401,7 @@ func (t *Endpoint) PrepareConnection(network string, source M.Socksaddr, destina
 		Network:     network,
 		Source:      source,
 		Destination: destination,
-	}, routeContext)
+	})
 }

 func (t *Endpoint) NewConnectionEx(ctx context.Context, conn net.Conn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
--- a/protocol/trojan/outbound.go
+++ b/protocol/trojan/outbound.go
@@ -43,7 +43,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 		return nil, err
 	}
 	outbound := &Outbound{
-		Adapter:    outbound.NewAdapterWithDialerOptions(C.TypeTrojan, tag, options.Network.Build(option.DefaultIPNetworks), options.DialerOptions),
+		Adapter:    outbound.NewAdapterWithDialerOptions(C.TypeTrojan, tag, options.Network.Build(), options.DialerOptions),
 		logger:     logger,
 		dialer:     outboundDialer,
 		serverAddr: options.ServerOptions.Build(),
--- a/protocol/tuic/outbound.go
+++ b/protocol/tuic/outbound.go
@@ -80,7 +80,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 		return nil, err
 	}
 	return &Outbound{
-		Adapter:   outbound.NewAdapterWithDialerOptions(C.TypeTUIC, tag, options.Network.Build(option.DefaultIPNetworks), options.DialerOptions),
+		Adapter:   outbound.NewAdapterWithDialerOptions(C.TypeTUIC, tag, options.Network.Build(), options.DialerOptions),
 		logger:    logger,
 		client:    client,
 		udpStream: options.UDPOverStream,
--- a/protocol/tun/inbound.go
+++ b/protocol/tun/inbound.go
@@ -8,7 +8,6 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
-	"syscall"
 	"time"

 	"github.com/sagernet/sing-box/adapter"
@@ -439,21 +438,15 @@ func (t *Inbound) Close() error {
 	)
 }

-func (t *Inbound) PrepareConnection(network string, source M.Socksaddr, destination M.Socksaddr, routeContext tun.DirectRouteContext) (tun.DirectRouteDestination, error) {
-	routeDestination, err := t.router.PreMatch(adapter.InboundContext{
+func (t *Inbound) PrepareConnection(network string, source M.Socksaddr, destination M.Socksaddr) error {
+	return t.router.PreMatch(adapter.InboundContext{
 		Inbound:        t.tag,
 		InboundType:    C.TypeTun,
 		Network:        network,
 		Source:         source,
 		Destination:    destination,
 		InboundOptions: t.inboundOptions,
-	}, routeContext)
-	if err != nil {
-		if !E.IsMulti(err, tun.ErrDrop, syscall.ECONNREFUSED) {
-			t.logger.Warn(err)
-		}
-	}
-	return routeDestination, err
+	})
 }

 func (t *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
--- a/protocol/vless/outbound.go
+++ b/protocol/vless/outbound.go
@@ -46,7 +46,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 		return nil, err
 	}
 	outbound := &Outbound{
-		Adapter:    outbound.NewAdapterWithDialerOptions(C.TypeVLESS, tag, options.Network.Build(option.DefaultIPNetworks), options.DialerOptions),
+		Adapter:    outbound.NewAdapterWithDialerOptions(C.TypeVLESS, tag, options.Network.Build(), options.DialerOptions),
 		logger:     logger,
 		dialer:     outboundDialer,
 		serverAddr: options.ServerOptions.Build(),
--- a/protocol/vmess/outbound.go
+++ b/protocol/vmess/outbound.go
@@ -46,7 +46,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 		return nil, err
 	}
 	outbound := &Outbound{
-		Adapter:    outbound.NewAdapterWithDialerOptions(C.TypeVMess, tag, options.Network.Build(option.DefaultIPNetworks), options.DialerOptions),
+		Adapter:    outbound.NewAdapterWithDialerOptions(C.TypeVMess, tag, options.Network.Build(), options.DialerOptions),
 		logger:     logger,
 		dialer:     outboundDialer,
 		serverAddr: options.ServerOptions.Build(),
--- a/protocol/wireguard/endpoint.go
+++ b/protocol/wireguard/endpoint.go
@@ -13,7 +13,6 @@ import (
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-box/transport/wireguard"
-	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
@@ -44,7 +43,7 @@ type Endpoint struct {

 func NewEndpoint(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.WireGuardEndpointOptions) (adapter.Endpoint, error) {
 	ep := &Endpoint{
-		Adapter:        endpoint.NewAdapterWithDialerOptions(C.TypeWireGuard, tag, []string{N.NetworkTCP, N.NetworkUDP, N.NetworkICMPv4, N.NetworkICMPv6}, options.DialerOptions),
+		Adapter:        endpoint.NewAdapterWithDialerOptions(C.TypeWireGuard, tag, []string{N.NetworkTCP, N.NetworkUDP}, options.DialerOptions),
 		ctx:            ctx,
 		router:         router,
 		dnsRouter:      service.FromContext[adapter.DNSRouter](ctx),
@@ -133,14 +132,14 @@ func (w *Endpoint) InterfaceUpdated() {
 	return
 }

-func (w *Endpoint) PrepareConnection(network string, source M.Socksaddr, destination M.Socksaddr, context tun.DirectRouteContext) (tun.DirectRouteDestination, error) {
+func (w *Endpoint) PrepareConnection(network string, source M.Socksaddr, destination M.Socksaddr) error {
 	return w.router.PreMatch(adapter.InboundContext{
 		Inbound:     w.Tag(),
 		InboundType: w.Type(),
 		Network:     network,
 		Source:      source,
 		Destination: destination,
-	}, context)
+	})
 }

 func (w *Endpoint) NewConnectionEx(ctx context.Context, conn net.Conn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
@@ -221,12 +220,3 @@ func (w *Endpoint) ListenPacket(ctx context.Context, destination M.Socksaddr) (n
 	}
 	return w.endpoint.ListenPacket(ctx, destination)
 }
-
-func (w *Endpoint) NewDirectRouteConnection(metadata adapter.InboundContext, routeContext tun.DirectRouteContext) (tun.DirectRouteDestination, error) {
-	destination, err := w.endpoint.NewDirectRouteConnection(metadata, routeContext)
-	if err != nil {
-		return nil, err
-	}
-	w.logger.Info("linked ", metadata.Network, " connection to ", metadata.Destination.AddrString())
-	return destination, nil
-}
--- a/protocol/wireguard/outbound.go
+++ b/protocol/wireguard/outbound.go
@@ -45,7 +45,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 		deprecated.Report(ctx, deprecated.OptionWireGuardGSO)
 	}
 	outbound := &Outbound{
-		Adapter:        outbound.NewAdapterWithDialerOptions(C.TypeWireGuard, tag, option.DefaultNetworks, options.DialerOptions),
+		Adapter:        outbound.NewAdapterWithDialerOptions(C.TypeWireGuard, tag, []string{N.NetworkTCP, N.NetworkUDP}, options.DialerOptions),
 		ctx:            ctx,
 		dnsRouter:      service.FromContext[adapter.DNSRouter](ctx),
 		logger:         logger,
--- a/route/route.go
+++ b/route/route.go
@@ -18,7 +18,6 @@ import (
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-box/route/rule"
 	"github.com/sagernet/sing-mux"
-	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing-vmess"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
@@ -272,36 +271,19 @@ func (r *Router) routePacketConnection(ctx context.Context, conn N.PacketConn, m
 	return nil
 }

-func (r *Router) PreMatch(metadata adapter.InboundContext, routeContext tun.DirectRouteContext) (tun.DirectRouteDestination, error) {
+func (r *Router) PreMatch(metadata adapter.InboundContext) error {
 	selectedRule, _, _, _, err := r.matchRule(r.ctx, &metadata, true, nil, nil)
 	if err != nil {
-		return nil, err
+		return err
 	}
 	if selectedRule == nil {
-		defaultOutbound := r.outbound.Default()
-		if !common.Contains(defaultOutbound.Network(), metadata.Network) {
-			return nil, E.New(metadata.Network, " is not supported by default outbound: ", defaultOutbound.Tag())
-		}
-		return defaultOutbound.(adapter.DirectRouteOutbound).NewDirectRouteConnection(metadata, routeContext)
+		return nil
 	}
-	switch action := selectedRule.Action().(type) {
-	case *rule.RuleActionReject:
-		return nil, action.Error(context.Background())
-	case *rule.RuleActionRoute:
-		if routeContext == nil {
-			return nil, nil
-		}
-		outbound, loaded := r.outbound.Outbound(action.Outbound)
-		if !loaded {
-			return nil, E.New("outbound not found: ", action.Outbound)
-		}
-		if !common.Contains(outbound.Network(), metadata.Network) {
-			return nil, E.New(metadata.Network, " is not supported by outbound: ", action.Outbound)
-		}
-		return outbound.(adapter.DirectRouteOutbound).NewDirectRouteConnection(metadata, routeContext)
-	default:
-		return nil, nil
+	rejectAction, isReject := selectedRule.Action().(*rule.RuleActionReject)
+	if !isReject {
+		return nil
 	}
+	return rejectAction.Error(context.Background())
 }

 func (r *Router) matchRule(
@@ -644,7 +626,7 @@ func (r *Router) actionSniff(
 					Destination: destination,
 				}
 				packetBuffers = append(packetBuffers, packetBuffer)
-				if E.IsMulti(err, sniff.ErrClientHelloFragmented) && len(packetBuffers) == 0 {
+				if E.IsMulti(err, sniff.ErrClientHelloFragmented) {
 					r.logger.DebugContext(ctx, "attempt to sniff fragmented QUIC client hello")
 					continue
 				}
--- a/transport/wireguard/device.go
+++ b/transport/wireguard/device.go
@@ -5,7 +5,6 @@ import (
 	"net/netip"
 	"time"

-	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common/logger"
 	N "github.com/sagernet/sing/common/network"
@@ -18,8 +17,6 @@ type Device interface {
 	N.Dialer
 	Start() error
 	SetDevice(device *device.Device)
-	Inet4Address() netip.Addr
-	Inet6Address() netip.Addr
 }

 type DeviceOptions struct {
@@ -44,8 +41,3 @@ func NewDevice(options DeviceOptions) (Device, error) {
 		return newSystemStackDevice(options)
 	}
 }
-
-type NatDevice interface {
-	Device
-	CreateDestination(metadata adapter.InboundContext, routeContext tun.DirectRouteContext) (tun.DirectRouteDestination, error)
-}
--- a/transport/wireguard/device_nat.go
+++ b/transport/wireguard/device_nat.go
@@ -1,85 +0,0 @@
-package wireguard
-
-import (
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-tun"
-	"github.com/sagernet/sing/common/buf"
-)
-
-var _ Device = (*natDeviceWrapper)(nil)
-
-type natDeviceWrapper struct {
-	Device
-	gVisorOutbound
-	packetOutbound chan *buf.Buffer
-	mapping        *tun.NatMapping
-	writer         *tun.NatWriter
-	buffer         [][]byte
-}
-
-func NewNATDevice(upstream Device, ipRewrite bool) NatDevice {
-	wrapper := &natDeviceWrapper{
-		Device:         upstream,
-		gVisorOutbound: newGVisorOutbound(),
-		packetOutbound: make(chan *buf.Buffer, 256),
-		mapping:        tun.NewNatMapping(ipRewrite),
-	}
-	if ipRewrite {
-		wrapper.writer = tun.NewNatWriter(upstream.Inet4Address(), upstream.Inet6Address())
-	}
-	return wrapper
-}
-
-func (d *natDeviceWrapper) Write(bufs [][]byte, offset int) (int, error) {
-	for _, buffer := range bufs {
-		handled, err := d.mapping.WritePacket(buffer[offset:])
-		if handled {
-			if err != nil {
-				return 0, err
-			}
-		} else {
-			d.buffer = append(d.buffer, buffer)
-		}
-	}
-	if len(d.buffer) > 0 {
-		_, err := d.Device.Write(d.buffer, offset)
-		if err != nil {
-			return 0, err
-		}
-		d.buffer = d.buffer[:0]
-	}
-	return 0, nil
-}
-
-func (d *natDeviceWrapper) CreateDestination(metadata adapter.InboundContext, routeContext tun.DirectRouteContext) (tun.DirectRouteDestination, error) {
-	session := tun.DirectRouteSession{
-		Source:      metadata.Source.Addr,
-		Destination: metadata.Destination.Addr,
-	}
-	d.mapping.CreateSession(session, routeContext)
-	return &natDestinationWrapper{d, session}, nil
-}
-
-var _ tun.DirectRouteDestination = (*natDestinationWrapper)(nil)
-
-type natDestinationWrapper struct {
-	device  *natDeviceWrapper
-	session tun.DirectRouteSession
-}
-
-func (d *natDestinationWrapper) WritePacket(buffer *buf.Buffer) error {
-	if d.device.writer != nil {
-		d.device.writer.RewritePacket(buffer.Bytes())
-	}
-	d.device.packetOutbound <- buffer
-	return nil
-}
-
-func (d *natDestinationWrapper) Close() error {
-	d.device.mapping.DeleteSession(d.session)
-	return nil
-}
-
-func (d *natDestinationWrapper) Timeout() bool {
-	return false
-}
--- a/transport/wireguard/device_nat_gvisor.go
+++ b/transport/wireguard/device_nat_gvisor.go
@@ -1,48 +0,0 @@
-//go:build with_gvisor
-
-package wireguard
-
-import (
-	"github.com/sagernet/gvisor/pkg/tcpip/stack"
-)
-
-type gVisorOutbound struct {
-	outbound chan *stack.PacketBuffer
-}
-
-func newGVisorOutbound() gVisorOutbound {
-	return gVisorOutbound{
-		outbound: make(chan *stack.PacketBuffer, 256),
-	}
-}
-
-func (d *natDeviceWrapper) Read(bufs [][]byte, sizes []int, offset int) (n int, err error) {
-	select {
-	case packet := <-d.outbound:
-		defer packet.DecRef()
-		var copyN int
-		/*rangeIterate(packet.Data().AsRange(), func(view *buffer.View) {
-			copyN += copy(bufs[0][offset+copyN:], view.AsSlice())
-		})*/
-		for _, view := range packet.AsSlices() {
-			copyN += copy(bufs[0][offset+copyN:], view)
-		}
-		sizes[0] = copyN
-		return 1, nil
-	case packet := <-d.packetOutbound:
-		defer packet.Release()
-		sizes[0] = copy(bufs[0][offset:], packet.Bytes())
-		return 1, nil
-	default:
-	}
-	return d.Device.Read(bufs, sizes, offset)
-}
-
-func (d *natDestinationWrapper) WritePacketBuffer(packetBuffer *stack.PacketBuffer) error {
-	println("read from wg")
-	if d.device.writer != nil {
-		d.device.writer.RewritePacketBuffer(packetBuffer)
-	}
-	d.device.outbound <- packetBuffer
-	return nil
-}
--- a/transport/wireguard/device_nat_non_gvisor.go
+++ b/transport/wireguard/device_nat_non_gvisor.go
@@ -1,20 +0,0 @@
-//go:build !with_gvisor
-
-package wireguard
-
-type gVisorOutbound struct{}
-
-func newGVisorOutbound() gVisorOutbound {
-	return gVisorOutbound{}
-}
-
-func (d *natDeviceWrapper) Read(bufs [][]byte, sizes []int, offset int) (n int, err error) {
-	select {
-	case packet := <-d.packetOutbound:
-		defer packet.Release()
-		sizes[0] = copy(bufs[0][offset:], packet.Bytes())
-		return 1, nil
-	default:
-	}
-	return d.Device.Read(bufs, sizes, offset)
-}
--- a/transport/wireguard/device_stack.go
+++ b/transport/wireguard/device_stack.go
@@ -5,7 +5,6 @@ package wireguard
 import (
 	"context"
 	"net"
-	"net/netip"
 	"os"

 	"github.com/sagernet/gvisor/pkg/buffer"
@@ -15,12 +14,9 @@ import (
 	"github.com/sagernet/gvisor/pkg/tcpip/network/ipv4"
 	"github.com/sagernet/gvisor/pkg/tcpip/network/ipv6"
 	"github.com/sagernet/gvisor/pkg/tcpip/stack"
-	"github.com/sagernet/gvisor/pkg/tcpip/transport/icmp"
 	"github.com/sagernet/gvisor/pkg/tcpip/transport/tcp"
 	"github.com/sagernet/gvisor/pkg/tcpip/transport/udp"
-	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-tun"
-	"github.com/sagernet/sing/common/buf"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
@@ -28,30 +24,25 @@ import (
 	wgTun "github.com/sagernet/wireguard-go/tun"
 )

-var _ NatDevice = (*stackDevice)(nil)
+var _ Device = (*stackDevice)(nil)

 type stackDevice struct {
-	stack          *stack.Stack
-	mtu            uint32
-	events         chan wgTun.Event
-	outbound       chan *stack.PacketBuffer
-	packetOutbound chan *buf.Buffer
-	done           chan struct{}
-	dispatcher     stack.NetworkDispatcher
-	addr4          tcpip.Address
-	addr6          tcpip.Address
-	mapping        *tun.NatMapping
-	writer         *tun.NatWriter
+	stack      *stack.Stack
+	mtu        uint32
+	events     chan wgTun.Event
+	outbound   chan *stack.PacketBuffer
+	done       chan struct{}
+	dispatcher stack.NetworkDispatcher
+	addr4      tcpip.Address
+	addr6      tcpip.Address
 }

 func newStackDevice(options DeviceOptions) (*stackDevice, error) {
 	tunDevice := &stackDevice{
-		mtu:            options.MTU,
-		events:         make(chan wgTun.Event, 1),
-		outbound:       make(chan *stack.PacketBuffer, 256),
-		packetOutbound: make(chan *buf.Buffer, 256),
-		done:           make(chan struct{}),
-		mapping:        tun.NewNatMapping(true),
+		mtu:      options.MTU,
+		events:   make(chan wgTun.Event, 1),
+		outbound: make(chan *stack.PacketBuffer, 256),
+		done:     make(chan struct{}),
 	}
 	ipStack, err := tun.NewGVisorStack((*wireEndpoint)(tunDevice))
 	if err != nil {
@@ -77,14 +68,10 @@ func newStackDevice(options DeviceOptions) (*stackDevice, error) {
 			return nil, E.New("parse local address ", protoAddr.AddressWithPrefix, ": ", gErr.String())
 		}
 	}
-	tunDevice.writer = tun.NewNatWriter(tunDevice.Inet4Address(), tunDevice.Inet6Address())
 	tunDevice.stack = ipStack
 	if options.Handler != nil {
 		ipStack.SetTransportProtocolHandler(tcp.ProtocolNumber, tun.NewTCPForwarder(options.Context, ipStack, options.Handler).HandlePacket)
 		ipStack.SetTransportProtocolHandler(udp.ProtocolNumber, tun.NewUDPForwarder(options.Context, ipStack, options.Handler, options.UDPTimeout).HandlePacket)
-		icmpForwarder := tun.NewICMPForwarder(options.Context, ipStack, options.Handler, options.UDPTimeout)
-		ipStack.SetTransportProtocolHandler(icmp.ProtocolNumber4, icmpForwarder.HandlePacket)
-		ipStack.SetTransportProtocolHandler(icmp.ProtocolNumber6, icmpForwarder.HandlePacket)
 	}
 	return tunDevice, nil
 }
@@ -143,14 +130,6 @@ func (w *stackDevice) ListenPacket(ctx context.Context, destination M.Socksaddr)
 	return udpConn, nil
 }

-func (w *stackDevice) Inet4Address() netip.Addr {
-	return netip.AddrFrom4(w.addr4.As4())
-}
-
-func (w *stackDevice) Inet6Address() netip.Addr {
-	return netip.AddrFrom16(w.addr6.As16())
-}
-
 func (w *stackDevice) SetDevice(device *device.Device) {
 }

@@ -165,24 +144,20 @@ func (w *stackDevice) File() *os.File {

 func (w *stackDevice) Read(bufs [][]byte, sizes []int, offset int) (count int, err error) {
 	select {
-	case packet, ok := <-w.outbound:
+	case packetBuffer, ok := <-w.outbound:
 		if !ok {
 			return 0, os.ErrClosed
 		}
-		defer packet.DecRef()
-		var copyN int
-		/*rangeIterate(packet.Data().AsRange(), func(view *buffer.View) {
-			copyN += copy(bufs[0][offset+copyN:], view.AsSlice())
-		})*/
-		for _, view := range packet.AsSlices() {
-			copyN += copy(bufs[0][offset+copyN:], view)
+		defer packetBuffer.DecRef()
+		p := bufs[0]
+		p = p[offset:]
+		n := 0
+		for _, slice := range packetBuffer.AsSlices() {
+			n += copy(p[n:], slice)
 		}
-		sizes[0] = copyN
-		return 1, nil
-	case packet := <-w.packetOutbound:
-		defer packet.Release()
-		sizes[0] = copy(bufs[0][offset:], packet.Bytes())
-		return 1, nil
+		sizes[0] = n
+		count = 1
+		return
 	case <-w.done:
 		return 0, os.ErrClosed
 	}
@@ -194,14 +169,6 @@ func (w *stackDevice) Write(bufs [][]byte, offset int) (count int, err error) {
 		if len(b) == 0 {
 			continue
 		}
-		handled, err := w.mapping.WritePacket(b)
-		if handled {
-			if err != nil {
-				return count, err
-			}
-			count++
-			continue
-		}
 		var networkProtocol tcpip.NetworkProtocolNumber
 		switch header.IPVersion(b) {
 		case header.IPv4Version:
@@ -315,157 +282,3 @@ func (ep *wireEndpoint) Close() {

 func (ep *wireEndpoint) SetOnCloseAction(f func()) {
 }
-
-func (w *stackDevice) CreateDestination(metadata adapter.InboundContext, routeContext tun.DirectRouteContext) (tun.DirectRouteDestination, error) {
-	/*	var wq waiter.Queue
-		ep, err := raw.NewEndpoint(w.stack, ipv4.ProtocolNumber, icmp.ProtocolNumber4, &wq)
-		if err != nil {
-			return nil, E.Cause(gonet.TranslateNetstackError(err), "create endpoint")
-		}
-		err = ep.Connect(tcpip.FullAddress{
-			NIC:  tun.DefaultNIC,
-			Port: metadata.Destination.Port,
-			Addr: tun.AddressFromAddr(metadata.Destination.Addr),
-		})
-		if err != nil {
-			ep.Close()
-			return nil, E.Cause(gonet.TranslateNetstackError(err), "ICMP connect ", metadata.Destination)
-		}
-		fmt.Println("linked ", metadata.Network, " connection to ", metadata.Destination.AddrString())
-		destination := &endpointNatDestination{
-			ep:      ep,
-			wq:      &wq,
-			context: routeContext,
-		}
-		go destination.loopRead()
-		return destination, nil*/
-	session := tun.DirectRouteSession{
-		Source:      metadata.Source.Addr,
-		Destination: metadata.Destination.Addr,
-	}
-	w.mapping.CreateSession(session, routeContext)
-	return &stackNatDestination{
-		device:  w,
-		session: session,
-	}, nil
-}
-
-type stackNatDestination struct {
-	device  *stackDevice
-	session tun.DirectRouteSession
-}
-
-func (d *stackNatDestination) WritePacket(buffer *buf.Buffer) error {
-	if d.device.writer != nil {
-		d.device.writer.RewritePacket(buffer.Bytes())
-	}
-	d.device.packetOutbound <- buffer
-	return nil
-}
-
-func (d *stackNatDestination) WritePacketBuffer(buffer *stack.PacketBuffer) error {
-	if d.device.writer != nil {
-		d.device.writer.RewritePacketBuffer(buffer)
-	}
-	d.device.outbound <- buffer
-	return nil
-}
-
-func (d *stackNatDestination) Close() error {
-	d.device.mapping.DeleteSession(d.session)
-	return nil
-}
-
-func (d *stackNatDestination) Timeout() bool {
-	return false
-}
-
-/*type endpointNatDestination struct {
-	ep           tcpip.Endpoint
-	wq           *waiter.Queue
-	networkProto tcpip.NetworkProtocolNumber
-	context      tun.DirectRouteContext
-	done         chan struct{}
-}
-
-func (d *endpointNatDestination) loopRead() {
-	for {
-		println("start read")
-		buffer, err := commonRead(d.ep, d.wq, d.done)
-		if err != nil {
-			log.Error(err)
-			return
-		}
-		println("done read")
-		ipHdr := header.IPv4(buffer.Bytes())
-		if ipHdr.TransportProtocol() != header.ICMPv4ProtocolNumber {
-			buffer.Release()
-			continue
-		}
-		icmpHdr := header.ICMPv4(ipHdr.Payload())
-		if icmpHdr.Type() != header.ICMPv4EchoReply {
-			buffer.Release()
-			continue
-		}
-		fmt.Println("read echo reply")
-		_ = d.context.WritePacket(ipHdr)
-		buffer.Release()
-	}
-}
-
-func commonRead(ep tcpip.Endpoint, wq *waiter.Queue, done chan struct{}) (*buf.Buffer, error) {
-	buffer := buf.NewPacket()
-	result, err := ep.Read(buffer, tcpip.ReadOptions{})
-	if err != nil {
-		if _, ok := err.(*tcpip.ErrWouldBlock); ok {
-			waitEntry, notifyCh := waiter.NewChannelEntry(waiter.ReadableEvents)
-			wq.EventRegister(&waitEntry)
-			defer wq.EventUnregister(&waitEntry)
-			for {
-				result, err = ep.Read(buffer, tcpip.ReadOptions{})
-				if _, ok := err.(*tcpip.ErrWouldBlock); !ok {
-					break
-				}
-				select {
-				case <-notifyCh:
-				case <-done:
-					buffer.Release()
-					return nil, context.DeadlineExceeded
-				}
-			}
-		}
-		return nil, gonet.TranslateNetstackError(err)
-	}
-	buffer.Truncate(result.Count)
-	return buffer, nil
-}
-
-func (d *endpointNatDestination) WritePacket(buffer *buf.Buffer) error {
-	_, err := d.ep.Write(buffer, tcpip.WriteOptions{})
-	if err != nil {
-		return gonet.TranslateNetstackError(err)
-	}
-	return nil
-}
-
-func (d *endpointNatDestination) WritePacketBuffer(buffer *stack.PacketBuffer) error {
-	data := buffer.ToView().AsSlice()
-	println("write echo request buffer :" + fmt.Sprint(data))
-	_, err := d.ep.Write(bytes.NewReader(data), tcpip.WriteOptions{})
-	if err != nil {
-		log.Error(err)
-		return gonet.TranslateNetstackError(err)
-	}
-	return nil
-}
-
-func (d *endpointNatDestination) Close() error {
-	d.ep.Abort()
-	close(d.done)
-	return nil
-}
-
-func (d *endpointNatDestination) Timeout() bool {
-	return false
-}
-*/
--- a/transport/wireguard/device_system.go
+++ b/transport/wireguard/device_system.go
@@ -28,36 +28,16 @@ type systemDevice struct {
 	batchDevice tun.LinuxTUN
 	events      chan wgTun.Event
 	closeOnce   sync.Once
-	addr4       netip.Addr
-	addr6       netip.Addr
 }

 func newSystemDevice(options DeviceOptions) (*systemDevice, error) {
 	if options.Name == "" {
 		options.Name = tun.CalculateInterfaceName("wg")
 	}
-	var inet4Address netip.Addr
-	var inet6Address netip.Addr
-	if len(options.Address) > 0 {
-		if prefix := common.Find(options.Address, func(it netip.Prefix) bool {
-			return it.Addr().Is4()
-		}); prefix.IsValid() {
-			inet4Address = prefix.Addr()
-		}
-	}
-	if len(options.Address) > 0 {
-		if prefix := common.Find(options.Address, func(it netip.Prefix) bool {
-			return it.Addr().Is6()
-		}); prefix.IsValid() {
-			inet6Address = prefix.Addr()
-		}
-	}
 	return &systemDevice{
 		options: options,
 		dialer:  options.CreateDialer(options.Name),
 		events:  make(chan wgTun.Event, 1),
-		addr4:   inet4Address,
-		addr6:   inet6Address,
 	}, nil
 }

@@ -69,14 +49,6 @@ func (w *systemDevice) ListenPacket(ctx context.Context, destination M.Socksaddr
 	return w.dialer.ListenPacket(ctx, destination)
 }

-func (w *systemDevice) Inet4Address() netip.Addr {
-	return w.addr4
-}
-
-func (w *systemDevice) Inet6Address() netip.Addr {
-	return w.addr6
-}
-
 func (w *systemDevice) SetDevice(device *device.Device) {
 }

--- a/transport/wireguard/endpoint.go
+++ b/transport/wireguard/endpoint.go
@@ -10,8 +10,6 @@ import (
 	"os"
 	"strings"

-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
@@ -31,7 +29,6 @@ type Endpoint struct {
 	ipcConf        string
 	allowedAddress []netip.Prefix
 	tunDevice      Device
-	natDevice      NatDevice
 	device         *device.Device
 	pauseManager   pause.Manager
 	pauseCallback  *list.Element[pause.Callback]
@@ -114,17 +111,12 @@ func NewEndpoint(options EndpointOptions) (*Endpoint, error) {
 	if err != nil {
 		return nil, E.Cause(err, "create WireGuard device")
 	}
-	natDevice, isNatDevice := tunDevice.(NatDevice)
-	if !isNatDevice {
-		natDevice = NewNATDevice(tunDevice, true)
-	}
 	return &Endpoint{
 		options:        options,
 		peers:          peers,
 		ipcConf:        ipcConf,
 		allowedAddress: allowedAddresses,
 		tunDevice:      tunDevice,
-		natDevice:      natDevice,
 	}, nil
 }

@@ -184,13 +176,7 @@ func (e *Endpoint) Start(resolve bool) error {
 			e.options.Logger.Error(fmt.Sprintf(strings.ToLower(format), args...))
 		},
 	}
-	var deviceInput Device
-	if e.natDevice != nil {
-		deviceInput = e.natDevice
-	} else {
-		deviceInput = e.tunDevice
-	}
-	wgDevice := device.NewDevice(e.options.Context, deviceInput, bind, logger, e.options.Workers)
+	wgDevice := device.NewDevice(e.options.Context, e.tunDevice, bind, logger, e.options.Workers)
 	e.tunDevice.SetDevice(wgDevice)
 	ipcConf := e.ipcConf
 	for _, peer := range e.peers {
@@ -208,20 +194,6 @@ func (e *Endpoint) Start(resolve bool) error {
 	return nil
 }

-func (e *Endpoint) Close() error {
-	if e.device != nil {
-		e.device.Close()
-	}
-	if e.pauseCallback != nil {
-		e.pauseManager.UnregisterCallback(e.pauseCallback)
-	}
-	return nil
-}
-
-func (e *Endpoint) BindUpdate() error {
-	return e.device.BindUpdate()
-}
-
 func (e *Endpoint) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
 	if !destination.Addr.IsValid() {
 		return nil, E.Cause(os.ErrInvalid, "invalid non-IP destination")
@@ -236,11 +208,18 @@ func (e *Endpoint) ListenPacket(ctx context.Context, destination M.Socksaddr) (n
 	return e.tunDevice.ListenPacket(ctx, destination)
 }

-func (e *Endpoint) NewDirectRouteConnection(metadata adapter.InboundContext, routeContext tun.DirectRouteContext) (tun.DirectRouteDestination, error) {
-	if e.natDevice == nil {
-		return nil, os.ErrInvalid
+func (e *Endpoint) BindUpdate() error {
+	return e.device.BindUpdate()
+}
+
+func (e *Endpoint) Close() error {
+	if e.device != nil {
+		e.device.Close()
 	}
-	return e.natDevice.CreateDestination(metadata, routeContext)
+	if e.pauseCallback != nil {
+		e.pauseManager.UnregisterCallback(e.pauseCallback)
+	}
+	return nil
 }

 func (e *Endpoint) onPauseUpdated(event int) {
Author	SHA1	Message	Date
世界	63a0b5e2ce	documentation: Bump version	2025-02-18 21:57:28 +08:00
世界	7c6a81ed13	Fix http.FileServer short write	2025-02-18 21:57:28 +08:00
世界	28f4fff423	Fix toolchain version	2025-02-18 21:57:28 +08:00
世界	8f81011f5b	Fix save domain in fake-ip	2025-02-18 21:57:23 +08:00
世界	12ac163fbf	Fix parsing A records	2025-02-18 21:57:23 +08:00
世界	de6ee34f12	Fix http3 DNS server	2025-02-18 18:19:26 +08:00
世界	3b12d00320	documentation: Make it clear that auth key is not required for Tailscale	2025-02-18 18:19:25 +08:00
世界	44ee71c540	Fix linter	2025-02-18 18:19:23 +08:00
世界	4cc3472bed	Add back port hopping to hysteria 1	2025-02-18 18:19:21 +08:00
世界	1926bacbb6	documentation: Bump version	2025-02-18 18:19:19 +08:00
世界	f2e2d9cecd	Remove unused debug messages	2025-02-18 18:19:17 +08:00
世界	fe96959649	release: Fix update android version	2025-02-18 18:19:15 +08:00
世界	187e78968c	Update dependencies	2025-02-18 18:19:13 +08:00
世界	ed5de40065	Fix crash on route address set update	2025-02-18 18:19:08 +08:00
世界	b223e8d721	Fix tailscale dialer	2025-02-18 18:19:06 +08:00
世界	d884e07147	documentation: Bump version	2025-02-18 18:19:05 +08:00
世界	44177b9e58	Fix Android certificate initialize	2025-02-18 18:19:03 +08:00
世界	c57bbcb68a	documentation: Add Tailscale DNS	2025-02-18 18:19:02 +08:00
世界	d573465ae6	documentation: Fix missing `advertise_exit_node`	2025-02-18 18:19:00 +08:00
世界	2dd3c00719	documentation: Bump version	2025-02-18 18:18:59 +08:00
xchacha20-poly1305	039f306d50	Remove single quotes of raw Moziila certs	2025-02-18 18:18:56 +08:00
世界	a3a0362552	Add Tailscale endpoint	2025-02-18 18:18:55 +08:00
世界	edd9bed002	Bump Go to go1.24	2025-02-18 18:18:53 +08:00
世界	782d51929e	Build legacy binaries with latest Go	2025-02-18 18:18:50 +08:00
世界	86b162e0f0	Fix parsing legacy DNS servers	2025-02-18 18:18:49 +08:00
世界	801f9fb4ef	documentation: Bump version	2025-02-18 18:18:47 +08:00
ReleTor	9c5af6dfe4	documentation: Fixes	2025-02-18 18:18:44 +08:00
世界	3053c9a852	Fix crash in exchangeParallel	2025-02-18 18:18:42 +08:00
世界	4d70a07017	Fix match DNS rule for fqdn	2025-02-18 18:18:41 +08:00
世界	3002aba29e	Fix WireGuard panic	2025-02-18 18:18:39 +08:00
世界	22acbd36c5	Fix domain resolver for DNS server	2025-02-18 18:18:36 +08:00
世界	1ddd084f41	documentation: Fix fakeip example	2025-02-18 18:18:35 +08:00
世界	90068238ce	documentation: Remove outdated icons	2025-02-18 18:18:34 +08:00
世界	41a697374c	documentation: Certificate store	2025-02-18 18:18:27 +08:00
世界	4239f003a6	documentation: TLS fragment	2025-02-18 18:18:26 +08:00
世界	b74568d601	documentation: Outbound domain resolver	2025-02-18 18:18:23 +08:00
世界	f539766361	documentation: Refactor DNS	2025-02-18 18:18:21 +08:00
世界	8f75ab8bb9	Add certificate store	2025-02-18 18:17:59 +08:00
世界	5ac6dd25ef	Add TLS fragment support	2025-02-18 18:17:59 +08:00
世界	b0355c27fd	refactor: Outbound domain resolver	2025-02-18 18:17:58 +08:00
世界	f83f1122af	refactor: DNS	2025-02-18 18:17:58 +08:00
世界	093013687c	Fix sniff QUIC hidden in three or more packets	2025-02-18 18:14:59 +08:00