Improve build

.github/FUNDING.yml

@@ -1 +0,0 @@
-github: nekohasekai

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,88 +1,54 @@
-name: Bug report
-description: "Report sing-box bug"
+name: Bug Report
+description: "Create a report to help us improve."
+labels: [ bug ]
 body:
-  - type: dropdown
-    attributes:
-      label: Operating system
-      description: Operating system type
-      options:
-        - iOS
-        - macOS
-        - Apple tvOS
-        - Android
-        - Windows
-        - Linux
-        - Others
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: System version
-      description: Please provide the operating system version
-    validations:
-      required: true
-  - type: dropdown
-    attributes:
-      label: Installation type
-      description: Please provide the sing-box installation type
-      options:
-        - Original sing-box Command Line
-        - sing-box for iOS Graphical Client
-        - sing-box for macOS Graphical Client
-        - sing-box for Apple tvOS Graphical Client
-        - sing-box for Android Graphical Client
-        - Third-party graphical clients that advertise themselves as using sing-box (Windows)
-        - Third-party graphical clients that advertise themselves as using sing-box (Android)
-        - Others
-    validations:
-      required: true
-  - type: input
-    attributes:
-      description: Graphical client version
-      label: If you are using a graphical client, please provide the version of the client.
-  - type: textarea
-    attributes:
-      label: Version
-      description: If you are using the original command line program, please provide the output of the `sing-box version` command.
-      render: shell
-  - type: textarea
-    attributes:
-      label: Description
-      description: Please provide a detailed description of the error.
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Reproduction
-      description: Please provide the steps to reproduce the error, including the configuration files and procedures that can locally (not dependent on the remote server) reproduce the error using the original command line program of sing-box.
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Logs
-      description: |-
-        In addition, if you encounter a crash with the graphical client, please also provide crash logs.
-        For Apple platform clients, please check `Settings - View Service Log` for crash logs.
-        For the Android client, please check the `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` file for crash logs.
-      render: shell
   - type: checkboxes
-    id: supporter
+    id: terms
     attributes:
-      label: Supporter
+      label: Welcome
       options:
-        - label: I am a [sponsor](https://github.com/sponsors/nekohasekai/)
-  - type: checkboxes
+        - label: Yes, I'm using the latest major release. Only such installations are supported.
+          required: true
+        - label: Yes, I've searched similar issues on GitHub and didn't find any.
+          required: true
+        - label: Yes, I've included all information below (version, config, etc).
+          required: true
+
+  - type: textarea
+    id: problem
     attributes:
-      label: Integrity requirements
-      description: |-
-        Please check all of the following options to prove that you have read and understood the requirements, otherwise this issue will be closed.
-        Sing-box is not a project aimed to please users who can't make any meaningful contributions and gain unethical influence. If you deceive here to deliberately waste the time of the developers, you will be permanently blocked.
-      options:
-        - label: I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
-          required: true
-        - label: I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
-          required: true
-        - label: I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
-          required: true
-        - label: I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.
-          required: true
+      label: Description of the problem
+      placeholder: Your problem description
+    validations:
+      required: true
+
+  - type: textarea
+    id: version
+    attributes:
+      label: Version of sing-box
+      value: |-
+        <details>
+
+        ```console
+        $ sing-box --version
+        # Paste output here
+        ```
+
+        </details>
+    validations:
+      required: true
+
+  - type: textarea
+    id: config
+    attributes:
+      label: Server and client configuration file
+      value: |-
+        <details>
+
+        ```console
+        # paste json here
+        ```
+
+        </details>
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/bug_report_zh.yml

@@ -1,88 +0,0 @@
-name: 错误反馈
-description: "提交 sing-box 漏洞"
-body:
-  - type: dropdown
-    attributes:
-      label: 操作系统
-      description: 请提供操作系统类型
-      options:
-        - iOS
-        - macOS
-        - Apple tvOS
-        - Android
-        - Windows
-        - Linux
-        - 其他
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: 系统版本
-      description: 请提供操作系统版本
-    validations:
-      required: true
-  - type: dropdown
-    attributes:
-      label: 安装类型
-      description: 请提供该 sing-box 安装类型
-      options:
-        - sing-box 原始命令行程序
-        - sing-box for iOS 图形客户端程序
-        - sing-box for macOS 图形客户端程序
-        - sing-box for Apple tvOS 图形客户端程序
-        - sing-box for Android 图形客户端程序
-        - 宣传使用 sing-box 的第三方图形客户端程序 (Windows)
-        - 宣传使用 sing-box 的第三方图形客户端程序 (Android)
-        - 其他
-    validations:
-      required: true
-  - type: input
-    attributes:
-      description: 图形客户端版本
-      label: 如果您使用图形客户端程序，请提供该程序版本。
-  - type: textarea
-    attributes:
-      label: 版本
-      description: 如果您使用原始命令行程序，请提供 `sing-box version` 命令的输出。
-      render: shell
-  - type: textarea
-    attributes:
-      label: 描述
-      description: 请提供错误的详细描述。
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: 重现方式
-      description: 请提供重现错误的步骤，必须包括可以在本地（不依赖与远程服务器）使用 sing-box 原始命令行程序重现错误的配置文件与流程。
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: 日志
-      description: |-
-        此外，如果您遭遇图形界面应用程序崩溃，请附加提供崩溃日志。
-        对于 Apple 平台图形客户端程序，请检查 `Settings - View Service Log` 以导出崩溃日志。
-        对于 Android 图形客户端程序，请检查 `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` 文件以导出崩溃日志。
-      render: shell
-  - type: checkboxes
-    id: supporter
-    attributes:
-      label: 支持我们
-      options:
-        - label: 我已经 [赞助](https://github.com/sponsors/nekohasekai/)
-  - type: checkboxes
-    attributes:
-      label: 完整性要求
-      description: |-
-        请勾选以下所有选项以证明您已经阅读并理解了以下要求，否则该 issue 将被关闭。
-        sing-box 不是讨好无法作出任何意义上的贡献的最终用户并获取非道德影响力的项目，如果您在此处欺骗以故意浪费开发者的时间，您将被永久封锁。
-      options:
-        - label: 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
-          required: true
-        - label: 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
-          required: true
-        - label: 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
-          required: true
-        - label: 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。
-          required: true

.github/renovate.json

@@ -1,28 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "commitMessagePrefix": "[dependencies]",
-  "extends": [
-    "config:base",
-    ":disableRateLimiting"
-  ],
-  "baseBranches": [
-    "dev-next"
-  ],
-  "golang": {
-    "enabled": false
-  },
-  "packageRules": [
-    {
-      "matchManagers": [
-        "github-actions"
-      ],
-      "groupName": "github-actions"
-    },
-    {
-      "matchManagers": [
-        "dockerfile"
-      ],
-      "groupName": "Dockerfile"
-    }
-  ]
-}

.github/update_clients.sh

@@ -1,14 +0,0 @@
-#!/usr/bin/env bash
-
-PROJECTS=$(dirname "$0")/../..
-
-function updateClient() {
-  pushd clients/$1
-  git fetch
-  git reset FETCH_HEAD --hard
-  popd
-  git add clients/$1
-}
-
-updateClient "apple"
-updateClient "android"

.github/update_dependencies.sh

@@ -1,5 +1,13 @@
 #!/usr/bin/env bash
 
 PROJECTS=$(dirname "$0")/../..
-go get -x github.com/sagernet/$1@$(git -C $PROJECTS/$1 rev-parse HEAD)
+
+go get -x github.com/sagernet/sing@$(git -C $PROJECTS/sing rev-parse HEAD)
+go get -x github.com/sagernet/sing-dns@$(git -C $PROJECTS/sing-dns rev-parse HEAD)
+go get -x github.com/sagernet/sing-tun@$(git -C $PROJECTS/sing-tun rev-parse HEAD)
+go get -x github.com/sagernet/sing-shadowsocks@$(git -C $PROJECTS/sing-shadowsocks rev-parse HEAD)
+go get -x github.com/sagernet/sing-vmess@$(git -C $PROJECTS/sing-vmess rev-parse HEAD)
 go mod tidy
+pushd test
+go mod tidy
+popd

.github/workflows/debug.yml

@@ -3,95 +3,53 @@ name: Debug build
 on:
   push:
     branches:
-      - stable-next
-      - main-next
-      - dev-next
+      - dev
     paths-ignore:
       - '**.md'
       - '.github/**'
       - '!.github/workflows/debug.yml'
   pull_request:
     branches:
-      - stable-next
-      - main-next
-      - dev-next
+      - dev
 
 jobs:
   build:
     name: Debug build
     runs-on: ubuntu-latest
     steps:
+      - name: Cancel previous
+        uses: styfle/cancel-workflow-action@0.7.0
+        with:
+          access_token: ${{ github.token }}
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@v2
         with:
           fetch-depth: 0
+      - name: Get latest go version
+        id: version
+        run: |
+          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v2
         with:
-          go-version: ^1.23
+          go-version: ${{ steps.version.outputs.go_version }}
+      - name: Cache go module
+        uses: actions/cache@v2
+        with:
+          path: |
+            ~/go/pkg/mod
+          key: go-${{ hashFiles('**/go.sum') }}
+      - name: Add cache to Go proxy
+        run: |
+          version=`git rev-parse HEAD`
+          mkdir build
+          pushd build
+          go mod init build
+          go get -v github.com/sagernet/sing-box@$version
+          popd
       - name: Run Test
         run: |
           go test -v ./...
-  build_go120:
-    name: Debug build (Go 1.20)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
-        with:
-          fetch-depth: 0
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ~1.20
-      - name: Cache go module
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/go/pkg/mod
-          key: go120-${{ hashFiles('**/go.sum') }}
-      - name: Run Test
-        run: make ci_build_go120
-  build_go121:
-    name: Debug build (Go 1.21)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
-        with:
-          fetch-depth: 0
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ~1.21
-      - name: Cache go module
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/go/pkg/mod
-          key: go121-${{ hashFiles('**/go.sum') }}
-      - name: Run Test
-        run: make ci_build
-  build_go122:
-    name: Debug build (Go 1.22)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
-        with:
-          fetch-depth: 0
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ~1.22
-      - name: Cache go module
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/go/pkg/mod
-          key: go122-${{ hashFiles('**/go.sum') }}
-      - name: Run Test
-        run: make ci_build
   cross:
     strategy:
       matrix:
@@ -165,9 +123,6 @@ jobs:
           - name: linux-mips64el
             goos: linux
             goarch: mips64le
-          - name: linux-s390x
-            goos: linux
-            goarch: s390x
           # darwin
           - name: darwin-amd64
             goos: darwin
@@ -195,7 +150,8 @@ jobs:
           - name: freebsd-arm64
             goos: freebsd
             goarch: arm64
-      fail-fast: true
+
+      fail-fast: false
     runs-on: ubuntu-latest
     env:
       GOOS: ${{ matrix.goos }}
@@ -204,16 +160,30 @@ jobs:
       GOARM: ${{ matrix.goarm }}
       GOMIPS: ${{ matrix.gomips }}
       CGO_ENABLED: 0
-      TAGS: with_clash_api,with_quic
     steps:
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@v2
         with:
           fetch-depth: 0
+      - name: Get latest go version
+        id: version
+        run: |
+          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v2
         with:
-          go-version: ^1.21
+          go-version: ${{ steps.version.outputs.go_version }}
+      - name: Cache go module
+        uses: actions/cache@v2
+        with:
+          path: |
+            ~/go/pkg/mod
+          key: go-${{ hashFiles('**/go.sum') }}
       - name: Build
         id: build
-        run: make
+        run: make
+      - name: Upload artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: sing-box-${{ matrix.name }}
+          path: sing-box*

.github/workflows/docker.yml

@@ -1,133 +0,0 @@
-name: Publish Docker Images
-
-on:
-  release:
-    types:
-      - published
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: "The tag version you want to build"
-
-env:
-  REGISTRY_IMAGE: ghcr.io/sagernet/sing-box
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: true
-      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm/v6
-          - linux/arm/v7
-          - linux/arm64
-          - linux/386
-          - linux/ppc64le
-          - linux/riscv64
-          - linux/s390x
-    steps:
-      - name: Get commit to build
-        id: ref
-        run: |-
-          if [[ -z "${{ github.event.inputs.tag }}" ]]; then
-            ref="${{ github.ref_name }}"
-          else
-            ref="${{ github.event.inputs.tag }}"
-          fi
-          echo "ref=$ref"
-          echo "ref=$ref" >> $GITHUB_OUTPUT
-      - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
-        with:
-          ref: ${{ steps.ref.outputs.ref }}
-          fetch-depth: 0
-      - name: Prepare
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY_IMAGE }}
-      - name: Build and push by digest
-        id: build
-        uses: docker/build-push-action@v6
-        with:
-          platforms: ${{ matrix.platform }}
-          context: .
-          build-args: |
-            BUILDKIT_CONTEXT_KEEP_GIT_DIR=1
-          labels: ${{ steps.meta.outputs.labels }}
-          outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
-      - name: Export digest
-        run: |
-          mkdir -p /tmp/digests
-          digest="${{ steps.build.outputs.digest }}"
-          touch "/tmp/digests/${digest#sha256:}"
-      - name: Upload digest
-        uses: actions/upload-artifact@v4
-        with:
-          name: digests-${{ env.PLATFORM_PAIR }}
-          path: /tmp/digests/*
-          if-no-files-found: error
-          retention-days: 1
-  merge:
-    runs-on: ubuntu-latest
-    needs:
-      - build
-    steps:
-      - name: Get commit to build
-        id: ref
-        run: |-
-          if [[ -z "${{ github.event.inputs.tag }}" ]]; then
-            ref="${{ github.ref_name }}"
-          else
-            ref="${{ github.event.inputs.tag }}"
-          fi
-          echo "ref=$ref"
-          echo "ref=$ref" >> $GITHUB_OUTPUT
-          if [[ $ref == *"-"* ]]; then
-            latest=latest-beta
-          else
-            latest=latest
-          fi
-          echo "latest=$latest"
-          echo "latest=$latest" >> $GITHUB_OUTPUT
-      - name: Download digests
-        uses: actions/download-artifact@v4
-        with:
-          path: /tmp/digests
-          pattern: digests-*
-          merge-multiple: true
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Create manifest list and push
-        working-directory: /tmp/digests
-        run: |
-          docker buildx imagetools create \
-            -t "${{ env.REGISTRY_IMAGE }}:${{ steps.ref.outputs.latest }}" \
-            -t "${{ env.REGISTRY_IMAGE }}:${{ steps.ref.outputs.ref }}" \
-            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
-      - name: Inspect image
-        run: |
-          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.ref.outputs.latest }}
-          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.ref.outputs.ref }}

.github/workflows/lint.yml

@@ -3,35 +3,46 @@ name: Lint
 on:
   push:
     branches:
-      - stable-next
-      - main-next
-      - dev-next
+      - dev
     paths-ignore:
       - '**.md'
       - '.github/**'
-      - '!.github/workflows/lint.yml'
+      - '!.github/workflows/debug.yml'
   pull_request:
     branches:
-      - stable-next
-      - main-next
-      - dev-next
+      - dev
 
 jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
     steps:
+      - name: Cancel previous
+        uses: styfle/cancel-workflow-action@0.7.0
+        with:
+          access_token: ${{ github.token }}
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@v2
         with:
           fetch-depth: 0
+      - name: Get latest go version
+        id: version
+        run: |
+          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v2
         with:
-          go-version: ^1.23
+          go-version: ${{ steps.version.outputs.go_version }}
+      - name: Cache go module
+        uses: actions/cache@v2
+        with:
+          path: |
+            ~/go/pkg/mod
+          key: go-${{ hashFiles('**/go.sum') }}
+      - name: Get dependencies
+        run: |
+          go mod download -x
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v3
         with:
-          version: latest
-          args: --timeout=30m
-          install-mode: binary
+          version: latest

.github/workflows/linux.yml

@@ -1,39 +0,0 @@
-name: Release to Linux repository
-
-on:
-  release:
-    types:
-      - published
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
-        with:
-          fetch-depth: 0
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ^1.23
-      - name: Extract signing key
-        run: |-
-          mkdir -p $HOME/.gnupg
-          cat > $HOME/.gnupg/sagernet.key <<EOF
-          ${{ secrets.GPG_KEY }}
-          echo "HOME=$HOME" >> "$GITHUB_ENV"
-          EOF
-          echo "HOME=$HOME" >> "$GITHUB_ENV"
-      - name: Publish release
-        uses: goreleaser/goreleaser-action@v6
-        with:
-          distribution: goreleaser-pro
-          version: latest
-          args: release -f .goreleaser.fury.yaml --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-          FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
-          NFPM_KEY_PATH: ${{ env.HOME }}/.gnupg/sagernet.key
-          NFPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

.github/workflows/mkdocs.yml

@@ -0,0 +1,18 @@
+name: Generate Documents
+on:
+  push:
+    branches:
+      - dev
+    paths:
+      - docs/**
+      - .github/workflows/mkdocs.yml
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.x
+      - run: pip install mkdocs-material
+      - run: mkdocs gh-deploy -m "{sha}" --force --ignore-version --no-history

.github/workflows/stale.yml

@@ -1,16 +0,0 @@
-name: Mark stale issues and pull requests
-
-on:
-  schedule:
-    - cron: "30 1 * * *"
-
-jobs:
-  stale:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/stale@v9
-        with:
-          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days'
-          days-before-stale: 60
-          days-before-close: 5
-          exempt-issue-labels: 'bug,enhancement'

.gitignore

@@ -1,18 +1,6 @@
 /.idea/
 /vendor/
 /*.json
-/*.srs
 /*.db
 /site/
-/bin/
-/dist/
-/sing-box
-/sing-box.exe
-/build/
-/*.jar
-/*.aar
-/*.xcframework/
-.DS_Store
-/config.d/
-/venv/
-
+/bin/

.gitmodules

@@ -1,6 +0,0 @@
-[submodule "clients/apple"]
-	path = clients/apple
-	url = https://github.com/SagerNet/sing-box-for-apple.git
-[submodule "clients/android"]
-	path = clients/android
-	url = https://github.com/SagerNet/sing-box-for-android.git

.golangci.yml

@@ -6,23 +6,15 @@ linters:
     - gci
     - staticcheck
     - paralleltest
-    - ineffassign
+
+issues:
+  fix: true
 
 linters-settings:
   gci:
-    custom-order: true
     sections:
       - standard
       - prefix(github.com/sagernet/)
       - default
   staticcheck:
-    checks:
-      - all
-      - -SA1003
-
-run:
-  go: "1.23"
-
-issues:
-  exclude-dirs:
-    - transport/simple-obfs
+    go: '1.19'

.goreleaser.fury.yaml

@@ -1,96 +0,0 @@
-project_name: sing-box
-builds:
-  - id: main
-    main: ./cmd/sing-box
-    flags:
-      - -v
-      - -trimpath
-    ldflags:
-      - -X github.com/sagernet/sing-box/constant.Version={{ .Version }} -s -w -buildid=
-    tags:
-      - with_gvisor
-      - with_quic
-      - with_dhcp
-      - with_wireguard
-      - with_ech
-      - with_utls
-      - with_reality_server
-      - with_acme
-      - with_clash_api
-    env:
-      - CGO_ENABLED=0
-    targets:
-      - linux_386
-      - linux_amd64_v1
-      - linux_arm64
-      - linux_arm_7
-      - linux_s390x
-      - linux_riscv64
-      - linux_mips64le
-    mod_timestamp: '{{ .CommitTimestamp }}'
-snapshot:
-  name_template: "{{ .Version }}.{{ .ShortCommit }}"
-nfpms:
-  - &template
-    id: package
-    package_name: sing-box
-    file_name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
-    builds:
-      - main
-    homepage: https://sing-box.sagernet.org/
-    maintainer: nekohasekai <contact-git@sekai.icu>
-    description: The universal proxy platform.
-    license: GPLv3 or later
-    formats:
-      - deb
-      - rpm
-    priority: extra
-    contents:
-      - src: release/config/config.json
-        dst: /etc/sing-box/config.json
-        type: config
-
-      - src: release/config/sing-box.service
-        dst: /usr/lib/systemd/system/sing-box.service
-      - src: release/config/sing-box@.service
-        dst: /usr/lib/systemd/system/sing-box@.service
-
-      - src: release/completions/sing-box.bash
-        dst: /usr/share/bash-completion/completions/sing-box.bash
-      - src: release/completions/sing-box.fish
-        dst: /usr/share/fish/vendor_completions.d/sing-box.fish
-      - src: release/completions/sing-box.zsh
-        dst: /usr/share/zsh/site-functions/_sing-box
-
-      - src: LICENSE
-        dst: /usr/share/licenses/sing-box/LICENSE
-    deb:
-      signature:
-        key_file: "{{ .Env.NFPM_KEY_PATH }}"
-      fields:
-        Bugs: https://github.com/SagerNet/sing-box/issues
-    rpm:
-      signature:
-        key_file: "{{ .Env.NFPM_KEY_PATH }}"
-    conflicts:
-      - sing-box-beta
-  - id: package_beta
-    <<: *template
-    package_name: sing-box-beta
-    file_name_template: '{{ .ProjectName }}-beta_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
-    formats:
-      - deb
-      - rpm
-    conflicts:
-      - sing-box
-release:
-  disable: true
-furies:
-  - account: sagernet
-    ids:
-      - package
-    disable: "{{ not (not .Prerelease) }}"
-  - account: sagernet
-    ids:
-      - package_beta
-    disable: "{{ not .Prerelease }}"

.goreleaser.yaml

@@ -1,203 +0,0 @@
-version: 2
-project_name: sing-box
-builds:
-  - &template
-    id: main
-    main: ./cmd/sing-box
-    flags:
-      - -v
-      - -trimpath
-    ldflags:
-      - -X github.com/sagernet/sing-box/constant.Version={{ .Version }}
-      - -s
-      - -buildid=
-    tags:
-      - with_gvisor
-      - with_quic
-      - with_dhcp
-      - with_wireguard
-      - with_ech
-      - with_utls
-      - with_reality_server
-      - with_acme
-      - with_clash_api
-    env:
-      - CGO_ENABLED=0
-    targets:
-      - linux_386
-      - linux_amd64_v1
-      - linux_arm64
-      - linux_arm_6
-      - linux_arm_7
-      - linux_s390x
-      - linux_riscv64
-      - linux_mips64le
-      - windows_amd64_v1
-      - windows_386
-      - windows_arm64
-      - darwin_amd64_v1
-      - darwin_arm64
-    mod_timestamp: '{{ .CommitTimestamp }}'
-  - id: legacy
-    <<: *template
-    tags:
-      - with_gvisor
-      - with_quic
-      - with_dhcp
-      - with_wireguard
-      - with_utls
-      - with_reality_server
-      - with_acme
-      - with_clash_api
-    env:
-      - CGO_ENABLED=0
-      - GOROOT={{ .Env.GOPATH }}/go1.20.14
-    gobinary: "{{ .Env.GOPATH }}/go1.20.14/bin/go"
-    targets:
-      - windows_amd64_v1
-      - windows_386
-      - darwin_amd64_v1
-  - id: android
-    <<: *template
-    env:
-      - CGO_ENABLED=1
-    overrides:
-      - goos: android
-        goarch: arm
-        goarm: 7
-        env:
-          - CC=armv7a-linux-androideabi21-clang
-          - CXX=armv7a-linux-androideabi21-clang++
-      - goos: android
-        goarch: arm64
-        env:
-          - CC=aarch64-linux-android21-clang
-          - CXX=aarch64-linux-android21-clang++
-      - goos: android
-        goarch: 386
-        env:
-          - CC=i686-linux-android21-clang
-          - CXX=i686-linux-android21-clang++
-      - goos: android
-        goarch: amd64
-        goamd64: v1
-        env:
-          - CC=x86_64-linux-android21-clang
-          - CXX=x86_64-linux-android21-clang++
-    targets:
-      - android_arm_7
-      - android_arm64
-      - android_386
-      - android_amd64
-archives:
-  - &template
-    id: archive
-    builds:
-      - main
-      - android
-    format: tar.gz
-    format_overrides:
-      - goos: windows
-        format: zip
-    wrap_in_directory: true
-    files:
-      - LICENSE
-    name_template: '{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ if and .Mips (not (eq .Mips "hardfloat")) }}_{{ .Mips }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
-  - id: archive-legacy
-    <<: *template
-    builds:
-      - legacy
-    name_template: '{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}-legacy'
-nfpms:
-  - id: package
-    package_name: sing-box
-    file_name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ if and .Mips (not (eq .Mips "hardfloat")) }}_{{ .Mips }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
-    builds:
-      - main
-    homepage: https://sing-box.sagernet.org/
-    maintainer: nekohasekai <contact-git@sekai.icu>
-    description: The universal proxy platform.
-    license: GPLv3 or later
-    formats:
-      - deb
-      - rpm
-      - archlinux
-#      - apk
-#      - ipk
-    priority: extra
-    contents:
-      - src: release/config/config.json
-        dst: /etc/sing-box/config.json
-        type: config
-
-      - src: release/config/sing-box.service
-        dst: /usr/lib/systemd/system/sing-box.service
-      - src: release/config/sing-box@.service
-        dst: /usr/lib/systemd/system/sing-box@.service
-
-      - src: release/completions/sing-box.bash
-        dst: /usr/share/bash-completion/completions/sing-box.bash
-      - src: release/completions/sing-box.fish
-        dst: /usr/share/fish/vendor_completions.d/sing-box.fish
-      - src: release/completions/sing-box.zsh
-        dst: /usr/share/zsh/site-functions/_sing-box
-
-      - src: LICENSE
-        dst: /usr/share/licenses/sing-box/LICENSE
-    deb:
-      signature:
-        key_file: "{{ .Env.NFPM_KEY_PATH }}"
-      fields:
-        Bugs: https://github.com/SagerNet/sing-box/issues
-    rpm:
-      signature:
-        key_file: "{{ .Env.NFPM_KEY_PATH }}"
-    overrides:
-      apk:
-        contents:
-          - src: release/config/config.json
-            dst: /etc/sing-box/config.json
-            type: config
-
-          - src: release/config/sing-box.initd
-            dst: /etc/init.d/sing-box
-
-          - src: release/completions/sing-box.bash
-            dst: /usr/share/bash-completion/completions/sing-box.bash
-          - src: release/completions/sing-box.fish
-            dst: /usr/share/fish/vendor_completions.d/sing-box.fish
-          - src: release/completions/sing-box.zsh
-            dst: /usr/share/zsh/site-functions/_sing-box
-
-          - src: LICENSE
-            dst: /usr/share/licenses/sing-box/LICENSE
-      ipk:
-        contents:
-          - src: release/config/config.json
-            dst: /etc/sing-box/config.json
-            type: config
-
-          - src: release/config/openwrt.init
-            dst: /etc/init.d/sing-box
-          - src: release/config/openwrt.conf
-            dst: /etc/config/sing-box
-source:
-  enabled: false
-  name_template: '{{ .ProjectName }}-{{ .Version }}.source'
-  prefix_template: '{{ .ProjectName }}-{{ .Version }}/'
-checksum:
-  disable: true
-  name_template: '{{ .ProjectName }}-{{ .Version }}.checksum'
-signs:
-  - artifacts: checksum
-release:
-  github:
-    owner: SagerNet
-    name: sing-box
-  draft: true
-  prerelease: auto
-  mode: replace
-  ids:
-    - archive
-    - package
-  skip_upload: true

Dockerfile

@@ -1,27 +0,0 @@
-FROM --platform=$BUILDPLATFORM golang:1.23-alpine AS builder
-LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
-COPY . /go/src/github.com/sagernet/sing-box
-WORKDIR /go/src/github.com/sagernet/sing-box
-ARG TARGETOS TARGETARCH
-ARG GOPROXY=""
-ENV GOPROXY ${GOPROXY}
-ENV CGO_ENABLED=0
-ENV GOOS=$TARGETOS
-ENV GOARCH=$TARGETARCH
-RUN set -ex \
-    && apk add git build-base \
-    && export COMMIT=$(git rev-parse --short HEAD) \
-    && export VERSION=$(go run ./cmd/internal/read_tag) \
-    && go build -v -trimpath -tags \
-        "with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api" \
-        -o /go/bin/sing-box \
-        -ldflags "-X \"github.com/sagernet/sing-box/constant.Version=$VERSION\" -s -w -buildid=" \
-        ./cmd/sing-box
-FROM --platform=$TARGETPLATFORM alpine AS dist
-LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
-RUN set -ex \
-    && apk upgrade \
-    && apk add bash tzdata ca-certificates nftables \
-    && rm -rf /var/cache/apk/*
-COPY --from=builder /go/bin/sing-box /usr/local/bin/sing-box
-ENTRYPOINT ["sing-box"]

LICENSE

@@ -11,7 +11,4 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 
 You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-In addition, no derivative work may use the name or imply association
-with this application without prior consent.
+along with this program. If not, see <http://www.gnu.org/licenses/>.

Makefile

@@ -1,227 +1,46 @@
-NAME = sing-box
-COMMIT = $(shell git rev-parse --short HEAD)
-TAGS_GO120 = with_gvisor,with_dhcp,with_wireguard,with_reality_server,with_clash_api,with_quic,with_utls
-TAGS_GO121 = with_ech
-TAGS ?= $(TAGS_GO118),$(TAGS_GO120),$(TAGS_GO121)
-TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server
+NAME=sing-box
+COMMIT=$(shell git rev-parse --short HEAD)
+PARAMS=-trimpath -tags '$(TAGS)' -ldflags \
+		'-X "github.com/sagernet/sing-box/constant.Commit=$(COMMIT)" \
+		-w -s -buildid='
+MAIN=./cmd/sing-box
 
-GOHOSTOS = $(shell go env GOHOSTOS)
-GOHOSTARCH = $(shell go env GOHOSTARCH)
-VERSION=$(shell CGO_ENABLED=0 GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) go run ./cmd/internal/read_tag)
-
-PARAMS = -v -trimpath -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=$(VERSION)' -s -w -buildid="
-MAIN_PARAMS = $(PARAMS) -tags $(TAGS)
-MAIN = ./cmd/sing-box
-PREFIX ?= $(shell go env GOPATH)
-
-.PHONY: test release docs build
+.PHONY: test
 
 build:
-	go build $(MAIN_PARAMS) $(MAIN)
-
-ci_build_go120:
 	go build $(PARAMS) $(MAIN)
-	go build $(PARAMS) -tags "$(TAGS_GO120)" $(MAIN)
 
-ci_build:
-	go build $(PARAMS) $(MAIN)
-	go build $(MAIN_PARAMS) $(MAIN)
-
-generate_completions:
-	go run -v --tags generate,generate_completions $(MAIN)
+action_version: build
+	echo "::set-output name=VERSION::`./sing-box version -n`"
 
 install:
-	go build -o $(PREFIX)/bin/$(NAME) $(MAIN_PARAMS) $(MAIN)
-
-fmt:
-	@gofumpt -l -w .
-	@gofmt -s -w .
-	@gci write --custom-order -s standard -s "prefix(github.com/sagernet/)" -s "default" .
+	go install $(PARAMS) $(MAIN)
 
 fmt_install:
 	go install -v mvdan.cc/gofumpt@latest
-	go install -v github.com/daixiang0/gci@latest
+	go install -v github.com/daixiang0/gci@v0.4.0
+
+fmt:
+	gofumpt -l -w .
+	gofmt -s -w .
+	gci write -s "standard,prefix(github.com/sagernet/),default" .
+
+lint_install:
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
 
 lint:
 	GOOS=linux golangci-lint run ./...
-	GOOS=android golangci-lint run ./...
 	GOOS=windows golangci-lint run ./...
 	GOOS=darwin golangci-lint run ./...
 	GOOS=freebsd golangci-lint run ./...
 
-lint_install:
-	go install -v github.com/golangci/golangci-lint/cmd/golangci-lint@latest
-
-proto:
-	@go run ./cmd/internal/protogen
-	@gofumpt -l -w .
-	@gofumpt -l -w .
-
-proto_install:
-	go install -v google.golang.org/protobuf/cmd/protoc-gen-go@latest
-	go install -v google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
-
-release:
-	go run ./cmd/internal/build goreleaser release --clean --skip publish
-	mkdir dist/release
-	mv dist/*.tar.gz \
-		dist/*.zip \
-		dist/*.deb \
-		dist/*.rpm \
-		dist/*_amd64.pkg.tar.zst \
-		dist/*_arm64.pkg.tar.zst \
-		dist/release
-	ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release
-	rm -r dist/release
-
-release_repo:
-	go run ./cmd/internal/build goreleaser release -f .goreleaser.fury.yaml --clean
-
-release_install:
-	go install -v github.com/tcnksm/ghr@latest
-
-update_android_version:
-	go run ./cmd/internal/update_android_version
-
-build_android:
-	cd ../sing-box-for-android && ./gradlew :app:clean :app:assemblePlayRelease :app:assembleOtherRelease && ./gradlew --stop
-
-upload_android:
-	mkdir -p dist/release_android
-	cp ../sing-box-for-android/app/build/outputs/apk/play/release/*.apk dist/release_android
-	cp ../sing-box-for-android/app/build/outputs/apk/other/release/*-universal.apk dist/release_android
-	ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release_android
-	rm -rf dist/release_android
-
-release_android: lib_android update_android_version build_android upload_android
-
-publish_android:
-	cd ../sing-box-for-android && ./gradlew :app:publishPlayReleaseBundle && ./gradlew --stop
-
-# TODO: find why and remove `-destination 'generic/platform=iOS'`
-build_ios:
-	cd ../sing-box-for-apple && \
-	rm -rf build/SFI.xcarchive && \
-	xcodebuild archive -scheme SFI -configuration Release -destination 'generic/platform=iOS' -archivePath build/SFI.xcarchive -allowProvisioningUpdates
-
-upload_ios_app_store:
-	cd ../sing-box-for-apple && \
-	xcodebuild -exportArchive -archivePath build/SFI.xcarchive -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates
-
-release_ios: build_ios upload_ios_app_store
-
-build_macos:
-	cd ../sing-box-for-apple && \
-	rm -rf build/SFM.xcarchive && \
-	xcodebuild archive -scheme SFM -configuration Release -archivePath build/SFM.xcarchive -allowProvisioningUpdates
-
-upload_macos_app_store:
-	cd ../sing-box-for-apple && \
-	xcodebuild -exportArchive -archivePath build/SFM.xcarchive -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates
-
-release_macos: build_macos upload_macos_app_store
-
-build_macos_standalone:
-	cd ../sing-box-for-apple && \
-	rm -rf build/SFM.System.xcarchive && \
-	xcodebuild archive -scheme SFM.System -configuration Release -archivePath build/SFM.System.xcarchive -allowProvisioningUpdates
-
-build_macos_dmg:
-	rm -rf dist/SFM
-	mkdir -p dist/SFM
-	cd ../sing-box-for-apple && \
-	rm -rf build/SFM.System && \
-	rm -rf build/SFM.dmg && \
-	xcodebuild -exportArchive \
-		-archivePath "build/SFM.System.xcarchive" \
-		-exportOptionsPlist SFM.System/Export.plist -allowProvisioningUpdates \
-		-exportPath "build/SFM.System" && \
-	create-dmg \
-		--volname "sing-box" \
-		--volicon "build/SFM.System/SFM.app/Contents/Resources/AppIcon.icns" \
-		--icon "SFM.app" 0 0 \
- 		--hide-extension "SFM.app" \
- 		--app-drop-link 0 0 \
- 		--skip-jenkins \
-		"../sing-box/dist/SFM/SFM.dmg" "build/SFM.System/SFM.app"
-
-notarize_macos_dmg:
-	xcrun notarytool submit "dist/SFM/SFM.dmg" --wait \
-	  --keychain-profile "notarytool-password" \
-  	  --no-s3-acceleration
-
-upload_macos_dmg:
-	cd dist/SFM && \
-	cp SFM.dmg "SFM-${VERSION}-universal.dmg" && \
-	ghr --replace --draft --prerelease "v${VERSION}" "SFM-${VERSION}-universal.dmg"
-
-upload_macos_dsyms:
-	pushd ../sing-box-for-apple/build/SFM.System.xcarchive && \
-	zip -r SFM.dSYMs.zip dSYMs && \
-	mv SFM.dSYMs.zip ../../../sing-box/dist/SFM && \
-	popd && \
-	cd dist/SFM && \
-	cp SFM.dSYMs.zip "SFM-${VERSION}-universal.dSYMs.zip" && \
-	ghr --replace --draft --prerelease "v${VERSION}" "SFM-${VERSION}-universal.dSYMs.zip"
-
-release_macos_standalone: build_macos_standalone build_macos_dmg notarize_macos_dmg upload_macos_dmg upload_macos_dsyms
-
-build_tvos:
-	cd ../sing-box-for-apple && \
-	rm -rf build/SFT.xcarchive && \
-	xcodebuild archive -scheme SFT -configuration Release -archivePath build/SFT.xcarchive -allowProvisioningUpdates
-
-upload_tvos_app_store:
-	cd ../sing-box-for-apple && \
-	xcodebuild -exportArchive -archivePath "build/SFT.xcarchive" -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates
-
-release_tvos: build_tvos upload_tvos_app_store
-
-update_apple_version:
-	go run ./cmd/internal/update_apple_version
-
-release_apple: lib_ios update_apple_version release_ios release_macos release_tvos release_macos_standalone
-
-release_apple_beta: update_apple_version release_ios release_macos release_tvos
-
 test:
-	@go test -v ./... && \
-	cd test && \
-	go mod tidy && \
-	go test -v -tags "$(TAGS_TEST)" .
-
-test_stdio:
-	@go test -v ./... && \
-	cd test && \
-	go mod tidy && \
-	go test -v -tags "$(TAGS_TEST),force_stdio" .
-
-lib_android:
-	go run ./cmd/internal/build_libbox -target android
-
-lib_ios:
-	go run ./cmd/internal/build_libbox -target ios
-
-lib:
-	go run ./cmd/internal/build_libbox -target android
-	go run ./cmd/internal/build_libbox -target ios
-
-lib_install:
-	go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.1.4
-	go install -v github.com/sagernet/gomobile/cmd/gobind@v0.1.4
-
-docs:
-	venv/bin/mkdocs serve
-
-publish_docs:
-	venv/bin/mkdocs gh-deploy -m "Update" --force --ignore-version --no-history
-
-docs_install:
-	python -m venv venv
-	source ./venv/bin/activate && pip install --force-reinstall mkdocs-material=="9.*" mkdocs-static-i18n=="1.2.*"
+	go test -v . && \
+	pushd test && \
+	go test -v . && \
+	popd
 
 clean:
-	rm -rf bin dist sing-box
 	rm -f $(shell go env GOPATH)/sing-box
 
 update:

README.md

@@ -2,8 +2,6 @@
 
 The universal proxy platform.
 
-[![Packaging status](https://repology.org/badge/vertical-allrepos/sing-box.svg)](https://repology.org/project/sing-box/versions)
-
 ## Documentation
 
 https://sing-box.sagernet.org
@@ -25,7 +23,4 @@ GNU General Public License for more details.
 
 You should have received a copy of the GNU General Public License
 along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-In addition, no derivative work may use the name or imply association
-with this application without prior consent.
 ```

adapter/conn_router.go

@@ -1,104 +0,0 @@
-package adapter
-
-import (
-	"context"
-	"net"
-
-	"github.com/sagernet/sing/common/logger"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-)
-
-type ConnectionRouter interface {
-	RouteConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
-	RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
-}
-
-func NewRouteHandler(
-	metadata InboundContext,
-	router ConnectionRouter,
-	logger logger.ContextLogger,
-) UpstreamHandlerAdapter {
-	return &routeHandlerWrapper{
-		metadata: metadata,
-		router:   router,
-		logger:   logger,
-	}
-}
-
-func NewRouteContextHandler(
-	router ConnectionRouter,
-	logger logger.ContextLogger,
-) UpstreamHandlerAdapter {
-	return &routeContextHandlerWrapper{
-		router: router,
-		logger: logger,
-	}
-}
-
-var _ UpstreamHandlerAdapter = (*routeHandlerWrapper)(nil)
-
-type routeHandlerWrapper struct {
-	metadata InboundContext
-	router   ConnectionRouter
-	logger   logger.ContextLogger
-}
-
-func (w *routeHandlerWrapper) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
-	myMetadata := w.metadata
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
-	return w.router.RouteConnection(ctx, conn, myMetadata)
-}
-
-func (w *routeHandlerWrapper) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
-	myMetadata := w.metadata
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
-	return w.router.RoutePacketConnection(ctx, conn, myMetadata)
-}
-
-func (w *routeHandlerWrapper) NewError(ctx context.Context, err error) {
-	w.logger.ErrorContext(ctx, err)
-}
-
-var _ UpstreamHandlerAdapter = (*routeContextHandlerWrapper)(nil)
-
-type routeContextHandlerWrapper struct {
-	router ConnectionRouter
-	logger logger.ContextLogger
-}
-
-func (w *routeContextHandlerWrapper) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
-	myMetadata := ContextFrom(ctx)
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
-	return w.router.RouteConnection(ctx, conn, *myMetadata)
-}
-
-func (w *routeContextHandlerWrapper) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
-	myMetadata := ContextFrom(ctx)
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
-	return w.router.RoutePacketConnection(ctx, conn, *myMetadata)
-}
-
-func (w *routeContextHandlerWrapper) NewError(ctx context.Context, err error) {
-	w.logger.ErrorContext(ctx, err)
-}

adapter/experimental.go

@@ -1,112 +1,29 @@
 package adapter
 
 import (
-	"bytes"
 	"context"
-	"encoding/binary"
 	"net"
-	"time"
 
-	"github.com/sagernet/sing-box/common/urltest"
-	"github.com/sagernet/sing-dns"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/varbin"
 )
 
 type ClashServer interface {
 	Service
-	PreStarter
-	Mode() string
-	ModeList() []string
-	HistoryStorage() *urltest.HistoryStorage
-	RoutedConnection(ctx context.Context, conn net.Conn, metadata InboundContext, matchedRule Rule) (net.Conn, Tracker)
-	RoutedPacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext, matchedRule Rule) (N.PacketConn, Tracker)
-}
-
-type CacheFile interface {
-	Service
-	PreStarter
-
-	StoreFakeIP() bool
-	FakeIPStorage
-
-	StoreRDRC() bool
-	dns.RDRCStore
-
-	LoadMode() string
-	StoreMode(mode string) error
-	LoadSelected(group string) string
-	StoreSelected(group string, selected string) error
-	LoadGroupExpand(group string) (isExpand bool, loaded bool)
-	StoreGroupExpand(group string, expand bool) error
-	LoadRuleSet(tag string) *SavedRuleSet
-	SaveRuleSet(tag string, set *SavedRuleSet) error
-}
-
-type SavedRuleSet struct {
-	Content     []byte
-	LastUpdated time.Time
-	LastEtag    string
-}
-
-func (s *SavedRuleSet) MarshalBinary() ([]byte, error) {
-	var buffer bytes.Buffer
-	err := binary.Write(&buffer, binary.BigEndian, uint8(1))
-	if err != nil {
-		return nil, err
-	}
-	err = varbin.Write(&buffer, binary.BigEndian, s.Content)
-	if err != nil {
-		return nil, err
-	}
-	err = binary.Write(&buffer, binary.BigEndian, s.LastUpdated.Unix())
-	if err != nil {
-		return nil, err
-	}
-	err = varbin.Write(&buffer, binary.BigEndian, s.LastEtag)
-	if err != nil {
-		return nil, err
-	}
-	return buffer.Bytes(), nil
-}
-
-func (s *SavedRuleSet) UnmarshalBinary(data []byte) error {
-	reader := bytes.NewReader(data)
-	var version uint8
-	err := binary.Read(reader, binary.BigEndian, &version)
-	if err != nil {
-		return err
-	}
-	err = varbin.Read(reader, binary.BigEndian, &s.Content)
-	if err != nil {
-		return err
-	}
-	var lastUpdated int64
-	err = binary.Read(reader, binary.BigEndian, &lastUpdated)
-	if err != nil {
-		return err
-	}
-	s.LastUpdated = time.Unix(lastUpdated, 0)
-	err = varbin.Read(reader, binary.BigEndian, &s.LastEtag)
-	if err != nil {
-		return err
-	}
-	return nil
+	TrafficController
 }
 
 type Tracker interface {
 	Leave()
 }
 
-type OutboundGroup interface {
-	Outbound
-	Now() string
-	All() []string
+type TrafficController interface {
+	RoutedConnection(ctx context.Context, conn net.Conn, metadata InboundContext, matchedRule Rule) (net.Conn, Tracker)
+	RoutedPacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext, matchedRule Rule) (N.PacketConn, Tracker)
 }
 
-type URLTestGroup interface {
-	OutboundGroup
-	URLTest(ctx context.Context) (map[string]uint16, error)
+type OutboundGroup interface {
+	Now() string
+	All() []string
 }
 
 func OutboundTag(detour Outbound) string {
@@ -115,13 +32,3 @@ func OutboundTag(detour Outbound) string {
 	}
 	return detour.Tag()
 }
-
-type V2RayServer interface {
-	Service
-	StatsService() V2RayStatsService
-}
-
-type V2RayStatsService interface {
-	RoutedConnection(inbound string, outbound string, user string, conn net.Conn) net.Conn
-	RoutedPacketConnection(inbound string, outbound string, user string, conn N.PacketConn) N.PacketConn
-}

adapter/fakeip.go

@@ -1,32 +0,0 @@
-package adapter
-
-import (
-	"net/netip"
-
-	"github.com/sagernet/sing-dns"
-	"github.com/sagernet/sing/common/logger"
-)
-
-type FakeIPStore interface {
-	Service
-	Contains(address netip.Addr) bool
-	Create(domain string, isIPv6 bool) (netip.Addr, error)
-	Lookup(address netip.Addr) (string, bool)
-	Reset() error
-}
-
-type FakeIPStorage interface {
-	FakeIPMetadata() *FakeIPMetadata
-	FakeIPSaveMetadata(metadata *FakeIPMetadata) error
-	FakeIPSaveMetadataAsync(metadata *FakeIPMetadata)
-	FakeIPStore(address netip.Addr, domain string) error
-	FakeIPStoreAsync(address netip.Addr, domain string, logger logger.Logger)
-	FakeIPLoad(address netip.Addr) (string, bool)
-	FakeIPLoadDomain(domain string, isIPv6 bool) (netip.Addr, bool)
-	FakeIPReset() error
-}
-
-type FakeIPTransport interface {
-	dns.Transport
-	Store() FakeIPStore
-}

adapter/fakeip_metadata.go

@@ -1,50 +0,0 @@
-package adapter
-
-import (
-	"bytes"
-	"encoding"
-	"encoding/binary"
-	"io"
-	"net/netip"
-
-	"github.com/sagernet/sing/common"
-)
-
-type FakeIPMetadata struct {
-	Inet4Range   netip.Prefix
-	Inet6Range   netip.Prefix
-	Inet4Current netip.Addr
-	Inet6Current netip.Addr
-}
-
-func (m *FakeIPMetadata) MarshalBinary() (data []byte, err error) {
-	var buffer bytes.Buffer
-	for _, marshaler := range []encoding.BinaryMarshaler{m.Inet4Range, m.Inet6Range, m.Inet4Current, m.Inet6Current} {
-		data, err = marshaler.MarshalBinary()
-		if err != nil {
-			return
-		}
-		common.Must(binary.Write(&buffer, binary.BigEndian, uint16(len(data))))
-		buffer.Write(data)
-	}
-	data = buffer.Bytes()
-	return
-}
-
-func (m *FakeIPMetadata) UnmarshalBinary(data []byte) error {
-	reader := bytes.NewReader(data)
-	for _, unmarshaler := range []encoding.BinaryUnmarshaler{&m.Inet4Range, &m.Inet6Range, &m.Inet4Current, &m.Inet6Current} {
-		var length uint16
-		common.Must(binary.Read(reader, binary.BigEndian, &length))
-		element := make([]byte, length)
-		_, err := io.ReadFull(reader, element)
-		if err != nil {
-			return err
-		}
-		err = unmarshaler.UnmarshalBinary(element)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}

adapter/inbound.go

@@ -2,13 +2,11 @@ package adapter
 
 import (
 	"context"
-	"net"
 	"net/netip"
 
 	"github.com/sagernet/sing-box/common/process"
-	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing-dns"
 	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
 )
 
 type Inbound interface {
@@ -17,64 +15,27 @@ type Inbound interface {
 	Tag() string
 }
 
-type InjectableInbound interface {
-	Inbound
-	Network() []string
-	NewConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
-	NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
-}
-
 type InboundContext struct {
 	Inbound     string
 	InboundType string
-	IPVersion   uint8
 	Network     string
 	Source      M.Socksaddr
 	Destination M.Socksaddr
+	Domain      string
+	Protocol    string
 	User        string
 	Outbound    string
 
-	// sniffer
-
-	Protocol     string
-	Domain       string
-	Client       string
-	SniffContext any
-
 	// cache
 
-	InboundDetour        string
-	LastInbound          string
-	OriginDestination    M.Socksaddr
-	InboundOptions       option.InboundOptions
-	DestinationAddresses []netip.Addr
-	SourceGeoIPCode      string
-	GeoIPCode            string
-	ProcessInfo          *process.Info
-	QueryType            uint16
-	FakeIP               bool
+	DomainStrategy           dns.DomainStrategy
+	SniffEnabled             bool
+	SniffOverrideDestination bool
+	DestinationAddresses     []netip.Addr
 
-	// rule cache
-
-	IPCIDRMatchSource bool
-	IPCIDRAcceptEmpty bool
-
-	SourceAddressMatch           bool
-	SourcePortMatch              bool
-	DestinationAddressMatch      bool
-	DestinationPortMatch         bool
-	DidMatch                     bool
-	IgnoreDestinationIPCIDRMatch bool
-}
-
-func (c *InboundContext) ResetRuleCache() {
-	c.IPCIDRMatchSource = false
-	c.IPCIDRAcceptEmpty = false
-	c.SourceAddressMatch = false
-	c.SourcePortMatch = false
-	c.DestinationAddressMatch = false
-	c.DestinationPortMatch = false
-	c.DidMatch = false
+	SourceGeoIPCode string
+	GeoIPCode       string
+	ProcessInfo     *process.Info
 }
 
 type inboundContextKey struct{}
@@ -91,19 +52,11 @@ func ContextFrom(ctx context.Context) *InboundContext {
 	return metadata.(*InboundContext)
 }
 
-func ExtendContext(ctx context.Context) (context.Context, *InboundContext) {
-	var newMetadata InboundContext
-	if metadata := ContextFrom(ctx); metadata != nil {
-		newMetadata = *metadata
+func AppendContext(ctx context.Context) (context.Context, *InboundContext) {
+	metadata := ContextFrom(ctx)
+	if metadata != nil {
+		return ctx, metadata
 	}
-	return WithContext(ctx, &newMetadata), &newMetadata
-}
-
-func OverrideContext(ctx context.Context) context.Context {
-	if metadata := ContextFrom(ctx); metadata != nil {
-		var newMetadata InboundContext
-		newMetadata = *metadata
-		return WithContext(ctx, &newMetadata)
-	}
-	return ctx
+	metadata = new(InboundContext)
+	return WithContext(ctx, metadata), metadata
 }

adapter/outbound.go

@@ -13,7 +13,6 @@ type Outbound interface {
 	Type() string
 	Tag() string
 	Network() []string
-	Dependencies() []string
 	N.Dialer
 	NewConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
 	NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error

adapter/prestart.go

@@ -1,9 +0,0 @@
-package adapter
-
-type PreStarter interface {
-	PreStart() error
-}
-
-type PostStarter interface {
-	PostStart() error
-}

adapter/router.go

@@ -3,168 +3,54 @@ package adapter
 import (
 	"context"
 	"net"
-	"net/http"
 	"net/netip"
-	"sync"
 
 	"github.com/sagernet/sing-box/common/geoip"
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-dns"
 	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common/control"
-	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/x/list"
-	"github.com/sagernet/sing/service"
 
-	mdns "github.com/miekg/dns"
-	"go4.org/netipx"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 type Router interface {
 	Service
-	PreStarter
-	PostStarter
-	Cleanup() error
 
 	Outbounds() []Outbound
 	Outbound(tag string) (Outbound, bool)
-	DefaultOutbound(network string) (Outbound, error)
+	DefaultOutbound(network string) Outbound
 
-	FakeIPStore() FakeIPStore
-
-	ConnectionRouter
+	RouteConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
+	RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
 
 	GeoIPReader() *geoip.Reader
 	LoadGeosite(code string) (Rule, error)
 
-	RuleSet(tag string) (RuleSet, bool)
-
-	NeedWIFIState() bool
-
-	Exchange(ctx context.Context, message *mdns.Msg) (*mdns.Msg, error)
+	Exchange(ctx context.Context, message *dnsmessage.Message) (*dnsmessage.Message, error)
 	Lookup(ctx context.Context, domain string, strategy dns.DomainStrategy) ([]netip.Addr, error)
 	LookupDefault(ctx context.Context, domain string) ([]netip.Addr, error)
-	ClearDNSCache()
 
-	InterfaceFinder() control.InterfaceFinder
-	UpdateInterfaces() error
+	InterfaceBindManager() control.BindManager
 	DefaultInterface() string
 	AutoDetectInterface() bool
-	AutoDetectInterfaceFunc() control.Func
-	DefaultMark() uint32
-	RegisterAutoRedirectOutputMark(mark uint32) error
-	AutoRedirectOutputMark() uint32
+	DefaultMark() int
 	NetworkMonitor() tun.NetworkUpdateMonitor
 	InterfaceMonitor() tun.DefaultInterfaceMonitor
-	PackageManager() tun.PackageManager
-	WIFIState() WIFIState
 	Rules() []Rule
-
-	ClashServer() ClashServer
-	SetClashServer(server ClashServer)
-
-	V2RayServer() V2RayServer
-	SetV2RayServer(server V2RayServer)
-
-	ResetNetwork() error
-}
-
-func ContextWithRouter(ctx context.Context, router Router) context.Context {
-	return service.ContextWith(ctx, router)
-}
-
-func RouterFromContext(ctx context.Context) Router {
-	return service.FromContext[Router](ctx)
-}
-
-type HeadlessRule interface {
-	Match(metadata *InboundContext) bool
-	String() string
+	SetTrafficController(controller TrafficController)
 }
 
 type Rule interface {
-	HeadlessRule
 	Service
 	Type() string
 	UpdateGeosite() error
+	Match(metadata *InboundContext) bool
 	Outbound() string
+	String() string
 }
 
 type DNSRule interface {
 	Rule
 	DisableCache() bool
-	RewriteTTL() *uint32
-	ClientSubnet() *netip.Prefix
-	WithAddressLimit() bool
-	MatchAddressLimit(metadata *InboundContext) bool
-}
-
-type RuleSet interface {
-	Name() string
-	StartContext(ctx context.Context, startContext *HTTPStartContext) error
-	PostStart() error
-	Metadata() RuleSetMetadata
-	ExtractIPSet() []*netipx.IPSet
-	IncRef()
-	DecRef()
-	Cleanup()
-	RegisterCallback(callback RuleSetUpdateCallback) *list.Element[RuleSetUpdateCallback]
-	UnregisterCallback(element *list.Element[RuleSetUpdateCallback])
-	Close() error
-	HeadlessRule
-}
-
-type RuleSetUpdateCallback func(it RuleSet)
-
-type RuleSetMetadata struct {
-	ContainsProcessRule bool
-	ContainsWIFIRule    bool
-	ContainsIPCIDRRule  bool
-}
-type HTTPStartContext struct {
-	access          sync.Mutex
-	httpClientCache map[string]*http.Client
-}
-
-func NewHTTPStartContext() *HTTPStartContext {
-	return &HTTPStartContext{
-		httpClientCache: make(map[string]*http.Client),
-	}
-}
-
-func (c *HTTPStartContext) HTTPClient(detour string, dialer N.Dialer) *http.Client {
-	c.access.Lock()
-	defer c.access.Unlock()
-	if httpClient, loaded := c.httpClientCache[detour]; loaded {
-		return httpClient
-	}
-	httpClient := &http.Client{
-		Transport: &http.Transport{
-			ForceAttemptHTTP2:   true,
-			TLSHandshakeTimeout: C.TCPTimeout,
-			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
-				return dialer.DialContext(ctx, network, M.ParseSocksaddr(addr))
-			},
-		},
-	}
-	c.httpClientCache[detour] = httpClient
-	return httpClient
-}
-
-func (c *HTTPStartContext) Close() {
-	c.access.Lock()
-	defer c.access.Unlock()
-	for _, client := range c.httpClientCache {
-		client.CloseIdleConnections()
-	}
-}
-
-type InterfaceUpdateListener interface {
-	InterfaceUpdated()
-}
-
-type WIFIState struct {
-	SSID  string
-	BSSID string
 }

adapter/service.go

@@ -1,6 +1,12 @@
 package adapter
 
-type Service interface {
+import "io"
+
+type Starter interface {
 	Start() error
-	Close() error
+}
+
+type Service interface {
+	Starter
+	io.Closer
 }

adapter/time.go

@@ -1,8 +0,0 @@
-package adapter
-
-import "time"
-
-type TimeService interface {
-	Service
-	TimeFunc() func() time.Time
-}

adapter/upstream.go

@@ -38,25 +38,13 @@ type myUpstreamHandlerWrapper struct {
 }
 
 func (w *myUpstreamHandlerWrapper) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
-	myMetadata := w.metadata
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
-	return w.connectionHandler(ctx, conn, myMetadata)
+	w.metadata.Destination = metadata.Destination
+	return w.connectionHandler(ctx, conn, w.metadata)
 }
 
 func (w *myUpstreamHandlerWrapper) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
-	myMetadata := w.metadata
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
-	return w.packetHandler(ctx, conn, myMetadata)
+	w.metadata.Destination = metadata.Destination
+	return w.packetHandler(ctx, conn, w.metadata)
 }
 
 func (w *myUpstreamHandlerWrapper) NewError(ctx context.Context, err error) {
@@ -90,23 +78,13 @@ func NewUpstreamContextHandler(
 
 func (w *myUpstreamContextHandlerWrapper) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
 	myMetadata := ContextFrom(ctx)
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
+	myMetadata.Destination = metadata.Destination
 	return w.connectionHandler(ctx, conn, *myMetadata)
 }
 
 func (w *myUpstreamContextHandlerWrapper) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
 	myMetadata := ContextFrom(ctx)
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
+	myMetadata.Destination = metadata.Destination
 	return w.packetHandler(ctx, conn, *myMetadata)
 }
 

adapter/v2ray.go

@@ -1,26 +0,0 @@
-package adapter
-
-import (
-	"context"
-	"net"
-
-	E "github.com/sagernet/sing/common/exceptions"
-	N "github.com/sagernet/sing/common/network"
-)
-
-type V2RayServerTransport interface {
-	Network() []string
-	Serve(listener net.Listener) error
-	ServePacket(listener net.PacketConn) error
-	Close() error
-}
-
-type V2RayServerTransportHandler interface {
-	N.TCPConnectionHandler
-	E.Handler
-}
-
-type V2RayClientTransport interface {
-	DialContext(ctx context.Context) (net.Conn, error)
-	Close() error
-}

box.go

@@ -2,18 +2,12 @@ package box
 
 import (
 	"context"
-	"fmt"
 	"io"
 	"os"
-	"runtime/debug"
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/taskmonitor"
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/experimental"
-	"github.com/sagernet/sing-box/experimental/cachefile"
-	"github.com/sagernet/sing-box/experimental/libbox/platform"
 	"github.com/sagernet/sing-box/inbound"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
@@ -22,77 +16,82 @@ import (
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
-	"github.com/sagernet/sing/service"
-	"github.com/sagernet/sing/service/pause"
 )
 
 var _ adapter.Service = (*Box)(nil)
 
 type Box struct {
-	createdAt    time.Time
-	router       adapter.Router
-	inbounds     []adapter.Inbound
-	outbounds    []adapter.Outbound
-	logFactory   log.Factory
-	logger       log.ContextLogger
-	preServices1 map[string]adapter.Service
-	preServices2 map[string]adapter.Service
-	postServices map[string]adapter.Service
-	done         chan struct{}
+	createdAt   time.Time
+	router      adapter.Router
+	inbounds    []adapter.Inbound
+	outbounds   []adapter.Outbound
+	logFactory  log.Factory
+	logger      log.ContextLogger
+	logFile     *os.File
+	clashServer adapter.ClashServer
+	done        chan struct{}
 }
 
-type Options struct {
-	option.Options
-	Context           context.Context
-	PlatformInterface platform.Interface
-	PlatformLogWriter log.PlatformWriter
-}
-
-func New(options Options) (*Box, error) {
+func New(ctx context.Context, options option.Options) (*Box, error) {
 	createdAt := time.Now()
-	ctx := options.Context
-	if ctx == nil {
-		ctx = context.Background()
-	}
-	ctx = service.ContextWithDefaultRegistry(ctx)
-	ctx = pause.WithDefaultManager(ctx)
-	experimentalOptions := common.PtrValueOrDefault(options.Experimental)
-	applyDebugOptions(common.PtrValueOrDefault(experimentalOptions.Debug))
-	var needCacheFile bool
+	logOptions := common.PtrValueOrDefault(options.Log)
+
 	var needClashAPI bool
-	var needV2RayAPI bool
-	if experimentalOptions.CacheFile != nil && experimentalOptions.CacheFile.Enabled || options.PlatformLogWriter != nil {
-		needCacheFile = true
-	}
-	if experimentalOptions.ClashAPI != nil || options.PlatformLogWriter != nil {
+	if options.Experimental != nil && options.Experimental.ClashAPI != nil && options.Experimental.ClashAPI.ExternalController != "" {
 		needClashAPI = true
 	}
-	if experimentalOptions.V2RayAPI != nil && experimentalOptions.V2RayAPI.Listen != "" {
-		needV2RayAPI = true
-	}
-	var defaultLogWriter io.Writer
-	if options.PlatformInterface != nil {
-		defaultLogWriter = io.Discard
-	}
-	logFactory, err := log.New(log.Options{
-		Context:        ctx,
-		Options:        common.PtrValueOrDefault(options.Log),
-		Observable:     needClashAPI,
-		DefaultWriter:  defaultLogWriter,
-		BaseTime:       createdAt,
-		PlatformWriter: options.PlatformLogWriter,
-	})
-	if err != nil {
-		return nil, E.Cause(err, "create log factory")
+
+	var logFactory log.Factory
+	var observableLogFactory log.ObservableFactory
+	var logFile *os.File
+	if logOptions.Disabled {
+		observableLogFactory = log.NewNOPFactory()
+		logFactory = observableLogFactory
+	} else {
+		var logWriter io.Writer
+		switch logOptions.Output {
+		case "", "stderr":
+			logWriter = os.Stderr
+		case "stdout":
+			logWriter = os.Stdout
+		default:
+			var err error
+			logFile, err = os.OpenFile(logOptions.Output, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o644)
+			if err != nil {
+				return nil, err
+			}
+		}
+		logFormatter := log.Formatter{
+			BaseTime:         createdAt,
+			DisableColors:    logOptions.DisableColor || logFile != nil,
+			DisableTimestamp: !logOptions.Timestamp && logFile != nil,
+			FullTimestamp:    logOptions.Timestamp,
+			TimestampFormat:  "-0700 2006-01-02 15:04:05",
+		}
+		if needClashAPI {
+			observableLogFactory = log.NewObservableFactory(logFormatter, logWriter)
+			logFactory = observableLogFactory
+		} else {
+			logFactory = log.NewFactory(logFormatter, logWriter)
+		}
+		if logOptions.Level != "" {
+			logLevel, err := log.ParseLevel(logOptions.Level)
+			if err != nil {
+				return nil, E.Cause(err, "parse log level")
+			}
+			logFactory.SetLevel(logLevel)
+		} else {
+			logFactory.SetLevel(log.LevelTrace)
+		}
 	}
+
 	router, err := route.NewRouter(
 		ctx,
-		logFactory,
+		logFactory.NewLogger("router"),
+		logFactory.NewLogger("dns"),
 		common.PtrValueOrDefault(options.Route),
 		common.PtrValueOrDefault(options.DNS),
-		common.PtrValueOrDefault(options.NTP),
 		options.Inbounds,
-		options.PlatformInterface,
 	)
 	if err != nil {
 		return nil, E.Cause(err, "parse route options")
@@ -111,9 +110,7 @@ func New(options Options) (*Box, error) {
 			ctx,
 			router,
 			logFactory.NewLogger(F.ToString("inbound/", inboundOptions.Type, "[", tag, "]")),
-			tag,
 			inboundOptions,
-			options.PlatformInterface,
 		)
 		if err != nil {
 			return nil, E.Cause(err, "parse inbound[", i, "]")
@@ -132,15 +129,14 @@ func New(options Options) (*Box, error) {
 			ctx,
 			router,
 			logFactory.NewLogger(F.ToString("outbound/", outboundOptions.Type, "[", tag, "]")),
-			tag,
 			outboundOptions)
 		if err != nil {
 			return nil, E.Cause(err, "parse outbound[", i, "]")
 		}
 		outbounds = append(outbounds, out)
 	}
-	err = router.Initialize(inbounds, outbounds, func() adapter.Outbound {
-		out, oErr := outbound.New(ctx, router, logFactory.NewLogger("outbound/direct"), "direct", option.Outbound{Type: "direct", Tag: "default"})
+	err = router.Initialize(outbounds, func() adapter.Outbound {
+		out, oErr := outbound.New(ctx, router, logFactory.NewLogger("outbound/direct"), option.Outbound{Type: "direct", Tag: "default"})
 		common.Must(oErr)
 		outbounds = append(outbounds, out)
 		return out
@@ -148,196 +144,49 @@ func New(options Options) (*Box, error) {
 	if err != nil {
 		return nil, err
 	}
-	if options.PlatformInterface != nil {
-		err = options.PlatformInterface.Initialize(ctx, router)
-		if err != nil {
-			return nil, E.Cause(err, "initialize platform interface")
-		}
-	}
-	preServices1 := make(map[string]adapter.Service)
-	preServices2 := make(map[string]adapter.Service)
-	postServices := make(map[string]adapter.Service)
-	if needCacheFile {
-		cacheFile := service.FromContext[adapter.CacheFile](ctx)
-		if cacheFile == nil {
-			cacheFile = cachefile.New(ctx, common.PtrValueOrDefault(experimentalOptions.CacheFile))
-			service.MustRegister[adapter.CacheFile](ctx, cacheFile)
-		}
-		preServices1["cache file"] = cacheFile
-	}
+
+	var clashServer adapter.ClashServer
 	if needClashAPI {
-		clashAPIOptions := common.PtrValueOrDefault(experimentalOptions.ClashAPI)
-		clashAPIOptions.ModeList = experimental.CalculateClashModeList(options.Options)
-		clashServer, err := experimental.NewClashServer(ctx, router, logFactory.(log.ObservableFactory), clashAPIOptions)
+		clashServer, err = experimental.NewClashServer(router, observableLogFactory, common.PtrValueOrDefault(options.Experimental.ClashAPI))
 		if err != nil {
 			return nil, E.Cause(err, "create clash api server")
 		}
-		router.SetClashServer(clashServer)
-		preServices2["clash api"] = clashServer
-	}
-	if needV2RayAPI {
-		v2rayServer, err := experimental.NewV2RayServer(logFactory.NewLogger("v2ray-api"), common.PtrValueOrDefault(experimentalOptions.V2RayAPI))
-		if err != nil {
-			return nil, E.Cause(err, "create v2ray api server")
-		}
-		router.SetV2RayServer(v2rayServer)
-		preServices2["v2ray api"] = v2rayServer
+		router.SetTrafficController(clashServer)
 	}
 	return &Box{
-		router:       router,
-		inbounds:     inbounds,
-		outbounds:    outbounds,
-		createdAt:    createdAt,
-		logFactory:   logFactory,
-		logger:       logFactory.Logger(),
-		preServices1: preServices1,
-		preServices2: preServices2,
-		postServices: postServices,
-		done:         make(chan struct{}),
+		router:      router,
+		inbounds:    inbounds,
+		outbounds:   outbounds,
+		createdAt:   createdAt,
+		logFactory:  logFactory,
+		logger:      logFactory.NewLogger(""),
+		logFile:     logFile,
+		clashServer: clashServer,
+		done:        make(chan struct{}),
 	}, nil
 }
 
-func (s *Box) PreStart() error {
-	err := s.preStart()
-	if err != nil {
-		// TODO: remove catch error
-		defer func() {
-			v := recover()
-			if v != nil {
-				println(err.Error())
-				debug.PrintStack()
-				panic("panic on early close: " + fmt.Sprint(v))
-			}
-		}()
-		s.Close()
-		return err
-	}
-	s.logger.Info("sing-box pre-started (", F.Seconds(time.Since(s.createdAt).Seconds()), "s)")
-	return nil
-}
-
 func (s *Box) Start() error {
-	err := s.start()
-	if err != nil {
-		// TODO: remove catch error
-		defer func() {
-			v := recover()
-			if v != nil {
-				println(err.Error())
-				debug.PrintStack()
-				println("panic on early start: " + fmt.Sprint(v))
-			}
-		}()
-		s.Close()
-		return err
-	}
-	s.logger.Info("sing-box started (", F.Seconds(time.Since(s.createdAt).Seconds()), "s)")
-	return nil
-}
-
-func (s *Box) preStart() error {
-	monitor := taskmonitor.New(s.logger, C.StartTimeout)
-	monitor.Start("start logger")
-	err := s.logFactory.Start()
-	monitor.Finish()
-	if err != nil {
-		return E.Cause(err, "start logger")
-	}
-	for serviceName, service := range s.preServices1 {
-		if preService, isPreService := service.(adapter.PreStarter); isPreService {
-			monitor.Start("pre-start ", serviceName)
-			err := preService.PreStart()
-			monitor.Finish()
-			if err != nil {
-				return E.Cause(err, "pre-start ", serviceName)
-			}
-		}
-	}
-	for serviceName, service := range s.preServices2 {
-		if preService, isPreService := service.(adapter.PreStarter); isPreService {
-			monitor.Start("pre-start ", serviceName)
-			err := preService.PreStart()
-			monitor.Finish()
-			if err != nil {
-				return E.Cause(err, "pre-start ", serviceName)
-			}
-		}
-	}
-	err = s.router.PreStart()
-	if err != nil {
-		return E.Cause(err, "pre-start router")
-	}
-	err = s.startOutbounds()
+	err := s.router.Start()
 	if err != nil {
 		return err
 	}
-	return s.router.Start()
-}
-
-func (s *Box) start() error {
-	err := s.preStart()
-	if err != nil {
-		return err
-	}
-	for serviceName, service := range s.preServices1 {
-		err = service.Start()
-		if err != nil {
-			return E.Cause(err, "start ", serviceName)
-		}
-	}
-	for serviceName, service := range s.preServices2 {
-		err = service.Start()
-		if err != nil {
-			return E.Cause(err, "start ", serviceName)
-		}
-	}
 	for i, in := range s.inbounds {
-		var tag string
-		if in.Tag() == "" {
-			tag = F.ToString(i)
-		} else {
-			tag = in.Tag()
-		}
 		err = in.Start()
 		if err != nil {
-			return E.Cause(err, "initialize inbound/", in.Type(), "[", tag, "]")
+			for g := 0; g < i; g++ {
+				s.inbounds[g].Close()
+			}
+			return err
 		}
 	}
-	err = s.postStart()
-	if err != nil {
-		return err
-	}
-	return s.router.Cleanup()
-}
-
-func (s *Box) postStart() error {
-	for serviceName, service := range s.postServices {
-		err := service.Start()
+	if s.clashServer != nil {
+		err = s.clashServer.Start()
 		if err != nil {
-			return E.Cause(err, "start ", serviceName)
-		}
-	}
-	// TODO: reorganize ALL start order
-	for _, out := range s.outbounds {
-		if lateOutbound, isLateOutbound := out.(adapter.PostStarter); isLateOutbound {
-			err := lateOutbound.PostStart()
-			if err != nil {
-				return E.Cause(err, "post-start outbound/", out.Tag())
-			}
-		}
-	}
-	err := s.router.PostStart()
-	if err != nil {
-		return err
-	}
-	for _, in := range s.inbounds {
-		if lateInbound, isLateInbound := in.(adapter.PostStarter); isLateInbound {
-			err = lateInbound.PostStart()
-			if err != nil {
-				return E.Cause(err, "post-start inbound/", in.Tag())
-			}
+			return E.Cause(err, "start clash api server")
 		}
 	}
+	s.logger.Info("sing-box started (", F.Seconds(time.Since(s.createdAt).Seconds()), "s)")
 	return nil
 }
 
@@ -348,58 +197,16 @@ func (s *Box) Close() error {
 	default:
 		close(s.done)
 	}
-	monitor := taskmonitor.New(s.logger, C.StopTimeout)
-	var errors error
-	for serviceName, service := range s.postServices {
-		monitor.Start("close ", serviceName)
-		errors = E.Append(errors, service.Close(), func(err error) error {
-			return E.Cause(err, "close ", serviceName)
-		})
-		monitor.Finish()
+	for _, in := range s.inbounds {
+		in.Close()
 	}
-	for i, in := range s.inbounds {
-		monitor.Start("close inbound/", in.Type(), "[", i, "]")
-		errors = E.Append(errors, in.Close(), func(err error) error {
-			return E.Cause(err, "close inbound/", in.Type(), "[", i, "]")
-		})
-		monitor.Finish()
+	for _, out := range s.outbounds {
+		common.Close(out)
 	}
-	for i, out := range s.outbounds {
-		monitor.Start("close outbound/", out.Type(), "[", i, "]")
-		errors = E.Append(errors, common.Close(out), func(err error) error {
-			return E.Cause(err, "close outbound/", out.Type(), "[", i, "]")
-		})
-		monitor.Finish()
-	}
-	monitor.Start("close router")
-	if err := common.Close(s.router); err != nil {
-		errors = E.Append(errors, err, func(err error) error {
-			return E.Cause(err, "close router")
-		})
-	}
-	monitor.Finish()
-	for serviceName, service := range s.preServices1 {
-		monitor.Start("close ", serviceName)
-		errors = E.Append(errors, service.Close(), func(err error) error {
-			return E.Cause(err, "close ", serviceName)
-		})
-		monitor.Finish()
-	}
-	for serviceName, service := range s.preServices2 {
-		monitor.Start("close ", serviceName)
-		errors = E.Append(errors, service.Close(), func(err error) error {
-			return E.Cause(err, "close ", serviceName)
-		})
-		monitor.Finish()
-	}
-	if err := common.Close(s.logFactory); err != nil {
-		errors = E.Append(errors, err, func(err error) error {
-			return E.Cause(err, "close logger")
-		})
-	}
-	return errors
-}
-
-func (s *Box) Router() adapter.Router {
-	return s.router
+	return common.Close(
+		s.router,
+		s.logFactory,
+		s.clashServer,
+		common.PtrOrNil(s.logFile),
+	)
 }

box_outbound.go

@@ -1,85 +0,0 @@
-package box
-
-import (
-	"strings"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/taskmonitor"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing/common"
-	E "github.com/sagernet/sing/common/exceptions"
-	F "github.com/sagernet/sing/common/format"
-)
-
-func (s *Box) startOutbounds() error {
-	monitor := taskmonitor.New(s.logger, C.StartTimeout)
-	outboundTags := make(map[adapter.Outbound]string)
-	outbounds := make(map[string]adapter.Outbound)
-	for i, outboundToStart := range s.outbounds {
-		var outboundTag string
-		if outboundToStart.Tag() == "" {
-			outboundTag = F.ToString(i)
-		} else {
-			outboundTag = outboundToStart.Tag()
-		}
-		if _, exists := outbounds[outboundTag]; exists {
-			return E.New("outbound tag ", outboundTag, " duplicated")
-		}
-		outboundTags[outboundToStart] = outboundTag
-		outbounds[outboundTag] = outboundToStart
-	}
-	started := make(map[string]bool)
-	for {
-		canContinue := false
-	startOne:
-		for _, outboundToStart := range s.outbounds {
-			outboundTag := outboundTags[outboundToStart]
-			if started[outboundTag] {
-				continue
-			}
-			dependencies := outboundToStart.Dependencies()
-			for _, dependency := range dependencies {
-				if !started[dependency] {
-					continue startOne
-				}
-			}
-			started[outboundTag] = true
-			canContinue = true
-			if starter, isStarter := outboundToStart.(interface {
-				Start() error
-			}); isStarter {
-				monitor.Start("initialize outbound/", outboundToStart.Type(), "[", outboundTag, "]")
-				err := starter.Start()
-				monitor.Finish()
-				if err != nil {
-					return E.Cause(err, "initialize outbound/", outboundToStart.Type(), "[", outboundTag, "]")
-				}
-			}
-		}
-		if len(started) == len(s.outbounds) {
-			break
-		}
-		if canContinue {
-			continue
-		}
-		currentOutbound := common.Find(s.outbounds, func(it adapter.Outbound) bool {
-			return !started[outboundTags[it]]
-		})
-		var lintOutbound func(oTree []string, oCurrent adapter.Outbound) error
-		lintOutbound = func(oTree []string, oCurrent adapter.Outbound) error {
-			problemOutboundTag := common.Find(oCurrent.Dependencies(), func(it string) bool {
-				return !started[it]
-			})
-			if common.Contains(oTree, problemOutboundTag) {
-				return E.New("circular outbound dependency: ", strings.Join(oTree, " -> "), " -> ", problemOutboundTag)
-			}
-			problemOutbound := outbounds[problemOutboundTag]
-			if problemOutbound == nil {
-				return E.New("dependency[", problemOutboundTag, "] not found for outbound[", outboundTags[oCurrent], "]")
-			}
-			return lintOutbound(append(oTree, problemOutboundTag), problemOutbound)
-		}
-		return lintOutbound([]string{outboundTags[currentOutbound]}, currentOutbound)
-	}
-	return nil
-}

cmd/internal/build/main.go

@@ -1,26 +0,0 @@
-package main
-
-import (
-	"go/build"
-	"os"
-	"os/exec"
-
-	"github.com/sagernet/sing-box/cmd/internal/build_shared"
-	"github.com/sagernet/sing-box/log"
-)
-
-func main() {
-	build_shared.FindSDK()
-
-	if os.Getenv("GOPATH") == "" {
-		os.Setenv("GOPATH", build.Default.GOPATH)
-	}
-
-	command := exec.Command(os.Args[1], os.Args[2:]...)
-	command.Stdout = os.Stdout
-	command.Stderr = os.Stderr
-	err := command.Run()
-	if err != nil {
-		log.Fatal(err)
-	}
-}

cmd/internal/build_libbox/main.go

@@ -1,144 +0,0 @@
-package main
-
-import (
-	"flag"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-
-	_ "github.com/sagernet/gomobile"
-	"github.com/sagernet/sing-box/cmd/internal/build_shared"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common/rw"
-)
-
-var (
-	debugEnabled bool
-	target       string
-)
-
-func init() {
-	flag.BoolVar(&debugEnabled, "debug", false, "enable debug")
-	flag.StringVar(&target, "target", "android", "target platform")
-}
-
-func main() {
-	flag.Parse()
-
-	build_shared.FindMobile()
-
-	switch target {
-	case "android":
-		buildAndroid()
-	case "ios":
-		buildiOS()
-	}
-}
-
-var (
-	sharedFlags []string
-	debugFlags  []string
-	sharedTags  []string
-	iosTags     []string
-	debugTags   []string
-)
-
-func init() {
-	sharedFlags = append(sharedFlags, "-trimpath")
-	sharedFlags = append(sharedFlags, "-buildvcs=false")
-	currentTag, err := build_shared.ReadTag()
-	if err != nil {
-		currentTag = "unknown"
-	}
-	sharedFlags = append(sharedFlags, "-ldflags", "-X github.com/sagernet/sing-box/constant.Version="+currentTag+" -s -w -buildid=")
-	debugFlags = append(debugFlags, "-ldflags", "-X github.com/sagernet/sing-box/constant.Version="+currentTag)
-
-	sharedTags = append(sharedTags, "with_gvisor", "with_quic", "with_wireguard", "with_ech", "with_utls", "with_clash_api")
-	iosTags = append(iosTags, "with_dhcp", "with_low_memory", "with_conntrack")
-	debugTags = append(debugTags, "debug")
-}
-
-func buildAndroid() {
-	build_shared.FindSDK()
-
-	args := []string{
-		"bind",
-		"-v",
-		"-androidapi", "21",
-		"-javapkg=io.nekohasekai",
-		"-libname=box",
-	}
-	if !debugEnabled {
-		args = append(args, sharedFlags...)
-	} else {
-		args = append(args, debugFlags...)
-	}
-
-	args = append(args, "-tags")
-	if !debugEnabled {
-		args = append(args, strings.Join(sharedTags, ","))
-	} else {
-		args = append(args, strings.Join(append(sharedTags, debugTags...), ","))
-	}
-	args = append(args, "./experimental/libbox")
-
-	command := exec.Command(build_shared.GoBinPath+"/gomobile", args...)
-	command.Stdout = os.Stdout
-	command.Stderr = os.Stderr
-	err := command.Run()
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	const name = "libbox.aar"
-	copyPath := filepath.Join("..", "sing-box-for-android", "app", "libs")
-	if rw.IsDir(copyPath) {
-		copyPath, _ = filepath.Abs(copyPath)
-		err = rw.CopyFile(name, filepath.Join(copyPath, name))
-		if err != nil {
-			log.Fatal(err)
-		}
-		log.Info("copied to ", copyPath)
-	}
-}
-
-func buildiOS() {
-	args := []string{
-		"bind",
-		"-v",
-		"-target", "ios,iossimulator,tvos,tvossimulator,macos",
-		"-libname=box",
-	}
-	if !debugEnabled {
-		args = append(args, sharedFlags...)
-	} else {
-		args = append(args, debugFlags...)
-	}
-
-	tags := append(sharedTags, iosTags...)
-	args = append(args, "-tags")
-	if !debugEnabled {
-		args = append(args, strings.Join(tags, ","))
-	} else {
-		args = append(args, strings.Join(append(tags, debugTags...), ","))
-	}
-	args = append(args, "./experimental/libbox")
-
-	command := exec.Command(build_shared.GoBinPath+"/gomobile", args...)
-	command.Stdout = os.Stdout
-	command.Stderr = os.Stderr
-	err := command.Run()
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	copyPath := filepath.Join("..", "sing-box-for-apple")
-	if rw.IsDir(copyPath) {
-		targetDir := filepath.Join(copyPath, "Libbox.xcframework")
-		targetDir, _ = filepath.Abs(targetDir)
-		os.RemoveAll(targetDir)
-		os.Rename("Libbox.xcframework", targetDir)
-		log.Info("copied to ", targetDir)
-	}
-}

cmd/internal/build_shared/sdk.go

@@ -1,112 +0,0 @@
-package build_shared
-
-import (
-	"go/build"
-	"os"
-	"path/filepath"
-	"runtime"
-	"sort"
-	"strconv"
-	"strings"
-
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/rw"
-	"github.com/sagernet/sing/common/shell"
-)
-
-var (
-	androidSDKPath string
-	androidNDKPath string
-)
-
-func FindSDK() {
-	searchPath := []string{
-		"$ANDROID_HOME",
-		"$HOME/Android/Sdk",
-		"$HOME/.local/lib/android/sdk",
-		"$HOME/Library/Android/sdk",
-	}
-	for _, path := range searchPath {
-		path = os.ExpandEnv(path)
-		if rw.IsFile(filepath.Join(path, "licenses", "android-sdk-license")) {
-			androidSDKPath = path
-			break
-		}
-	}
-	if androidSDKPath == "" {
-		log.Fatal("android SDK not found")
-	}
-	if !findNDK() {
-		log.Fatal("android NDK not found")
-	}
-
-	javaVersion, err := shell.Exec("java", "--version").ReadOutput()
-	if err != nil {
-		log.Fatal(E.Cause(err, "check java version"))
-	}
-	if !strings.Contains(javaVersion, "openjdk 17") {
-		log.Fatal("java version should be openjdk 17")
-	}
-
-	os.Setenv("ANDROID_HOME", androidSDKPath)
-	os.Setenv("ANDROID_SDK_HOME", androidSDKPath)
-	os.Setenv("ANDROID_NDK_HOME", androidNDKPath)
-	os.Setenv("NDK", androidNDKPath)
-	os.Setenv("PATH", os.Getenv("PATH")+":"+filepath.Join(androidNDKPath, "toolchains", "llvm", "prebuilt", runtime.GOOS+"-x86_64", "bin"))
-}
-
-func findNDK() bool {
-	const fixedVersion = "26.2.11394342"
-	const versionFile = "source.properties"
-	if fixedPath := filepath.Join(androidSDKPath, "ndk", fixedVersion); rw.IsFile(filepath.Join(fixedPath, versionFile)) {
-		androidNDKPath = fixedPath
-		return true
-	}
-	ndkVersions, err := os.ReadDir(filepath.Join(androidSDKPath, "ndk"))
-	if err != nil {
-		return false
-	}
-	versionNames := common.Map(ndkVersions, os.DirEntry.Name)
-	if len(versionNames) == 0 {
-		return false
-	}
-	sort.Slice(versionNames, func(i, j int) bool {
-		iVersions := strings.Split(versionNames[i], ".")
-		jVersions := strings.Split(versionNames[j], ".")
-		for k := 0; k < len(iVersions) && k < len(jVersions); k++ {
-			iVersion, _ := strconv.Atoi(iVersions[k])
-			jVersion, _ := strconv.Atoi(jVersions[k])
-			if iVersion != jVersion {
-				return iVersion > jVersion
-			}
-		}
-		return true
-	})
-	for _, versionName := range versionNames {
-		currentNDKPath := filepath.Join(androidSDKPath, "ndk", versionName)
-		if rw.IsFile(filepath.Join(currentNDKPath, versionFile)) {
-			androidNDKPath = currentNDKPath
-			log.Warn("reproducibility warning: using NDK version " + versionName + " instead of " + fixedVersion)
-			return true
-		}
-	}
-	return false
-}
-
-var GoBinPath string
-
-func FindMobile() {
-	goBin := filepath.Join(build.Default.GOPATH, "bin")
-	if runtime.GOOS == "windows" {
-		if !rw.IsFile(filepath.Join(goBin, "gobind.exe")) {
-			log.Fatal("missing gomobile installation")
-		}
-	} else {
-		if !rw.IsFile(filepath.Join(goBin, "gobind")) {
-			log.Fatal("missing gomobile installation")
-		}
-	}
-	GoBinPath = goBin
-}

cmd/internal/build_shared/tag.go

@@ -1,33 +0,0 @@
-package build_shared
-
-import (
-	"github.com/sagernet/sing-box/common/badversion"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/shell"
-)
-
-func ReadTag() (string, error) {
-	currentTag, err := shell.Exec("git", "describe", "--tags").ReadOutput()
-	if err != nil {
-		return currentTag, err
-	}
-	currentTagRev, _ := shell.Exec("git", "describe", "--tags", "--abbrev=0").ReadOutput()
-	if currentTagRev == currentTag {
-		return currentTag[1:], nil
-	}
-	shortCommit, _ := shell.Exec("git", "rev-parse", "--short", "HEAD").ReadOutput()
-	version := badversion.Parse(currentTagRev[1:])
-	return version.String() + "-" + shortCommit, nil
-}
-
-func ReadTagVersion() (badversion.Version, error) {
-	currentTag := common.Must1(shell.Exec("git", "describe", "--tags").ReadOutput())
-	currentTagRev := common.Must1(shell.Exec("git", "describe", "--tags", "--abbrev=0").ReadOutput())
-	version := badversion.Parse(currentTagRev[1:])
-	if currentTagRev != currentTag {
-		if version.PreReleaseIdentifier == "" {
-			version.Patch++
-		}
-	}
-	return version, nil
-}

cmd/internal/protogen/main.go

@@ -1,218 +0,0 @@
-package main
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"go/build"
-	"io"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"runtime"
-	"strings"
-)
-
-// envFile returns the name of the Go environment configuration file.
-// Copy from https://github.com/golang/go/blob/c4f2a9788a7be04daf931ac54382fbe2cb754938/src/cmd/go/internal/cfg/cfg.go#L150-L166
-func envFile() (string, error) {
-	if file := os.Getenv("GOENV"); file != "" {
-		if file == "off" {
-			return "", fmt.Errorf("GOENV=off")
-		}
-		return file, nil
-	}
-	dir, err := os.UserConfigDir()
-	if err != nil {
-		return "", err
-	}
-	if dir == "" {
-		return "", fmt.Errorf("missing user-config dir")
-	}
-	return filepath.Join(dir, "go", "env"), nil
-}
-
-// GetRuntimeEnv returns the value of runtime environment variable,
-// that is set by running following command: `go env -w key=value`.
-func GetRuntimeEnv(key string) (string, error) {
-	file, err := envFile()
-	if err != nil {
-		return "", err
-	}
-	if file == "" {
-		return "", fmt.Errorf("missing runtime env file")
-	}
-	var data []byte
-	var runtimeEnv string
-	data, readErr := os.ReadFile(file)
-	if readErr != nil {
-		return "", readErr
-	}
-	envStrings := strings.Split(string(data), "\n")
-	for _, envItem := range envStrings {
-		envItem = strings.TrimSuffix(envItem, "\r")
-		envKeyValue := strings.Split(envItem, "=")
-		if strings.EqualFold(strings.TrimSpace(envKeyValue[0]), key) {
-			runtimeEnv = strings.TrimSpace(envKeyValue[1])
-		}
-	}
-	return runtimeEnv, nil
-}
-
-// GetGOBIN returns GOBIN environment variable as a string. It will NOT be empty.
-func GetGOBIN() string {
-	// The one set by user explicitly by `export GOBIN=/path` or `env GOBIN=/path command`
-	GOBIN := os.Getenv("GOBIN")
-	if GOBIN == "" {
-		var err error
-		// The one set by user by running `go env -w GOBIN=/path`
-		GOBIN, err = GetRuntimeEnv("GOBIN")
-		if err != nil {
-			// The default one that Golang uses
-			return filepath.Join(build.Default.GOPATH, "bin")
-		}
-		if GOBIN == "" {
-			return filepath.Join(build.Default.GOPATH, "bin")
-		}
-		return GOBIN
-	}
-	return GOBIN
-}
-
-func main() {
-	pwd, err := os.Getwd()
-	if err != nil {
-		fmt.Println("Can not get current working directory.")
-		os.Exit(1)
-	}
-
-	GOBIN := GetGOBIN()
-	binPath := os.Getenv("PATH")
-	pathSlice := []string{pwd, GOBIN, binPath}
-	binPath = strings.Join(pathSlice, string(os.PathListSeparator))
-	os.Setenv("PATH", binPath)
-
-	suffix := ""
-	if runtime.GOOS == "windows" {
-		suffix = ".exe"
-	}
-
-	protoc := "protoc"
-
-	if linkPath, err := os.Readlink(protoc); err == nil {
-		protoc = linkPath
-	}
-
-	protoFilesMap := make(map[string][]string)
-	walkErr := filepath.Walk("./", func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			fmt.Println(err)
-			return err
-		}
-
-		if info.IsDir() {
-			return nil
-		}
-
-		dir := filepath.Dir(path)
-		filename := filepath.Base(path)
-		if strings.HasSuffix(filename, ".proto") &&
-			filename != "typed_message.proto" &&
-			filename != "descriptor.proto" {
-			protoFilesMap[dir] = append(protoFilesMap[dir], path)
-		}
-
-		return nil
-	})
-	if walkErr != nil {
-		fmt.Println(walkErr)
-		os.Exit(1)
-	}
-
-	for _, files := range protoFilesMap {
-		for _, relProtoFile := range files {
-			args := []string{
-				"-I", ".",
-				"--go_out", pwd,
-				"--go_opt", "paths=source_relative",
-				"--go-grpc_out", pwd,
-				"--go-grpc_opt", "paths=source_relative",
-				"--plugin", "protoc-gen-go=" + filepath.Join(GOBIN, "protoc-gen-go"+suffix),
-				"--plugin", "protoc-gen-go-grpc=" + filepath.Join(GOBIN, "protoc-gen-go-grpc"+suffix),
-			}
-			args = append(args, relProtoFile)
-			cmd := exec.Command(protoc, args...)
-			cmd.Env = append(cmd.Env, os.Environ()...)
-			output, cmdErr := cmd.CombinedOutput()
-			if len(output) > 0 {
-				fmt.Println(string(output))
-			}
-			if cmdErr != nil {
-				fmt.Println(cmdErr)
-				os.Exit(1)
-			}
-		}
-	}
-
-	normalizeWalkErr := filepath.Walk("./", func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			fmt.Println(err)
-			return err
-		}
-
-		if info.IsDir() {
-			return nil
-		}
-
-		filename := filepath.Base(path)
-		if strings.HasSuffix(filename, ".pb.go") &&
-			path != "config.pb.go" {
-			if err := NormalizeGeneratedProtoFile(path); err != nil {
-				fmt.Println(err)
-				os.Exit(1)
-			}
-		}
-
-		return nil
-	})
-	if normalizeWalkErr != nil {
-		fmt.Println(normalizeWalkErr)
-		os.Exit(1)
-	}
-}
-
-func NormalizeGeneratedProtoFile(path string) error {
-	fd, err := os.OpenFile(path, os.O_RDWR, 0o644)
-	if err != nil {
-		return err
-	}
-
-	_, err = fd.Seek(0, io.SeekStart)
-	if err != nil {
-		return err
-	}
-	out := bytes.NewBuffer(nil)
-	scanner := bufio.NewScanner(fd)
-	valid := false
-	for scanner.Scan() {
-		if !valid && !strings.HasPrefix(scanner.Text(), "package ") {
-			continue
-		}
-		valid = true
-		out.Write(scanner.Bytes())
-		out.Write([]byte("\n"))
-	}
-	_, err = fd.Seek(0, io.SeekStart)
-	if err != nil {
-		return err
-	}
-	err = fd.Truncate(0)
-	if err != nil {
-		return err
-	}
-	_, err = io.Copy(fd, bytes.NewReader(out.Bytes()))
-	if err != nil {
-		return err
-	}
-	return nil
-}

cmd/internal/read_tag/main.go

@@ -1,21 +0,0 @@
-package main
-
-import (
-	"os"
-
-	"github.com/sagernet/sing-box/cmd/internal/build_shared"
-	"github.com/sagernet/sing-box/log"
-)
-
-func main() {
-	currentTag, err := build_shared.ReadTag()
-	if err != nil {
-		log.Error(err)
-		_, err = os.Stdout.WriteString("unknown\n")
-	} else {
-		_, err = os.Stdout.WriteString(currentTag + "\n")
-	}
-	if err != nil {
-		log.Error(err)
-	}
-}

cmd/internal/update_android_version/main.go

@@ -1,64 +0,0 @@
-package main
-
-import (
-	"os"
-	"path/filepath"
-	"runtime"
-	"strconv"
-	"strings"
-
-	"github.com/sagernet/sing-box/cmd/internal/build_shared"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common"
-)
-
-func main() {
-	newVersion := common.Must1(build_shared.ReadTagVersion())
-	androidPath, err := filepath.Abs("../sing-box-for-android")
-	if err != nil {
-		log.Fatal(err)
-	}
-	common.Must(os.Chdir(androidPath))
-	localProps := common.Must1(os.ReadFile("version.properties"))
-	var propsList [][]string
-	for _, propLine := range strings.Split(string(localProps), "\n") {
-		propsList = append(propsList, strings.Split(propLine, "="))
-	}
-	var (
-		versionUpdated   bool
-		goVersionUpdated bool
-	)
-	for _, propPair := range propsList {
-		switch propPair[0] {
-		case "VERSION_NAME":
-			if propPair[1] != newVersion.String() {
-				versionUpdated = true
-				propPair[1] = newVersion.String()
-				log.Info("updated version to ", newVersion.String())
-			}
-		case "GO_VERSION":
-			if propPair[1] != runtime.Version() {
-				goVersionUpdated = true
-				propPair[1] = runtime.Version()
-				log.Info("updated Go version to ", runtime.Version())
-			}
-		}
-	}
-	if !(versionUpdated || goVersionUpdated) {
-		log.Info("version not changed")
-		return
-	}
-	for _, propPair := range propsList {
-		switch propPair[0] {
-		case "VERSION_CODE":
-			versionCode := common.Must1(strconv.ParseInt(propPair[1], 10, 64))
-			propPair[1] = strconv.Itoa(int(versionCode + 1))
-			log.Info("updated version code to ", propPair[1])
-		}
-	}
-	var newProps []string
-	for _, propPair := range propsList {
-		newProps = append(newProps, strings.Join(propPair, "="))
-	}
-	common.Must(os.WriteFile("version.properties", []byte(strings.Join(newProps, "\n")), 0o644))
-}

cmd/internal/update_apple_version/main.go

@@ -1,131 +0,0 @@
-package main
-
-import (
-	"os"
-	"path/filepath"
-	"regexp"
-	"strings"
-
-	"github.com/sagernet/sing-box/cmd/internal/build_shared"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common"
-
-	"howett.net/plist"
-)
-
-func main() {
-	newVersion := common.Must1(build_shared.ReadTagVersion())
-	applePath, err := filepath.Abs("../sing-box-for-apple")
-	if err != nil {
-		log.Fatal(err)
-	}
-	common.Must(os.Chdir(applePath))
-	projectFile := common.Must1(os.Open("sing-box.xcodeproj/project.pbxproj"))
-	var project map[string]any
-	decoder := plist.NewDecoder(projectFile)
-	common.Must(decoder.Decode(&project))
-	objectsMap := project["objects"].(map[string]any)
-	projectContent := string(common.Must1(os.ReadFile("sing-box.xcodeproj/project.pbxproj")))
-	newContent, updated0 := findAndReplace(objectsMap, projectContent, []string{"io.nekohasekai.sfavt"}, newVersion.VersionString())
-	newContent, updated1 := findAndReplace(objectsMap, newContent, []string{"io.nekohasekai.sfavt.standalone", "io.nekohasekai.sfavt.system"}, newVersion.String())
-	if updated0 || updated1 {
-		log.Info("updated version to ", newVersion.VersionString(), " (", newVersion.String(), ")")
-	}
-	var updated2 bool
-	if macProjectVersion := os.Getenv("MACOS_PROJECT_VERSION"); macProjectVersion != "" {
-		newContent, updated2 = findAndReplaceProjectVersion(objectsMap, newContent, []string{"SFM"}, macProjectVersion)
-		if updated2 {
-			log.Info("updated macos project version to ", macProjectVersion)
-		}
-	}
-	if updated0 || updated1 || updated2 {
-		common.Must(os.WriteFile("sing-box.xcodeproj/project.pbxproj", []byte(newContent), 0o644))
-	}
-}
-
-func findAndReplace(objectsMap map[string]any, projectContent string, bundleIDList []string, newVersion string) (string, bool) {
-	objectKeyList := findObjectKey(objectsMap, bundleIDList)
-	var updated bool
-	for _, objectKey := range objectKeyList {
-		matchRegexp := common.Must1(regexp.Compile(objectKey + ".*= \\{"))
-		indexes := matchRegexp.FindStringIndex(projectContent)
-		if len(indexes) < 2 {
-			println(projectContent)
-			log.Fatal("failed to find object key ", objectKey, ": ", strings.Index(projectContent, objectKey))
-		}
-		indexStart := indexes[1]
-		indexEnd := indexStart + strings.Index(projectContent[indexStart:], "}")
-		versionStart := indexStart + strings.Index(projectContent[indexStart:indexEnd], "MARKETING_VERSION = ") + 20
-		versionEnd := versionStart + strings.Index(projectContent[versionStart:indexEnd], ";")
-		version := projectContent[versionStart:versionEnd]
-		if version == newVersion {
-			continue
-		}
-		updated = true
-		projectContent = projectContent[:versionStart] + newVersion + projectContent[versionEnd:]
-	}
-	return projectContent, updated
-}
-
-func findAndReplaceProjectVersion(objectsMap map[string]any, projectContent string, directoryList []string, newVersion string) (string, bool) {
-	objectKeyList := findObjectKeyByDirectory(objectsMap, directoryList)
-	var updated bool
-	for _, objectKey := range objectKeyList {
-		matchRegexp := common.Must1(regexp.Compile(objectKey + ".*= \\{"))
-		indexes := matchRegexp.FindStringIndex(projectContent)
-		if len(indexes) < 2 {
-			println(projectContent)
-			log.Fatal("failed to find object key ", objectKey, ": ", strings.Index(projectContent, objectKey))
-		}
-		indexStart := indexes[1]
-		indexEnd := indexStart + strings.Index(projectContent[indexStart:], "}")
-		versionStart := indexStart + strings.Index(projectContent[indexStart:indexEnd], "CURRENT_PROJECT_VERSION = ") + 26
-		versionEnd := versionStart + strings.Index(projectContent[versionStart:indexEnd], ";")
-		version := projectContent[versionStart:versionEnd]
-		if version == newVersion {
-			continue
-		}
-		updated = true
-		projectContent = projectContent[:versionStart] + newVersion + projectContent[versionEnd:]
-	}
-	return projectContent, updated
-}
-
-func findObjectKey(objectsMap map[string]any, bundleIDList []string) []string {
-	var objectKeyList []string
-	for objectKey, object := range objectsMap {
-		buildSettings := object.(map[string]any)["buildSettings"]
-		if buildSettings == nil {
-			continue
-		}
-		bundleIDObject := buildSettings.(map[string]any)["PRODUCT_BUNDLE_IDENTIFIER"]
-		if bundleIDObject == nil {
-			continue
-		}
-		if common.Contains(bundleIDList, bundleIDObject.(string)) {
-			objectKeyList = append(objectKeyList, objectKey)
-		}
-	}
-	return objectKeyList
-}
-
-func findObjectKeyByDirectory(objectsMap map[string]any, directoryList []string) []string {
-	var objectKeyList []string
-	for objectKey, object := range objectsMap {
-		buildSettings := object.(map[string]any)["buildSettings"]
-		if buildSettings == nil {
-			continue
-		}
-		infoPListFile := buildSettings.(map[string]any)["INFOPLIST_FILE"]
-		if infoPListFile == nil {
-			continue
-		}
-		for _, searchDirectory := range directoryList {
-			if strings.HasPrefix(infoPListFile.(string), searchDirectory+"/") {
-				objectKeyList = append(objectKeyList, objectKey)
-			}
-		}
-
-	}
-	return objectKeyList
-}

cmd/sing-box/cmd.go

@@ -1,71 +0,0 @@
-package main
-
-import (
-	"context"
-	"os"
-	"os/user"
-	"strconv"
-	"time"
-
-	"github.com/sagernet/sing-box/experimental/deprecated"
-	_ "github.com/sagernet/sing-box/include"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/service"
-	"github.com/sagernet/sing/service/filemanager"
-
-	"github.com/spf13/cobra"
-)
-
-var (
-	globalCtx         context.Context
-	configPaths       []string
-	configDirectories []string
-	workingDir        string
-	disableColor      bool
-)
-
-var mainCommand = &cobra.Command{
-	Use:              "sing-box",
-	PersistentPreRun: preRun,
-}
-
-func init() {
-	mainCommand.PersistentFlags().StringArrayVarP(&configPaths, "config", "c", nil, "set configuration file path")
-	mainCommand.PersistentFlags().StringArrayVarP(&configDirectories, "config-directory", "C", nil, "set configuration directory path")
-	mainCommand.PersistentFlags().StringVarP(&workingDir, "directory", "D", "", "set working directory")
-	mainCommand.PersistentFlags().BoolVarP(&disableColor, "disable-color", "", false, "disable color output")
-}
-
-func preRun(cmd *cobra.Command, args []string) {
-	globalCtx = context.Background()
-	sudoUser := os.Getenv("SUDO_USER")
-	sudoUID, _ := strconv.Atoi(os.Getenv("SUDO_UID"))
-	sudoGID, _ := strconv.Atoi(os.Getenv("SUDO_GID"))
-	if sudoUID == 0 && sudoGID == 0 && sudoUser != "" {
-		sudoUserObject, _ := user.Lookup(sudoUser)
-		if sudoUserObject != nil {
-			sudoUID, _ = strconv.Atoi(sudoUserObject.Uid)
-			sudoGID, _ = strconv.Atoi(sudoUserObject.Gid)
-		}
-	}
-	if sudoUID > 0 && sudoGID > 0 {
-		globalCtx = filemanager.WithDefault(globalCtx, "", "", sudoUID, sudoGID)
-	}
-	if disableColor {
-		log.SetStdLogger(log.NewDefaultFactory(context.Background(), log.Formatter{BaseTime: time.Now(), DisableColors: true}, os.Stderr, "", nil, false).Logger())
-	}
-	if workingDir != "" {
-		_, err := os.Stat(workingDir)
-		if err != nil {
-			filemanager.MkdirAll(globalCtx, workingDir, 0o777)
-		}
-		err = os.Chdir(workingDir)
-		if err != nil {
-			log.Fatal(err)
-		}
-	}
-	if len(configPaths) == 0 && len(configDirectories) == 0 {
-		configPaths = append(configPaths, "config.json")
-	}
-	globalCtx = service.ContextWith(globalCtx, deprecated.NewStderrManager(log.StdLogger()))
-}

cmd/sing-box/cmd_check.go

@@ -2,9 +2,12 @@ package main
 
 import (
 	"context"
+	"os"
 
 	"github.com/sagernet/sing-box"
+	"github.com/sagernet/sing-box/common/json"
 	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing-box/option"
 
 	"github.com/spf13/cobra"
 )
@@ -12,32 +15,24 @@ import (
 var commandCheck = &cobra.Command{
 	Use:   "check",
 	Short: "Check configuration",
-	Run: func(cmd *cobra.Command, args []string) {
-		err := check()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-	Args: cobra.NoArgs,
+	Run:   checkConfiguration,
+	Args:  cobra.NoArgs,
 }
 
-func init() {
-	mainCommand.AddCommand(commandCheck)
-}
-
-func check() error {
-	options, err := readConfigAndMerge()
+func checkConfiguration(cmd *cobra.Command, args []string) {
+	configContent, err := os.ReadFile(configPath)
 	if err != nil {
-		return err
+		log.Fatal("read config: ", err)
 	}
-	ctx, cancel := context.WithCancel(globalCtx)
-	instance, err := box.New(box.Options{
-		Context: ctx,
-		Options: options,
-	})
-	if err == nil {
-		instance.Close()
+	var options option.Options
+	err = json.Unmarshal(configContent, &options)
+	if err != nil {
+		log.Fatal("decode config: ", err)
+	}
+	ctx, cancel := context.WithCancel(context.Background())
+	_, err = box.New(ctx, options)
+	if err != nil {
+		log.Fatal("create service: ", err)
 	}
 	cancel()
-	return err
 }

cmd/sing-box/cmd_format.go

@@ -5,10 +5,9 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/sagernet/sing-box/common/json"
 	"github.com/sagernet/sing-box/log"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/json"
-	"github.com/sagernet/sing/common/json/badjson"
+	"github.com/sagernet/sing-box/option"
 
 	"github.com/spf13/cobra"
 )
@@ -18,58 +17,47 @@ var commandFormatFlagWrite bool
 var commandFormat = &cobra.Command{
 	Use:   "format",
 	Short: "Format configuration",
-	Run: func(cmd *cobra.Command, args []string) {
-		err := format()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-	Args: cobra.NoArgs,
+	Run:   formatConfiguration,
+	Args:  cobra.NoArgs,
 }
 
 func init() {
 	commandFormat.Flags().BoolVarP(&commandFormatFlagWrite, "write", "w", false, "write result to (source) file instead of stdout")
-	mainCommand.AddCommand(commandFormat)
 }
 
-func format() error {
-	optionsList, err := readConfig()
+func formatConfiguration(cmd *cobra.Command, args []string) {
+	configContent, err := os.ReadFile(configPath)
 	if err != nil {
-		return err
+		log.Fatal("read config: ", err)
 	}
-	for _, optionsEntry := range optionsList {
-		optionsEntry.options, err = badjson.Omitempty(optionsEntry.options)
-		if err != nil {
-			return err
-		}
-		buffer := new(bytes.Buffer)
-		encoder := json.NewEncoder(buffer)
-		encoder.SetIndent("", "  ")
-		err = encoder.Encode(optionsEntry.options)
-		if err != nil {
-			return E.Cause(err, "encode config")
-		}
-		outputPath, _ := filepath.Abs(optionsEntry.path)
-		if !commandFormatFlagWrite {
-			if len(optionsList) > 1 {
-				os.Stdout.WriteString(outputPath + "\n")
-			}
-			os.Stdout.WriteString(buffer.String() + "\n")
-			continue
-		}
-		if bytes.Equal(optionsEntry.content, buffer.Bytes()) {
-			continue
-		}
-		output, err := os.Create(optionsEntry.path)
-		if err != nil {
-			return E.Cause(err, "open output")
-		}
-		_, err = output.Write(buffer.Bytes())
-		output.Close()
-		if err != nil {
-			return E.Cause(err, "write output")
-		}
-		os.Stderr.WriteString(outputPath + "\n")
+	var options option.Options
+	err = json.Unmarshal(configContent, &options)
+	if err != nil {
+		log.Fatal("decode config: ", err)
 	}
-	return nil
+	buffer := new(bytes.Buffer)
+	encoder := json.NewEncoder(buffer)
+	encoder.SetIndent("", "  ")
+	err = encoder.Encode(options)
+	if err != nil {
+		log.Fatal("encode config: ", err)
+	}
+	if !commandFormatFlagWrite {
+		os.Stdout.WriteString(buffer.String() + "\n")
+		return
+	}
+	if bytes.Equal(configContent, buffer.Bytes()) {
+		return
+	}
+	output, err := os.Create(configPath)
+	if err != nil {
+		log.Fatal("open output: ", err)
+	}
+	_, err = output.Write(buffer.Bytes())
+	output.Close()
+	if err != nil {
+		log.Fatal("write output: ", err)
+	}
+	outputPath, _ := filepath.Abs(configPath)
+	os.Stderr.WriteString(outputPath + "\n")
 }

cmd/sing-box/cmd_generate.go

@@ -1,92 +0,0 @@
-package main
-
-import (
-	"crypto/rand"
-	"encoding/base64"
-	"encoding/hex"
-	"os"
-	"strconv"
-
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/gofrs/uuid/v5"
-	"github.com/spf13/cobra"
-)
-
-var commandGenerate = &cobra.Command{
-	Use:   "generate",
-	Short: "Generate things",
-}
-
-func init() {
-	commandGenerate.AddCommand(commandGenerateUUID)
-	commandGenerate.AddCommand(commandGenerateRandom)
-
-	mainCommand.AddCommand(commandGenerate)
-}
-
-var (
-	outputBase64 bool
-	outputHex    bool
-)
-
-var commandGenerateRandom = &cobra.Command{
-	Use:   "rand <length>",
-	Short: "Generate random bytes",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateRandom(args)
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGenerateRandom.Flags().BoolVar(&outputBase64, "base64", false, "Generate base64 string")
-	commandGenerateRandom.Flags().BoolVar(&outputHex, "hex", false, "Generate hex string")
-}
-
-func generateRandom(args []string) error {
-	length, err := strconv.Atoi(args[0])
-	if err != nil {
-		return err
-	}
-
-	randomBytes := make([]byte, length)
-	_, err = rand.Read(randomBytes)
-	if err != nil {
-		return err
-	}
-
-	if outputBase64 {
-		_, err = os.Stdout.WriteString(base64.StdEncoding.EncodeToString(randomBytes) + "\n")
-	} else if outputHex {
-		_, err = os.Stdout.WriteString(hex.EncodeToString(randomBytes) + "\n")
-	} else {
-		_, err = os.Stdout.Write(randomBytes)
-	}
-
-	return err
-}
-
-var commandGenerateUUID = &cobra.Command{
-	Use:   "uuid",
-	Short: "Generate UUID string",
-	Args:  cobra.NoArgs,
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateUUID()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func generateUUID() error {
-	newUUID, err := uuid.NewV4()
-	if err != nil {
-		return err
-	}
-	_, err = os.Stdout.WriteString(newUUID.String() + "\n")
-	return err
-}

cmd/sing-box/cmd_generate_ech.go

@@ -1,39 +0,0 @@
-package main
-
-import (
-	"os"
-
-	"github.com/sagernet/sing-box/common/tls"
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/spf13/cobra"
-)
-
-var pqSignatureSchemesEnabled bool
-
-var commandGenerateECHKeyPair = &cobra.Command{
-	Use:   "ech-keypair <plain_server_name>",
-	Short: "Generate TLS ECH key pair",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateECHKeyPair(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGenerateECHKeyPair.Flags().BoolVar(&pqSignatureSchemesEnabled, "pq-signature-schemes-enabled", false, "Enable PQ signature schemes")
-	commandGenerate.AddCommand(commandGenerateECHKeyPair)
-}
-
-func generateECHKeyPair(serverName string) error {
-	configPem, keyPem, err := tls.ECHKeygenDefault(serverName, pqSignatureSchemesEnabled)
-	if err != nil {
-		return err
-	}
-	os.Stdout.WriteString(configPem)
-	os.Stdout.WriteString(keyPem)
-	return nil
-}

cmd/sing-box/cmd_generate_tls.go

@@ -1,40 +0,0 @@
-package main
-
-import (
-	"os"
-	"time"
-
-	"github.com/sagernet/sing-box/common/tls"
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/spf13/cobra"
-)
-
-var flagGenerateTLSKeyPairMonths int
-
-var commandGenerateTLSKeyPair = &cobra.Command{
-	Use:   "tls-keypair <server_name>",
-	Short: "Generate TLS self sign key pair",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateTLSKeyPair(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGenerateTLSKeyPair.Flags().IntVarP(&flagGenerateTLSKeyPairMonths, "months", "m", 1, "Valid months")
-	commandGenerate.AddCommand(commandGenerateTLSKeyPair)
-}
-
-func generateTLSKeyPair(serverName string) error {
-	privateKeyPem, publicKeyPem, err := tls.GenerateKeyPair(time.Now, serverName, time.Now().AddDate(0, flagGenerateTLSKeyPairMonths, 0))
-	if err != nil {
-		return err
-	}
-	os.Stdout.WriteString(string(privateKeyPem) + "\n")
-	os.Stdout.WriteString(string(publicKeyPem) + "\n")
-	return nil
-}

cmd/sing-box/cmd_generate_vapid.go

@@ -1,40 +0,0 @@
-//go:build go1.20
-
-package main
-
-import (
-	"crypto/ecdh"
-	"crypto/rand"
-	"encoding/base64"
-	"os"
-
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/spf13/cobra"
-)
-
-var commandGenerateVAPIDKeyPair = &cobra.Command{
-	Use:   "vapid-keypair",
-	Short: "Generate VAPID key pair",
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateVAPIDKeyPair()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGenerate.AddCommand(commandGenerateVAPIDKeyPair)
-}
-
-func generateVAPIDKeyPair() error {
-	privateKey, err := ecdh.P256().GenerateKey(rand.Reader)
-	if err != nil {
-		return err
-	}
-	publicKey := privateKey.PublicKey()
-	os.Stdout.WriteString("PrivateKey: " + base64.RawURLEncoding.EncodeToString(privateKey.Bytes()) + "\n")
-	os.Stdout.WriteString("PublicKey: " + base64.RawURLEncoding.EncodeToString(publicKey.Bytes()) + "\n")
-	return nil
-}

cmd/sing-box/cmd_generate_wireguard.go

@@ -1,61 +0,0 @@
-package main
-
-import (
-	"encoding/base64"
-	"os"
-
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/spf13/cobra"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-func init() {
-	commandGenerate.AddCommand(commandGenerateWireGuardKeyPair)
-	commandGenerate.AddCommand(commandGenerateRealityKeyPair)
-}
-
-var commandGenerateWireGuardKeyPair = &cobra.Command{
-	Use:   "wg-keypair",
-	Short: "Generate WireGuard key pair",
-	Args:  cobra.NoArgs,
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateWireGuardKey()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func generateWireGuardKey() error {
-	privateKey, err := wgtypes.GeneratePrivateKey()
-	if err != nil {
-		return err
-	}
-	os.Stdout.WriteString("PrivateKey: " + privateKey.String() + "\n")
-	os.Stdout.WriteString("PublicKey: " + privateKey.PublicKey().String() + "\n")
-	return nil
-}
-
-var commandGenerateRealityKeyPair = &cobra.Command{
-	Use:   "reality-keypair",
-	Short: "Generate reality key pair",
-	Args:  cobra.NoArgs,
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateRealityKey()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func generateRealityKey() error {
-	privateKey, err := wgtypes.GeneratePrivateKey()
-	if err != nil {
-		return err
-	}
-	publicKey := privateKey.PublicKey()
-	os.Stdout.WriteString("PrivateKey: " + base64.RawURLEncoding.EncodeToString(privateKey[:]) + "\n")
-	os.Stdout.WriteString("PublicKey: " + base64.RawURLEncoding.EncodeToString(publicKey[:]) + "\n")
-	return nil
-}

cmd/sing-box/cmd_geoip.go

@@ -1,43 +0,0 @@
-package main
-
-import (
-	"github.com/sagernet/sing-box/log"
-	E "github.com/sagernet/sing/common/exceptions"
-
-	"github.com/oschwald/maxminddb-golang"
-	"github.com/spf13/cobra"
-)
-
-var (
-	geoipReader          *maxminddb.Reader
-	commandGeoIPFlagFile string
-)
-
-var commandGeoip = &cobra.Command{
-	Use:   "geoip",
-	Short: "GeoIP tools",
-	PersistentPreRun: func(cmd *cobra.Command, args []string) {
-		err := geoipPreRun()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGeoip.PersistentFlags().StringVarP(&commandGeoIPFlagFile, "file", "f", "geoip.db", "geoip file")
-	mainCommand.AddCommand(commandGeoip)
-}
-
-func geoipPreRun() error {
-	reader, err := maxminddb.Open(commandGeoIPFlagFile)
-	if err != nil {
-		return err
-	}
-	if reader.Metadata.DatabaseType != "sing-geoip" {
-		reader.Close()
-		return E.New("incorrect database type, expected sing-geoip, got ", reader.Metadata.DatabaseType)
-	}
-	geoipReader = reader
-	return nil
-}

cmd/sing-box/cmd_geoip_export.go

@@ -1,98 +0,0 @@
-package main
-
-import (
-	"io"
-	"net"
-	"os"
-	"strings"
-
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/json"
-
-	"github.com/oschwald/maxminddb-golang"
-	"github.com/spf13/cobra"
-)
-
-var flagGeoipExportOutput string
-
-const flagGeoipExportDefaultOutput = "geoip-<country>.srs"
-
-var commandGeoipExport = &cobra.Command{
-	Use:   "export <country>",
-	Short: "Export geoip country as rule-set",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := geoipExport(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGeoipExport.Flags().StringVarP(&flagGeoipExportOutput, "output", "o", flagGeoipExportDefaultOutput, "Output path")
-	commandGeoip.AddCommand(commandGeoipExport)
-}
-
-func geoipExport(countryCode string) error {
-	networks := geoipReader.Networks(maxminddb.SkipAliasedNetworks)
-	countryMap := make(map[string][]*net.IPNet)
-	var (
-		ipNet           *net.IPNet
-		nextCountryCode string
-		err             error
-	)
-	for networks.Next() {
-		ipNet, err = networks.Network(&nextCountryCode)
-		if err != nil {
-			return err
-		}
-		countryMap[nextCountryCode] = append(countryMap[nextCountryCode], ipNet)
-	}
-	ipNets := countryMap[strings.ToLower(countryCode)]
-	if len(ipNets) == 0 {
-		return E.New("country code not found: ", countryCode)
-	}
-
-	var (
-		outputFile   *os.File
-		outputWriter io.Writer
-	)
-	if flagGeoipExportOutput == "stdout" {
-		outputWriter = os.Stdout
-	} else if flagGeoipExportOutput == flagGeoipExportDefaultOutput {
-		outputFile, err = os.Create("geoip-" + countryCode + ".json")
-		if err != nil {
-			return err
-		}
-		defer outputFile.Close()
-		outputWriter = outputFile
-	} else {
-		outputFile, err = os.Create(flagGeoipExportOutput)
-		if err != nil {
-			return err
-		}
-		defer outputFile.Close()
-		outputWriter = outputFile
-	}
-
-	encoder := json.NewEncoder(outputWriter)
-	encoder.SetIndent("", "  ")
-	var headlessRule option.DefaultHeadlessRule
-	headlessRule.IPCIDR = make([]string, 0, len(ipNets))
-	for _, cidr := range ipNets {
-		headlessRule.IPCIDR = append(headlessRule.IPCIDR, cidr.String())
-	}
-	var plainRuleSet option.PlainRuleSetCompat
-	plainRuleSet.Version = C.RuleSetVersion2
-	plainRuleSet.Options.Rules = []option.HeadlessRule{
-		{
-			Type:           C.RuleTypeDefault,
-			DefaultOptions: headlessRule,
-		},
-	}
-	return encoder.Encode(plainRuleSet)
-}

cmd/sing-box/cmd_geoip_list.go

@@ -1,31 +0,0 @@
-package main
-
-import (
-	"os"
-
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/spf13/cobra"
-)
-
-var commandGeoipList = &cobra.Command{
-	Use:   "list",
-	Short: "List geoip country codes",
-	Run: func(cmd *cobra.Command, args []string) {
-		err := listGeoip()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGeoip.AddCommand(commandGeoipList)
-}
-
-func listGeoip() error {
-	for _, code := range geoipReader.Metadata.Languages {
-		os.Stdout.WriteString(code + "\n")
-	}
-	return nil
-}

cmd/sing-box/cmd_geoip_lookup.go

@@ -1,47 +0,0 @@
-package main
-
-import (
-	"net/netip"
-	"os"
-
-	"github.com/sagernet/sing-box/log"
-	E "github.com/sagernet/sing/common/exceptions"
-	N "github.com/sagernet/sing/common/network"
-
-	"github.com/spf13/cobra"
-)
-
-var commandGeoipLookup = &cobra.Command{
-	Use:   "lookup <address>",
-	Short: "Lookup if an IP address is contained in the GeoIP database",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := geoipLookup(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGeoip.AddCommand(commandGeoipLookup)
-}
-
-func geoipLookup(address string) error {
-	addr, err := netip.ParseAddr(address)
-	if err != nil {
-		return E.Cause(err, "parse address")
-	}
-	if !N.IsPublicAddr(addr) {
-		os.Stdout.WriteString("private\n")
-		return nil
-	}
-	var code string
-	_ = geoipReader.Lookup(addr.AsSlice(), &code)
-	if code != "" {
-		os.Stdout.WriteString(code + "\n")
-		return nil
-	}
-	os.Stdout.WriteString("unknown\n")
-	return nil
-}

cmd/sing-box/cmd_geosite.go

@@ -1,41 +0,0 @@
-package main
-
-import (
-	"github.com/sagernet/sing-box/common/geosite"
-	"github.com/sagernet/sing-box/log"
-	E "github.com/sagernet/sing/common/exceptions"
-
-	"github.com/spf13/cobra"
-)
-
-var (
-	commandGeoSiteFlagFile string
-	geositeReader          *geosite.Reader
-	geositeCodeList        []string
-)
-
-var commandGeoSite = &cobra.Command{
-	Use:   "geosite",
-	Short: "Geosite tools",
-	PersistentPreRun: func(cmd *cobra.Command, args []string) {
-		err := geositePreRun()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGeoSite.PersistentFlags().StringVarP(&commandGeoSiteFlagFile, "file", "f", "geosite.db", "geosite file")
-	mainCommand.AddCommand(commandGeoSite)
-}
-
-func geositePreRun() error {
-	reader, codeList, err := geosite.Open(commandGeoSiteFlagFile)
-	if err != nil {
-		return E.Cause(err, "open geosite file")
-	}
-	geositeReader = reader
-	geositeCodeList = codeList
-	return nil
-}

cmd/sing-box/cmd_geosite_export.go

@@ -1,81 +0,0 @@
-package main
-
-import (
-	"io"
-	"os"
-
-	"github.com/sagernet/sing-box/common/geosite"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing/common/json"
-
-	"github.com/spf13/cobra"
-)
-
-var commandGeositeExportOutput string
-
-const commandGeositeExportDefaultOutput = "geosite-<category>.json"
-
-var commandGeositeExport = &cobra.Command{
-	Use:   "export <category>",
-	Short: "Export geosite category as rule-set",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := geositeExport(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGeositeExport.Flags().StringVarP(&commandGeositeExportOutput, "output", "o", commandGeositeExportDefaultOutput, "Output path")
-	commandGeoSite.AddCommand(commandGeositeExport)
-}
-
-func geositeExport(category string) error {
-	sourceSet, err := geositeReader.Read(category)
-	if err != nil {
-		return err
-	}
-	var (
-		outputFile   *os.File
-		outputWriter io.Writer
-	)
-	if commandGeositeExportOutput == "stdout" {
-		outputWriter = os.Stdout
-	} else if commandGeositeExportOutput == commandGeositeExportDefaultOutput {
-		outputFile, err = os.Create("geosite-" + category + ".json")
-		if err != nil {
-			return err
-		}
-		defer outputFile.Close()
-		outputWriter = outputFile
-	} else {
-		outputFile, err = os.Create(commandGeositeExportOutput)
-		if err != nil {
-			return err
-		}
-		defer outputFile.Close()
-		outputWriter = outputFile
-	}
-
-	encoder := json.NewEncoder(outputWriter)
-	encoder.SetIndent("", "  ")
-	var headlessRule option.DefaultHeadlessRule
-	defaultRule := geosite.Compile(sourceSet)
-	headlessRule.Domain = defaultRule.Domain
-	headlessRule.DomainSuffix = defaultRule.DomainSuffix
-	headlessRule.DomainKeyword = defaultRule.DomainKeyword
-	headlessRule.DomainRegex = defaultRule.DomainRegex
-	var plainRuleSet option.PlainRuleSetCompat
-	plainRuleSet.Version = C.RuleSetVersion2
-	plainRuleSet.Options.Rules = []option.HeadlessRule{
-		{
-			Type:           C.RuleTypeDefault,
-			DefaultOptions: headlessRule,
-		},
-	}
-	return encoder.Encode(plainRuleSet)
-}

cmd/sing-box/cmd_geosite_list.go

@@ -1,50 +0,0 @@
-package main
-
-import (
-	"os"
-	"sort"
-
-	"github.com/sagernet/sing-box/log"
-	F "github.com/sagernet/sing/common/format"
-
-	"github.com/spf13/cobra"
-)
-
-var commandGeositeList = &cobra.Command{
-	Use:   "list <category>",
-	Short: "List geosite categories",
-	Run: func(cmd *cobra.Command, args []string) {
-		err := geositeList()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGeoSite.AddCommand(commandGeositeList)
-}
-
-func geositeList() error {
-	var geositeEntry []struct {
-		category string
-		items    int
-	}
-	for _, category := range geositeCodeList {
-		sourceSet, err := geositeReader.Read(category)
-		if err != nil {
-			return err
-		}
-		geositeEntry = append(geositeEntry, struct {
-			category string
-			items    int
-		}{category, len(sourceSet)})
-	}
-	sort.SliceStable(geositeEntry, func(i, j int) bool {
-		return geositeEntry[i].items < geositeEntry[j].items
-	})
-	for _, entry := range geositeEntry {
-		os.Stdout.WriteString(F.ToString(entry.category, " (", entry.items, ")\n"))
-	}
-	return nil
-}

cmd/sing-box/cmd_geosite_lookup.go

@@ -1,97 +0,0 @@
-package main
-
-import (
-	"os"
-	"sort"
-
-	"github.com/sagernet/sing-box/log"
-	E "github.com/sagernet/sing/common/exceptions"
-
-	"github.com/spf13/cobra"
-)
-
-var commandGeositeLookup = &cobra.Command{
-	Use:   "lookup [category] <domain>",
-	Short: "Check if a domain is in the geosite",
-	Args:  cobra.RangeArgs(1, 2),
-	Run: func(cmd *cobra.Command, args []string) {
-		var (
-			source string
-			target string
-		)
-		switch len(args) {
-		case 1:
-			target = args[0]
-		case 2:
-			source = args[0]
-			target = args[1]
-		}
-		err := geositeLookup(source, target)
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGeoSite.AddCommand(commandGeositeLookup)
-}
-
-func geositeLookup(source string, target string) error {
-	var sourceMatcherList []struct {
-		code    string
-		matcher *searchGeositeMatcher
-	}
-	if source != "" {
-		sourceSet, err := geositeReader.Read(source)
-		if err != nil {
-			return err
-		}
-		sourceMatcher, err := newSearchGeositeMatcher(sourceSet)
-		if err != nil {
-			return E.Cause(err, "compile code: "+source)
-		}
-		sourceMatcherList = []struct {
-			code    string
-			matcher *searchGeositeMatcher
-		}{
-			{
-				code:    source,
-				matcher: sourceMatcher,
-			},
-		}
-
-	} else {
-		for _, code := range geositeCodeList {
-			sourceSet, err := geositeReader.Read(code)
-			if err != nil {
-				return err
-			}
-			sourceMatcher, err := newSearchGeositeMatcher(sourceSet)
-			if err != nil {
-				return E.Cause(err, "compile code: "+code)
-			}
-			sourceMatcherList = append(sourceMatcherList, struct {
-				code    string
-				matcher *searchGeositeMatcher
-			}{
-				code:    code,
-				matcher: sourceMatcher,
-			})
-		}
-	}
-	sort.SliceStable(sourceMatcherList, func(i, j int) bool {
-		return sourceMatcherList[i].code < sourceMatcherList[j].code
-	})
-
-	for _, matcherItem := range sourceMatcherList {
-		if matchRule := matcherItem.matcher.Match(target); matchRule != "" {
-			os.Stdout.WriteString("Match code (")
-			os.Stdout.WriteString(matcherItem.code)
-			os.Stdout.WriteString(") ")
-			os.Stdout.WriteString(matchRule)
-			os.Stdout.WriteString("\n")
-		}
-	}
-	return nil
-}

cmd/sing-box/cmd_geosite_matcher.go

@@ -1,56 +0,0 @@
-package main
-
-import (
-	"regexp"
-	"strings"
-
-	"github.com/sagernet/sing-box/common/geosite"
-)
-
-type searchGeositeMatcher struct {
-	domainMap   map[string]bool
-	suffixList  []string
-	keywordList []string
-	regexList   []string
-}
-
-func newSearchGeositeMatcher(items []geosite.Item) (*searchGeositeMatcher, error) {
-	options := geosite.Compile(items)
-	domainMap := make(map[string]bool)
-	for _, domain := range options.Domain {
-		domainMap[domain] = true
-	}
-	rule := &searchGeositeMatcher{
-		domainMap:   domainMap,
-		suffixList:  options.DomainSuffix,
-		keywordList: options.DomainKeyword,
-		regexList:   options.DomainRegex,
-	}
-	return rule, nil
-}
-
-func (r *searchGeositeMatcher) Match(domain string) string {
-	if r.domainMap[domain] {
-		return "domain=" + domain
-	}
-	for _, suffix := range r.suffixList {
-		if strings.HasSuffix(domain, suffix) {
-			return "domain_suffix=" + suffix
-		}
-	}
-	for _, keyword := range r.keywordList {
-		if strings.Contains(domain, keyword) {
-			return "domain_keyword=" + keyword
-		}
-	}
-	for _, regexStr := range r.regexList {
-		regex, err := regexp.Compile(regexStr)
-		if err != nil {
-			continue
-		}
-		if regex.MatchString(domain) {
-			return "domain_regex=" + regexStr
-		}
-	}
-	return ""
-}

cmd/sing-box/cmd_merge.go

@@ -1,154 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"os"
-	"path/filepath"
-	"strings"
-
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing/common"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/json"
-	"github.com/sagernet/sing/common/rw"
-
-	"github.com/spf13/cobra"
-)
-
-var commandMerge = &cobra.Command{
-	Use:   "merge <output>",
-	Short: "Merge configurations",
-	Run: func(cmd *cobra.Command, args []string) {
-		err := merge(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-	Args: cobra.ExactArgs(1),
-}
-
-func init() {
-	mainCommand.AddCommand(commandMerge)
-}
-
-func merge(outputPath string) error {
-	mergedOptions, err := readConfigAndMerge()
-	if err != nil {
-		return err
-	}
-	err = mergePathResources(&mergedOptions)
-	if err != nil {
-		return err
-	}
-	buffer := new(bytes.Buffer)
-	encoder := json.NewEncoder(buffer)
-	encoder.SetIndent("", "  ")
-	err = encoder.Encode(mergedOptions)
-	if err != nil {
-		return E.Cause(err, "encode config")
-	}
-	if existsContent, err := os.ReadFile(outputPath); err != nil {
-		if string(existsContent) == buffer.String() {
-			return nil
-		}
-	}
-	err = rw.MkdirParent(outputPath)
-	if err != nil {
-		return err
-	}
-	err = os.WriteFile(outputPath, buffer.Bytes(), 0o644)
-	if err != nil {
-		return err
-	}
-	outputPath, _ = filepath.Abs(outputPath)
-	os.Stderr.WriteString(outputPath + "\n")
-	return nil
-}
-
-func mergePathResources(options *option.Options) error {
-	for index, inbound := range options.Inbounds {
-		rawOptions, err := inbound.RawOptions()
-		if err != nil {
-			return err
-		}
-		if tlsOptions, containsTLSOptions := rawOptions.(option.InboundTLSOptionsWrapper); containsTLSOptions {
-			tlsOptions.ReplaceInboundTLSOptions(mergeTLSInboundOptions(tlsOptions.TakeInboundTLSOptions()))
-		}
-		options.Inbounds[index] = inbound
-	}
-	for index, outbound := range options.Outbounds {
-		rawOptions, err := outbound.RawOptions()
-		if err != nil {
-			return err
-		}
-		switch outbound.Type {
-		case C.TypeSSH:
-			outbound.SSHOptions = mergeSSHOutboundOptions(outbound.SSHOptions)
-		}
-		if tlsOptions, containsTLSOptions := rawOptions.(option.OutboundTLSOptionsWrapper); containsTLSOptions {
-			tlsOptions.ReplaceOutboundTLSOptions(mergeTLSOutboundOptions(tlsOptions.TakeOutboundTLSOptions()))
-		}
-		options.Outbounds[index] = outbound
-	}
-	return nil
-}
-
-func mergeTLSInboundOptions(options *option.InboundTLSOptions) *option.InboundTLSOptions {
-	if options == nil {
-		return nil
-	}
-	if options.CertificatePath != "" {
-		if content, err := os.ReadFile(options.CertificatePath); err == nil {
-			options.Certificate = trimStringArray(strings.Split(string(content), "\n"))
-		}
-	}
-	if options.KeyPath != "" {
-		if content, err := os.ReadFile(options.KeyPath); err == nil {
-			options.Key = trimStringArray(strings.Split(string(content), "\n"))
-		}
-	}
-	if options.ECH != nil {
-		if options.ECH.KeyPath != "" {
-			if content, err := os.ReadFile(options.ECH.KeyPath); err == nil {
-				options.ECH.Key = trimStringArray(strings.Split(string(content), "\n"))
-			}
-		}
-	}
-	return options
-}
-
-func mergeTLSOutboundOptions(options *option.OutboundTLSOptions) *option.OutboundTLSOptions {
-	if options == nil {
-		return nil
-	}
-	if options.CertificatePath != "" {
-		if content, err := os.ReadFile(options.CertificatePath); err == nil {
-			options.Certificate = trimStringArray(strings.Split(string(content), "\n"))
-		}
-	}
-	if options.ECH != nil {
-		if options.ECH.ConfigPath != "" {
-			if content, err := os.ReadFile(options.ECH.ConfigPath); err == nil {
-				options.ECH.Config = trimStringArray(strings.Split(string(content), "\n"))
-			}
-		}
-	}
-	return options
-}
-
-func mergeSSHOutboundOptions(options option.SSHOutboundOptions) option.SSHOutboundOptions {
-	if options.PrivateKeyPath != "" {
-		if content, err := os.ReadFile(os.ExpandEnv(options.PrivateKeyPath)); err == nil {
-			options.PrivateKey = trimStringArray(strings.Split(string(content), "\n"))
-		}
-	}
-	return options
-}
-
-func trimStringArray(array []string) []string {
-	return common.Filter(array, func(it string) bool {
-		return strings.TrimSpace(it) != ""
-	})
-}

cmd/sing-box/cmd_rule_set.go

@@ -1,14 +0,0 @@
-package main
-
-import (
-	"github.com/spf13/cobra"
-)
-
-var commandRuleSet = &cobra.Command{
-	Use:   "rule-set",
-	Short: "Manage rule-sets",
-}
-
-func init() {
-	mainCommand.AddCommand(commandRuleSet)
-}

cmd/sing-box/cmd_rule_set_compile.go

@@ -1,80 +0,0 @@
-package main
-
-import (
-	"io"
-	"os"
-	"strings"
-
-	"github.com/sagernet/sing-box/common/srs"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing/common/json"
-
-	"github.com/spf13/cobra"
-)
-
-var flagRuleSetCompileOutput string
-
-const flagRuleSetCompileDefaultOutput = "<file_name>.srs"
-
-var commandRuleSetCompile = &cobra.Command{
-	Use:   "compile [source-path]",
-	Short: "Compile rule-set json to binary",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := compileRuleSet(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandRuleSet.AddCommand(commandRuleSetCompile)
-	commandRuleSetCompile.Flags().StringVarP(&flagRuleSetCompileOutput, "output", "o", flagRuleSetCompileDefaultOutput, "Output file")
-}
-
-func compileRuleSet(sourcePath string) error {
-	var (
-		reader io.Reader
-		err    error
-	)
-	if sourcePath == "stdin" {
-		reader = os.Stdin
-	} else {
-		reader, err = os.Open(sourcePath)
-		if err != nil {
-			return err
-		}
-	}
-	content, err := io.ReadAll(reader)
-	if err != nil {
-		return err
-	}
-	plainRuleSet, err := json.UnmarshalExtended[option.PlainRuleSetCompat](content)
-	if err != nil {
-		return err
-	}
-	var outputPath string
-	if flagRuleSetCompileOutput == flagRuleSetCompileDefaultOutput {
-		if strings.HasSuffix(sourcePath, ".json") {
-			outputPath = sourcePath[:len(sourcePath)-5] + ".srs"
-		} else {
-			outputPath = sourcePath + ".srs"
-		}
-	} else {
-		outputPath = flagRuleSetCompileOutput
-	}
-	outputFile, err := os.Create(outputPath)
-	if err != nil {
-		return err
-	}
-	err = srs.Write(outputFile, plainRuleSet.Options, plainRuleSet.Version)
-	if err != nil {
-		outputFile.Close()
-		os.Remove(outputPath)
-		return err
-	}
-	outputFile.Close()
-	return nil
-}

cmd/sing-box/cmd_rule_set_convert.go

@@ -1,89 +0,0 @@
-package main
-
-import (
-	"io"
-	"os"
-	"strings"
-
-	"github.com/sagernet/sing-box/cmd/sing-box/internal/convertor/adguard"
-	"github.com/sagernet/sing-box/common/srs"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	E "github.com/sagernet/sing/common/exceptions"
-
-	"github.com/spf13/cobra"
-)
-
-var (
-	flagRuleSetConvertType   string
-	flagRuleSetConvertOutput string
-)
-
-var commandRuleSetConvert = &cobra.Command{
-	Use:   "convert [source-path]",
-	Short: "Convert adguard DNS filter to rule-set",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := convertRuleSet(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandRuleSet.AddCommand(commandRuleSetConvert)
-	commandRuleSetConvert.Flags().StringVarP(&flagRuleSetConvertType, "type", "t", "", "Source type, available: adguard")
-	commandRuleSetConvert.Flags().StringVarP(&flagRuleSetConvertOutput, "output", "o", flagRuleSetCompileDefaultOutput, "Output file")
-}
-
-func convertRuleSet(sourcePath string) error {
-	var (
-		reader io.Reader
-		err    error
-	)
-	if sourcePath == "stdin" {
-		reader = os.Stdin
-	} else {
-		reader, err = os.Open(sourcePath)
-		if err != nil {
-			return err
-		}
-	}
-	var rules []option.HeadlessRule
-	switch flagRuleSetConvertType {
-	case "adguard":
-		rules, err = adguard.Convert(reader)
-	case "":
-		return E.New("source type is required")
-	default:
-		return E.New("unsupported source type: ", flagRuleSetConvertType)
-	}
-	if err != nil {
-		return err
-	}
-	var outputPath string
-	if flagRuleSetConvertOutput == flagRuleSetCompileDefaultOutput {
-		if strings.HasSuffix(sourcePath, ".txt") {
-			outputPath = sourcePath[:len(sourcePath)-4] + ".srs"
-		} else {
-			outputPath = sourcePath + ".srs"
-		}
-	} else {
-		outputPath = flagRuleSetConvertOutput
-	}
-	outputFile, err := os.Create(outputPath)
-	if err != nil {
-		return err
-	}
-	defer outputFile.Close()
-	err = srs.Write(outputFile, option.PlainRuleSet{Rules: rules}, C.RuleSetVersion2)
-	if err != nil {
-		outputFile.Close()
-		os.Remove(outputPath)
-		return err
-	}
-	outputFile.Close()
-	return nil
-}

cmd/sing-box/cmd_rule_set_decompile.go

@@ -1,77 +0,0 @@
-package main
-
-import (
-	"io"
-	"os"
-	"strings"
-
-	"github.com/sagernet/sing-box/common/srs"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common/json"
-
-	"github.com/spf13/cobra"
-)
-
-var flagRuleSetDecompileOutput string
-
-const flagRuleSetDecompileDefaultOutput = "<file_name>.json"
-
-var commandRuleSetDecompile = &cobra.Command{
-	Use:   "decompile [binary-path]",
-	Short: "Decompile rule-set binary to json",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := decompileRuleSet(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandRuleSet.AddCommand(commandRuleSetDecompile)
-	commandRuleSetDecompile.Flags().StringVarP(&flagRuleSetDecompileOutput, "output", "o", flagRuleSetDecompileDefaultOutput, "Output file")
-}
-
-func decompileRuleSet(sourcePath string) error {
-	var (
-		reader io.Reader
-		err    error
-	)
-	if sourcePath == "stdin" {
-		reader = os.Stdin
-	} else {
-		reader, err = os.Open(sourcePath)
-		if err != nil {
-			return err
-		}
-	}
-	ruleSet, err := srs.Read(reader, true)
-	if err != nil {
-		return err
-	}
-	var outputPath string
-	if flagRuleSetDecompileOutput == flagRuleSetDecompileDefaultOutput {
-		if strings.HasSuffix(sourcePath, ".srs") {
-			outputPath = sourcePath[:len(sourcePath)-4] + ".json"
-		} else {
-			outputPath = sourcePath + ".json"
-		}
-	} else {
-		outputPath = flagRuleSetDecompileOutput
-	}
-	outputFile, err := os.Create(outputPath)
-	if err != nil {
-		return err
-	}
-	encoder := json.NewEncoder(outputFile)
-	encoder.SetIndent("", "  ")
-	err = encoder.Encode(ruleSet)
-	if err != nil {
-		outputFile.Close()
-		os.Remove(outputPath)
-		return err
-	}
-	outputFile.Close()
-	return nil
-}

cmd/sing-box/cmd_rule_set_format.go

@@ -1,83 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"io"
-	"os"
-	"path/filepath"
-
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/json"
-
-	"github.com/spf13/cobra"
-)
-
-var commandRuleSetFormatFlagWrite bool
-
-var commandRuleSetFormat = &cobra.Command{
-	Use:   "format <source-path>",
-	Short: "Format rule-set json",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := formatRuleSet(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandRuleSetFormat.Flags().BoolVarP(&commandRuleSetFormatFlagWrite, "write", "w", false, "write result to (source) file instead of stdout")
-	commandRuleSet.AddCommand(commandRuleSetFormat)
-}
-
-func formatRuleSet(sourcePath string) error {
-	var (
-		reader io.Reader
-		err    error
-	)
-	if sourcePath == "stdin" {
-		reader = os.Stdin
-	} else {
-		reader, err = os.Open(sourcePath)
-		if err != nil {
-			return err
-		}
-	}
-	content, err := io.ReadAll(reader)
-	if err != nil {
-		return err
-	}
-	plainRuleSet, err := json.UnmarshalExtended[option.PlainRuleSetCompat](content)
-	if err != nil {
-		return err
-	}
-	buffer := new(bytes.Buffer)
-	encoder := json.NewEncoder(buffer)
-	encoder.SetIndent("", "  ")
-	err = encoder.Encode(plainRuleSet)
-	if err != nil {
-		return E.Cause(err, "encode config")
-	}
-	outputPath, _ := filepath.Abs(sourcePath)
-	if !commandRuleSetFormatFlagWrite || sourcePath == "stdin" {
-		os.Stdout.WriteString(buffer.String() + "\n")
-		return nil
-	}
-	if bytes.Equal(content, buffer.Bytes()) {
-		return nil
-	}
-	output, err := os.Create(sourcePath)
-	if err != nil {
-		return E.Cause(err, "open output")
-	}
-	_, err = output.Write(buffer.Bytes())
-	output.Close()
-	if err != nil {
-		return E.Cause(err, "write output")
-	}
-	os.Stderr.WriteString(outputPath + "\n")
-	return nil
-}

cmd/sing-box/cmd_rule_set_match.go

@@ -1,95 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"io"
-	"os"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/srs"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-box/route"
-	E "github.com/sagernet/sing/common/exceptions"
-	F "github.com/sagernet/sing/common/format"
-	"github.com/sagernet/sing/common/json"
-	M "github.com/sagernet/sing/common/metadata"
-
-	"github.com/spf13/cobra"
-)
-
-var flagRuleSetMatchFormat string
-
-var commandRuleSetMatch = &cobra.Command{
-	Use:   "match <rule-set path> <IP address/domain>",
-	Short: "Check if an IP address or a domain matches the rule-set",
-	Args:  cobra.ExactArgs(2),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := ruleSetMatch(args[0], args[1])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandRuleSetMatch.Flags().StringVarP(&flagRuleSetMatchFormat, "format", "f", "source", "rule-set format")
-	commandRuleSet.AddCommand(commandRuleSetMatch)
-}
-
-func ruleSetMatch(sourcePath string, domain string) error {
-	var (
-		reader io.Reader
-		err    error
-	)
-	if sourcePath == "stdin" {
-		reader = os.Stdin
-	} else {
-		reader, err = os.Open(sourcePath)
-		if err != nil {
-			return E.Cause(err, "read rule-set")
-		}
-	}
-	content, err := io.ReadAll(reader)
-	if err != nil {
-		return E.Cause(err, "read rule-set")
-	}
-	var ruleSet option.PlainRuleSetCompat
-	switch flagRuleSetMatchFormat {
-	case C.RuleSetFormatSource:
-		ruleSet, err = json.UnmarshalExtended[option.PlainRuleSetCompat](content)
-		if err != nil {
-			return err
-		}
-	case C.RuleSetFormatBinary:
-		ruleSet, err = srs.Read(bytes.NewReader(content), false)
-		if err != nil {
-			return err
-		}
-	default:
-		return E.New("unknown rule-set format: ", flagRuleSetMatchFormat)
-	}
-	plainRuleSet, err := ruleSet.Upgrade()
-	if err != nil {
-		return err
-	}
-	ipAddress := M.ParseAddr(domain)
-	var metadata adapter.InboundContext
-	if ipAddress.IsValid() {
-		metadata.Destination = M.SocksaddrFrom(ipAddress, 0)
-	} else {
-		metadata.Domain = domain
-	}
-	for i, ruleOptions := range plainRuleSet.Rules {
-		var currentRule adapter.HeadlessRule
-		currentRule, err = route.NewHeadlessRule(nil, ruleOptions)
-		if err != nil {
-			return E.Cause(err, "parse rule_set.rules.[", i, "]")
-		}
-		if currentRule.Match(&metadata) {
-			println(F.ToString("match rules.[", i, "]: ", currentRule))
-		}
-	}
-	return nil
-}

cmd/sing-box/cmd_rule_set_upgrade.go

@@ -1,94 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"io"
-	"os"
-	"path/filepath"
-
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/json"
-
-	"github.com/spf13/cobra"
-)
-
-var commandRuleSetUpgradeFlagWrite bool
-
-var commandRuleSetUpgrade = &cobra.Command{
-	Use:   "upgrade <source-path>",
-	Short: "Upgrade rule-set json",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := upgradeRuleSet(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandRuleSetUpgrade.Flags().BoolVarP(&commandRuleSetUpgradeFlagWrite, "write", "w", false, "write result to (source) file instead of stdout")
-	commandRuleSet.AddCommand(commandRuleSetUpgrade)
-}
-
-func upgradeRuleSet(sourcePath string) error {
-	var (
-		reader io.Reader
-		err    error
-	)
-	if sourcePath == "stdin" {
-		reader = os.Stdin
-	} else {
-		reader, err = os.Open(sourcePath)
-		if err != nil {
-			return err
-		}
-	}
-	content, err := io.ReadAll(reader)
-	if err != nil {
-		return err
-	}
-	plainRuleSetCompat, err := json.UnmarshalExtended[option.PlainRuleSetCompat](content)
-	if err != nil {
-		return err
-	}
-	switch plainRuleSetCompat.Version {
-	case C.RuleSetVersion1:
-	default:
-		log.Info("already up-to-date")
-		return nil
-	}
-	plainRuleSet, err := plainRuleSetCompat.Upgrade()
-	if err != nil {
-		return err
-	}
-	buffer := new(bytes.Buffer)
-	encoder := json.NewEncoder(buffer)
-	encoder.SetIndent("", "  ")
-	err = encoder.Encode(plainRuleSet)
-	if err != nil {
-		return E.Cause(err, "encode config")
-	}
-	outputPath, _ := filepath.Abs(sourcePath)
-	if !commandRuleSetUpgradeFlagWrite || sourcePath == "stdin" {
-		os.Stdout.WriteString(buffer.String() + "\n")
-		return nil
-	}
-	if bytes.Equal(content, buffer.Bytes()) {
-		return nil
-	}
-	output, err := os.Create(sourcePath)
-	if err != nil {
-		return E.Cause(err, "open output")
-	}
-	_, err = output.Write(buffer.Bytes())
-	output.Close()
-	if err != nil {
-		return E.Cause(err, "write output")
-	}
-	os.Stderr.WriteString(outputPath + "\n")
-	return nil
-}

cmd/sing-box/cmd_run.go

@@ -2,23 +2,17 @@ package main
 
 import (
 	"context"
-	"io"
+	"net/http"
 	"os"
 	"os/signal"
-	"path/filepath"
-	runtimeDebug "runtime/debug"
-	"sort"
-	"strings"
 	"syscall"
-	"time"
 
 	"github.com/sagernet/sing-box"
-	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/common/json"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing/common/debug"
 	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/json"
-	"github.com/sagernet/sing/common/json/badjson"
 
 	"github.com/spf13/cobra"
 )
@@ -26,106 +20,25 @@ import (
 var commandRun = &cobra.Command{
 	Use:   "run",
 	Short: "Run service",
-	Run: func(cmd *cobra.Command, args []string) {
-		err := run()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
+	Run:   run,
 }
 
-func init() {
-	mainCommand.AddCommand(commandRun)
-}
-
-type OptionsEntry struct {
-	content []byte
-	path    string
-	options option.Options
-}
-
-func readConfigAt(path string) (*OptionsEntry, error) {
-	var (
-		configContent []byte
-		err           error
-	)
-	if path == "stdin" {
-		configContent, err = io.ReadAll(os.Stdin)
-	} else {
-		configContent, err = os.ReadFile(path)
-	}
+func run(cmd *cobra.Command, args []string) {
+	err := run0()
 	if err != nil {
-		return nil, E.Cause(err, "read config at ", path)
+		log.Fatal(err)
 	}
-	options, err := json.UnmarshalExtended[option.Options](configContent)
-	if err != nil {
-		return nil, E.Cause(err, "decode config at ", path)
-	}
-	return &OptionsEntry{
-		content: configContent,
-		path:    path,
-		options: options,
-	}, nil
 }
 
-func readConfig() ([]*OptionsEntry, error) {
-	var optionsList []*OptionsEntry
-	for _, path := range configPaths {
-		optionsEntry, err := readConfigAt(path)
-		if err != nil {
-			return nil, err
-		}
-		optionsList = append(optionsList, optionsEntry)
-	}
-	for _, directory := range configDirectories {
-		entries, err := os.ReadDir(directory)
-		if err != nil {
-			return nil, E.Cause(err, "read config directory at ", directory)
-		}
-		for _, entry := range entries {
-			if !strings.HasSuffix(entry.Name(), ".json") || entry.IsDir() {
-				continue
-			}
-			optionsEntry, err := readConfigAt(filepath.Join(directory, entry.Name()))
-			if err != nil {
-				return nil, err
-			}
-			optionsList = append(optionsList, optionsEntry)
-		}
-	}
-	sort.Slice(optionsList, func(i, j int) bool {
-		return optionsList[i].path < optionsList[j].path
-	})
-	return optionsList, nil
-}
-
-func readConfigAndMerge() (option.Options, error) {
-	optionsList, err := readConfig()
+func run0() error {
+	configContent, err := os.ReadFile(configPath)
 	if err != nil {
-		return option.Options{}, err
+		return E.Cause(err, "read config")
 	}
-	if len(optionsList) == 1 {
-		return optionsList[0].options, nil
-	}
-	var mergedMessage json.RawMessage
-	for _, options := range optionsList {
-		mergedMessage, err = badjson.MergeJSON(options.options.RawMessage, mergedMessage, false)
-		if err != nil {
-			return option.Options{}, E.Cause(err, "merge config at ", options.path)
-		}
-	}
-	var mergedOptions option.Options
-	err = mergedOptions.UnmarshalJSON(mergedMessage)
+	var options option.Options
+	err = json.Unmarshal(configContent, &options)
 	if err != nil {
-		return option.Options{}, E.Cause(err, "unmarshal merged config")
-	}
-	return mergedOptions, nil
-}
-
-func create() (*box.Box, context.CancelFunc, error) {
-	options, err := readConfigAndMerge()
-	if err != nil {
-		return nil, nil, err
+		return E.Cause(err, "decode config")
 	}
 	if disableColor {
 		if options.Log == nil {
@@ -133,80 +46,27 @@ func create() (*box.Box, context.CancelFunc, error) {
 		}
 		options.Log.DisableColor = true
 	}
-	ctx, cancel := context.WithCancel(globalCtx)
-	instance, err := box.New(box.Options{
-		Context: ctx,
-		Options: options,
-	})
+	ctx, cancel := context.WithCancel(context.Background())
+	instance, err := box.New(ctx, options)
 	if err != nil {
 		cancel()
-		return nil, nil, E.Cause(err, "create service")
+		return E.Cause(err, "create service")
 	}
-
-	osSignals := make(chan os.Signal, 1)
-	signal.Notify(osSignals, os.Interrupt, syscall.SIGTERM, syscall.SIGHUP)
-	defer func() {
-		signal.Stop(osSignals)
-		close(osSignals)
-	}()
-	startCtx, finishStart := context.WithCancel(context.Background())
-	go func() {
-		_, loaded := <-osSignals
-		if loaded {
-			cancel()
-			closeMonitor(startCtx)
-		}
-	}()
 	err = instance.Start()
-	finishStart()
 	if err != nil {
 		cancel()
-		return nil, nil, E.Cause(err, "start service")
+		return E.Cause(err, "start service")
 	}
-	return instance, cancel, nil
-}
-
-func run() error {
-	osSignals := make(chan os.Signal, 1)
-	signal.Notify(osSignals, os.Interrupt, syscall.SIGTERM, syscall.SIGHUP)
-	defer signal.Stop(osSignals)
-	for {
-		instance, cancel, err := create()
-		if err != nil {
-			return err
-		}
-		runtimeDebug.FreeOSMemory()
-		for {
-			osSignal := <-osSignals
-			if osSignal == syscall.SIGHUP {
-				err = check()
-				if err != nil {
-					log.Error(E.Cause(err, "reload service"))
-					continue
-				}
-			}
+	if debug.Enabled {
+		http.HandleFunc("/debug/close", func(writer http.ResponseWriter, request *http.Request) {
 			cancel()
-			closeCtx, closed := context.WithCancel(context.Background())
-			go closeMonitor(closeCtx)
-			err = instance.Close()
-			closed()
-			if osSignal != syscall.SIGHUP {
-				if err != nil {
-					log.Error(E.Cause(err, "sing-box did not closed properly"))
-				}
-				return nil
-			}
-			break
-		}
+			instance.Close()
+		})
 	}
-}
-
-func closeMonitor(ctx context.Context) {
-	time.Sleep(C.FatalStopTimeout)
-	select {
-	case <-ctx.Done():
-		return
-	default:
-	}
-	log.Fatal("sing-box did not close!")
+	osSignals := make(chan os.Signal, 1)
+	signal.Notify(osSignals, os.Interrupt, syscall.SIGTERM)
+	<-osSignals
+	cancel()
+	instance.Close()
+	return nil
 }

cmd/sing-box/cmd_tools.go

@@ -1,49 +0,0 @@
-package main
-
-import (
-	"github.com/sagernet/sing-box"
-	E "github.com/sagernet/sing/common/exceptions"
-	N "github.com/sagernet/sing/common/network"
-
-	"github.com/spf13/cobra"
-)
-
-var commandToolsFlagOutbound string
-
-var commandTools = &cobra.Command{
-	Use:   "tools",
-	Short: "Experimental tools",
-}
-
-func init() {
-	commandTools.PersistentFlags().StringVarP(&commandToolsFlagOutbound, "outbound", "o", "", "Use specified tag instead of default outbound")
-	mainCommand.AddCommand(commandTools)
-}
-
-func createPreStartedClient() (*box.Box, error) {
-	options, err := readConfigAndMerge()
-	if err != nil {
-		return nil, err
-	}
-	instance, err := box.New(box.Options{Options: options})
-	if err != nil {
-		return nil, E.Cause(err, "create service")
-	}
-	err = instance.PreStart()
-	if err != nil {
-		return nil, E.Cause(err, "start service")
-	}
-	return instance, nil
-}
-
-func createDialer(instance *box.Box, network string, outboundTag string) (N.Dialer, error) {
-	if outboundTag == "" {
-		return instance.Router().DefaultOutbound(N.NetworkName(network))
-	} else {
-		outbound, loaded := instance.Router().Outbound(outboundTag)
-		if !loaded {
-			return nil, E.New("outbound not found: ", outboundTag)
-		}
-		return outbound, nil
-	}
-}

cmd/sing-box/cmd_tools_connect.go

@@ -1,73 +0,0 @@
-package main
-
-import (
-	"context"
-	"os"
-
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/bufio"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/task"
-
-	"github.com/spf13/cobra"
-)
-
-var commandConnectFlagNetwork string
-
-var commandConnect = &cobra.Command{
-	Use:   "connect <address>",
-	Short: "Connect to an address",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := connect(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandConnect.Flags().StringVarP(&commandConnectFlagNetwork, "network", "n", "tcp", "network type")
-	commandTools.AddCommand(commandConnect)
-}
-
-func connect(address string) error {
-	switch N.NetworkName(commandConnectFlagNetwork) {
-	case N.NetworkTCP, N.NetworkUDP:
-	default:
-		return E.Cause(N.ErrUnknownNetwork, commandConnectFlagNetwork)
-	}
-	instance, err := createPreStartedClient()
-	if err != nil {
-		return err
-	}
-	defer instance.Close()
-	dialer, err := createDialer(instance, commandConnectFlagNetwork, commandToolsFlagOutbound)
-	if err != nil {
-		return err
-	}
-	conn, err := dialer.DialContext(context.Background(), commandConnectFlagNetwork, M.ParseSocksaddr(address))
-	if err != nil {
-		return E.Cause(err, "connect to server")
-	}
-	var group task.Group
-	group.Append("upload", func(ctx context.Context) error {
-		return common.Error(bufio.Copy(conn, os.Stdin))
-	})
-	group.Append("download", func(ctx context.Context) error {
-		return common.Error(bufio.Copy(os.Stdout, conn))
-	})
-	group.Cleanup(func() {
-		conn.Close()
-	})
-	err = group.Run(context.Background())
-	if E.IsClosed(err) {
-		log.Info(err)
-	} else {
-		log.Error(err)
-	}
-	return nil
-}

cmd/sing-box/cmd_tools_fetch.go

@@ -1,115 +0,0 @@
-package main
-
-import (
-	"context"
-	"errors"
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common/bufio"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-
-	"github.com/spf13/cobra"
-)
-
-var commandFetch = &cobra.Command{
-	Use:   "fetch",
-	Short: "Fetch an URL",
-	Args:  cobra.MinimumNArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := fetch(args)
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandTools.AddCommand(commandFetch)
-}
-
-var (
-	httpClient  *http.Client
-	http3Client *http.Client
-)
-
-func fetch(args []string) error {
-	instance, err := createPreStartedClient()
-	if err != nil {
-		return err
-	}
-	defer instance.Close()
-	httpClient = &http.Client{
-		Transport: &http.Transport{
-			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
-				dialer, err := createDialer(instance, network, commandToolsFlagOutbound)
-				if err != nil {
-					return nil, err
-				}
-				return dialer.DialContext(ctx, network, M.ParseSocksaddr(addr))
-			},
-			ForceAttemptHTTP2: true,
-		},
-	}
-	defer httpClient.CloseIdleConnections()
-	if C.WithQUIC {
-		err = initializeHTTP3Client(instance)
-		if err != nil {
-			return err
-		}
-		defer http3Client.CloseIdleConnections()
-	}
-	for _, urlString := range args {
-		var parsedURL *url.URL
-		parsedURL, err = url.Parse(urlString)
-		if err != nil {
-			return err
-		}
-		switch parsedURL.Scheme {
-		case "":
-			parsedURL.Scheme = "http"
-			fallthrough
-		case "http", "https":
-			err = fetchHTTP(httpClient, parsedURL)
-			if err != nil {
-				return err
-			}
-		case "http3":
-			if !C.WithQUIC {
-				return C.ErrQUICNotIncluded
-			}
-			parsedURL.Scheme = "https"
-			err = fetchHTTP(http3Client, parsedURL)
-			if err != nil {
-				return err
-			}
-		default:
-			return E.New("unsupported scheme: ", parsedURL.Scheme)
-		}
-	}
-	return nil
-}
-
-func fetchHTTP(httpClient *http.Client, parsedURL *url.URL) error {
-	request, err := http.NewRequest("GET", parsedURL.String(), nil)
-	if err != nil {
-		return err
-	}
-	request.Header.Add("User-Agent", "curl/7.88.0")
-	response, err := httpClient.Do(request)
-	if err != nil {
-		return err
-	}
-	defer response.Body.Close()
-	_, err = bufio.Copy(os.Stdout, response.Body)
-	if errors.Is(err, io.EOF) {
-		return nil
-	}
-	return err
-}

cmd/sing-box/cmd_tools_fetch_http3.go

@@ -1,36 +0,0 @@
-//go:build with_quic
-
-package main
-
-import (
-	"context"
-	"crypto/tls"
-	"net/http"
-
-	"github.com/sagernet/quic-go"
-	"github.com/sagernet/quic-go/http3"
-	box "github.com/sagernet/sing-box"
-	"github.com/sagernet/sing/common/bufio"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func initializeHTTP3Client(instance *box.Box) error {
-	dialer, err := createDialer(instance, N.NetworkUDP, commandToolsFlagOutbound)
-	if err != nil {
-		return err
-	}
-	http3Client = &http.Client{
-		Transport: &http3.RoundTripper{
-			Dial: func(ctx context.Context, addr string, tlsCfg *tls.Config, cfg *quic.Config) (quic.EarlyConnection, error) {
-				destination := M.ParseSocksaddr(addr)
-				udpConn, dErr := dialer.DialContext(ctx, N.NetworkUDP, destination)
-				if dErr != nil {
-					return nil, dErr
-				}
-				return quic.DialEarly(ctx, bufio.NewUnbindPacketConn(udpConn), udpConn.RemoteAddr(), tlsCfg, cfg)
-			},
-		},
-	}
-	return nil
-}

cmd/sing-box/cmd_tools_fetch_http3_stub.go

@@ -1,18 +0,0 @@
-//go:build !with_quic
-
-package main
-
-import (
-	"net/url"
-	"os"
-
-	box "github.com/sagernet/sing-box"
-)
-
-func initializeHTTP3Client(instance *box.Box) error {
-	return os.ErrInvalid
-}
-
-func fetchHTTP3(parsedURL *url.URL) error {
-	return os.ErrInvalid
-}

cmd/sing-box/cmd_tools_synctime.go

@@ -1,69 +0,0 @@
-package main
-
-import (
-	"context"
-	"os"
-
-	"github.com/sagernet/sing-box/common/settings"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/ntp"
-
-	"github.com/spf13/cobra"
-)
-
-var (
-	commandSyncTimeFlagServer   string
-	commandSyncTimeOutputFormat string
-	commandSyncTimeWrite        bool
-)
-
-var commandSyncTime = &cobra.Command{
-	Use:   "synctime",
-	Short: "Sync time using the NTP protocol",
-	Args:  cobra.NoArgs,
-	Run: func(cmd *cobra.Command, args []string) {
-		err := syncTime()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandSyncTime.Flags().StringVarP(&commandSyncTimeFlagServer, "server", "s", "time.apple.com", "Set NTP server")
-	commandSyncTime.Flags().StringVarP(&commandSyncTimeOutputFormat, "format", "f", C.TimeLayout, "Set output format")
-	commandSyncTime.Flags().BoolVarP(&commandSyncTimeWrite, "write", "w", false, "Write time to system")
-	commandTools.AddCommand(commandSyncTime)
-}
-
-func syncTime() error {
-	instance, err := createPreStartedClient()
-	if err != nil {
-		return err
-	}
-	dialer, err := createDialer(instance, N.NetworkUDP, commandToolsFlagOutbound)
-	if err != nil {
-		return err
-	}
-	defer instance.Close()
-	serverAddress := M.ParseSocksaddr(commandSyncTimeFlagServer)
-	if serverAddress.Port == 0 {
-		serverAddress.Port = 123
-	}
-	response, err := ntp.Exchange(context.Background(), dialer, serverAddress)
-	if err != nil {
-		return err
-	}
-	if commandSyncTimeWrite {
-		err = settings.SetSystemTime(response.Time)
-		if err != nil {
-			return E.Cause(err, "write time to system")
-		}
-	}
-	os.Stdout.WriteString(response.Time.Local().Format(commandSyncTimeOutputFormat))
-	return nil
-}

cmd/sing-box/cmd_version.go

@@ -3,9 +3,9 @@ package main
 import (
 	"os"
 	"runtime"
-	"runtime/debug"
 
 	C "github.com/sagernet/sing-box/constant"
+	F "github.com/sagernet/sing/common/format"
 
 	"github.com/spf13/cobra"
 )
@@ -21,44 +21,33 @@ var nameOnly bool
 
 func init() {
 	commandVersion.Flags().BoolVarP(&nameOnly, "name", "n", false, "print version name only")
-	mainCommand.AddCommand(commandVersion)
 }
 
 func printVersion(cmd *cobra.Command, args []string) {
-	if nameOnly {
-		os.Stdout.WriteString(C.Version + "\n")
-		return
+	var version string
+	if !nameOnly {
+		version = "sing-box "
 	}
-	version := "sing-box version " + C.Version + "\n\n"
-	version += "Environment: " + runtime.Version() + " " + runtime.GOOS + "/" + runtime.GOARCH + "\n"
-
-	var tags string
-	var revision string
-
-	debugInfo, loaded := debug.ReadBuildInfo()
-	if loaded {
-		for _, setting := range debugInfo.Settings {
-			switch setting.Key {
-			case "-tags":
-				tags = setting.Value
-			case "vcs.revision":
-				revision = setting.Value
-			}
+	version += F.ToString(C.Version)
+	if C.Commit != "" {
+		version += "." + C.Commit
+	}
+	if !nameOnly {
+		version += " ("
+		version += runtime.Version()
+		version += ", "
+		version += runtime.GOOS
+		version += ", "
+		version += runtime.GOARCH
+		version += ", "
+		version += "CGO "
+		if C.CGO_ENABLED {
+			version += "enabled"
+		} else {
+			version += "disabled"
 		}
+		version += ")"
 	}
-
-	if tags != "" {
-		version += "Tags: " + tags + "\n"
-	}
-	if revision != "" {
-		version += "Revision: " + revision + "\n"
-	}
-
-	if C.CGO_ENABLED {
-		version += "CGO: enabled\n"
-	} else {
-		version += "CGO: disabled\n"
-	}
-
+	version += "\n"
 	os.Stdout.WriteString(version)
 }

cmd/sing-box/debug.go

@@ -0,0 +1,44 @@
+//go:build debug
+
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	_ "net/http/pprof"
+	"runtime"
+	"runtime/debug"
+
+	"github.com/sagernet/sing-box/common/badjson"
+	"github.com/sagernet/sing-box/log"
+
+	"github.com/dustin/go-humanize"
+)
+
+func init() {
+	http.HandleFunc("/debug/gc", func(writer http.ResponseWriter, request *http.Request) {
+		writer.WriteHeader(http.StatusNoContent)
+		go debug.FreeOSMemory()
+	})
+	http.HandleFunc("/debug/memory", func(writer http.ResponseWriter, request *http.Request) {
+		var memStats runtime.MemStats
+		runtime.ReadMemStats(&memStats)
+
+		var memObject badjson.JSONObject
+		memObject.Put("heap", humanize.Bytes(memStats.HeapInuse))
+		memObject.Put("stack", humanize.Bytes(memStats.StackInuse))
+		memObject.Put("idle", humanize.Bytes(memStats.HeapIdle-memStats.HeapReleased))
+		memObject.Put("goroutines", runtime.NumGoroutine())
+		memObject.Put("rss", rusageMaxRSS())
+
+		encoder := json.NewEncoder(writer)
+		encoder.SetIndent("", "  ")
+		encoder.Encode(memObject)
+	})
+	go func() {
+		err := http.ListenAndServe("0.0.0.0:8964", nil)
+		if err != nil {
+			log.Debug(err)
+		}
+	}()
+}

cmd/sing-box/debug_linux.go

@@ -1,6 +1,6 @@
-//go:build linux || darwin
+//go:build debug
 
-package box
+package main
 
 import (
 	"runtime"

cmd/sing-box/debug_stub.go

@@ -1,6 +1,6 @@
-//go:build !(linux || darwin)
+//go:build debug && !linux
 
-package box
+package main
 
 func rusageMaxRSS() float64 {
 	return -1

cmd/sing-box/generate_completions.go

@@ -1,28 +0,0 @@
-//go:build generate && generate_completions
-
-package main
-
-import "github.com/sagernet/sing-box/log"
-
-func main() {
-	err := generateCompletions()
-	if err != nil {
-		log.Fatal(err)
-	}
-}
-
-func generateCompletions() error {
-	err := mainCommand.GenBashCompletionFile("release/completions/sing-box.bash")
-	if err != nil {
-		return err
-	}
-	err = mainCommand.GenFishCompletionFile("release/completions/sing-box.fish", true)
-	if err != nil {
-		return err
-	}
-	err = mainCommand.GenZshCompletionFile("release/completions/sing-box.zsh")
-	if err != nil {
-		return err
-	}
-	return nil
-}

cmd/sing-box/internal/convertor/adguard/convertor.go

@@ -1,346 +0,0 @@
-package adguard
-
-import (
-	"bufio"
-	"io"
-	"net/netip"
-	"os"
-	"strconv"
-	"strings"
-
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing/common"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-)
-
-type agdguardRuleLine struct {
-	ruleLine    string
-	isRawDomain bool
-	isExclude   bool
-	isSuffix    bool
-	hasStart    bool
-	hasEnd      bool
-	isRegexp    bool
-	isImportant bool
-}
-
-func Convert(reader io.Reader) ([]option.HeadlessRule, error) {
-	scanner := bufio.NewScanner(reader)
-	var (
-		ruleLines    []agdguardRuleLine
-		ignoredLines int
-	)
-parseLine:
-	for scanner.Scan() {
-		ruleLine := scanner.Text()
-		if ruleLine == "" || ruleLine[0] == '!' || ruleLine[0] == '#' {
-			continue
-		}
-		originRuleLine := ruleLine
-		if M.IsDomainName(ruleLine) {
-			ruleLines = append(ruleLines, agdguardRuleLine{
-				ruleLine:    ruleLine,
-				isRawDomain: true,
-			})
-			continue
-		}
-		hostLine, err := parseAdGuardHostLine(ruleLine)
-		if err == nil {
-			if hostLine != "" {
-				ruleLines = append(ruleLines, agdguardRuleLine{
-					ruleLine:    hostLine,
-					isRawDomain: true,
-					hasStart:    true,
-					hasEnd:      true,
-				})
-			}
-			continue
-		}
-		if strings.HasSuffix(ruleLine, "|") {
-			ruleLine = ruleLine[:len(ruleLine)-1]
-		}
-		var (
-			isExclude   bool
-			isSuffix    bool
-			hasStart    bool
-			hasEnd      bool
-			isRegexp    bool
-			isImportant bool
-		)
-		if !strings.HasPrefix(ruleLine, "/") && strings.Contains(ruleLine, "$") {
-			params := common.SubstringAfter(ruleLine, "$")
-			for _, param := range strings.Split(params, ",") {
-				paramParts := strings.Split(param, "=")
-				var ignored bool
-				if len(paramParts) > 0 && len(paramParts) <= 2 {
-					switch paramParts[0] {
-					case "app", "network":
-						// maybe support by package_name/process_name
-					case "dnstype":
-						// maybe support by query_type
-					case "important":
-						ignored = true
-						isImportant = true
-					case "dnsrewrite":
-						if len(paramParts) == 2 && M.ParseAddr(paramParts[1]).IsUnspecified() {
-							ignored = true
-						}
-					}
-				}
-				if !ignored {
-					ignoredLines++
-					log.Debug("ignored unsupported rule with modifier: ", paramParts[0], ": ", ruleLine)
-					continue parseLine
-				}
-			}
-			ruleLine = common.SubstringBefore(ruleLine, "$")
-		}
-		if strings.HasPrefix(ruleLine, "@@") {
-			ruleLine = ruleLine[2:]
-			isExclude = true
-		}
-		if strings.HasSuffix(ruleLine, "|") {
-			ruleLine = ruleLine[:len(ruleLine)-1]
-		}
-		if strings.HasPrefix(ruleLine, "||") {
-			ruleLine = ruleLine[2:]
-			isSuffix = true
-		} else if strings.HasPrefix(ruleLine, "|") {
-			ruleLine = ruleLine[1:]
-			hasStart = true
-		}
-		if strings.HasSuffix(ruleLine, "^") {
-			ruleLine = ruleLine[:len(ruleLine)-1]
-			hasEnd = true
-		}
-		if strings.HasPrefix(ruleLine, "/") && strings.HasSuffix(ruleLine, "/") {
-			ruleLine = ruleLine[1 : len(ruleLine)-1]
-			if ignoreIPCIDRRegexp(ruleLine) {
-				ignoredLines++
-				log.Debug("ignored unsupported rule with IPCIDR regexp: ", ruleLine)
-				continue
-			}
-			isRegexp = true
-		} else {
-			if strings.Contains(ruleLine, "://") {
-				ruleLine = common.SubstringAfter(ruleLine, "://")
-			}
-			if strings.Contains(ruleLine, "/") {
-				ignoredLines++
-				log.Debug("ignored unsupported rule with path: ", ruleLine)
-				continue
-			}
-			if strings.Contains(ruleLine, "##") {
-				ignoredLines++
-				log.Debug("ignored unsupported rule with element hiding: ", ruleLine)
-				continue
-			}
-			if strings.Contains(ruleLine, "#$#") {
-				ignoredLines++
-				log.Debug("ignored unsupported rule with element hiding: ", ruleLine)
-				continue
-			}
-			var domainCheck string
-			if strings.HasPrefix(ruleLine, ".") || strings.HasPrefix(ruleLine, "-") {
-				domainCheck = "r" + ruleLine
-			} else {
-				domainCheck = ruleLine
-			}
-			if ruleLine == "" {
-				ignoredLines++
-				log.Debug("ignored unsupported rule with empty domain", originRuleLine)
-				continue
-			} else {
-				domainCheck = strings.ReplaceAll(domainCheck, "*", "x")
-				if !M.IsDomainName(domainCheck) {
-					_, ipErr := parseADGuardIPCIDRLine(ruleLine)
-					if ipErr == nil {
-						ignoredLines++
-						log.Debug("ignored unsupported rule with IPCIDR: ", ruleLine)
-						continue
-					}
-					if M.ParseSocksaddr(domainCheck).Port != 0 {
-						log.Debug("ignored unsupported rule with port: ", ruleLine)
-					} else {
-						log.Debug("ignored unsupported rule with invalid domain: ", ruleLine)
-					}
-					ignoredLines++
-					continue
-				}
-			}
-		}
-		ruleLines = append(ruleLines, agdguardRuleLine{
-			ruleLine:    ruleLine,
-			isExclude:   isExclude,
-			isSuffix:    isSuffix,
-			hasStart:    hasStart,
-			hasEnd:      hasEnd,
-			isRegexp:    isRegexp,
-			isImportant: isImportant,
-		})
-	}
-	if len(ruleLines) == 0 {
-		return nil, E.New("AdGuard rule-set is empty or all rules are unsupported")
-	}
-	if common.All(ruleLines, func(it agdguardRuleLine) bool {
-		return it.isRawDomain
-	}) {
-		return []option.HeadlessRule{
-			{
-				Type: C.RuleTypeDefault,
-				DefaultOptions: option.DefaultHeadlessRule{
-					Domain: common.Map(ruleLines, func(it agdguardRuleLine) string {
-						return it.ruleLine
-					}),
-				},
-			},
-		}, nil
-	}
-	mapDomain := func(it agdguardRuleLine) string {
-		ruleLine := it.ruleLine
-		if it.isSuffix {
-			ruleLine = "||" + ruleLine
-		} else if it.hasStart {
-			ruleLine = "|" + ruleLine
-		}
-		if it.hasEnd {
-			ruleLine += "^"
-		}
-		return ruleLine
-	}
-
-	importantDomain := common.Map(common.Filter(ruleLines, func(it agdguardRuleLine) bool { return it.isImportant && !it.isRegexp && !it.isExclude }), mapDomain)
-	importantDomainRegex := common.Map(common.Filter(ruleLines, func(it agdguardRuleLine) bool { return it.isImportant && it.isRegexp && !it.isExclude }), mapDomain)
-	importantExcludeDomain := common.Map(common.Filter(ruleLines, func(it agdguardRuleLine) bool { return it.isImportant && !it.isRegexp && it.isExclude }), mapDomain)
-	importantExcludeDomainRegex := common.Map(common.Filter(ruleLines, func(it agdguardRuleLine) bool { return it.isImportant && it.isRegexp && it.isExclude }), mapDomain)
-	domain := common.Map(common.Filter(ruleLines, func(it agdguardRuleLine) bool { return !it.isImportant && !it.isRegexp && !it.isExclude }), mapDomain)
-	domainRegex := common.Map(common.Filter(ruleLines, func(it agdguardRuleLine) bool { return !it.isImportant && it.isRegexp && !it.isExclude }), mapDomain)
-	excludeDomain := common.Map(common.Filter(ruleLines, func(it agdguardRuleLine) bool { return !it.isImportant && !it.isRegexp && it.isExclude }), mapDomain)
-	excludeDomainRegex := common.Map(common.Filter(ruleLines, func(it agdguardRuleLine) bool { return !it.isImportant && it.isRegexp && it.isExclude }), mapDomain)
-	currentRule := option.HeadlessRule{
-		Type: C.RuleTypeDefault,
-		DefaultOptions: option.DefaultHeadlessRule{
-			AdGuardDomain: domain,
-			DomainRegex:   domainRegex,
-		},
-	}
-	if len(excludeDomain) > 0 || len(excludeDomainRegex) > 0 {
-		currentRule = option.HeadlessRule{
-			Type: C.RuleTypeLogical,
-			LogicalOptions: option.LogicalHeadlessRule{
-				Mode: C.LogicalTypeAnd,
-				Rules: []option.HeadlessRule{
-					{
-						Type: C.RuleTypeDefault,
-						DefaultOptions: option.DefaultHeadlessRule{
-							AdGuardDomain: excludeDomain,
-							DomainRegex:   excludeDomainRegex,
-							Invert:        true,
-						},
-					},
-					currentRule,
-				},
-			},
-		}
-	}
-	if len(importantDomain) > 0 || len(importantDomainRegex) > 0 {
-		currentRule = option.HeadlessRule{
-			Type: C.RuleTypeLogical,
-			LogicalOptions: option.LogicalHeadlessRule{
-				Mode: C.LogicalTypeOr,
-				Rules: []option.HeadlessRule{
-					{
-						Type: C.RuleTypeDefault,
-						DefaultOptions: option.DefaultHeadlessRule{
-							AdGuardDomain: importantDomain,
-							DomainRegex:   importantDomainRegex,
-						},
-					},
-					currentRule,
-				},
-			},
-		}
-	}
-	if len(importantExcludeDomain) > 0 || len(importantExcludeDomainRegex) > 0 {
-		currentRule = option.HeadlessRule{
-			Type: C.RuleTypeLogical,
-			LogicalOptions: option.LogicalHeadlessRule{
-				Mode: C.LogicalTypeAnd,
-				Rules: []option.HeadlessRule{
-					{
-						Type: C.RuleTypeDefault,
-						DefaultOptions: option.DefaultHeadlessRule{
-							AdGuardDomain: importantExcludeDomain,
-							DomainRegex:   importantExcludeDomainRegex,
-							Invert:        true,
-						},
-					},
-					currentRule,
-				},
-			},
-		}
-	}
-	log.Info("parsed rules: ", len(ruleLines), "/", len(ruleLines)+ignoredLines)
-	return []option.HeadlessRule{currentRule}, nil
-}
-
-func ignoreIPCIDRRegexp(ruleLine string) bool {
-	if strings.HasPrefix(ruleLine, "(http?:\\/\\/)") {
-		ruleLine = ruleLine[12:]
-	} else if strings.HasPrefix(ruleLine, "(https?:\\/\\/)") {
-		ruleLine = ruleLine[13:]
-	} else if strings.HasPrefix(ruleLine, "^") {
-		ruleLine = ruleLine[1:]
-	} else {
-		return false
-	}
-	_, parseErr := strconv.ParseUint(common.SubstringBefore(ruleLine, "\\."), 10, 8)
-	return parseErr == nil
-}
-
-func parseAdGuardHostLine(ruleLine string) (string, error) {
-	idx := strings.Index(ruleLine, " ")
-	if idx == -1 {
-		return "", os.ErrInvalid
-	}
-	address, err := netip.ParseAddr(ruleLine[:idx])
-	if err != nil {
-		return "", err
-	}
-	if !address.IsUnspecified() {
-		return "", nil
-	}
-	domain := ruleLine[idx+1:]
-	if !M.IsDomainName(domain) {
-		return "", E.New("invalid domain name: ", domain)
-	}
-	return domain, nil
-}
-
-func parseADGuardIPCIDRLine(ruleLine string) (netip.Prefix, error) {
-	var isPrefix bool
-	if strings.HasSuffix(ruleLine, ".") {
-		isPrefix = true
-		ruleLine = ruleLine[:len(ruleLine)-1]
-	}
-	ruleStringParts := strings.Split(ruleLine, ".")
-	if len(ruleStringParts) > 4 || len(ruleStringParts) < 4 && !isPrefix {
-		return netip.Prefix{}, os.ErrInvalid
-	}
-	ruleParts := make([]uint8, 0, len(ruleStringParts))
-	for _, part := range ruleStringParts {
-		rulePart, err := strconv.ParseUint(part, 10, 8)
-		if err != nil {
-			return netip.Prefix{}, err
-		}
-		ruleParts = append(ruleParts, uint8(rulePart))
-	}
-	bitLen := len(ruleParts) * 8
-	for len(ruleParts) < 4 {
-		ruleParts = append(ruleParts, 0)
-	}
-	return netip.PrefixFrom(netip.AddrFrom4(*(*[4]byte)(ruleParts)), bitLen), nil
-}

cmd/sing-box/internal/convertor/adguard/convertor_test.go

@@ -1,140 +0,0 @@
-package adguard
-
-import (
-	"strings"
-	"testing"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/route"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestConverter(t *testing.T) {
-	t.Parallel()
-	rules, err := Convert(strings.NewReader(`
-||example.org^
-|example.com^
-example.net^
-||example.edu
-||example.edu.tw^
-|example.gov
-example.arpa
-@@|sagernet.example.org|
-||sagernet.org^$important
-@@|sing-box.sagernet.org^$important
-`))
-	require.NoError(t, err)
-	require.Len(t, rules, 1)
-	rule, err := route.NewHeadlessRule(nil, rules[0])
-	require.NoError(t, err)
-	matchDomain := []string{
-		"example.org",
-		"www.example.org",
-		"example.com",
-		"example.net",
-		"isexample.net",
-		"www.example.net",
-		"example.edu",
-		"example.edu.cn",
-		"example.edu.tw",
-		"www.example.edu",
-		"www.example.edu.cn",
-		"example.gov",
-		"example.gov.cn",
-		"example.arpa",
-		"www.example.arpa",
-		"isexample.arpa",
-		"example.arpa.cn",
-		"www.example.arpa.cn",
-		"isexample.arpa.cn",
-		"sagernet.org",
-		"www.sagernet.org",
-	}
-	notMatchDomain := []string{
-		"example.org.cn",
-		"notexample.org",
-		"example.com.cn",
-		"www.example.com.cn",
-		"example.net.cn",
-		"notexample.edu",
-		"notexample.edu.cn",
-		"www.example.gov",
-		"notexample.gov",
-		"sagernet.example.org",
-		"sing-box.sagernet.org",
-	}
-	for _, domain := range matchDomain {
-		require.True(t, rule.Match(&adapter.InboundContext{
-			Domain: domain,
-		}), domain)
-	}
-	for _, domain := range notMatchDomain {
-		require.False(t, rule.Match(&adapter.InboundContext{
-			Domain: domain,
-		}), domain)
-	}
-}
-
-func TestHosts(t *testing.T) {
-	t.Parallel()
-	rules, err := Convert(strings.NewReader(`
-127.0.0.1 localhost
-::1 localhost #[IPv6]
-0.0.0.0 google.com
-`))
-	require.NoError(t, err)
-	require.Len(t, rules, 1)
-	rule, err := route.NewHeadlessRule(nil, rules[0])
-	require.NoError(t, err)
-	matchDomain := []string{
-		"google.com",
-	}
-	notMatchDomain := []string{
-		"www.google.com",
-		"notgoogle.com",
-		"localhost",
-	}
-	for _, domain := range matchDomain {
-		require.True(t, rule.Match(&adapter.InboundContext{
-			Domain: domain,
-		}), domain)
-	}
-	for _, domain := range notMatchDomain {
-		require.False(t, rule.Match(&adapter.InboundContext{
-			Domain: domain,
-		}), domain)
-	}
-}
-
-func TestSimpleHosts(t *testing.T) {
-	t.Parallel()
-	rules, err := Convert(strings.NewReader(`
-example.com
-www.example.org
-`))
-	require.NoError(t, err)
-	require.Len(t, rules, 1)
-	rule, err := route.NewHeadlessRule(nil, rules[0])
-	require.NoError(t, err)
-	matchDomain := []string{
-		"example.com",
-		"www.example.org",
-	}
-	notMatchDomain := []string{
-		"example.com.cn",
-		"www.example.com",
-		"notexample.com",
-		"example.org",
-	}
-	for _, domain := range matchDomain {
-		require.True(t, rule.Match(&adapter.InboundContext{
-			Domain: domain,
-		}), domain)
-	}
-	for _, domain := range notMatchDomain {
-		require.False(t, rule.Match(&adapter.InboundContext{
-			Domain: domain,
-		}), domain)
-	}
-}

cmd/sing-box/main.go

@@ -1,11 +1,45 @@
-//go:build !generate
-
 package main
 
-import "github.com/sagernet/sing-box/log"
+import (
+	"os"
+
+	"github.com/sagernet/sing-box/log"
+
+	"github.com/spf13/cobra"
+)
+
+var (
+	configPath   string
+	workingDir   string
+	disableColor bool
+)
+
+var mainCommand = &cobra.Command{
+	Use:              "sing-box",
+	PersistentPreRun: preRun,
+}
+
+func init() {
+	mainCommand.PersistentFlags().StringVarP(&configPath, "config", "c", "config.json", "set configuration file path")
+	mainCommand.PersistentFlags().StringVarP(&workingDir, "directory", "D", "", "set working directory")
+	mainCommand.PersistentFlags().BoolVarP(&disableColor, "disable-color", "", false, "disable color output")
+
+	mainCommand.AddCommand(commandRun)
+	mainCommand.AddCommand(commandCheck)
+	mainCommand.AddCommand(commandFormat)
+	mainCommand.AddCommand(commandVersion)
+}
 
 func main() {
 	if err := mainCommand.Execute(); err != nil {
 		log.Fatal(err)
 	}
 }
+
+func preRun(cmd *cobra.Command, args []string) {
+	if workingDir != "" {
+		if err := os.Chdir(workingDir); err != nil {
+			log.Fatal(err)
+		}
+	}
+}

common/badjson/array.go

@@ -0,0 +1,46 @@
+package badjson
+
+import (
+	"bytes"
+
+	"github.com/sagernet/sing-box/common/json"
+	E "github.com/sagernet/sing/common/exceptions"
+)
+
+type JSONArray []any
+
+func (a JSONArray) MarshalJSON() ([]byte, error) {
+	return json.Marshal([]any(a))
+}
+
+func (a *JSONArray) UnmarshalJSON(content []byte) error {
+	decoder := json.NewDecoder(bytes.NewReader(content))
+	arrayStart, err := decoder.Token()
+	if err != nil {
+		return err
+	} else if arrayStart != json.Delim('[') {
+		return E.New("excepted array start, but got ", arrayStart)
+	}
+	err = a.decodeJSON(decoder)
+	if err != nil {
+		return err
+	}
+	arrayEnd, err := decoder.Token()
+	if err != nil {
+		return err
+	} else if arrayEnd != json.Delim(']') {
+		return E.New("excepted array end, but got ", arrayEnd)
+	}
+	return nil
+}
+
+func (a *JSONArray) decodeJSON(decoder *json.Decoder) error {
+	for decoder.More() {
+		item, err := decodeJSON(decoder)
+		if err != nil {
+			return err
+		}
+		*a = append(*a, item)
+	}
+	return nil
+}

common/badjson/json.go

@@ -0,0 +1,54 @@
+package badjson
+
+import (
+	"bytes"
+
+	"github.com/sagernet/sing-box/common/json"
+	E "github.com/sagernet/sing/common/exceptions"
+)
+
+func Decode(content []byte) (any, error) {
+	decoder := json.NewDecoder(bytes.NewReader(content))
+	return decodeJSON(decoder)
+}
+
+func decodeJSON(decoder *json.Decoder) (any, error) {
+	rawToken, err := decoder.Token()
+	if err != nil {
+		return nil, err
+	}
+	switch token := rawToken.(type) {
+	case json.Delim:
+		switch token {
+		case '{':
+			var object JSONObject
+			err = object.decodeJSON(decoder)
+			if err != nil {
+				return nil, err
+			}
+			rawToken, err = decoder.Token()
+			if err != nil {
+				return nil, err
+			} else if rawToken != json.Delim('}') {
+				return nil, E.New("excepted object end, but got ", rawToken)
+			}
+			return &object, nil
+		case '[':
+			var array JSONArray
+			err = array.decodeJSON(decoder)
+			if err != nil {
+				return nil, err
+			}
+			rawToken, err = decoder.Token()
+			if err != nil {
+				return nil, err
+			} else if rawToken != json.Delim(']') {
+				return nil, E.New("excepted array end, but got ", rawToken)
+			}
+			return array, nil
+		default:
+			return nil, E.New("excepted object or array end: ", token)
+		}
+	}
+	return rawToken, nil
+}

common/badjson/object.go

@@ -0,0 +1,79 @@
+package badjson
+
+import (
+	"bytes"
+	"strings"
+
+	"github.com/sagernet/sing-box/common/json"
+	E "github.com/sagernet/sing/common/exceptions"
+	"github.com/sagernet/sing/common/x/linkedhashmap"
+)
+
+type JSONObject struct {
+	linkedhashmap.Map[string, any]
+}
+
+func (m JSONObject) MarshalJSON() ([]byte, error) {
+	buffer := new(bytes.Buffer)
+	buffer.WriteString("{")
+	items := m.Entries()
+	iLen := len(items)
+	for i, entry := range items {
+		keyContent, err := json.Marshal(entry.Key)
+		if err != nil {
+			return nil, err
+		}
+		buffer.WriteString(strings.TrimSpace(string(keyContent)))
+		buffer.WriteString(": ")
+		valueContent, err := json.Marshal(entry.Value)
+		if err != nil {
+			return nil, err
+		}
+		buffer.WriteString(strings.TrimSpace(string(valueContent)))
+		if i < iLen-1 {
+			buffer.WriteString(", ")
+		}
+	}
+	buffer.WriteString("}")
+	return buffer.Bytes(), nil
+}
+
+func (m *JSONObject) UnmarshalJSON(content []byte) error {
+	decoder := json.NewDecoder(bytes.NewReader(content))
+	m.Clear()
+	objectStart, err := decoder.Token()
+	if err != nil {
+		return err
+	} else if objectStart != json.Delim('{') {
+		return E.New("expected json object start, but starts with ", objectStart)
+	}
+	err = m.decodeJSON(decoder)
+	if err != nil {
+		return E.Cause(err, "decode json object content")
+	}
+	objectEnd, err := decoder.Token()
+	if err != nil {
+		return err
+	} else if objectEnd != json.Delim('}') {
+		return E.New("expected json object end, but ends with ", objectEnd)
+	}
+	return nil
+}
+
+func (m *JSONObject) decodeJSON(decoder *json.Decoder) error {
+	for decoder.More() {
+		var entryKey string
+		keyToken, err := decoder.Token()
+		if err != nil {
+			return err
+		}
+		entryKey = keyToken.(string)
+		var entryValue any
+		entryValue, err = decodeJSON(decoder)
+		if err != nil {
+			return E.Cause(err, "decode value for ", entryKey)
+		}
+		m.Put(entryKey, entryValue)
+	}
+	return nil
+}

common/badtls/read_wait.go

@@ -1,151 +0,0 @@
-//go:build go1.21 && !without_badtls
-
-package badtls
-
-import (
-	"bytes"
-	"context"
-	"net"
-	"os"
-	"reflect"
-	"sync"
-	"unsafe"
-
-	"github.com/sagernet/sing/common/buf"
-	E "github.com/sagernet/sing/common/exceptions"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/tls"
-)
-
-var _ N.ReadWaiter = (*ReadWaitConn)(nil)
-
-type ReadWaitConn struct {
-	tls.Conn
-	halfAccess                    *sync.Mutex
-	rawInput                      *bytes.Buffer
-	input                         *bytes.Reader
-	hand                          *bytes.Buffer
-	readWaitOptions               N.ReadWaitOptions
-	tlsReadRecord                 func() error
-	tlsHandlePostHandshakeMessage func() error
-}
-
-func NewReadWaitConn(conn tls.Conn) (tls.Conn, error) {
-	var (
-		loaded                        bool
-		tlsReadRecord                 func() error
-		tlsHandlePostHandshakeMessage func() error
-	)
-	for _, tlsCreator := range tlsRegistry {
-		loaded, tlsReadRecord, tlsHandlePostHandshakeMessage = tlsCreator(conn)
-		if loaded {
-			break
-		}
-	}
-	if !loaded {
-		return nil, os.ErrInvalid
-	}
-	rawConn := reflect.Indirect(reflect.ValueOf(conn))
-	rawHalfConn := rawConn.FieldByName("in")
-	if !rawHalfConn.IsValid() || rawHalfConn.Kind() != reflect.Struct {
-		return nil, E.New("badtls: invalid half conn")
-	}
-	rawHalfMutex := rawHalfConn.FieldByName("Mutex")
-	if !rawHalfMutex.IsValid() || rawHalfMutex.Kind() != reflect.Struct {
-		return nil, E.New("badtls: invalid half mutex")
-	}
-	halfAccess := (*sync.Mutex)(unsafe.Pointer(rawHalfMutex.UnsafeAddr()))
-	rawRawInput := rawConn.FieldByName("rawInput")
-	if !rawRawInput.IsValid() || rawRawInput.Kind() != reflect.Struct {
-		return nil, E.New("badtls: invalid raw input")
-	}
-	rawInput := (*bytes.Buffer)(unsafe.Pointer(rawRawInput.UnsafeAddr()))
-	rawInput0 := rawConn.FieldByName("input")
-	if !rawInput0.IsValid() || rawInput0.Kind() != reflect.Struct {
-		return nil, E.New("badtls: invalid input")
-	}
-	input := (*bytes.Reader)(unsafe.Pointer(rawInput0.UnsafeAddr()))
-	rawHand := rawConn.FieldByName("hand")
-	if !rawHand.IsValid() || rawHand.Kind() != reflect.Struct {
-		return nil, E.New("badtls: invalid hand")
-	}
-	hand := (*bytes.Buffer)(unsafe.Pointer(rawHand.UnsafeAddr()))
-	return &ReadWaitConn{
-		Conn:                          conn,
-		halfAccess:                    halfAccess,
-		rawInput:                      rawInput,
-		input:                         input,
-		hand:                          hand,
-		tlsReadRecord:                 tlsReadRecord,
-		tlsHandlePostHandshakeMessage: tlsHandlePostHandshakeMessage,
-	}, nil
-}
-
-func (c *ReadWaitConn) InitializeReadWaiter(options N.ReadWaitOptions) (needCopy bool) {
-	c.readWaitOptions = options
-	return false
-}
-
-func (c *ReadWaitConn) WaitReadBuffer() (buffer *buf.Buffer, err error) {
-	err = c.HandshakeContext(context.Background())
-	if err != nil {
-		return
-	}
-	c.halfAccess.Lock()
-	defer c.halfAccess.Unlock()
-	for c.input.Len() == 0 {
-		err = c.tlsReadRecord()
-		if err != nil {
-			return
-		}
-		for c.hand.Len() > 0 {
-			err = c.tlsHandlePostHandshakeMessage()
-			if err != nil {
-				return
-			}
-		}
-	}
-	buffer = c.readWaitOptions.NewBuffer()
-	n, err := c.input.Read(buffer.FreeBytes())
-	if err != nil {
-		buffer.Release()
-		return
-	}
-	buffer.Truncate(n)
-
-	if n != 0 && c.input.Len() == 0 && c.rawInput.Len() > 0 &&
-		// recordType(c.rawInput.Bytes()[0]) == recordTypeAlert {
-		c.rawInput.Bytes()[0] == 21 {
-		_ = c.tlsReadRecord()
-		// return n, err // will be io.EOF on closeNotify
-	}
-
-	c.readWaitOptions.PostReturn(buffer)
-	return
-}
-
-func (c *ReadWaitConn) Upstream() any {
-	return c.Conn
-}
-
-var tlsRegistry []func(conn net.Conn) (loaded bool, tlsReadRecord func() error, tlsHandlePostHandshakeMessage func() error)
-
-func init() {
-	tlsRegistry = append(tlsRegistry, func(conn net.Conn) (loaded bool, tlsReadRecord func() error, tlsHandlePostHandshakeMessage func() error) {
-		tlsConn, loaded := conn.(*tls.STDConn)
-		if !loaded {
-			return
-		}
-		return true, func() error {
-				return stdTLSReadRecord(tlsConn)
-			}, func() error {
-				return stdTLSHandlePostHandshakeMessage(tlsConn)
-			}
-	})
-}
-
-//go:linkname stdTLSReadRecord crypto/tls.(*Conn).readRecord
-func stdTLSReadRecord(c *tls.STDConn) error
-
-//go:linkname stdTLSHandlePostHandshakeMessage crypto/tls.(*Conn).handlePostHandshakeMessage
-func stdTLSHandlePostHandshakeMessage(c *tls.STDConn) error

common/badtls/read_wait_ech.go

@@ -1,31 +0,0 @@
-//go:build go1.21 && !without_badtls && with_ech
-
-package badtls
-
-import (
-	"net"
-	_ "unsafe"
-
-	"github.com/sagernet/cloudflare-tls"
-	"github.com/sagernet/sing/common"
-)
-
-func init() {
-	tlsRegistry = append(tlsRegistry, func(conn net.Conn) (loaded bool, tlsReadRecord func() error, tlsHandlePostHandshakeMessage func() error) {
-		tlsConn, loaded := common.Cast[*tls.Conn](conn)
-		if !loaded {
-			return
-		}
-		return true, func() error {
-				return echReadRecord(tlsConn)
-			}, func() error {
-				return echHandlePostHandshakeMessage(tlsConn)
-			}
-	})
-}
-
-//go:linkname echReadRecord github.com/sagernet/cloudflare-tls.(*Conn).readRecord
-func echReadRecord(c *tls.Conn) error
-
-//go:linkname echHandlePostHandshakeMessage github.com/sagernet/cloudflare-tls.(*Conn).handlePostHandshakeMessage
-func echHandlePostHandshakeMessage(c *tls.Conn) error

common/badtls/read_wait_stub.go

@@ -1,13 +0,0 @@
-//go:build !go1.21 || without_badtls
-
-package badtls
-
-import (
-	"os"
-
-	"github.com/sagernet/sing/common/tls"
-)
-
-func NewReadWaitConn(conn tls.Conn) (tls.Conn, error) {
-	return nil, os.ErrInvalid
-}

common/badtls/read_wait_utls.go

@@ -1,31 +0,0 @@
-//go:build go1.21 && !without_badtls && with_utls
-
-package badtls
-
-import (
-	"net"
-	_ "unsafe"
-
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/utls"
-)
-
-func init() {
-	tlsRegistry = append(tlsRegistry, func(conn net.Conn) (loaded bool, tlsReadRecord func() error, tlsHandlePostHandshakeMessage func() error) {
-		tlsConn, loaded := common.Cast[*tls.UConn](conn)
-		if !loaded {
-			return
-		}
-		return true, func() error {
-				return utlsReadRecord(tlsConn.Conn)
-			}, func() error {
-				return utlsHandlePostHandshakeMessage(tlsConn.Conn)
-			}
-	})
-}
-
-//go:linkname utlsReadRecord github.com/sagernet/utls.(*Conn).readRecord
-func utlsReadRecord(c *tls.Conn) error
-
-//go:linkname utlsHandlePostHandshakeMessage github.com/sagernet/utls.(*Conn).handlePostHandshakeMessage
-func utlsHandlePostHandshakeMessage(c *tls.Conn) error

common/badversion/version.go

@@ -1,124 +0,0 @@
-package badversion
-
-import (
-	"strconv"
-	"strings"
-
-	F "github.com/sagernet/sing/common/format"
-)
-
-type Version struct {
-	Major                int
-	Minor                int
-	Patch                int
-	Commit               string
-	PreReleaseIdentifier string
-	PreReleaseVersion    int
-}
-
-func (v Version) After(anotherVersion Version) bool {
-	if v.Major > anotherVersion.Major {
-		return true
-	} else if v.Major < anotherVersion.Major {
-		return false
-	}
-	if v.Minor > anotherVersion.Minor {
-		return true
-	} else if v.Minor < anotherVersion.Minor {
-		return false
-	}
-	if v.Patch > anotherVersion.Patch {
-		return true
-	} else if v.Patch < anotherVersion.Patch {
-		return false
-	}
-	if v.PreReleaseIdentifier == "" && anotherVersion.PreReleaseIdentifier != "" {
-		return true
-	} else if v.PreReleaseIdentifier != "" && anotherVersion.PreReleaseIdentifier == "" {
-		return false
-	}
-	if v.PreReleaseIdentifier != "" && anotherVersion.PreReleaseIdentifier != "" {
-		if v.PreReleaseIdentifier == anotherVersion.PreReleaseIdentifier {
-			if v.PreReleaseVersion > anotherVersion.PreReleaseVersion {
-				return true
-			} else if v.PreReleaseVersion < anotherVersion.PreReleaseVersion {
-				return false
-			}
-		} else if v.PreReleaseIdentifier == "rc" && anotherVersion.PreReleaseIdentifier == "beta" {
-			return true
-		} else if v.PreReleaseIdentifier == "beta" && anotherVersion.PreReleaseIdentifier == "rc" {
-			return false
-		} else if v.PreReleaseIdentifier == "beta" && anotherVersion.PreReleaseIdentifier == "alpha" {
-			return true
-		} else if v.PreReleaseIdentifier == "alpha" && anotherVersion.PreReleaseIdentifier == "beta" {
-			return false
-		}
-	}
-	return false
-}
-
-func (v Version) VersionString() string {
-	return F.ToString(v.Major, ".", v.Minor, ".", v.Patch)
-}
-
-func (v Version) String() string {
-	version := F.ToString(v.Major, ".", v.Minor, ".", v.Patch)
-	if v.PreReleaseIdentifier != "" {
-		version = F.ToString(version, "-", v.PreReleaseIdentifier, ".", v.PreReleaseVersion)
-	}
-	return version
-}
-
-func (v Version) BadString() string {
-	version := F.ToString(v.Major, ".", v.Minor)
-	if v.Patch > 0 {
-		version = F.ToString(version, ".", v.Patch)
-	}
-	if v.PreReleaseIdentifier != "" {
-		version = F.ToString(version, "-", v.PreReleaseIdentifier)
-		if v.PreReleaseVersion > 0 {
-			version = F.ToString(version, v.PreReleaseVersion)
-		}
-	}
-	return version
-}
-
-func Parse(versionName string) (version Version) {
-	if strings.HasPrefix(versionName, "v") {
-		versionName = versionName[1:]
-	}
-	if strings.Contains(versionName, "-") {
-		parts := strings.Split(versionName, "-")
-		versionName = parts[0]
-		identifier := parts[1]
-		if strings.Contains(identifier, ".") {
-			identifierParts := strings.Split(identifier, ".")
-			version.PreReleaseIdentifier = identifierParts[0]
-			if len(identifierParts) >= 2 {
-				version.PreReleaseVersion, _ = strconv.Atoi(identifierParts[1])
-			}
-		} else {
-			if strings.HasPrefix(identifier, "alpha") {
-				version.PreReleaseIdentifier = "alpha"
-				version.PreReleaseVersion, _ = strconv.Atoi(identifier[5:])
-			} else if strings.HasPrefix(identifier, "beta") {
-				version.PreReleaseIdentifier = "beta"
-				version.PreReleaseVersion, _ = strconv.Atoi(identifier[4:])
-			} else {
-				version.Commit = identifier
-			}
-		}
-	}
-	versionElements := strings.Split(versionName, ".")
-	versionLen := len(versionElements)
-	if versionLen >= 1 {
-		version.Major, _ = strconv.Atoi(versionElements[0])
-	}
-	if versionLen >= 2 {
-		version.Minor, _ = strconv.Atoi(versionElements[1])
-	}
-	if versionLen >= 3 {
-		version.Patch, _ = strconv.Atoi(versionElements[2])
-	}
-	return
-}

common/badversion/version_json.go

@@ -1,17 +0,0 @@
-package badversion
-
-import "github.com/sagernet/sing/common/json"
-
-func (v Version) MarshalJSON() ([]byte, error) {
-	return json.Marshal(v.String())
-}
-
-func (v *Version) UnmarshalJSON(data []byte) error {
-	var version string
-	err := json.Unmarshal(data, &version)
-	if err != nil {
-		return err
-	}
-	*v = Parse(version)
-	return nil
-}

common/badversion/version_test.go

@@ -1,18 +0,0 @@
-package badversion
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestCompareVersion(t *testing.T) {
-	t.Parallel()
-	require.Equal(t, "1.3.0-beta.1", Parse("v1.3.0-beta1").String())
-	require.Equal(t, "1.3-beta1", Parse("v1.3.0-beta.1").BadString())
-	require.True(t, Parse("1.3.0").After(Parse("1.3-beta1")))
-	require.True(t, Parse("1.3.0").After(Parse("1.3.0-beta1")))
-	require.True(t, Parse("1.3.0-beta1").After(Parse("1.3.0-alpha1")))
-	require.True(t, Parse("1.3.1").After(Parse("1.3.0")))
-	require.True(t, Parse("1.4").After(Parse("1.3")))
-}

common/canceler/instance.go

@@ -0,0 +1,48 @@
+package canceler
+
+import (
+	"context"
+	"time"
+)
+
+type Instance struct {
+	ctx        context.Context
+	cancelFunc context.CancelFunc
+	timer      *time.Timer
+	timeout    time.Duration
+}
+
+func New(ctx context.Context, cancelFunc context.CancelFunc, timeout time.Duration) *Instance {
+	instance := &Instance{
+		ctx,
+		cancelFunc,
+		time.NewTimer(timeout),
+		timeout,
+	}
+	go instance.wait()
+	return instance
+}
+
+func (i *Instance) Update() bool {
+	if !i.timer.Stop() {
+		return false
+	}
+	if !i.timer.Reset(i.timeout) {
+		return false
+	}
+	return true
+}
+
+func (i *Instance) wait() {
+	select {
+	case <-i.timer.C:
+	case <-i.ctx.Done():
+	}
+	i.Close()
+}
+
+func (i *Instance) Close() error {
+	i.timer.Stop()
+	i.cancelFunc()
+	return nil
+}

common/canceler/packet.go

@@ -0,0 +1,49 @@
+package canceler
+
+import (
+	"context"
+	"time"
+
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type PacketConn struct {
+	N.PacketConn
+	instance *Instance
+}
+
+func NewPacketConn(ctx context.Context, conn N.PacketConn, timeout time.Duration) (context.Context, N.PacketConn) {
+	ctx, cancel := context.WithCancel(ctx)
+	instance := New(ctx, cancel, timeout)
+	return ctx, &PacketConn{conn, instance}
+}
+
+func (c *PacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	destination, err = c.PacketConn.ReadPacket(buffer)
+	if err == nil {
+		c.instance.Update()
+	}
+	return
+}
+
+func (c *PacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	err := c.PacketConn.WritePacket(buffer, destination)
+	if err == nil {
+		c.instance.Update()
+	}
+	return err
+}
+
+func (c *PacketConn) Close() error {
+	return common.Close(
+		c.PacketConn,
+		c.instance,
+	)
+}
+
+func (c *PacketConn) Upstream() any {
+	return c.PacketConn
+}

common/conntrack/conn.go

@@ -1,54 +0,0 @@
-package conntrack
-
-import (
-	"io"
-	"net"
-
-	"github.com/sagernet/sing/common/x/list"
-)
-
-type Conn struct {
-	net.Conn
-	element *list.Element[io.Closer]
-}
-
-func NewConn(conn net.Conn) (net.Conn, error) {
-	connAccess.Lock()
-	element := openConnection.PushBack(conn)
-	connAccess.Unlock()
-	if KillerEnabled {
-		err := KillerCheck()
-		if err != nil {
-			conn.Close()
-			return nil, err
-		}
-	}
-	return &Conn{
-		Conn:    conn,
-		element: element,
-	}, nil
-}
-
-func (c *Conn) Close() error {
-	if c.element.Value != nil {
-		connAccess.Lock()
-		if c.element.Value != nil {
-			openConnection.Remove(c.element)
-			c.element.Value = nil
-		}
-		connAccess.Unlock()
-	}
-	return c.Conn.Close()
-}
-
-func (c *Conn) Upstream() any {
-	return c.Conn
-}
-
-func (c *Conn) ReaderReplaceable() bool {
-	return true
-}
-
-func (c *Conn) WriterReplaceable() bool {
-	return true
-}

common/conntrack/killer.go

@@ -1,35 +0,0 @@
-package conntrack
-
-import (
-	runtimeDebug "runtime/debug"
-	"time"
-
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/memory"
-)
-
-var (
-	KillerEnabled   bool
-	MemoryLimit     uint64
-	killerLastCheck time.Time
-)
-
-func KillerCheck() error {
-	if !KillerEnabled {
-		return nil
-	}
-	nowTime := time.Now()
-	if nowTime.Sub(killerLastCheck) < 3*time.Second {
-		return nil
-	}
-	killerLastCheck = nowTime
-	if memory.Total() > MemoryLimit {
-		Close()
-		go func() {
-			time.Sleep(time.Second)
-			runtimeDebug.FreeOSMemory()
-		}()
-		return E.New("out of memory")
-	}
-	return nil
-}

common/conntrack/packet_conn.go

@@ -1,55 +0,0 @@
-package conntrack
-
-import (
-	"io"
-	"net"
-
-	"github.com/sagernet/sing/common/bufio"
-	"github.com/sagernet/sing/common/x/list"
-)
-
-type PacketConn struct {
-	net.PacketConn
-	element *list.Element[io.Closer]
-}
-
-func NewPacketConn(conn net.PacketConn) (net.PacketConn, error) {
-	connAccess.Lock()
-	element := openConnection.PushBack(conn)
-	connAccess.Unlock()
-	if KillerEnabled {
-		err := KillerCheck()
-		if err != nil {
-			conn.Close()
-			return nil, err
-		}
-	}
-	return &PacketConn{
-		PacketConn: conn,
-		element:    element,
-	}, nil
-}
-
-func (c *PacketConn) Close() error {
-	if c.element.Value != nil {
-		connAccess.Lock()
-		if c.element.Value != nil {
-			openConnection.Remove(c.element)
-			c.element.Value = nil
-		}
-		connAccess.Unlock()
-	}
-	return c.PacketConn.Close()
-}
-
-func (c *PacketConn) Upstream() any {
-	return bufio.NewPacketConn(c.PacketConn)
-}
-
-func (c *PacketConn) ReaderReplaceable() bool {
-	return true
-}
-
-func (c *PacketConn) WriterReplaceable() bool {
-	return true
-}