documentation: Bump version

Fix missing inbound options
Fix HandshakeFailure usages
2026-04-14 04:38:28 +10:00 · 2024-11-15 17:21:48 +08:00 · 2024-11-15 17:21:48 +08:00 · 2024-11-15 17:14:19 +08:00 · 2024-11-15 17:14:19 +08:00 · 2024-11-15 17:14:19 +08:00
113 changed files with 3224 additions and 1127 deletions
--- a/14
+++ b/14
@@ -96,11 +96,7 @@ upload_android:
 release_android: lib_android update_android_version build_android upload_android

 publish_android:
-	cd ../sing-box-for-android && ./gradlew :app:publishPlayReleaseBundle
-
-publish_android_appcenter:
-	cd ../sing-box-for-android && ./gradlew :app:appCenterAssembleAndUploadPlayRelease
-
+	cd ../sing-box-for-android && ./gradlew :app:publishPlayReleaseBundle && ./gradlew --stop

 # TODO: find why and remove `-destination 'generic/platform=iOS'`
 build_ios:
@@ -147,9 +143,13 @@ build_macos_dmg:
 		--hide-extension "SFM.app" \
 		--app-drop-link 0 0 \
 		--skip-jenkins \
-		--notarize "notarytool-password" \
 		"../sing-box/dist/SFM/SFM.dmg" "build/SFM.System/SFM.app"

+notarize_macos_dmg:
+	xcrun notarytool submit "dist/SFM/SFM.dmg" --wait \
+	  --keychain-profile "notarytool-password" \
+  	  --no-s3-acceleration
+
 upload_macos_dmg:
 	cd dist/SFM && \
 	cp SFM.dmg "SFM-${VERSION}-universal.dmg" && \
@@ -164,7 +164,7 @@ upload_macos_dsyms:
 	cp SFM.dSYMs.zip "SFM-${VERSION}-universal.dSYMs.zip" && \
 	ghr --replace --draft --prerelease "v${VERSION}" "SFM-${VERSION}-universal.dSYMs.zip"

-release_macos_standalone: build_macos_standalone build_macos_dmg upload_macos_dmg upload_macos_dsyms
+release_macos_standalone: build_macos_standalone build_macos_dmg notarize_macos_dmg upload_macos_dmg upload_macos_dsyms

 build_tvos:
 	cd ../sing-box-for-apple && \
--- a/adapter/inbound.go
+++ b/adapter/inbound.go
@@ -3,8 +3,10 @@ package adapter
 import (
 	"context"
 	"net/netip"
+	"time"

 	"github.com/sagernet/sing-box/common/process"
+	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	M "github.com/sagernet/sing/common/metadata"
@@ -59,13 +61,18 @@ type InboundContext struct {
 	// cache

 	// Deprecated: implement in rule action
-	InboundDetour     string
-	LastInbound       string
-	OriginDestination M.Socksaddr
+	InboundDetour            string
+	LastInbound              string
+	OriginDestination        M.Socksaddr
+	RouteOriginalDestination M.Socksaddr
 	// Deprecated
 	InboundOptions            option.InboundOptions
 	UDPDisableDomainUnmapping bool
 	UDPConnect                bool
+	NetworkStrategy           C.NetworkStrategy
+	NetworkType               []C.InterfaceType
+	FallbackNetworkType       []C.InterfaceType
+	FallbackDelay             time.Duration

 	DNSServer string

--- a/adapter/inbound/manager.go
+++ b/adapter/inbound/manager.go
@@ -44,7 +44,7 @@ func (m *Manager) Start(stage adapter.StartStage) error {
 	for _, inbound := range m.inbounds {
 		err := adapter.LegacyStart(inbound, stage)
 		if err != nil {
-			return E.Cause(err, stage.Action(), " inbound/", inbound.Type(), "[", inbound.Tag(), "]")
+			return E.Cause(err, stage, " inbound/", inbound.Type(), "[", inbound.Tag(), "]")
 		}
 	}
 	return nil
@@ -118,7 +118,7 @@ func (m *Manager) Create(ctx context.Context, router adapter.Router, logger log.
 		for _, stage := range adapter.ListStartStages {
 			err = adapter.LegacyStart(inbound, stage)
 			if err != nil {
-				return E.Cause(err, stage.Action(), " inbound/", inbound.Type(), "[", inbound.Tag(), "]")
+				return E.Cause(err, stage, " inbound/", inbound.Type(), "[", inbound.Tag(), "]")
 			}
 		}
 	}
--- a/adapter/lifecycle.go
+++ b/adapter/lifecycle.go
@@ -1,5 +1,7 @@
 package adapter

+import E "github.com/sagernet/sing/common/exceptions"
+
 type StartStage uint8

 const (
@@ -16,7 +18,7 @@ var ListStartStages = []StartStage{
 	StartStateStarted,
 }

-func (s StartStage) Action() string {
+func (s StartStage) String() string {
 	switch s {
 	case StartStateInitialize:
 		return "initialize"
@@ -25,7 +27,7 @@ func (s StartStage) Action() string {
 	case StartStatePostStart:
 		return "post-start"
 	case StartStateStarted:
-		return "start-after-started"
+		return "finish-start"
 	default:
 		panic("unknown stage")
 	}
@@ -40,3 +42,23 @@ type LifecycleService interface {
 	Name() string
 	Lifecycle
 }
+
+func Start(stage StartStage, services ...Lifecycle) error {
+	for _, service := range services {
+		err := service.Start(stage)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func StartNamed(stage StartStage, services []LifecycleService) error {
+	for _, service := range services {
+		err := service.Start(stage)
+		if err != nil {
+			return E.Cause(err, stage.String(), " ", service.Name())
+		}
+	}
+	return nil
+}
--- a/adapter/lifecycle_legacy.go
+++ b/adapter/lifecycle_legacy.go
@@ -14,7 +14,7 @@ func LegacyStart(starter any, stage StartStage) error {
 		}); isStarter {
 			return starter.Start()
 		}
-	case StartStatePostStart:
+	case StartStateStarted:
 		if postStarter, isPostStarter := starter.(interface {
 			PostStart() error
 		}); isPostStarter {
--- a/adapter/network.go
+++ b/adapter/network.go
@@ -1,6 +1,9 @@
 package adapter

 import (
+	"time"
+
+	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common/control"
 )
@@ -9,10 +12,12 @@ type NetworkManager interface {
 	Lifecycle
 	InterfaceFinder() control.InterfaceFinder
 	UpdateInterfaces() error
-	DefaultInterface() string
+	DefaultNetworkInterface() *NetworkInterface
+	NetworkInterfaces() []NetworkInterface
 	AutoDetectInterface() bool
 	AutoDetectInterfaceFunc() control.Func
-	DefaultMark() uint32
+	ProtectFunc() control.Func
+	DefaultOptions() NetworkOptions
 	RegisterAutoRedirectOutputMark(mark uint32) error
 	AutoRedirectOutputMark() uint32
 	NetworkMonitor() tun.NetworkUpdateMonitor
@@ -21,3 +26,29 @@ type NetworkManager interface {
 	WIFIState() WIFIState
 	ResetNetwork()
 }
+
+type NetworkOptions struct {
+	NetworkStrategy     C.NetworkStrategy
+	NetworkType         []C.InterfaceType
+	FallbackNetworkType []C.InterfaceType
+	FallbackDelay       time.Duration
+	BindInterface       string
+	RoutingMark         uint32
+}
+
+type InterfaceUpdateListener interface {
+	InterfaceUpdated()
+}
+
+type WIFIState struct {
+	SSID  string
+	BSSID string
+}
+
+type NetworkInterface struct {
+	control.Interface
+	Type        C.InterfaceType
+	DNSServers  []string
+	Expensive   bool
+	Constrained bool
+}
--- a/adapter/outbound/default.go
+++ b/adapter/outbound/default.go
@@ -8,8 +8,8 @@ import (
 	"time"

 	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/common/dialer"
 	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-dns"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
 	"github.com/sagernet/sing/common/bufio"
@@ -25,35 +25,7 @@ func NewConnection(ctx context.Context, this N.Dialer, conn net.Conn, metadata a
 	var outConn net.Conn
 	var err error
 	if len(metadata.DestinationAddresses) > 0 {
-		outConn, err = N.DialSerial(ctx, this, N.NetworkTCP, metadata.Destination, metadata.DestinationAddresses)
-	} else {
-		outConn, err = this.DialContext(ctx, N.NetworkTCP, metadata.Destination)
-	}
-	if err != nil {
-		return N.ReportHandshakeFailure(conn, err)
-	}
-	err = N.ReportConnHandshakeSuccess(conn, outConn)
-	if err != nil {
-		outConn.Close()
-		return err
-	}
-	return CopyEarlyConn(ctx, conn, outConn)
-}
-
-func NewDirectConnection(ctx context.Context, router adapter.Router, this N.Dialer, conn net.Conn, metadata adapter.InboundContext, domainStrategy dns.DomainStrategy) error {
-	defer conn.Close()
-	ctx = adapter.WithContext(ctx, &metadata)
-	var outConn net.Conn
-	var err error
-	if len(metadata.DestinationAddresses) > 0 {
-		outConn, err = N.DialSerial(ctx, this, N.NetworkTCP, metadata.Destination, metadata.DestinationAddresses)
-	} else if metadata.Destination.IsFqdn() {
-		var destinationAddresses []netip.Addr
-		destinationAddresses, err = router.Lookup(ctx, metadata.Destination.Fqdn, domainStrategy)
-		if err != nil {
-			return N.ReportHandshakeFailure(conn, err)
-		}
-		outConn, err = N.DialSerial(ctx, this, N.NetworkTCP, metadata.Destination, destinationAddresses)
+		outConn, err = dialer.DialSerialNetwork(ctx, this, N.NetworkTCP, metadata.Destination, metadata.DestinationAddresses, metadata.NetworkStrategy, metadata.NetworkType, metadata.FallbackNetworkType, metadata.FallbackDelay)
 	} else {
 		outConn, err = this.DialContext(ctx, N.NetworkTCP, metadata.Destination)
 	}
@@ -79,7 +51,11 @@ func NewPacketConnection(ctx context.Context, this N.Dialer, conn N.PacketConn,
 	)
 	if metadata.UDPConnect {
 		if len(metadata.DestinationAddresses) > 0 {
-			outConn, err = N.DialSerial(ctx, this, N.NetworkUDP, metadata.Destination, metadata.DestinationAddresses)
+			if parallelDialer, isParallelDialer := this.(dialer.ParallelInterfaceDialer); isParallelDialer {
+				outConn, err = dialer.DialSerialNetwork(ctx, parallelDialer, N.NetworkUDP, metadata.Destination, metadata.DestinationAddresses, metadata.NetworkStrategy, metadata.NetworkType, metadata.FallbackNetworkType, metadata.FallbackDelay)
+			} else {
+				outConn, err = N.DialSerial(ctx, this, N.NetworkUDP, metadata.Destination, metadata.DestinationAddresses)
+			}
 		} else {
 			outConn, err = this.DialContext(ctx, N.NetworkUDP, metadata.Destination)
 		}
@@ -93,7 +69,7 @@ func NewPacketConnection(ctx context.Context, this N.Dialer, conn N.PacketConn,
 		}
 	} else {
 		if len(metadata.DestinationAddresses) > 0 {
-			outPacketConn, destinationAddress, err = N.ListenSerial(ctx, this, metadata.Destination, metadata.DestinationAddresses)
+			outPacketConn, destinationAddress, err = dialer.ListenSerialNetworkPacket(ctx, this, metadata.Destination, metadata.DestinationAddresses, metadata.NetworkStrategy, metadata.NetworkType, metadata.FallbackNetworkType, metadata.FallbackDelay)
 		} else {
 			outPacketConn, err = this.ListenPacket(ctx, metadata.Destination)
 		}
@@ -107,11 +83,17 @@ func NewPacketConnection(ctx context.Context, this N.Dialer, conn N.PacketConn,
 		return err
 	}
 	if destinationAddress.IsValid() {
-		if metadata.Destination.IsFqdn() {
+		var originDestination M.Socksaddr
+		if metadata.RouteOriginalDestination.IsValid() {
+			originDestination = metadata.RouteOriginalDestination
+		} else {
+			originDestination = metadata.Destination
+		}
+		if metadata.Destination != M.SocksaddrFrom(destinationAddress, metadata.Destination.Port) {
 			if metadata.UDPDisableDomainUnmapping {
-				outPacketConn = bufio.NewUnidirectionalNATPacketConn(bufio.NewPacketConn(outPacketConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), metadata.Destination)
+				outPacketConn = bufio.NewUnidirectionalNATPacketConn(bufio.NewPacketConn(outPacketConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), originDestination)
 			} else {
-				outPacketConn = bufio.NewNATPacketConn(bufio.NewPacketConn(outPacketConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), metadata.Destination)
+				outPacketConn = bufio.NewNATPacketConn(bufio.NewPacketConn(outPacketConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), originDestination)
 			}
 		}
 		if natConn, loaded := common.Cast[bufio.NATPacketConn](conn); loaded {
@@ -129,76 +111,6 @@ func NewPacketConnection(ctx context.Context, this N.Dialer, conn N.PacketConn,
 	return bufio.CopyPacketConn(ctx, conn, bufio.NewPacketConn(outPacketConn))
 }

-func NewDirectPacketConnection(ctx context.Context, router adapter.Router, this N.Dialer, conn N.PacketConn, metadata adapter.InboundContext, domainStrategy dns.DomainStrategy) error {
-	defer conn.Close()
-	ctx = adapter.WithContext(ctx, &metadata)
-	var (
-		outPacketConn      net.PacketConn
-		outConn            net.Conn
-		destinationAddress netip.Addr
-		err                error
-	)
-	if metadata.UDPConnect {
-		if len(metadata.DestinationAddresses) > 0 {
-			outConn, err = N.DialSerial(ctx, this, N.NetworkUDP, metadata.Destination, metadata.DestinationAddresses)
-		} else if metadata.Destination.IsFqdn() {
-			var destinationAddresses []netip.Addr
-			destinationAddresses, err = router.Lookup(ctx, metadata.Destination.Fqdn, domainStrategy)
-			if err != nil {
-				return N.ReportHandshakeFailure(conn, err)
-			}
-			outConn, err = N.DialSerial(ctx, this, N.NetworkUDP, metadata.Destination, destinationAddresses)
-		} else {
-			outConn, err = this.DialContext(ctx, N.NetworkUDP, metadata.Destination)
-		}
-		if err != nil {
-			return N.ReportHandshakeFailure(conn, err)
-		}
-		connRemoteAddr := M.AddrFromNet(outConn.RemoteAddr())
-		if connRemoteAddr != metadata.Destination.Addr {
-			destinationAddress = connRemoteAddr
-		}
-	} else {
-		if len(metadata.DestinationAddresses) > 0 {
-			outPacketConn, destinationAddress, err = N.ListenSerial(ctx, this, metadata.Destination, metadata.DestinationAddresses)
-		} else if metadata.Destination.IsFqdn() {
-			var destinationAddresses []netip.Addr
-			destinationAddresses, err = router.Lookup(ctx, metadata.Destination.Fqdn, domainStrategy)
-			if err != nil {
-				return N.ReportHandshakeFailure(conn, err)
-			}
-			outPacketConn, destinationAddress, err = N.ListenSerial(ctx, this, metadata.Destination, destinationAddresses)
-		} else {
-			outPacketConn, err = this.ListenPacket(ctx, metadata.Destination)
-		}
-		if err != nil {
-			return N.ReportHandshakeFailure(conn, err)
-		}
-	}
-	err = N.ReportPacketConnHandshakeSuccess(conn, outPacketConn)
-	if err != nil {
-		outPacketConn.Close()
-		return err
-	}
-	if destinationAddress.IsValid() {
-		if metadata.Destination.IsFqdn() {
-			outPacketConn = bufio.NewNATPacketConn(bufio.NewPacketConn(outPacketConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), metadata.Destination)
-		}
-		if natConn, loaded := common.Cast[bufio.NATPacketConn](conn); loaded {
-			natConn.UpdateDestination(destinationAddress)
-		}
-	}
-	switch metadata.Protocol {
-	case C.ProtocolSTUN:
-		ctx, conn = canceler.NewPacketConn(ctx, conn, C.STUNTimeout)
-	case C.ProtocolQUIC:
-		ctx, conn = canceler.NewPacketConn(ctx, conn, C.QUICTimeout)
-	case C.ProtocolDNS:
-		ctx, conn = canceler.NewPacketConn(ctx, conn, C.DNSTimeout)
-	}
-	return bufio.CopyPacketConn(ctx, conn, bufio.NewPacketConn(outPacketConn))
-}
-
 func CopyEarlyConn(ctx context.Context, conn net.Conn, serverConn net.Conn) error {
 	if cachedReader, isCached := conn.(N.CachedReader); isCached {
 		payload := cachedReader.ReadCached()
--- a/adapter/outbound/manager.go
+++ b/adapter/outbound/manager.go
@@ -61,7 +61,7 @@ func (m *Manager) Start(stage adapter.StartStage) error {
 		for _, outbound := range outbounds {
 			err := adapter.LegacyStart(outbound, stage)
 			if err != nil {
-				return E.Cause(err, stage.Action(), " outbound/", outbound.Type(), "[", outbound.Tag(), "]")
+				return E.Cause(err, stage, " outbound/", outbound.Type(), "[", outbound.Tag(), "]")
 			}
 		}
 	}
@@ -234,7 +234,7 @@ func (m *Manager) Create(ctx context.Context, router adapter.Router, logger log.
 		for _, stage := range adapter.ListStartStages {
 			err = adapter.LegacyStart(outbound, stage)
 			if err != nil {
-				return E.Cause(err, stage.Action(), " outbound/", outbound.Type(), "[", outbound.Tag(), "]")
+				return E.Cause(err, stage, " outbound/", outbound.Type(), "[", outbound.Tag(), "]")
 			}
 		}
 	}
--- a/adapter/router.go
+++ b/adapter/router.go
@@ -119,12 +119,3 @@ func (c *HTTPStartContext) Close() {
 		client.CloseIdleConnections()
 	}
 }
-
-type InterfaceUpdateListener interface {
-	InterfaceUpdated()
-}
-
-type WIFIState struct {
-	SSID  string
-	BSSID string
-}
--- a/box.go
+++ b/box.go
@@ -315,27 +315,17 @@ func (s *Box) preStart() error {
 	if err != nil {
 		return E.Cause(err, "start logger")
 	}
-	for _, lifecycleService := range s.services {
-		err = lifecycleService.Start(adapter.StartStateInitialize) // cache-file
-		if err != nil {
-			return E.Cause(err, "initialize ", lifecycleService.Name())
-		}
+	err = adapter.StartNamed(adapter.StartStateInitialize, s.services) // cache-file clash-api v2ray-api
+	if err != nil {
+		return err
 	}
-	for _, lifecycle := range []adapter.Lifecycle{
-		s.network, s.router, s.outbound, s.inbound,
-	} {
-		err = lifecycle.Start(adapter.StartStateInitialize)
-		if err != nil {
-			return err
-		}
+	err = adapter.Start(adapter.StartStateInitialize, s.network, s.router, s.outbound, s.inbound)
+	if err != nil {
+		return err
 	}
-	for _, lifecycle := range []adapter.Lifecycle{
-		s.outbound, s.network, s.router,
-	} {
-		err = lifecycle.Start(adapter.StartStateStart)
-		if err != nil {
-			return err
-		}
+	err = adapter.Start(adapter.StartStateStart, s.outbound, s.network, s.router)
+	if err != nil {
+		return err
 	}
 	return nil
 }
@@ -345,31 +335,29 @@ func (s *Box) start() error {
 	if err != nil {
 		return err
 	}
-	for _, lifecycleService := range s.services {
-		err = lifecycleService.Start(adapter.StartStateStart)
-		if err != nil {
-			return E.Cause(err, "initialize ", lifecycleService.Name())
-		}
+	err = adapter.StartNamed(adapter.StartStateStart, s.services)
+	if err != nil {
+		return err
 	}
 	err = s.inbound.Start(adapter.StartStateStart)
 	if err != nil {
 		return err
 	}
-	for _, lifecycleService := range []adapter.Lifecycle{
-		s.outbound, s.network, s.router, s.inbound,
-	} {
-		err = lifecycleService.Start(adapter.StartStatePostStart)
-		if err != nil {
-			return err
-		}
+	err = adapter.Start(adapter.StartStatePostStart, s.outbound, s.network, s.router, s.inbound)
+	if err != nil {
+		return err
 	}
-	for _, lifecycleService := range []adapter.Lifecycle{
-		s.network, s.router, s.outbound, s.inbound,
-	} {
-		err = lifecycleService.Start(adapter.StartStateStarted)
-		if err != nil {
-			return err
-		}
+	err = adapter.StartNamed(adapter.StartStatePostStart, s.services)
+	if err != nil {
+		return err
+	}
+	err = adapter.Start(adapter.StartStateStarted, s.network, s.router, s.outbound, s.inbound)
+	if err != nil {
+		return err
+	}
+	err = adapter.StartNamed(adapter.StartStateStarted, s.services)
+	if err != nil {
+		return err
 	}
 	return nil
 }
--- a/cmd/internal/build_shared/sdk.go
+++ b/cmd/internal/build_shared/sdk.go
@@ -58,7 +58,7 @@ func FindSDK() {
 }

 func findNDK() bool {
-	const fixedVersion = "26.3.11579264"
+	const fixedVersion = "26.2.11394342"
 	const versionFile = "source.properties"
 	if fixedPath := filepath.Join(androidSDKPath, "ndk", fixedVersion); rw.IsFile(filepath.Join(fixedPath, versionFile)) {
 		androidNDKPath = fixedPath
--- a/cmd/sing-box/cmd_rule_set_compile.go
+++ b/cmd/sing-box/cmd_rule_set_compile.go
@@ -6,7 +6,6 @@ import (
 	"strings"

 	"github.com/sagernet/sing-box/common/srs"
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing/common/json"
@@ -56,10 +55,6 @@ func compileRuleSet(sourcePath string) error {
 	if err != nil {
 		return err
 	}
-	ruleSet, err := plainRuleSet.Upgrade()
-	if err != nil {
-		return err
-	}
 	var outputPath string
 	if flagRuleSetCompileOutput == flagRuleSetCompileDefaultOutput {
 		if strings.HasSuffix(sourcePath, ".json") {
@@ -74,7 +69,7 @@ func compileRuleSet(sourcePath string) error {
 	if err != nil {
 		return err
 	}
-	err = srs.Write(outputFile, ruleSet, plainRuleSet.Version == C.RuleSetVersion2)
+	err = srs.Write(outputFile, plainRuleSet.Options, plainRuleSet.Version)
 	if err != nil {
 		outputFile.Close()
 		os.Remove(outputPath)
--- a/cmd/sing-box/cmd_rule_set_convert.go
+++ b/cmd/sing-box/cmd_rule_set_convert.go
@@ -7,6 +7,7 @@ import (

 	"github.com/sagernet/sing-box/cmd/sing-box/internal/convertor/adguard"
 	"github.com/sagernet/sing-box/common/srs"
+	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	E "github.com/sagernet/sing/common/exceptions"
@@ -77,7 +78,7 @@ func convertRuleSet(sourcePath string) error {
 		return err
 	}
 	defer outputFile.Close()
-	err = srs.Write(outputFile, option.PlainRuleSet{Rules: rules}, true)
+	err = srs.Write(outputFile, option.PlainRuleSet{Rules: rules}, C.RuleSetVersion2)
 	if err != nil {
 		outputFile.Close()
 		os.Remove(outputPath)
--- a/cmd/sing-box/cmd_rule_set_decompile.go
+++ b/cmd/sing-box/cmd_rule_set_decompile.go
@@ -6,9 +6,7 @@ import (
 	"strings"

 	"github.com/sagernet/sing-box/common/srs"
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing/common/json"

 	"github.com/spf13/cobra"
@@ -48,14 +46,10 @@ func decompileRuleSet(sourcePath string) error {
 			return err
 		}
 	}
-	plainRuleSet, err := srs.Read(reader, true)
+	ruleSet, err := srs.Read(reader, true)
 	if err != nil {
 		return err
 	}
-	ruleSet := option.PlainRuleSetCompat{
-		Version: C.RuleSetVersion1,
-		Options: plainRuleSet,
-	}
 	var outputPath string
 	if flagRuleSetDecompileOutput == flagRuleSetDecompileDefaultOutput {
 		if strings.HasSuffix(sourcePath, ".srs") {
--- a/cmd/sing-box/cmd_rule_set_match.go
+++ b/cmd/sing-box/cmd_rule_set_match.go
@@ -56,26 +56,25 @@ func ruleSetMatch(sourcePath string, domain string) error {
 	if err != nil {
 		return E.Cause(err, "read rule-set")
 	}
-	var plainRuleSet option.PlainRuleSet
+	var ruleSet option.PlainRuleSetCompat
 	switch flagRuleSetMatchFormat {
 	case C.RuleSetFormatSource:
-		var compat option.PlainRuleSetCompat
-		compat, err = json.UnmarshalExtended[option.PlainRuleSetCompat](content)
-		if err != nil {
-			return err
-		}
-		plainRuleSet, err = compat.Upgrade()
+		ruleSet, err = json.UnmarshalExtended[option.PlainRuleSetCompat](content)
 		if err != nil {
 			return err
 		}
 	case C.RuleSetFormatBinary:
-		plainRuleSet, err = srs.Read(bytes.NewReader(content), false)
+		ruleSet, err = srs.Read(bytes.NewReader(content), false)
 		if err != nil {
 			return err
 		}
 	default:
 		return E.New("unknown rule-set format: ", flagRuleSetMatchFormat)
 	}
+	plainRuleSet, err := ruleSet.Upgrade()
+	if err != nil {
+		return err
+	}
 	ipAddress := M.ParseAddr(domain)
 	var metadata adapter.InboundContext
 	if ipAddress.IsValid() {
--- a/cmd/sing-box/internal/convertor/adguard/convertor_test.go
+++ b/cmd/sing-box/internal/convertor/adguard/convertor_test.go
@@ -1,6 +1,7 @@
 package adguard

 import (
+	"context"
 	"strings"
 	"testing"

@@ -26,7 +27,7 @@ example.arpa
 `))
 	require.NoError(t, err)
 	require.Len(t, rules, 1)
-	rule, err := rule.NewHeadlessRule(nil, rules[0])
+	rule, err := rule.NewHeadlessRule(context.Background(), rules[0])
 	require.NoError(t, err)
 	matchDomain := []string{
 		"example.org",
@@ -85,7 +86,7 @@ func TestHosts(t *testing.T) {
 `))
 	require.NoError(t, err)
 	require.Len(t, rules, 1)
-	rule, err := rule.NewHeadlessRule(nil, rules[0])
+	rule, err := rule.NewHeadlessRule(context.Background(), rules[0])
 	require.NoError(t, err)
 	matchDomain := []string{
 		"google.com",
@@ -115,7 +116,7 @@ www.example.org
 `))
 	require.NoError(t, err)
 	require.Len(t, rules, 1)
-	rule, err := rule.NewHeadlessRule(nil, rules[0])
+	rule, err := rule.NewHeadlessRule(context.Background(), rules[0])
 	require.NoError(t, err)
 	matchDomain := []string{
 		"example.com",
--- a/common/dialer/default.go
+++ b/common/dialer/default.go
@@ -10,66 +10,102 @@ import (
 	"github.com/sagernet/sing-box/common/conntrack"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/atomic"
 	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 )

-var _ WireGuardListener = (*DefaultDialer)(nil)
+var (
+	_ ParallelInterfaceDialer = (*DefaultDialer)(nil)
+	_ WireGuardListener       = (*DefaultDialer)(nil)
+)

 type DefaultDialer struct {
-	dialer4             tcpDialer
-	dialer6             tcpDialer
-	udpDialer4          net.Dialer
-	udpDialer6          net.Dialer
-	udpListener         net.ListenConfig
-	udpAddr4            string
-	udpAddr6            string
-	isWireGuardListener bool
+	dialer4              tcpDialer
+	dialer6              tcpDialer
+	udpDialer4           net.Dialer
+	udpDialer6           net.Dialer
+	udpListener          net.ListenConfig
+	udpAddr4             string
+	udpAddr6             string
+	isWireGuardListener  bool
+	networkManager       adapter.NetworkManager
+	networkStrategy      C.NetworkStrategy
+	networkType          []C.InterfaceType
+	fallbackNetworkType  []C.InterfaceType
+	networkFallbackDelay time.Duration
+	networkLastFallback  atomic.TypedValue[time.Time]
 }

 func NewDefault(networkManager adapter.NetworkManager, options option.DialerOptions) (*DefaultDialer, error) {
-	var dialer net.Dialer
-	var listener net.ListenConfig
+	var (
+		dialer               net.Dialer
+		listener             net.ListenConfig
+		interfaceFinder      control.InterfaceFinder
+		networkStrategy      C.NetworkStrategy
+		networkType          []C.InterfaceType
+		fallbackNetworkType  []C.InterfaceType
+		networkFallbackDelay time.Duration
+	)
+	if networkManager != nil {
+		interfaceFinder = networkManager.InterfaceFinder()
+	} else {
+		interfaceFinder = control.NewDefaultInterfaceFinder()
+	}
 	if options.BindInterface != "" {
-		var interfaceFinder control.InterfaceFinder
-		if networkManager != nil {
-			interfaceFinder = networkManager.InterfaceFinder()
-		} else {
-			interfaceFinder = control.NewDefaultInterfaceFinder()
-		}
 		bindFunc := control.BindToInterface(interfaceFinder, options.BindInterface, -1)
 		dialer.Control = control.Append(dialer.Control, bindFunc)
 		listener.Control = control.Append(listener.Control, bindFunc)
-	} else if networkManager != nil && networkManager.AutoDetectInterface() {
-		bindFunc := networkManager.AutoDetectInterfaceFunc()
-		dialer.Control = control.Append(dialer.Control, bindFunc)
-		listener.Control = control.Append(listener.Control, bindFunc)
-	} else if networkManager != nil && networkManager.DefaultInterface() != "" {
-		bindFunc := control.BindToInterface(networkManager.InterfaceFinder(), networkManager.DefaultInterface(), -1)
-		dialer.Control = control.Append(dialer.Control, bindFunc)
-		listener.Control = control.Append(listener.Control, bindFunc)
-	}
-	var autoRedirectOutputMark uint32
-	if networkManager != nil {
-		autoRedirectOutputMark = networkManager.AutoRedirectOutputMark()
-	}
-	if autoRedirectOutputMark > 0 {
-		dialer.Control = control.Append(dialer.Control, control.RoutingMark(autoRedirectOutputMark))
-		listener.Control = control.Append(listener.Control, control.RoutingMark(autoRedirectOutputMark))
 	}
 	if options.RoutingMark > 0 {
-		dialer.Control = control.Append(dialer.Control, control.RoutingMark(options.RoutingMark))
-		listener.Control = control.Append(listener.Control, control.RoutingMark(options.RoutingMark))
+		dialer.Control = control.Append(dialer.Control, control.RoutingMark(uint32(options.RoutingMark)))
+		listener.Control = control.Append(listener.Control, control.RoutingMark(uint32(options.RoutingMark)))
+	}
+	if networkManager != nil {
+		autoRedirectOutputMark := networkManager.AutoRedirectOutputMark()
 		if autoRedirectOutputMark > 0 {
-			return nil, E.New("`auto_redirect` with `route_[_exclude]_address_set is conflict with `routing_mark`")
+			if options.RoutingMark > 0 {
+				return nil, E.New("`routing_mark` is conflict with `tun.auto_redirect` with `tun.route_[_exclude]_address_set")
+			}
+			dialer.Control = control.Append(dialer.Control, control.RoutingMark(autoRedirectOutputMark))
+			listener.Control = control.Append(listener.Control, control.RoutingMark(autoRedirectOutputMark))
 		}
-	} else if networkManager != nil && networkManager.DefaultMark() > 0 {
-		dialer.Control = control.Append(dialer.Control, control.RoutingMark(networkManager.DefaultMark()))
-		listener.Control = control.Append(listener.Control, control.RoutingMark(networkManager.DefaultMark()))
-		if autoRedirectOutputMark > 0 {
-			return nil, E.New("`auto_redirect` with `route_[_exclude]_address_set is conflict with `default_mark`")
+	}
+	if C.NetworkStrategy(options.NetworkStrategy) != C.NetworkStrategyDefault {
+		if options.BindInterface != "" || options.Inet4BindAddress != nil || options.Inet6BindAddress != nil {
+			return nil, E.New("`network_strategy` is conflict with `bind_interface`, `inet4_bind_address` and `inet6_bind_address`")
+		}
+		networkStrategy = C.NetworkStrategy(options.NetworkStrategy)
+		networkType = common.Map(options.NetworkType, option.InterfaceType.Build)
+		fallbackNetworkType = common.Map(options.FallbackNetworkType, option.InterfaceType.Build)
+		networkFallbackDelay = time.Duration(options.NetworkFallbackDelay)
+		if networkManager == nil || !networkManager.AutoDetectInterface() {
+			return nil, E.New("`route.auto_detect_interface` is require by `network_strategy`")
+		}
+	}
+	if networkManager != nil && options.BindInterface == "" && options.Inet4BindAddress == nil && options.Inet6BindAddress == nil {
+		defaultOptions := networkManager.DefaultOptions()
+		if defaultOptions.BindInterface != "" {
+			bindFunc := control.BindToInterface(networkManager.InterfaceFinder(), defaultOptions.BindInterface, -1)
+			dialer.Control = control.Append(dialer.Control, bindFunc)
+			listener.Control = control.Append(listener.Control, bindFunc)
+		} else if networkManager.AutoDetectInterface() {
+			if defaultOptions.NetworkStrategy != C.NetworkStrategyDefault && C.NetworkStrategy(options.NetworkStrategy) == C.NetworkStrategyDefault {
+				networkStrategy = defaultOptions.NetworkStrategy
+				networkType = defaultOptions.NetworkType
+				fallbackNetworkType = defaultOptions.FallbackNetworkType
+				networkFallbackDelay = defaultOptions.FallbackDelay
+				bindFunc := networkManager.ProtectFunc()
+				dialer.Control = control.Append(dialer.Control, bindFunc)
+				listener.Control = control.Append(listener.Control, bindFunc)
+			} else {
+				bindFunc := networkManager.AutoDetectInterfaceFunc()
+				dialer.Control = control.Append(dialer.Control, bindFunc)
+				listener.Control = control.Append(listener.Control, bindFunc)
+			}
 		}
 	}
 	if options.ReuseAddr {
@@ -130,6 +166,9 @@ func NewDefault(networkManager adapter.NetworkManager, options option.DialerOpti
 			listener.Control = control.Append(listener.Control, controlFn)
 		}
 	}
+	if networkStrategy != C.NetworkStrategyDefault && options.TCPFastOpen {
+		return nil, E.New("`tcp_fast_open` is conflict with `network_strategy` or `route.default_network_strategy`")
+	}
 	tcpDialer4, err := newTCPDialer(dialer4, options.TCPFastOpen)
 	if err != nil {
 		return nil, err
@@ -139,14 +178,19 @@ func NewDefault(networkManager adapter.NetworkManager, options option.DialerOpti
 		return nil, err
 	}
 	return &DefaultDialer{
-		tcpDialer4,
-		tcpDialer6,
-		udpDialer4,
-		udpDialer6,
-		listener,
-		udpAddr4,
-		udpAddr6,
-		options.IsWireGuardListener,
+		dialer4:              tcpDialer4,
+		dialer6:              tcpDialer6,
+		udpDialer4:           udpDialer4,
+		udpDialer6:           udpDialer6,
+		udpListener:          listener,
+		udpAddr4:             udpAddr4,
+		udpAddr6:             udpAddr6,
+		isWireGuardListener:  options.IsWireGuardListener,
+		networkManager:       networkManager,
+		networkStrategy:      networkStrategy,
+		networkType:          networkType,
+		fallbackNetworkType:  fallbackNetworkType,
+		networkFallbackDelay: networkFallbackDelay,
 	}, nil
 }

@@ -154,33 +198,88 @@ func (d *DefaultDialer) DialContext(ctx context.Context, network string, address
 	if !address.IsValid() {
 		return nil, E.New("invalid address")
 	}
-	switch N.NetworkName(network) {
-	case N.NetworkUDP:
-		if !address.IsIPv6() {
-			return trackConn(d.udpDialer4.DialContext(ctx, network, address.String()))
-		} else {
-			return trackConn(d.udpDialer6.DialContext(ctx, network, address.String()))
+	if d.networkStrategy == C.NetworkStrategyDefault {
+		switch N.NetworkName(network) {
+		case N.NetworkUDP:
+			if !address.IsIPv6() {
+				return trackConn(d.udpDialer4.DialContext(ctx, network, address.String()))
+			} else {
+				return trackConn(d.udpDialer6.DialContext(ctx, network, address.String()))
+			}
+		}
+		if !address.IsIPv6() {
+			return trackConn(DialSlowContext(&d.dialer4, ctx, network, address))
+		} else {
+			return trackConn(DialSlowContext(&d.dialer6, ctx, network, address))
 		}
-	}
-	if !address.IsIPv6() {
-		return trackConn(DialSlowContext(&d.dialer4, ctx, network, address))
 	} else {
-		return trackConn(DialSlowContext(&d.dialer6, ctx, network, address))
+		return d.DialParallelInterface(ctx, network, address, d.networkStrategy, d.networkType, d.fallbackNetworkType, d.networkFallbackDelay)
 	}
 }

+func (d *DefaultDialer) DialParallelInterface(ctx context.Context, network string, address M.Socksaddr, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.Conn, error) {
+	if strategy == C.NetworkStrategyDefault {
+		return d.DialContext(ctx, network, address)
+	}
+	if !d.networkManager.AutoDetectInterface() {
+		return nil, E.New("`route.auto_detect_interface` is require by `network_strategy`")
+	}
+	var dialer net.Dialer
+	if N.NetworkName(network) == N.NetworkTCP {
+		dialer = dialerFromTCPDialer(d.dialer4)
+	} else {
+		dialer = d.udpDialer4
+	}
+	fastFallback := time.Now().Sub(d.networkLastFallback.Load()) < C.TCPTimeout
+	var (
+		conn      net.Conn
+		isPrimary bool
+		err       error
+	)
+	if !fastFallback {
+		conn, isPrimary, err = d.dialParallelInterface(ctx, dialer, network, address.String(), strategy, interfaceType, fallbackInterfaceType, fallbackDelay)
+	} else {
+		conn, isPrimary, err = d.dialParallelInterfaceFastFallback(ctx, dialer, network, address.String(), strategy, interfaceType, fallbackInterfaceType, fallbackDelay, d.networkLastFallback.Store)
+	}
+	if err != nil {
+		return nil, err
+	}
+	if !fastFallback && !isPrimary {
+		d.networkLastFallback.Store(time.Now())
+	}
+	return trackConn(conn, nil)
+}
+
 func (d *DefaultDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	if destination.IsIPv6() {
-		return trackPacketConn(d.udpListener.ListenPacket(ctx, N.NetworkUDP, d.udpAddr6))
-	} else if destination.IsIPv4() && !destination.Addr.IsUnspecified() {
-		return trackPacketConn(d.udpListener.ListenPacket(ctx, N.NetworkUDP+"4", d.udpAddr4))
+	if d.networkStrategy == C.NetworkStrategyDefault {
+		if destination.IsIPv6() {
+			return trackPacketConn(d.udpListener.ListenPacket(ctx, N.NetworkUDP, d.udpAddr6))
+		} else if destination.IsIPv4() && !destination.Addr.IsUnspecified() {
+			return trackPacketConn(d.udpListener.ListenPacket(ctx, N.NetworkUDP+"4", d.udpAddr4))
+		} else {
+			return trackPacketConn(d.udpListener.ListenPacket(ctx, N.NetworkUDP, d.udpAddr4))
+		}
 	} else {
-		return trackPacketConn(d.udpListener.ListenPacket(ctx, N.NetworkUDP, d.udpAddr4))
+		return d.ListenSerialInterfacePacket(ctx, destination, d.networkStrategy, d.networkType, d.fallbackNetworkType, d.networkFallbackDelay)
 	}
 }

+func (d *DefaultDialer) ListenSerialInterfacePacket(ctx context.Context, destination M.Socksaddr, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.PacketConn, error) {
+	if strategy == C.NetworkStrategyDefault {
+		return d.ListenPacket(ctx, destination)
+	}
+	if !d.networkManager.AutoDetectInterface() {
+		return nil, E.New("`route.auto_detect_interface` is require by `network_strategy`")
+	}
+	network := N.NetworkUDP
+	if destination.IsIPv4() && !destination.Addr.IsUnspecified() {
+		network += "4"
+	}
+	return trackPacketConn(d.listenSerialInterfacePacket(ctx, d.udpListener, network, "", strategy, interfaceType, fallbackInterfaceType, fallbackDelay))
+}
+
 func (d *DefaultDialer) ListenPacketCompat(network, address string) (net.PacketConn, error) {
-	return trackPacketConn(d.udpListener.ListenPacket(context.Background(), network, address))
+	return trackPacketConn(d.listenSerialInterfacePacket(context.Background(), d.udpListener, network, address, d.networkStrategy, d.networkType, d.fallbackNetworkType, d.networkFallbackDelay))
 }

 func trackConn(conn net.Conn, err error) (net.Conn, error) {
--- a/common/dialer/default_go1.20.go
+++ b/common/dialer/default_go1.20.go
@@ -13,3 +13,7 @@ type tcpDialer = tfo.Dialer
 func newTCPDialer(dialer net.Dialer, tfoEnabled bool) (tcpDialer, error) {
 	return tfo.Dialer{Dialer: dialer, DisableTFO: !tfoEnabled}, nil
 }
+
+func dialerFromTCPDialer(dialer tcpDialer) net.Dialer {
+	return dialer.Dialer
+}
--- a/common/dialer/default_nongo1.20.go
+++ b/common/dialer/default_nongo1.20.go
@@ -16,3 +16,7 @@ func newTCPDialer(dialer net.Dialer, tfoEnabled bool) (tcpDialer, error) {
 	}
 	return dialer, nil
 }
+
+func dialerFromTCPDialer(dialer tcpDialer) net.Dialer {
+	return dialer
+}
--- a/common/dialer/default_parallel_interface.go
+++ b/common/dialer/default_parallel_interface.go
@@ -0,0 +1,223 @@
+package dialer
+
+import (
+	"context"
+	"net"
+	"time"
+
+	"github.com/sagernet/sing-box/adapter"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/control"
+	E "github.com/sagernet/sing/common/exceptions"
+	N "github.com/sagernet/sing/common/network"
+)
+
+func (d *DefaultDialer) dialParallelInterface(ctx context.Context, dialer net.Dialer, network string, addr string, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.Conn, bool, error) {
+	primaryInterfaces, fallbackInterfaces := selectInterfaces(d.networkManager, strategy, interfaceType, fallbackInterfaceType)
+	if len(primaryInterfaces)+len(fallbackInterfaces) == 0 {
+		return nil, false, E.New("no available network interface")
+	}
+	if fallbackDelay == 0 {
+		fallbackDelay = N.DefaultFallbackDelay
+	}
+	returned := make(chan struct{})
+	defer close(returned)
+	type dialResult struct {
+		net.Conn
+		error
+		primary bool
+	}
+	results := make(chan dialResult) // unbuffered
+	startRacer := func(ctx context.Context, primary bool, iif adapter.NetworkInterface) {
+		perNetDialer := dialer
+		perNetDialer.Control = control.Append(perNetDialer.Control, control.BindToInterface(nil, iif.Name, iif.Index))
+		conn, err := perNetDialer.DialContext(ctx, network, addr)
+		if err != nil {
+			select {
+			case results <- dialResult{error: E.Cause(err, "dial ", iif.Name, " (", iif.Name, ")"), primary: primary}:
+			case <-returned:
+			}
+		} else {
+			select {
+			case results <- dialResult{Conn: conn}:
+			case <-returned:
+				conn.Close()
+			}
+		}
+	}
+	primaryCtx, primaryCancel := context.WithCancel(ctx)
+	defer primaryCancel()
+	for _, iif := range primaryInterfaces {
+		go startRacer(primaryCtx, true, iif)
+	}
+	var (
+		fallbackTimer *time.Timer
+		fallbackChan  <-chan time.Time
+	)
+	if len(fallbackInterfaces) > 0 {
+		fallbackTimer = time.NewTimer(fallbackDelay)
+		defer fallbackTimer.Stop()
+		fallbackChan = fallbackTimer.C
+	}
+	var errors []error
+	for {
+		select {
+		case <-fallbackChan:
+			fallbackCtx, fallbackCancel := context.WithCancel(ctx)
+			defer fallbackCancel()
+			for _, iif := range fallbackInterfaces {
+				go startRacer(fallbackCtx, false, iif)
+			}
+		case res := <-results:
+			if res.error == nil {
+				return res.Conn, res.primary, nil
+			}
+			errors = append(errors, res.error)
+			if len(errors) == len(primaryInterfaces)+len(fallbackInterfaces) {
+				return nil, false, E.Errors(errors...)
+			}
+			if res.primary && fallbackTimer != nil && fallbackTimer.Stop() {
+				fallbackTimer.Reset(0)
+			}
+		}
+	}
+}
+
+func (d *DefaultDialer) dialParallelInterfaceFastFallback(ctx context.Context, dialer net.Dialer, network string, addr string, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration, resetFastFallback func(time.Time)) (net.Conn, bool, error) {
+	primaryInterfaces, fallbackInterfaces := selectInterfaces(d.networkManager, strategy, interfaceType, fallbackInterfaceType)
+	if len(primaryInterfaces)+len(fallbackInterfaces) == 0 {
+		return nil, false, E.New("no available network interface")
+	}
+	if fallbackDelay == 0 {
+		fallbackDelay = N.DefaultFallbackDelay
+	}
+	returned := make(chan struct{})
+	defer close(returned)
+	type dialResult struct {
+		net.Conn
+		error
+		primary bool
+	}
+	startAt := time.Now()
+	results := make(chan dialResult) // unbuffered
+	startRacer := func(ctx context.Context, primary bool, iif adapter.NetworkInterface) {
+		perNetDialer := dialer
+		perNetDialer.Control = control.Append(perNetDialer.Control, control.BindToInterface(nil, iif.Name, iif.Index))
+		conn, err := perNetDialer.DialContext(ctx, network, addr)
+		if err != nil {
+			select {
+			case results <- dialResult{error: E.Cause(err, "dial ", iif.Name, " (", iif.Name, ")"), primary: primary}:
+			case <-returned:
+			}
+		} else {
+			select {
+			case results <- dialResult{Conn: conn}:
+			case <-returned:
+				if primary && time.Since(startAt) <= fallbackDelay {
+					resetFastFallback(time.Time{})
+				}
+				conn.Close()
+			}
+		}
+	}
+	for _, iif := range primaryInterfaces {
+		go startRacer(ctx, true, iif)
+	}
+	fallbackCtx, fallbackCancel := context.WithCancel(ctx)
+	defer fallbackCancel()
+	for _, iif := range fallbackInterfaces {
+		go startRacer(fallbackCtx, false, iif)
+	}
+	var errors []error
+	for {
+		select {
+		case res := <-results:
+			if res.error == nil {
+				return res.Conn, res.primary, nil
+			}
+			errors = append(errors, res.error)
+			if len(errors) == len(primaryInterfaces)+len(fallbackInterfaces) {
+				return nil, false, E.Errors(errors...)
+			}
+		}
+	}
+}
+
+func (d *DefaultDialer) listenSerialInterfacePacket(ctx context.Context, listener net.ListenConfig, network string, addr string, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.PacketConn, error) {
+	primaryInterfaces, fallbackInterfaces := selectInterfaces(d.networkManager, strategy, interfaceType, fallbackInterfaceType)
+	if len(primaryInterfaces)+len(fallbackInterfaces) == 0 {
+		return nil, E.New("no available network interface")
+	}
+	if fallbackDelay == 0 {
+		fallbackDelay = N.DefaultFallbackDelay
+	}
+	var errors []error
+	for _, primaryInterface := range primaryInterfaces {
+		perNetListener := listener
+		perNetListener.Control = control.Append(perNetListener.Control, control.BindToInterface(nil, primaryInterface.Name, primaryInterface.Index))
+		conn, err := perNetListener.ListenPacket(ctx, network, addr)
+		if err == nil {
+			return conn, nil
+		}
+		errors = append(errors, E.Cause(err, "listen ", primaryInterface.Name, " (", primaryInterface.Name, ")"))
+	}
+	for _, fallbackInterface := range fallbackInterfaces {
+		perNetListener := listener
+		perNetListener.Control = control.Append(perNetListener.Control, control.BindToInterface(nil, fallbackInterface.Name, fallbackInterface.Index))
+		conn, err := perNetListener.ListenPacket(ctx, network, addr)
+		if err == nil {
+			return conn, nil
+		}
+		errors = append(errors, E.Cause(err, "listen ", fallbackInterface.Name, " (", fallbackInterface.Name, ")"))
+	}
+	return nil, E.Errors(errors...)
+}
+
+func selectInterfaces(networkManager adapter.NetworkManager, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType) (primaryInterfaces []adapter.NetworkInterface, fallbackInterfaces []adapter.NetworkInterface) {
+	interfaces := networkManager.NetworkInterfaces()
+	switch strategy {
+	case C.NetworkStrategyDefault:
+		if len(interfaceType) == 0 {
+			defaultIf := networkManager.InterfaceMonitor().DefaultInterface()
+			for _, iif := range interfaces {
+				if iif.Index == defaultIf.Index {
+					primaryInterfaces = append(primaryInterfaces, iif)
+				} else {
+					fallbackInterfaces = append(fallbackInterfaces, iif)
+				}
+			}
+		} else {
+			primaryInterfaces = common.Filter(interfaces, func(iif adapter.NetworkInterface) bool {
+				return common.Contains(interfaceType, iif.Type)
+			})
+		}
+	case C.NetworkStrategyHybrid:
+		if len(interfaceType) == 0 {
+			primaryInterfaces = interfaces
+		} else {
+			primaryInterfaces = common.Filter(interfaces, func(iif adapter.NetworkInterface) bool {
+				return common.Contains(interfaceType, iif.Type)
+			})
+		}
+	case C.NetworkStrategyFallback:
+		if len(interfaceType) == 0 {
+			defaultIf := networkManager.InterfaceMonitor().DefaultInterface()
+			for _, iif := range interfaces {
+				if iif.Index == defaultIf.Index {
+					primaryInterfaces = append(primaryInterfaces, iif)
+				} else {
+					fallbackInterfaces = append(fallbackInterfaces, iif)
+				}
+			}
+		} else {
+			primaryInterfaces = common.Filter(interfaces, func(iif adapter.NetworkInterface) bool {
+				return common.Contains(interfaceType, iif.Type)
+			})
+		}
+		fallbackInterfaces = common.Filter(interfaces, func(iif adapter.NetworkInterface) bool {
+			return common.Contains(fallbackInterfaceType, iif.Type)
+		})
+	}
+	return primaryInterfaces, fallbackInterfaces
+}
--- a/common/dialer/default_parallel_network.go
+++ b/common/dialer/default_parallel_network.go
@@ -0,0 +1,142 @@
+package dialer
+
+import (
+	"context"
+	"net"
+	"net/netip"
+	"time"
+
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing/common"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+func DialSerialNetwork(ctx context.Context, dialer N.Dialer, network string, destination M.Socksaddr, destinationAddresses []netip.Addr, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.Conn, error) {
+	if parallelDialer, isParallel := dialer.(ParallelNetworkDialer); isParallel {
+		return parallelDialer.DialParallelNetwork(ctx, network, destination, destinationAddresses, strategy, interfaceType, fallbackInterfaceType, fallbackDelay)
+	}
+	var errors []error
+	if parallelDialer, isParallel := dialer.(ParallelInterfaceDialer); isParallel {
+		for _, address := range destinationAddresses {
+			conn, err := parallelDialer.DialParallelInterface(ctx, network, M.SocksaddrFrom(address, destination.Port), strategy, interfaceType, fallbackInterfaceType, fallbackDelay)
+			if err == nil {
+				return conn, nil
+			}
+			errors = append(errors, err)
+		}
+	} else {
+		for _, address := range destinationAddresses {
+			conn, err := dialer.DialContext(ctx, network, M.SocksaddrFrom(address, destination.Port))
+			if err == nil {
+				return conn, nil
+			}
+			errors = append(errors, err)
+		}
+	}
+	return nil, E.Errors(errors...)
+}
+
+func DialParallelNetwork(ctx context.Context, dialer ParallelInterfaceDialer, network string, destination M.Socksaddr, destinationAddresses []netip.Addr, preferIPv6 bool, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.Conn, error) {
+	if fallbackDelay == 0 {
+		fallbackDelay = N.DefaultFallbackDelay
+	}
+
+	returned := make(chan struct{})
+	defer close(returned)
+
+	addresses4 := common.Filter(destinationAddresses, func(address netip.Addr) bool {
+		return address.Is4() || address.Is4In6()
+	})
+	addresses6 := common.Filter(destinationAddresses, func(address netip.Addr) bool {
+		return address.Is6() && !address.Is4In6()
+	})
+	if len(addresses4) == 0 || len(addresses6) == 0 {
+		return DialSerialNetwork(ctx, dialer, network, destination, destinationAddresses, strategy, interfaceType, fallbackInterfaceType, fallbackDelay)
+	}
+	var primaries, fallbacks []netip.Addr
+	if preferIPv6 {
+		primaries = addresses6
+		fallbacks = addresses4
+	} else {
+		primaries = addresses4
+		fallbacks = addresses6
+	}
+	type dialResult struct {
+		net.Conn
+		error
+		primary bool
+		done    bool
+	}
+	results := make(chan dialResult) // unbuffered
+	startRacer := func(ctx context.Context, primary bool) {
+		ras := primaries
+		if !primary {
+			ras = fallbacks
+		}
+		c, err := DialSerialNetwork(ctx, dialer, network, destination, ras, strategy, interfaceType, fallbackInterfaceType, fallbackDelay)
+		select {
+		case results <- dialResult{Conn: c, error: err, primary: primary, done: true}:
+		case <-returned:
+			if c != nil {
+				c.Close()
+			}
+		}
+	}
+	var primary, fallback dialResult
+	primaryCtx, primaryCancel := context.WithCancel(ctx)
+	defer primaryCancel()
+	go startRacer(primaryCtx, true)
+	fallbackTimer := time.NewTimer(fallbackDelay)
+	defer fallbackTimer.Stop()
+	for {
+		select {
+		case <-fallbackTimer.C:
+			fallbackCtx, fallbackCancel := context.WithCancel(ctx)
+			defer fallbackCancel()
+			go startRacer(fallbackCtx, false)
+
+		case res := <-results:
+			if res.error == nil {
+				return res.Conn, nil
+			}
+			if res.primary {
+				primary = res
+			} else {
+				fallback = res
+			}
+			if primary.done && fallback.done {
+				return nil, primary.error
+			}
+			if res.primary && fallbackTimer.Stop() {
+				fallbackTimer.Reset(0)
+			}
+		}
+	}
+}
+
+func ListenSerialNetworkPacket(ctx context.Context, dialer N.Dialer, destination M.Socksaddr, destinationAddresses []netip.Addr, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.PacketConn, netip.Addr, error) {
+	if parallelDialer, isParallel := dialer.(ParallelNetworkDialer); isParallel {
+		return parallelDialer.ListenSerialNetworkPacket(ctx, destination, destinationAddresses, strategy, interfaceType, fallbackInterfaceType, fallbackDelay)
+	}
+	var errors []error
+	if parallelDialer, isParallel := dialer.(ParallelInterfaceDialer); isParallel {
+		for _, address := range destinationAddresses {
+			conn, err := parallelDialer.ListenSerialInterfacePacket(ctx, M.SocksaddrFrom(address, destination.Port), strategy, interfaceType, fallbackInterfaceType, fallbackDelay)
+			if err == nil {
+				return conn, address, nil
+			}
+			errors = append(errors, err)
+		}
+	} else {
+		for _, address := range destinationAddresses {
+			conn, err := dialer.ListenPacket(ctx, M.SocksaddrFrom(address, destination.Port))
+			if err == nil {
+				return conn, address, nil
+			}
+			errors = append(errors, err)
+		}
+	}
+	return nil, netip.Addr{}, E.Errors(errors...)
+}
--- a/common/dialer/dialer.go
+++ b/common/dialer/dialer.go
@@ -2,12 +2,16 @@ package dialer

 import (
 	"context"
+	"net"
+	"net/netip"
 	"time"

 	"github.com/sagernet/sing-box/adapter"
+	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-dns"
 	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 	"github.com/sagernet/sing/service"
 )
@@ -49,3 +53,35 @@ func New(ctx context.Context, options option.DialerOptions) (N.Dialer, error) {
 	}
 	return dialer, nil
 }
+
+func NewDirect(ctx context.Context, options option.DialerOptions) (ParallelInterfaceDialer, error) {
+	if options.Detour != "" {
+		return nil, E.New("`detour` is not supported in direct context")
+	}
+	networkManager := service.FromContext[adapter.NetworkManager](ctx)
+	if options.IsWireGuardListener {
+		return NewDefault(networkManager, options)
+	}
+	dialer, err := NewDefault(networkManager, options)
+	if err != nil {
+		return nil, err
+	}
+	return NewResolveParallelInterfaceDialer(
+		service.FromContext[adapter.Router](ctx),
+		dialer,
+		true,
+		dns.DomainStrategy(options.DomainStrategy),
+		time.Duration(options.FallbackDelay),
+	), nil
+}
+
+type ParallelInterfaceDialer interface {
+	N.Dialer
+	DialParallelInterface(ctx context.Context, network string, destination M.Socksaddr, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.Conn, error)
+	ListenSerialInterfacePacket(ctx context.Context, destination M.Socksaddr, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.PacketConn, error)
+}
+
+type ParallelNetworkDialer interface {
+	DialParallelNetwork(ctx context.Context, network string, destination M.Socksaddr, destinationAddresses []netip.Addr, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.Conn, error)
+	ListenSerialNetworkPacket(ctx context.Context, destination M.Socksaddr, destinationAddresses []netip.Addr, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.PacketConn, netip.Addr, error)
+}
--- a/common/dialer/resolve.go
+++ b/common/dialer/resolve.go
@@ -7,6 +7,7 @@ import (
 	"time"

 	"github.com/sagernet/sing-box/adapter"
+	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-dns"
 	"github.com/sagernet/sing/common/bufio"
@@ -14,7 +15,12 @@ import (
 	N "github.com/sagernet/sing/common/network"
 )

-type ResolveDialer struct {
+var (
+	_ N.Dialer                = (*resolveDialer)(nil)
+	_ ParallelInterfaceDialer = (*resolveParallelNetworkDialer)(nil)
+)
+
+type resolveDialer struct {
 	dialer        N.Dialer
 	parallel      bool
 	router        adapter.Router
@@ -22,8 +28,8 @@ type ResolveDialer struct {
 	fallbackDelay time.Duration
 }

-func NewResolveDialer(router adapter.Router, dialer N.Dialer, parallel bool, strategy dns.DomainStrategy, fallbackDelay time.Duration) *ResolveDialer {
-	return &ResolveDialer{
+func NewResolveDialer(router adapter.Router, dialer N.Dialer, parallel bool, strategy dns.DomainStrategy, fallbackDelay time.Duration) N.Dialer {
+	return &resolveDialer{
 		dialer,
 		parallel,
 		router,
@@ -32,7 +38,25 @@ func NewResolveDialer(router adapter.Router, dialer N.Dialer, parallel bool, str
 	}
 }

-func (d *ResolveDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+type resolveParallelNetworkDialer struct {
+	resolveDialer
+	dialer ParallelInterfaceDialer
+}
+
+func NewResolveParallelInterfaceDialer(router adapter.Router, dialer ParallelInterfaceDialer, parallel bool, strategy dns.DomainStrategy, fallbackDelay time.Duration) ParallelInterfaceDialer {
+	return &resolveParallelNetworkDialer{
+		resolveDialer{
+			dialer,
+			parallel,
+			router,
+			strategy,
+			fallbackDelay,
+		},
+		dialer,
+	}
+}
+
+func (d *resolveDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
 	if !destination.IsFqdn() {
 		return d.dialer.DialContext(ctx, network, destination)
 	}
@@ -57,7 +81,7 @@ func (d *ResolveDialer) DialContext(ctx context.Context, network string, destina
 	}
 }

-func (d *ResolveDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+func (d *resolveDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
 	if !destination.IsFqdn() {
 		return d.dialer.ListenPacket(ctx, destination)
 	}
@@ -82,6 +106,59 @@ func (d *ResolveDialer) ListenPacket(ctx context.Context, destination M.Socksadd
 	return bufio.NewNATPacketConn(bufio.NewPacketConn(conn), M.SocksaddrFrom(destinationAddress, destination.Port), destination), nil
 }

-func (d *ResolveDialer) Upstream() any {
+func (d *resolveParallelNetworkDialer) DialParallelInterface(ctx context.Context, network string, destination M.Socksaddr, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.Conn, error) {
+	if !destination.IsFqdn() {
+		return d.dialer.DialContext(ctx, network, destination)
+	}
+	ctx, metadata := adapter.ExtendContext(ctx)
+	ctx = log.ContextWithOverrideLevel(ctx, log.LevelDebug)
+	metadata.Destination = destination
+	metadata.Domain = ""
+	var addresses []netip.Addr
+	var err error
+	if d.strategy == dns.DomainStrategyAsIS {
+		addresses, err = d.router.LookupDefault(ctx, destination.Fqdn)
+	} else {
+		addresses, err = d.router.Lookup(ctx, destination.Fqdn, d.strategy)
+	}
+	if err != nil {
+		return nil, err
+	}
+	if fallbackDelay == 0 {
+		fallbackDelay = d.fallbackDelay
+	}
+	if d.parallel {
+		return DialParallelNetwork(ctx, d.dialer, network, destination, addresses, d.strategy == dns.DomainStrategyPreferIPv6, strategy, interfaceType, fallbackInterfaceType, fallbackDelay)
+	} else {
+		return DialSerialNetwork(ctx, d.dialer, network, destination, addresses, strategy, interfaceType, fallbackInterfaceType, fallbackDelay)
+	}
+}
+
+func (d *resolveParallelNetworkDialer) ListenSerialInterfacePacket(ctx context.Context, destination M.Socksaddr, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.PacketConn, error) {
+	if !destination.IsFqdn() {
+		return d.dialer.ListenPacket(ctx, destination)
+	}
+	ctx, metadata := adapter.ExtendContext(ctx)
+	ctx = log.ContextWithOverrideLevel(ctx, log.LevelDebug)
+	metadata.Destination = destination
+	metadata.Domain = ""
+	var addresses []netip.Addr
+	var err error
+	if d.strategy == dns.DomainStrategyAsIS {
+		addresses, err = d.router.LookupDefault(ctx, destination.Fqdn)
+	} else {
+		addresses, err = d.router.Lookup(ctx, destination.Fqdn, d.strategy)
+	}
+	if err != nil {
+		return nil, err
+	}
+	conn, destinationAddress, err := ListenSerialNetworkPacket(ctx, d.dialer, destination, addresses, strategy, interfaceType, fallbackInterfaceType, fallbackDelay)
+	if err != nil {
+		return nil, err
+	}
+	return bufio.NewNATPacketConn(bufio.NewPacketConn(conn), M.SocksaddrFrom(destinationAddress, destination.Port), destination), nil
+}
+
+func (d *resolveDialer) Upstream() any {
 	return d.dialer
 }
--- a/common/settings/proxy_darwin.go
+++ b/common/settings/proxy_darwin.go
@@ -2,12 +2,12 @@ package settings

 import (
 	"context"
-	"net/netip"
 	"strconv"
 	"strings"

 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-tun"
+	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/shell"
@@ -34,7 +34,7 @@ func NewSystemProxy(ctx context.Context, serverAddr M.Socksaddr, supportSOCKS bo
 		serverAddr:   serverAddr,
 		supportSOCKS: supportSOCKS,
 	}
-	proxy.element = interfaceMonitor.RegisterCallback(proxy.update)
+	proxy.element = interfaceMonitor.RegisterCallback(proxy.routeUpdate)
 	return proxy, nil
 }

@@ -66,25 +66,22 @@ func (p *DarwinSystemProxy) Disable() error {
 	return err
 }

-func (p *DarwinSystemProxy) update(event int) {
-	if event&tun.EventInterfaceUpdate == 0 {
-		return
-	}
-	if !p.isEnabled {
+func (p *DarwinSystemProxy) routeUpdate(defaultInterface *control.Interface, flags int) {
+	if !p.isEnabled || defaultInterface == nil {
 		return
 	}
 	_ = p.update0()
 }

 func (p *DarwinSystemProxy) update0() error {
-	newInterfaceName := p.monitor.DefaultInterfaceName(netip.IPv4Unspecified())
-	if p.interfaceName == newInterfaceName {
+	newInterface := p.monitor.DefaultInterface()
+	if p.interfaceName == newInterface.Name {
 		return nil
 	}
 	if p.interfaceName != "" {
 		_ = p.Disable()
 	}
-	p.interfaceName = newInterfaceName
+	p.interfaceName = newInterface.Name
 	interfaceDisplayName, err := getInterfaceDisplayName(p.interfaceName)
 	if err != nil {
 		return err
--- a/common/srs/binary.go
+++ b/common/srs/binary.go
@@ -38,10 +38,13 @@ const (
 	ruleItemWIFIBSSID
 	ruleItemAdGuardDomain
 	ruleItemProcessPathRegex
+	ruleItemNetworkType
+	ruleItemNetworkIsExpensive
+	ruleItemNetworkIsConstrained
 	ruleItemFinal uint8 = 0xFF
 )

-func Read(reader io.Reader, recover bool) (ruleSet option.PlainRuleSet, err error) {
+func Read(reader io.Reader, recover bool) (ruleSetCompat option.PlainRuleSetCompat, err error) {
 	var magicBytes [3]byte
 	_, err = io.ReadFull(reader, magicBytes[:])
 	if err != nil {
@@ -54,10 +57,10 @@ func Read(reader io.Reader, recover bool) (ruleSet option.PlainRuleSet, err erro
 	var version uint8
 	err = binary.Read(reader, binary.BigEndian, &version)
 	if err != nil {
-		return ruleSet, err
+		return ruleSetCompat, err
 	}
-	if version > C.RuleSetVersion2 {
-		return ruleSet, E.New("unsupported version: ", version)
+	if version > C.RuleSetVersionCurrent {
+		return ruleSetCompat, E.New("unsupported version: ", version)
 	}
 	compressReader, err := zlib.NewReader(reader)
 	if err != nil {
@@ -68,9 +71,10 @@ func Read(reader io.Reader, recover bool) (ruleSet option.PlainRuleSet, err erro
 	if err != nil {
 		return
 	}
-	ruleSet.Rules = make([]option.HeadlessRule, length)
+	ruleSetCompat.Version = version
+	ruleSetCompat.Options.Rules = make([]option.HeadlessRule, length)
 	for i := uint64(0); i < length; i++ {
-		ruleSet.Rules[i], err = readRule(bReader, recover)
+		ruleSetCompat.Options.Rules[i], err = readRule(bReader, recover)
 		if err != nil {
 			err = E.Cause(err, "read rule[", i, "]")
 			return
@@ -79,18 +83,12 @@ func Read(reader io.Reader, recover bool) (ruleSet option.PlainRuleSet, err erro
 	return
 }

-func Write(writer io.Writer, ruleSet option.PlainRuleSet, generateUnstable bool) error {
+func Write(writer io.Writer, ruleSet option.PlainRuleSet, generateVersion uint8) error {
 	_, err := writer.Write(MagicBytes[:])
 	if err != nil {
 		return err
 	}
-	var version uint8
-	if generateUnstable {
-		version = C.RuleSetVersion2
-	} else {
-		version = C.RuleSetVersion1
-	}
-	err = binary.Write(writer, binary.BigEndian, version)
+	err = binary.Write(writer, binary.BigEndian, generateVersion)
 	if err != nil {
 		return err
 	}
@@ -104,7 +102,7 @@ func Write(writer io.Writer, ruleSet option.PlainRuleSet, generateUnstable bool)
 		return err
 	}
 	for _, rule := range ruleSet.Rules {
-		err = writeRule(bWriter, rule, generateUnstable)
+		err = writeRule(bWriter, rule, generateVersion)
 		if err != nil {
 			return err
 		}
@@ -135,12 +133,12 @@ func readRule(reader varbin.Reader, recover bool) (rule option.HeadlessRule, err
 	return
 }

-func writeRule(writer varbin.Writer, rule option.HeadlessRule, generateUnstable bool) error {
+func writeRule(writer varbin.Writer, rule option.HeadlessRule, generateVersion uint8) error {
 	switch rule.Type {
 	case C.RuleTypeDefault:
-		return writeDefaultRule(writer, rule.DefaultOptions, generateUnstable)
+		return writeDefaultRule(writer, rule.DefaultOptions, generateVersion)
 	case C.RuleTypeLogical:
-		return writeLogicalRule(writer, rule.LogicalOptions, generateUnstable)
+		return writeLogicalRule(writer, rule.LogicalOptions, generateVersion)
 	default:
 		panic("unknown rule type: " + rule.Type)
 	}
@@ -227,6 +225,12 @@ func readDefaultRule(reader varbin.Reader, recover bool) (rule option.DefaultHea
 				return
 			}
 			rule.AdGuardDomainMatcher = matcher
+		case ruleItemNetworkType:
+			rule.NetworkType, err = readRuleItemUint8[option.InterfaceType](reader)
+		case ruleItemNetworkIsExpensive:
+			rule.NetworkIsExpensive = true
+		case ruleItemNetworkIsConstrained:
+			rule.NetworkIsConstrained = true
 		case ruleItemFinal:
 			err = binary.Read(reader, binary.BigEndian, &rule.Invert)
 			return
@@ -240,7 +244,7 @@ func readDefaultRule(reader varbin.Reader, recover bool) (rule option.DefaultHea
 	}
 }

-func writeDefaultRule(writer varbin.Writer, rule option.DefaultHeadlessRule, generateUnstable bool) error {
+func writeDefaultRule(writer varbin.Writer, rule option.DefaultHeadlessRule, generateVersion uint8) error {
 	err := binary.Write(writer, binary.BigEndian, uint8(0))
 	if err != nil {
 		return err
@@ -264,7 +268,7 @@ func writeDefaultRule(writer varbin.Writer, rule option.DefaultHeadlessRule, gen
 		if err != nil {
 			return err
 		}
-		err = domain.NewMatcher(rule.Domain, rule.DomainSuffix, !generateUnstable).Write(writer)
+		err = domain.NewMatcher(rule.Domain, rule.DomainSuffix, generateVersion == C.RuleSetVersion1).Write(writer)
 		if err != nil {
 			return err
 		}
@@ -341,6 +345,27 @@ func writeDefaultRule(writer varbin.Writer, rule option.DefaultHeadlessRule, gen
 			return err
 		}
 	}
+	if len(rule.NetworkType) > 0 {
+		if generateVersion < C.RuleSetVersion3 {
+			return E.New("network_type rule item is only supported in version 3 or later")
+		}
+		err = writeRuleItemUint8(writer, ruleItemNetworkType, rule.NetworkType)
+		if err != nil {
+			return err
+		}
+	}
+	if rule.NetworkIsExpensive {
+		err = binary.Write(writer, binary.BigEndian, ruleItemNetworkIsExpensive)
+		if err != nil {
+			return err
+		}
+	}
+	if rule.NetworkIsConstrained {
+		err = binary.Write(writer, binary.BigEndian, ruleItemNetworkIsConstrained)
+		if err != nil {
+			return err
+		}
+	}
 	if len(rule.WIFISSID) > 0 {
 		err = writeRuleItemString(writer, ruleItemWIFISSID, rule.WIFISSID)
 		if err != nil {
@@ -354,6 +379,9 @@ func writeDefaultRule(writer varbin.Writer, rule option.DefaultHeadlessRule, gen
 		}
 	}
 	if len(rule.AdGuardDomain) > 0 {
+		if generateVersion < C.RuleSetVersion2 {
+			return E.New("AdGuard rule items is only supported in version 2 or later")
+		}
 		err = binary.Write(writer, binary.BigEndian, ruleItemAdGuardDomain)
 		if err != nil {
 			return err
@@ -386,6 +414,18 @@ func writeRuleItemString(writer varbin.Writer, itemType uint8, value []string) e
 	return varbin.Write(writer, binary.BigEndian, value)
 }

+func readRuleItemUint8[E ~uint8](reader varbin.Reader) ([]E, error) {
+	return varbin.ReadValue[[]E](reader, binary.BigEndian)
+}
+
+func writeRuleItemUint8[E ~uint8](writer varbin.Writer, itemType uint8, value []E) error {
+	err := writer.WriteByte(itemType)
+	if err != nil {
+		return err
+	}
+	return varbin.Write(writer, binary.BigEndian, value)
+}
+
 func readRuleItemUint16(reader varbin.Reader) ([]uint16, error) {
 	return varbin.ReadValue[[]uint16](reader, binary.BigEndian)
 }
@@ -457,7 +497,7 @@ func readLogicalRule(reader varbin.Reader, recovery bool) (logicalRule option.Lo
 	return
 }

-func writeLogicalRule(writer varbin.Writer, logicalRule option.LogicalHeadlessRule, generateUnstable bool) error {
+func writeLogicalRule(writer varbin.Writer, logicalRule option.LogicalHeadlessRule, generateVersion uint8) error {
 	err := binary.Write(writer, binary.BigEndian, uint8(1))
 	if err != nil {
 		return err
@@ -478,7 +518,7 @@ func writeLogicalRule(writer varbin.Writer, logicalRule option.LogicalHeadlessRu
 		return err
 	}
 	for _, rule := range logicalRule.Rules {
-		err = writeRule(writer, rule, generateUnstable)
+		err = writeRule(writer, rule, generateVersion)
 		if err != nil {
 			return err
 		}
--- a/constant/network.go
+++ b/constant/network.go
@@ -0,0 +1,58 @@
+package constant
+
+import (
+	"github.com/sagernet/sing/common"
+	F "github.com/sagernet/sing/common/format"
+)
+
+type InterfaceType uint8
+
+const (
+	InterfaceTypeWIFI InterfaceType = iota
+	InterfaceTypeCellular
+	InterfaceTypeEthernet
+	InterfaceTypeOther
+)
+
+var (
+	interfaceTypeToString = map[InterfaceType]string{
+		InterfaceTypeWIFI:     "wifi",
+		InterfaceTypeCellular: "cellular",
+		InterfaceTypeEthernet: "ethernet",
+		InterfaceTypeOther:    "other",
+	}
+	StringToInterfaceType = common.ReverseMap(interfaceTypeToString)
+)
+
+func (t InterfaceType) String() string {
+	name, loaded := interfaceTypeToString[t]
+	if !loaded {
+		return F.ToString(int(t))
+	}
+	return name
+}
+
+type NetworkStrategy uint8
+
+const (
+	NetworkStrategyDefault NetworkStrategy = iota
+	NetworkStrategyFallback
+	NetworkStrategyHybrid
+)
+
+var (
+	networkStrategyToString = map[NetworkStrategy]string{
+		NetworkStrategyDefault:  "default",
+		NetworkStrategyFallback: "fallback",
+		NetworkStrategyHybrid:   "hybrid",
+	}
+	StringToNetworkStrategy = common.ReverseMap(networkStrategyToString)
+)
+
+func (s NetworkStrategy) String() string {
+	name, loaded := networkStrategyToString[s]
+	if !loaded {
+		return F.ToString(int(s))
+	}
+	return name
+}
--- a/constant/os.go
+++ b/constant/os.go
@@ -6,7 +6,7 @@ import (

 const IsAndroid = goos.IsAndroid == 1

-const IsDarwin = goos.IsDarwin == 1
+const IsDarwin = goos.IsDarwin == 1 || goos.IsIos == 1

 const IsDragonfly = goos.IsDragonfly == 1

--- a/constant/rule.go
+++ b/constant/rule.go
@@ -21,6 +21,8 @@ const (
 const (
 	RuleSetVersion1 = 1 + iota
 	RuleSetVersion2
+	RuleSetVersion3
+	RuleSetVersionCurrent = RuleSetVersion3
 )

 const (
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -2,10 +2,77 @@
 icon: material/alert-decagram
 ---

-#### 1.11.0-alpha.11
+#### 1.11.0-alpha.16
+
+* Add `cache_capacity` DNS option **1**
+* Add `override_address` and `override_port` route options **2**
+* Fixes and improvements
+
+**1**:
+
+See [DNS](/configuration/dns/#cache_capacity).
+
+**2**:
+
+See [Rule Action](/configuration/route/#override_address) and
+[Migrate destination override fields to route options](/migration/#migrate-destination-override-fields-to-route-options).
+
+#### 1.11.0-alpha.15
+
+* Improve multi network dialing **1**
+* Fixes and improvements
+
+**1**:
+
+New options allow you to configure the network strategy flexibly.
+
+See [Dial Fields](/configuration/shared/dial/#network_strategy),
+[Rule Action](/configuration/route/rule_action/#network_strategy)
+and [Route](/configuration/route/#default_network_strategy).
+
+#### 1.11.0-alpha.14
+
+* Add multi network dialing **1**
+* Fixes and improvements
+
+**1**:
+
+Similar to Surge's strategy.
+
+New options allow you to connect using multiple network interfaces,
+prefer or only use one type of interface,
+and configure a timeout to fallback to other interfaces.
+
+See [Dial Fields](/configuration/shared/dial/#network_strategy),
+[Rule Action](/configuration/route/rule_action/#network_strategy)
+and [Route](/configuration/route/#default_network_strategy).
+
+#### 1.11.0-alpha.13

 * Fixes and improvements

+#### 1.11.0-alpha.12
+
+* Merge route options to route actions **1**
+* Add `network_type`, `network_is_expensive` and `network_is_constrainted` rule items **2**
+* Fixes and improvements
+
+**1**:
+
+Route options in DNS route actions will no longer be considered deprecated,
+see [DNS Route Action](/configuration/dns/rule_action/).
+
+Also, now `udp_disable_domain_unmapping` and `udp_connect` can also be configured in route action,
+see [Route Action](/configuration/route/rule_action/).
+
+**2**:
+
+When using in graphical clients, new routing rule items allow you to match on
+network type (WIFI, cellular, etc.), whether the network is expensive, and whether Low Data Mode is enabled.
+
+See [Route Rule](/configuration/route/rule/), [DNS Route Rule](/configuration/dns/rule/)
+and [Headless Rule](/configuration/rule-set/headless-rule/).
+
 #### 1.11.0-alpha.9

 * Improve tun compatibility **1**
@@ -32,7 +99,7 @@ See [Rule](/configuration/route/rule/),
 [DNS Rule Action](/configuration/dns/rule_action/).

 For migration, see
-[Migrate legacy special outbounds to rule actions](/migration/#migrate-legacy-special-outbounds-to-rule-actions), 
+[Migrate legacy special outbounds to rule actions](/migration/#migrate-legacy-special-outbounds-to-rule-actions),
 [Migrate legacy inbound fields to rule actions](/migration/#migrate-legacy-inbound-fields-to-rule-actions)
 and [Migrate legacy DNS route options to rule actions](/migration/#migrate-legacy-dns-route-options-to-rule-actions).

@@ -40,7 +107,7 @@ and [Migrate legacy DNS route options to rule actions](/migration/#migrate-legac

 Similar to Surge's pre-matching.

-Specifically, the new rule actions allow you to reject connections with
+Specifically, new rule actions allow you to reject connections with
 TCP RST (for TCP connections) and ICMP port unreachable (for UDP packets)
 before connection established to improve tun's compatibility.

@@ -137,7 +204,7 @@ allows you to write headless rules directly without creating a rule-set file.

 **8**:

-With the new access control options, not only can you allow Clash dashboards
+With new access control options, not only can you allow Clash dashboards
 to access the Clash API on your local network,
 you can also manually limit the websites that can access the API instead of allowing everyone.

--- a/docs/configuration/dns/fakeip.md
+++ b/docs/configuration/dns/fakeip.md
@@ -1,5 +1,3 @@
-# FakeIP
-
 ### Structure

 ```json
--- a/docs/configuration/dns/fakeip.zh.md
+++ b/docs/configuration/dns/fakeip.zh.md
@@ -1,5 +1,3 @@
-# FakeIP
-
 ### 结构

 ```json
--- a/docs/configuration/dns/index.md
+++ b/docs/configuration/dns/index.md
@@ -1,6 +1,10 @@
-!!! quote "Changes in sing-box 1.9.0"
+---
+icon: material/new-box
+---

-    :material-plus: [client_subnet](#client_subnet)
+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-plus: [cache_capacity](#cache_capacity)

 # DNS

@@ -16,6 +20,7 @@
    "disable_cache": false,
    "disable_expire": false,
    "independent_cache": false,
+    "cache_capacity": 0,
    "reverse_mapping": false,
    "client_subnet": "",
    "fakeip": {}
@@ -58,6 +63,14 @@ Disable dns cache expire.

 Make each DNS server's cache independent for special purposes. If enabled, will slightly degrade performance.

+#### cache_capacity
+
+!!! question "Since sing-box 1.11.0"
+
+LRU cache capacity.
+
+Value less than 1024 will be ignored.
+
 #### reverse_mapping

 Stores a reverse mapping of IP addresses after responding to a DNS query in order to provide domain names when routing.
--- a/docs/configuration/dns/index.zh.md
+++ b/docs/configuration/dns/index.zh.md
@@ -1,6 +1,10 @@
-!!! quote "sing-box 1.9.0 中的更改"
+---
+icon: material/new-box
+---

-    :material-plus: [client_subnet](#client_subnet)
+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-plus: [cache_capacity](#cache_capacity)

 # DNS

@@ -16,6 +20,7 @@
    "disable_cache": false,
    "disable_expire": false,
    "independent_cache": false,
+    "cache_capacity": 0,
    "reverse_mapping": false,
    "client_subnet": "",
    "fakeip": {}
@@ -57,6 +62,14 @@

 使每个 DNS 服务器的缓存独立，以满足特殊目的。如果启用，将轻微降低性能。

+#### cache_capacity
+
+!!! question "自 sing-box 1.11.0 起"
+
+LRU 缓存容量。
+
+小于 1024 的值将被忽略。
+
 #### reverse_mapping

 在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。
--- a/docs/configuration/dns/rule.md
+++ b/docs/configuration/dns/rule.md
@@ -8,7 +8,10 @@ icon: material/new-box
    :material-alert: [server](#server)  
    :material-alert: [disable_cache](#disable_cache)  
    :material-alert: [rewrite_ttl](#rewrite_ttl)  
-    :material-alert: [client_subnet](#client_subnet)
+    :material-alert: [client_subnet](#client_subnet)  
+    :material-plus: [network_type](#network_type)  
+    :material-plus: [network_is_expensive](#network_is_expensive)  
+    :material-plus: [network_is_constrained](#network_is_constrained)

 !!! quote "Changes in sing-box 1.10.0"

@@ -125,6 +128,11 @@ icon: material/new-box
          1000
        ],
        "clash_mode": "direct",
+        "network_type": [
+          "wifi"
+        ],
+        "network_is_expensive": false,
+        "network_is_constrained": false,
        "wifi_ssid": [
          "My WIFI"
        ],
@@ -310,6 +318,39 @@ Match user id.

 Match Clash mode.

+#### network_type
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Android and Apple platforms.
+
+Match network type.
+
+Available values: `wifi`, `cellular`, `ethernet` and `other`.
+
+#### network_is_expensive
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Android and Apple platforms.
+
+Match if network is considered Metered (on Android) or considered expensive,
+such as Cellular or a Personal Hotspot (on Apple platforms).
+
+#### network_is_constrained
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Apple platforms.
+
+Match if network is in Low Data Mode.
+
 #### wifi_ssid

 !!! quote ""
--- a/docs/configuration/dns/rule.zh.md
+++ b/docs/configuration/dns/rule.zh.md
@@ -2,6 +2,17 @@
 icon: material/new-box
 ---

+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-plus: [action](#action)  
+    :material-alert: [server](#server)  
+    :material-alert: [disable_cache](#disable_cache)  
+    :material-alert: [rewrite_ttl](#rewrite_ttl)  
+    :material-alert: [client_subnet](#client_subnet)  
+    :material-plus: [network_type](#network_type)  
+    :material-plus: [network_is_expensive](#network_is_expensive)  
+    :material-plus: [network_is_constrained](#network_is_constrained)
+
 !!! quote "sing-box 1.10.0 中的更改"

    :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)  
@@ -117,6 +128,11 @@ icon: material/new-box
          1000
        ],
        "clash_mode": "direct",
+        "network_type": [
+          "wifi"
+        ],
+        "network_is_expensive": false,
+        "network_is_constrained": false,
        "wifi_ssid": [
          "My WIFI"
        ],
@@ -135,17 +151,15 @@ icon: material/new-box
        "outbound": [
          "direct"
        ],
-        "server": "local",
-        "disable_cache": false,
-        "client_subnet": "127.0.0.1/24"
+        "action": "route",
+        "server": "local"
      },
      {
        "type": "logical",
        "mode": "and",
        "rules": [],
-        "server": "local",
-        "disable_cache": false,
-        "client_subnet": "127.0.0.1/24"
+        "action": "route",
+        "server": "local"
      }
    ]
  }
@@ -304,6 +318,39 @@ DNS 查询类型。值可以为整数或者类型名称字符串。

 匹配 Clash 模式。

+#### network_type
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Android 与 Apple 平台图形客户端中支持。
+
+匹配网络类型。
+
+Available values: `wifi`, `cellular`, `ethernet` and `other`.
+
+#### network_is_expensive
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Android 与 Apple 平台图形客户端中支持。
+
+匹配如果网络被视为计费 (在 Android) 或被视为昂贵，
+像蜂窝网络或个人热点 (在 Apple 平台)。
+
+#### network_is_constrained
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Apple 平台图形客户端中支持。
+
+匹配如果网络在低数据模式下。
+
 #### wifi_ssid

 !!! quote ""
@@ -352,29 +399,35 @@ DNS 查询类型。值可以为整数或者类型名称字符串。

 `any` 可作为值用于匹配任意出站。

-#### server
+#### action

 ==必填==

-目标 DNS 服务器的标签。
+参阅 [规则动作](../rule_action/)。
+
+#### server
+
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    已移动到 [DNS 规则动作](../rule_action#route).

 #### disable_cache

-在此查询中禁用缓存。
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    已移动到 [DNS 规则动作](../rule_action#route).

 #### rewrite_ttl

-重写 DNS 回应中的 TTL。
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    已移动到 [DNS 规则动作](../rule_action#route).

 #### client_subnet

-!!! question "自 sing-box 1.9.0 起"
+!!! failure "已在 sing-box 1.11.0 废弃"

-默认情况下，将带有指定 IP 前缀的 `edns0-subnet` OPT 附加记录附加到每个查询。
-
-如果值是 IP 地址而不是前缀，则会自动附加 `/32` 或 `/128`。
-
-将覆盖 `dns.client_subnet` 与 `servers.[].client_subnet`。
+    已移动到 [DNS 规则动作](../rule_action#route).

 ### 地址筛选字段

@@ -420,8 +473,12 @@ DNS 查询类型。值可以为整数或者类型名称字符串。

 #### mode

+==必填==
+
 `and` 或 `or`

 #### rules

-包括的规则。
+==必填==
+
+包括的规则。
--- a/docs/configuration/dns/rule_action.md
+++ b/docs/configuration/dns/rule_action.md
@@ -2,8 +2,6 @@
 icon: material/new-box
 ---

-# DNS Rule Action
-
 !!! question "Since sing-box 1.11.0"

 ### route
@@ -12,8 +10,6 @@ icon: material/new-box
 {
  "action": "route",  // default
  "server": "",
-  
-  // for compatibility
  "disable_cache": false,
  "rewrite_ttl": 0,
  "client_subnet": null
@@ -28,23 +24,6 @@ icon: material/new-box

 Tag of target server.

-#### disable_cache/rewrite_ttl/client_subnet
-
-!!! failure "Deprecated in sing-box 1.11.0"
-
-    Legacy route options is deprecated and will be removed in sing-box 1.12.0, check [Migration](/migration/#migrate-legacy-dns-route-options-to-rule-actions).
-
-### route-options
-
-```json
-{
-  "action": "route-options",
-  "disable_cache": false,
-  "rewrite_ttl": null,
-  "client_subnet": null
-}
-```
-
 #### disable_cache

 Disable cache and save cache in this query.
@@ -61,6 +40,19 @@ If value is an IP address instead of prefix, `/32` or `/128` will be appended au

 Will overrides `dns.client_subnet` and `servers.[].client_subnet`.

+### route-options
+
+```json
+{
+  "action": "route-options",
+  "disable_cache": false,
+  "rewrite_ttl": null,
+  "client_subnet": null
+}
+```
+
+`route-options` set options for routing.
+
 ### reject

 ```json
--- a/docs/configuration/dns/rule_action.zh.md
+++ b/docs/configuration/dns/rule_action.zh.md
@@ -2,8 +2,6 @@
 icon: material/new-box
 ---

-# DNS 规则动作
-
 !!! question "自 sing-box 1.11.0 起"

 ### route
@@ -28,24 +26,6 @@ icon: material/new-box

 目标 DNS 服务器的标签。

-#### disable_cache/rewrite_ttl/client_subnet
-
-!!! failure "自 sing-box 1.11.0 起"
-
-    旧的路由选项已弃用，且将在 sing-box 1.12.0 中移除，参阅 [迁移指南](/migration/#migrate-legacy-dns-route-options-to-rule-actions).
-
-### route-options
-
-```json
-{
-  "action": "route-options",
-  "disable_cache": false,
-  "rewrite_ttl": null,
-  "client_subnet": null
-}
-```
-
-
 #### disable_cache

 在此查询中禁用缓存。
@@ -62,6 +42,19 @@ icon: material/new-box

 将覆盖 `dns.client_subnet` 与 `servers.[].client_subnet`。

+### route-options
+
+```json
+{
+  "action": "route-options",
+  "disable_cache": false,
+  "rewrite_ttl": null,
+  "client_subnet": null
+}
+```
+
+`route-options` 为路由设置选项。
+
 ### reject

 ```json
--- a/docs/configuration/inbound/shadowtls.md
+++ b/docs/configuration/inbound/shadowtls.md
@@ -66,11 +66,11 @@ Only available in the ShadowTLS protocol 3.

 ==Required==

-Handshake server address and [Dial options](/configuration/shared/dial/).
+Handshake server address and [Dial Fields](/configuration/shared/dial/).

 #### handshake_for_server_name

-Handshake server address and [Dial options](/configuration/shared/dial/) for specific server name.
+Handshake server address and [Dial Fields](/configuration/shared/dial/) for specific server name.

 Only available in the ShadowTLS protocol 2/3.

--- a/docs/configuration/outbound/direct.md
+++ b/docs/configuration/outbound/direct.md
@@ -1,3 +1,12 @@
+---
+icon: material/alert-decagram
+---
+
+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-alert-decagram: [override_address](#override_address)  
+    :material-alert-decagram: [override_port](#override_port)
+
 `direct` outbound send requests directly.

 ### Structure
@@ -9,7 +18,6 @@
  
  "override_address": "1.0.0.1",
  "override_port": 53,
-  "proxy_protocol": 0,
  
  ... // Dial Fields
 }
@@ -19,16 +27,20 @@

 #### override_address

+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Destination override fields are deprecated in sing-box 1.11.0 and will be removed in sing-box 1.13.0, see [Migration](/migration/#migrate-destination-override-fields-to-route-options).
+
 Override the connection destination address.

 #### override_port

+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Destination override fields are deprecated in sing-box 1.11.0 and will be removed in sing-box 1.13.0, see [Migration](/migration/#migrate-destination-override-fields-to-route-options).
+
 Override the connection destination port.

-#### proxy_protocol
-
-Write [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header.
-
 Protocol value can be `1` or `2`.

 ### Dial Fields
--- a/docs/configuration/outbound/direct.zh.md
+++ b/docs/configuration/outbound/direct.zh.md
@@ -1,3 +1,12 @@
+---
+icon: material/alert-decagram
+---
+
+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-alert-decagram: [override_address](#override_address)  
+    :material-alert-decagram: [override_port](#override_port)
+
 `direct` 出站直接发送请求。

 ### 结构
@@ -9,7 +18,6 @@
  
  "override_address": "1.0.0.1",
  "override_port": 53,
-  "proxy_protocol": 0,

  ... // 拨号字段
 }
@@ -19,18 +27,20 @@

 #### override_address

+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    目标覆盖字段在 sing-box 1.11.0 中已废弃，并将在 sing-box 1.13.0 中被移除，参阅 [迁移指南](/migration/#migrate-destination-override-fields-to-route-options)。
+
 覆盖连接目标地址。

 #### override_port

+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    目标覆盖字段在 sing-box 1.11.0 中已废弃，并将在 sing-box 1.13.0 中被移除，参阅 [迁移指南](/migration/#migrate-destination-override-fields-to-route-options)。
+
 覆盖连接目标端口。

-#### proxy_protocol
-
-写出 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) 到连接头。
-
-可用协议版本值：`1` 或 `2`。
-
 ### 拨号字段

 参阅 [拨号字段](/zh/configuration/shared/dial/)。
--- a/docs/configuration/route/index.md
+++ b/docs/configuration/route/index.md
@@ -1,5 +1,16 @@
+---
+icon: material/new-box
+---
+
 # Route

+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-plus: [default_network_strategy](#default_network_strategy)  
+    :material-plus: [default_network_type](#default_network_type)  
+    :material-plus: [default_fallback_network_type](#default_fallback_network_type)  
+    :material-alert: [default_fallback_delay](#default_fallback_delay)
+
 !!! quote "Changes in sing-box 1.8.0"

    :material-plus: [rule_set](#rule_set)  
@@ -18,18 +29,21 @@
    "final": "",
    "auto_detect_interface": false,
    "override_android_vpn": false,
-    "default_interface": "en0",
-    "default_mark": 233
+    "default_interface": "",
+    "default_mark": 0,
+    "default_network_strategy": "",
+    "default_network_type": [],
+    "default_fallback_network_type": [],
+    "default_fallback_delay": ""
  }
 }
 ```

-### Fields
+!!! note ""

-| Key       | Format               |
-|-----------|----------------------|
-| `geoip`   | [GeoIP](./geoip/)     |
-| `geosite` | [Geosite](./geosite/) |
+    You can ignore the JSON Array [] tag when the content is only one item
+
+### Fields

 #### rules

@@ -81,4 +95,34 @@ Takes no effect if `auto_detect_interface` is set.

 Set routing mark by default.

-Takes no effect if `outbound.routing_mark` is set.
+Takes no effect if `outbound.routing_mark` is set.
+
+#### default_network_strategy
+
+!!! question "Since sing-box 1.11.0"
+
+See [Dial Fields](/configuration/shared/dial/#network_strategy) for details.
+
+Takes no effect if `outbound.bind_interface`, `outbound.inet4_bind_address` or `outbound.inet6_bind_address` is set.
+
+Can be overrides by `outbound.network_strategy`.
+
+Conflicts with `default_interface`.
+
+#### default_network_type
+
+!!! question "Since sing-box 1.11.0"
+
+See [Dial Fields](/configuration/shared/dial/#network_type) for details.
+
+#### default_fallback_network_type
+
+!!! question "Since sing-box 1.11.0"
+
+See [Dial Fields](/configuration/shared/dial/#fallback_network_type) for details.
+
+#### default_fallback_delay
+
+!!! question "Since sing-box 1.11.0"
+
+See [Dial Fields](/configuration/shared/dial/#fallback_delay) for details.
--- a/docs/configuration/route/index.zh.md
+++ b/docs/configuration/route/index.zh.md
@@ -1,5 +1,16 @@
+---
+icon: material/new-box
+---
+
 # 路由

+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-plus: [network_strategy](#network_strategy)  
+    :material-plus: [default_network_type](#default_network_type)  
+    :material-plus: [default_fallback_network_type](#default_fallback_network_type)  
+    :material-alert: [default_fallback_delay](#default_fallback_delay)
+
 !!! quote "sing-box 1.8.0 中的更改"

    :material-plus: [rule_set](#rule_set)  
@@ -18,12 +29,18 @@
    "final": "",
    "auto_detect_interface": false,
    "override_android_vpn": false,
-    "default_interface": "en0",
-    "default_mark": 233
+    "default_interface": "",
+    "default_mark": 0,
+    "default_network_strategy": "",
+    "default_fallback_delay": ""
  }
 }
 ```

+!!! note ""
+
+    当内容只有一项时，可以忽略 JSON 数组 [] 标签
+
 ### 字段

 | 键         | 格式                    |
@@ -82,3 +99,33 @@
 默认为出站连接设置路由标记。

 如果设置了 `outbound.routing_mark` 设置，则不生效。
+
+#### network_strategy
+
+!!! question "自 sing-box 1.11.0 起"
+
+详情参阅 [拨号字段](/configuration/shared/dial/#network_strategy)。
+
+当 `outbound.bind_interface`, `outbound.inet4_bind_address` 或 `outbound.inet6_bind_address` 已设置时不生效。
+
+可以被 `outbound.network_strategy` 覆盖。
+
+与 `default_interface` 冲突。
+
+#### default_network_type
+
+!!! question "自 sing-box 1.11.0 起"
+
+详情参阅 [拨号字段](/configuration/shared/dial/#default_network_type)。
+
+#### default_fallback_network_type
+
+!!! question "自 sing-box 1.11.0 起"
+
+详情参阅 [拨号字段](/configuration/shared/dial/#default_fallback_network_type)。
+
+#### default_fallback_delay
+
+!!! question "自 sing-box 1.11.0 起"
+
+详情参阅 [拨号字段](/configuration/shared/dial/#fallback_delay)。
--- a/docs/configuration/route/rule.md
+++ b/docs/configuration/route/rule.md
@@ -5,7 +5,10 @@ icon: material/new-box
 !!! quote "Changes in sing-box 1.11.0"

    :material-plus: [action](#action)  
-    :material-alert: [outbound](#outbound)
+    :material-alert: [outbound](#outbound)  
+    :material-plus: [network_type](#network_type)  
+    :material-plus: [network_is_expensive](#network_is_expensive)  
+    :material-plus: [network_is_constrained](#network_is_constrained)

 !!! quote "Changes in sing-box 1.10.0"

@@ -120,6 +123,11 @@ icon: material/new-box
          1000
        ],
        "clash_mode": "direct",
+        "network_type": [
+          "wifi"
+        ],
+        "network_is_expensive": false,
+        "network_is_constrained": false,
        "wifi_ssid": [
          "My WIFI"
        ],
@@ -322,6 +330,39 @@ Match user id.

 Match Clash mode.

+#### network_type
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Android and Apple platforms.
+
+Match network type.
+
+Available values: `wifi`, `cellular`, `ethernet` and `other`.
+
+#### network_is_expensive
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Android and Apple platforms.
+
+Match if network is considered Metered (on Android) or considered expensive,
+such as Cellular or a Personal Hotspot (on Apple platforms).
+
+#### network_is_constrained
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Apple platforms.
+
+Match if network is in Low Data Mode.
+
 #### wifi_ssid

 !!! quote ""
--- a/docs/configuration/route/rule.zh.md
+++ b/docs/configuration/route/rule.zh.md
@@ -5,7 +5,10 @@ icon: material/new-box
 !!! quote "sing-box 1.11.0 中的更改"

    :material-plus: [action](#action)  
-    :material-alert: [outbound](#outbound)
+    :material-alert: [outbound](#outbound)  
+    :material-plus: [network_type](#network_type)  
+    :material-plus: [network_is_expensive](#network_is_expensive)  
+    :material-plus: [network_is_constrained](#network_is_constrained)

 !!! quote "sing-box 1.10.0 中的更改"

@@ -13,7 +16,6 @@ icon: material/new-box
    :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)  
    :material-plus: [process_path_regex](#process_path_regex)

-
 !!! quote "sing-box 1.8.0 中的更改"

    :material-plus: [rule_set](#rule_set)  
@@ -118,6 +120,11 @@ icon: material/new-box
          1000
        ],
        "clash_mode": "direct",
+        "network_type": [
+          "wifi"
+        ],
+        "network_is_expensive": false,
+        "network_is_constrained": false,
        "wifi_ssid": [
          "My WIFI"
        ],
@@ -153,7 +160,7 @@ icon: material/new-box

    当内容只有一项时，可以忽略 JSON 数组 [] 标签。

-### Default Fields
+### 默认字段

 !!! note ""

@@ -320,6 +327,39 @@ icon: material/new-box

 匹配 Clash 模式。

+#### network_type
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Android 与 Apple 平台图形客户端中支持。
+
+匹配网络类型。
+
+Available values: `wifi`, `cellular`, `ethernet` and `other`.
+
+#### network_is_expensive
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Android 与 Apple 平台图形客户端中支持。
+
+匹配如果网络被视为计费 (在 Android) 或被视为昂贵，
+像蜂窝网络或个人热点 (在 Apple 平台)。
+
+#### network_is_constrained
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Apple 平台图形客户端中支持。
+
+匹配如果网络在低数据模式下。
+
 #### wifi_ssid

 !!! quote ""
@@ -366,13 +406,13 @@ icon: material/new-box

 ==必填==

-参阅 [规则行动](../rule_action/)。
+参阅 [规则动作](../rule_action/)。

 #### outbound

 !!! failure "已在 sing-box 1.11.0 废弃"

-    已移动到 [规则行动](../rule_action#route).
+    已移动到 [规则动作](../rule_action#route).

 ### 逻辑字段

--- a/docs/configuration/route/rule_action.md
+++ b/docs/configuration/route/rule_action.md
@@ -2,10 +2,6 @@
 icon: material/new-box
 ---

-# Rule Action
-
-!!! question "Since sing-box 1.11.0"
-
 ## Final actions

 ### route
@@ -13,10 +9,16 @@ icon: material/new-box
 ```json
 {
  "action": "route", // default
-  "outbound": ""
+  "outbound": "",
+ 
+  ... // route-options Fields
 }
 ```

+!!! note ""
+
+    You can ignore the JSON Array [] tag when the content is only one item
+
 `route` inherits the classic rule behavior of routing connection to the specified outbound.

 #### outbound
@@ -25,11 +27,19 @@ icon: material/new-box

 Tag of target outbound.

+#### route-options Fields
+
+See `route-options` fields below.
+
 ### route-options

 ```json
 {
  "action": "route-options",
+  "override_address": "",
+  "override_port": 0,
+  "network_strategy": "",
+  "fallback_delay": "",
  "udp_disable_domain_unmapping": false,
  "udp_connect": false
 }
@@ -37,6 +47,33 @@ Tag of target outbound.

 `route-options` set options for routing.

+#### override_address
+
+Override the connection destination address.
+
+#### override_port
+
+Override the connection destination port.
+
+#### network_strategy
+
+See [Dial Fields](/configuration/shared/dial/#network_strategy) for details.
+
+Only take effect if outbound is direct without `outbound.bind_interface`,
+`outbound.inet4_bind_address` and `outbound.inet6_bind_address` set.
+
+#### network_type
+
+See [Dial Fields](/configuration/shared/dial/#network_type) for details.
+
+#### fallback_network_type
+
+See [Dial Fields](/configuration/shared/dial/#fallback_network_type) for details.
+
+#### fallback_delay
+
+See [Dial Fields](/configuration/shared/dial/#fallback_delay) for details.
+
 #### udp_disable_domain_unmapping

 If enabled, for UDP proxy requests addressed to a domain,
--- a/docs/configuration/route/rule_action.zh.md
+++ b/docs/configuration/route/rule_action.zh.md
@@ -2,10 +2,6 @@
 icon: material/new-box
 ---

-# 规则动作
-
-!!! question "自 sing-box 1.11.0 起"
-
 ## 最终动作

 ### route
@@ -14,7 +10,8 @@ icon: material/new-box
 {
  "action": "route", // 默认
  "outbound": "",
-  "udp_disable_domain_unmapping": false
+  
+  ... // route-options 字段
 }
 ```

@@ -26,16 +23,57 @@ icon: material/new-box

 目标出站的标签。

+#### route-options 字段
+
+参阅下方的 `route-options` 字段。
+
 ### route-options

 ```json
 {
  "action": "route-options",
+  "override_address": "",
+  "override_port": 0,
+  "network_strategy": "",
+  "fallback_delay": "",
  "udp_disable_domain_unmapping": false,
-    "udp_connect": false
+  "udp_connect": false
 }
 ```

+!!! note ""
+
+    当内容只有一项时，可以忽略 JSON 数组 [] 标签
+
+`route-options` 为路由设置选项。
+
+#### override_address
+
+覆盖目标地址。
+
+#### override_port
+
+覆盖目标端口。
+
+#### network_strategy
+
+详情参阅 [拨号字段](/configuration/shared/dial/#network_strategy)。
+
+仅当出站为 `direct` 且 `outbound.bind_interface`, `outbound.inet4_bind_address`
+且 `outbound.inet6_bind_address` 未设置时生效。
+
+#### network_type
+
+详情参阅 [拨号字段](/configuration/shared/dial/#network_type)。
+
+#### fallback_network_type
+
+详情参阅 [拨号字段](/configuration/shared/dial/#fallback_network_type)。
+
+#### fallback_delay
+
+详情参阅 [拨号字段](/configuration/shared/dial/#fallback_delay)。
+
 #### udp_disable_domain_unmapping

 如果启用，对于地址为域的 UDP 代理请求，将在响应中发送原始包地址而不是映射的域。
--- a/docs/configuration/rule-set/adguard.md
+++ b/docs/configuration/rule-set/adguard.md
@@ -2,8 +2,6 @@
 icon: material/new-box
 ---

-# AdGuard DNS Filter
-
 !!! question "Since sing-box 1.10.0"

 sing-box supports some rule-set formats from other projects which cannot be fully translated to sing-box,
--- a/docs/configuration/rule-set/adguard.zh.md
+++ b/docs/configuration/rule-set/adguard.zh.md
@@ -0,0 +1,68 @@
+---
+icon: material/new-box
+---
+
+!!! question "自 sing-box 1.10.0 起"
+
+sing-box 支持其他项目的一些规则集格式，这些格式无法完全转换为 sing-box，
+目前只有 AdGuard DNS Filter。
+
+这些格式不直接作为源格式支持，
+而是需要将它们转换为二进制规则集。
+
+## 转换
+
+使用 `sing-box rule-set convert --type adguard [--output <file-name>.srs] <file-name>.txt` 以转换为二进制规则集。
+
+## 性能
+
+AdGuard 将所有规则保存在内存中并按顺序匹配，
+而 sing-box 选择高性能和较小的内存使用量。
+作为权衡，您无法知道匹配了哪个规则项。
+
+## 兼容性
+
+[AdGuardSDNSFilter](https://github.com/AdguardTeam/AdGuardSDNSFilter)
+中的几乎所有规则以及 [adguard-filter-list](https://github.com/ppfeufer/adguard-filter-list)
+中列出的规则集中的规则均受支持。
+
+## 支持的格式
+
+### AdGuard Filter
+
+#### 基本规则语法
+
+| 语法     | 支持               |
+|--------|------------------|
+| `@@`   | :material-check: | 
+| `\|\|` | :material-check: | 
+| `\|`   | :material-check: |
+| `^`    | :material-check: |
+| `*`    | :material-check: |
+
+#### 主机语法
+
+| 语法          | 示例                       | 支持                       |
+|-------------|--------------------------|--------------------------|
+| Scheme      | `https://`               | :material-alert: Ignored |
+| Domain Host | `example.org`            | :material-check:         |
+| IP Host     | `1.1.1.1`, `10.0.0.`     | :material-close:         |
+| Regexp      | `/regexp/`               | :material-check:         |
+| Port        | `example.org:80`         | :material-close:         |
+| Path        | `example.org/path/ad.js` | :material-close:         |
+
+#### 描述符语法
+
+| 描述符                   | 支持                       |
+|-----------------------|--------------------------|
+| `$important`          | :material-check:         |
+| `$dnsrewrite=0.0.0.0` | :material-alert: Ignored |
+| 任何其他描述符               | :material-close:         |
+
+### Hosts
+
+只有 IP 地址为 `0.0.0.0` 的条目将被接受。
+
+### 简易
+
+当所有行都是有效域时，它们被视为简单的逐行域规则， 与 hosts 一样，只匹配完全相同的域。
--- a/docs/configuration/rule-set/headless-rule.md
+++ b/docs/configuration/rule-set/headless-rule.md
@@ -1,3 +1,13 @@
+---
+icon: material/new-box
+---
+
+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-plus: [network_type](#network_type)  
+    :material-plus: [network_is_expensive](#network_is_expensive)  
+    :material-plus: [network_is_constrained](#network_is_constrained)
+
 ### Structure

 !!! question "Since sing-box 1.8.0"
@@ -63,6 +73,11 @@
      "package_name": [
        "com.termux"
      ],
+      "network_type": [
+        "wifi"
+      ],
+      "network_is_expensive": false,
+      "network_is_constrained": false,
      "wifi_ssid": [
        "My WIFI"
      ],
@@ -177,6 +192,39 @@ Match process path using regular expression.

 Match android package name.

+#### network_type
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Android and Apple platforms.
+
+Match network type.
+
+Available values: `wifi`, `cellular`, `ethernet` and `other`.
+
+#### network_is_expensive
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Android and Apple platforms.
+
+Match if network is considered Metered (on Android) or considered expensive,
+such as Cellular or a Personal Hotspot (on Apple platforms).
+
+#### network_is_constrained
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Apple platforms.
+
+Match if network is in Low Data Mode.
+
 #### wifi_ssid

 !!! quote ""
--- a/docs/configuration/rule-set/headless-rule.zh.md
+++ b/docs/configuration/rule-set/headless-rule.zh.md
@@ -0,0 +1,258 @@
+---
+icon: material/new-box
+---
+
+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-plus: [network_type](#network_type)  
+    :material-alert: [network_is_expensive](#network_is_expensive)  
+    :material-alert: [network_is_constrained](#network_is_constrained)
+
+### 结构
+
+!!! question "自 sing-box 1.8.0 起"
+
+```json
+{
+  "rules": [
+    {
+      "query_type": [
+        "A",
+        "HTTPS",
+        32768
+      ],
+      "network": [
+        "tcp"
+      ],
+      "domain": [
+        "test.com"
+      ],
+      "domain_suffix": [
+        ".cn"
+      ],
+      "domain_keyword": [
+        "test"
+      ],
+      "domain_regex": [
+        "^stun\\..+"
+      ],
+      "source_ip_cidr": [
+        "10.0.0.0/24",
+        "192.168.0.1"
+      ],
+      "ip_cidr": [
+        "10.0.0.0/24",
+        "192.168.0.1"
+      ],
+      "source_port": [
+        12345
+      ],
+      "source_port_range": [
+        "1000:2000",
+        ":3000",
+        "4000:"
+      ],
+      "port": [
+        80,
+        443
+      ],
+      "port_range": [
+        "1000:2000",
+        ":3000",
+        "4000:"
+      ],
+      "process_name": [
+        "curl"
+      ],
+      "process_path": [
+        "/usr/bin/curl"
+      ],
+      "process_path_regex": [
+        "^/usr/bin/.+"
+      ],
+      "package_name": [
+        "com.termux"
+      ],
+      "network_type": [
+        "wifi"
+      ],
+      "network_is_expensive": false,
+      "network_is_constrained": false,
+      "wifi_ssid": [
+        "My WIFI"
+      ],
+      "wifi_bssid": [
+        "00:00:00:00:00:00"
+      ],
+      "invert": false
+    },
+    {
+      "type": "logical",
+      "mode": "and",
+      "rules": [],
+      "invert": false
+    }
+  ]
+}
+```
+
+!!! note ""
+
+    当内容只有一项时，可以忽略 JSON 数组 [] 标签。
+
+### Default Fields
+
+!!! note ""
+
+    默认规则使用以下匹配逻辑:  
+    (`domain` || `domain_suffix` || `domain_keyword` || `domain_regex` || `ip_cidr`) &&  
+    (`port` || `port_range`) &&  
+    (`source_port` || `source_port_range`) &&  
+    `other fields`
+
+#### query_type
+
+DNS 查询类型。值可以为整数或者类型名称字符串。
+
+#### network
+
+`tcp` 或 `udp`。
+
+#### domain
+
+匹配完整域名。
+
+#### domain_suffix
+
+匹配域名后缀。
+
+#### domain_keyword
+
+匹配域名关键字。
+
+#### domain_regex
+
+匹配域名正则表达式。
+
+#### source_ip_cidr
+
+匹配源 IP CIDR。
+
+#### ip_cidr
+
+匹配 IP CIDR。
+
+#### source_port
+
+匹配源端口。
+
+#### source_port_range
+
+匹配源端口范围。
+
+#### port
+
+匹配端口。
+
+#### port_range
+
+匹配端口范围。
+
+#### process_name
+
+!!! quote ""
+
+    仅支持 Linux、Windows 和 macOS。
+
+匹配进程名称。
+
+#### process_path
+
+!!! quote ""
+
+    仅支持 Linux、Windows 和 macOS.
+
+匹配进程路径。
+
+#### process_path_regex
+
+!!! question "自 sing-box 1.10.0 起"
+
+!!! quote ""
+
+    仅支持 Linux、Windows 和 macOS.
+
+使用正则表达式匹配进程路径。
+
+#### package_name
+
+匹配 Android 应用包名。
+
+#### network_type
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Android 与 Apple 平台图形客户端中支持。
+
+匹配网络类型。
+
+Available values: `wifi`, `cellular`, `ethernet` and `other`.
+
+#### network_is_expensive
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Android 与 Apple 平台图形客户端中支持。
+
+匹配如果网络被视为计费 (在 Android) 或被视为昂贵，
+像蜂窝网络或个人热点 (在 Apple 平台)。
+
+#### network_is_constrained
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Apple 平台图形客户端中支持。
+
+匹配如果网络在低数据模式下。
+
+#### wifi_ssid
+
+!!! quote ""
+
+    仅在 Android 与 Apple 平台图形客户端中支持。
+
+匹配 WiFi SSID。
+
+#### wifi_bssid
+
+!!! quote ""
+
+    仅在 Android 与 Apple 平台图形客户端中支持。
+
+#### invert
+
+反选匹配结果。
+
+### 逻辑字段
+
+#### type
+
+`logical`
+
+#### mode
+
+==必填==
+
+`and` 或 `or`
+
+#### rules
+
+==必填==
+
+包括的规则。
--- a/docs/configuration/rule-set/index.md
+++ b/docs/configuration/rule-set/index.md
@@ -74,7 +74,7 @@ Tag of rule-set.

 ==Required==

-List of [Headless Rule](./headless-rule.md/).
+List of [Headless Rule](../headless-rule/).

 ### Local or Remote Fields

--- a/docs/configuration/rule-set/index.zh.md
+++ b/docs/configuration/rule-set/index.zh.md
@@ -0,0 +1,117 @@
+---
+icon: material/new-box
+---
+
+!!! quote "sing-box 1.10.0 中的更改"
+
+    :material-plus: `type: inline`
+
+# 规则集
+
+!!! question "自 sing-box 1.8.0 起"
+
+### 结构
+
+=== "内联"
+
+    !!! question "自 sing-box 1.10.0 起"
+
+    ```json
+    {
+      "type": "inline", // 可选
+      "tag": "",
+      "rules": []
+    }
+    ```
+
+=== "本地文件"
+
+    ```json
+    {
+      "type": "local",
+      "tag": "",
+      "format": "source", // or binary
+      "path": ""
+    }
+    ```
+
+=== "远程文件"
+
+    !!! info ""
+    
+        远程规则集将被缓存如果 `experimental.cache_file.enabled` 已启用。
+
+    ```json
+    {
+      "type": "remote",
+      "tag": "",
+      "format": "source", // or binary
+      "url": "",
+      "download_detour": "", // 可选
+      "update_interval": "" // 可选
+    }
+    ```
+
+### 字段
+
+#### type
+
+==必填==
+
+规则集类型， `local` 或 `remote`。
+
+#### tag
+
+==必填==
+
+规则集的标签。
+
+### 内联字段
+
+!!! question "自 sing-box 1.10.0 起"
+
+#### rules
+
+==必填==
+
+一组 [无头规则](../headless-rule/).
+
+### 本地或远程字段
+
+#### format
+
+==必填==
+
+规则集格式， `source` 或 `binary`。
+
+### 本地字段
+
+#### path
+
+==必填==
+
+!!! note ""
+
+    自 sing-box 1.10.0 起，文件更改时将自动重新加载。
+
+规则集的文件路径。
+
+### 远程字段
+
+#### url
+
+==必填==
+
+规则集的下载 URL。
+
+#### download_detour
+
+用于下载规则集的出站的标签。
+
+如果为空，将使用默认出站。
+
+#### update_interval
+
+规则集的更新间隔。
+
+默认使用 `1d`。
--- a/docs/configuration/rule-set/source-format.md
+++ b/docs/configuration/rule-set/source-format.md
@@ -2,7 +2,9 @@
 icon: material/new-box
 ---

-# Source Format
+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-plus: version `3`

 !!! quote "Changes in sing-box 1.10.0"

@@ -14,7 +16,7 @@ icon: material/new-box

 ```json
 {
-  "version": 2,
+  "version": 3,
  "rules": []
 }
 ```
@@ -29,19 +31,14 @@ Use `sing-box rule-set compile [--output <file-name>.srs] <file-name>.json` to c

 ==Required==

-Version of rule-set, one of `1` or `2`.
+Version of rule-set.

-* 1: Initial rule-set version, since sing-box 1.8.0.
-* 2: Optimized memory usages of `domain_suffix` rules.
-
-The new rule-set version `2` does not make any changes to the format, only affecting `binary` rule-sets compiled by command `rule-set compile`
-
-Since 1.10.0, the optimization is always applied to `source` rule-sets even if version is set to `1`.
-
-It is recommended to upgrade to `2` after sing-box 1.10.0 becomes a stable version.
+* 1: sing-box 1.8.0: Initial rule-set version.
+* 2: sing-box 1.10.0: Optimized memory usages of `domain_suffix` rules in binary rule-sets.
+* 3: sing-box 1.11.0: Added `network_type`, `network_is_expensive` and `network_is_constrainted` rule items.

 #### rules

 ==Required==

-List of [Headless Rule](./headless-rule.md/).
+List of [Headless Rule](../headless-rule/).
--- a/docs/configuration/rule-set/source-format.zh.md
+++ b/docs/configuration/rule-set/source-format.zh.md
@@ -0,0 +1,44 @@
+---
+icon: material/new-box
+---
+
+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-plus: version `3`
+
+!!! quote "sing-box 1.10.0 中的更改"
+
+    :material-plus: version `2`
+
+!!! question "自 sing-box 1.8.0 起"
+
+### 结构
+
+```json
+{
+  "version": 3,
+  "rules": []
+}
+```
+
+### 编译
+
+使用 `sing-box rule-set compile [--output <file-name>.srs] <file-name>.json` 以编译源文件为二进制规则集。
+
+### 字段
+
+#### version
+
+==必填==
+
+规则集版本。
+
+* 1: sing-box 1.8.0: 初始规则集版本。
+* 2: sing-box 1.10.0: 优化了二进制规则集中 `domain_suffix` 规则的内存使用。
+* 3: sing-box 1.11.0: 添加了 `network_type`、 `network_is_expensive` 和 `network_is_constrainted` 规则项。
+
+#### rules
+
+==必填==
+
+一组 [无头规则](../headless-rule/).
--- a/docs/configuration/shared/dial.md
+++ b/docs/configuration/shared/dial.md
@@ -1,3 +1,14 @@
+---
+icon: material/new-box
+---
+
+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-plus: [network_strategy](#network_strategy)  
+    :material-alert: [fallback_delay](#fallback_delay)  
+    :material-alert: [network_type](#network_type)  
+    :material-alert: [fallback_network_type](#fallback_network_type)
+
 ### Structure

 ```json
@@ -13,20 +24,25 @@
  "tcp_multi_path": false,
  "udp_fragment": false,
  "domain_strategy": "prefer_ipv6",
+  "network_strategy": "default",
+  "network_type": [],
+  "fallback_network_type": [],
  "fallback_delay": "300ms"
 }
 ```

-### Fields
+!!! note ""

-| Field                                                                                                                                    | Available Context |
-|------------------------------------------------------------------------------------------------------------------------------------------|-------------------|
-| `bind_interface` /`*bind_address` /`routing_mark` /`reuse_addr` / `tcp_fast_open` / `tcp_multi_path` / `udp_fragment` /`connect_timeout` | `detour` not set  |
+    You can ignore the JSON Array [] tag when the content is only one item
+
+### Fields

 #### detour

 The tag of the upstream outbound.

+If enabled, all other fields will be ignored.
+
 #### bind_interface

 The network interface to bind to.
@@ -78,7 +94,7 @@ Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".

 #### domain_strategy

-One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
+Available values: `prefer_ipv4`, `prefer_ipv6`, `ipv4_only`, `ipv6_only`.

 If set, the requested domain name will be resolved to IP before connect.

@@ -87,11 +103,71 @@ If set, the requested domain name will be resolved to IP before connect.
 | `direct` | Domain in request        | Take `inbound.domain_strategy` if not set | 
 | others   | Domain in server address | /                                         |

+#### network_strategy
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Android and Apple platforms with `auto_detect_interface` enabled.
+
+Strategy for selecting network interfaces.
+
+Available values:
+
+- `default` (default): Connect to default network or networks specified in `network_type` sequentially.
+- `hybrid`: Connect to all networks or networks specified in `network_type` concurrently.
+- `fallback`: Connect to default network or preferred networks specified in `network_type` concurrently, and try fallback networks when unavailable or timeout.
+
+For fallback, when preferred interfaces fails or times out,
+it will enter a 15s fast fallback state (Connect to all preferred and fallback networks concurrently),
+and exit immediately if preferred networks recover.
+
+Conflicts with `bind_interface`, `inet4_bind_address` and `inet6_bind_address`.
+
+#### network_type
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Android and Apple platforms with `auto_detect_interface` enabled.
+
+Network types to use when using `default` or `hybrid` network strategy or
+preferred network types to use when using `fallback` network strategy.
+
+Available values: `wifi`, `cellular`, `ethernet`, `other`.
+
+Device's default network is used by default.
+
+#### fallback_network_type
+
+!!! question "Since sing-box 1.11.0"
+
+!!! quote ""
+
+    Only supported in graphical clients on Android and Apple platforms with `auto_detect_interface` enabled.
+
+Fallback network types when preferred networks are unavailable or timeout when using `fallback` network strategy.
+
+All other networks expect preferred are used by default.
+
 #### fallback_delay

-The length of time to wait before spawning a RFC 6555 Fast Fallback connection.
-That is, is the amount of time to wait for connection to succeed before assuming
-that IPv4/IPv6 is misconfigured and falling back to other type of addresses.
-If zero, a default delay of 300ms is used.
+!!! question "Since sing-box 1.11.0"

-Only take effect when `domain_strategy` is set.
+!!! quote ""
+
+    Only supported in graphical clients on Android and Apple platforms with `auto_detect_interface` enabled.
+
+The length of time to wait before spawning a RFC 6555 Fast Fallback connection.
+
+For `domain_strategy`, is the amount of time to wait for connection to succeed before assuming
+that IPv4/IPv6 is misconfigured and falling back to other type of addresses.
+
+For `network_strategy`, is the amount of time to wait for connection to succeed before falling
+back to other interfaces.
+
+Only take effect when `domain_strategy` or `network_strategy` is set.
+
+`300ms` is used by default.
--- a/docs/configuration/shared/dial.zh.md
+++ b/docs/configuration/shared/dial.zh.md
@@ -1,3 +1,14 @@
+---
+icon: material/new-box
+---
+
+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-plus: [network_strategy](#network_strategy)  
+    :material-alert: [fallback_delay](#fallback_delay)  
+    :material-alert: [network_type](#network_type)  
+    :material-alert: [fallback_network_type](#fallback_network_type)
+
 ### 结构

 ```json
@@ -13,17 +24,19 @@
  "tcp_multi_path": false,
  "udp_fragment": false,
  "domain_strategy": "prefer_ipv6",
+  "network_strategy": "",
+  "network_type": [],
+  "fallback_network_type": [],
  "fallback_delay": "300ms"
 }
 ```

+!!! note ""
+
+    当内容只有一项时，可以忽略 JSON 数组 [] 标签
+
 ### 字段

-| 字段                                                                                                                                       | 可用上下文        |
-|------------------------------------------------------------------------------------------------------------------------------------------|--------------|
-| `bind_interface` /`*bind_address` /`routing_mark` /`reuse_addr` / `tcp_fast_open` / `tcp_mutli_path` / `udp_fragment` /`connect_timeout` | `detour` 未设置 |
-
-
 #### detour

 上游出站的标签。
@@ -83,15 +96,67 @@

 如果设置，域名将在请求发出之前解析为 IP。

-| 出站     | 受影响的域名             | 默认回退值                                |
-|----------|--------------------------|-------------------------------------------|
-| `direct` | 请求中的域名              | `inbound.domain_strategy`                 | 
-|  others  | 服务器地址中的域名        | /                                         |
+| 出站       | 受影响的域名    | 默认回退值                     |
+|----------|-----------|---------------------------|
+| `direct` | 请求中的域名    | `inbound.domain_strategy` | 
+| others   | 服务器地址中的域名 | /                         |
+
+#### network_strategy
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Android 与 iOS 平台图形客户端中支持，并且需要 `route.auto_detect_interface`。
+
+用于选择网络接口的策略。
+
+可用值：
+
+- `default`（默认值）：按顺序连接默认网络或 `network_type` 中指定的网络。
+- `hybrid`：同时连接所有网络或 `network_type` 中指定的网络。
+- `fallback`：同时连接默认网络或 `network_type` 中指定的首选网络，当不可用或超时时尝试回退网络。
+
+对于回退模式，当首选接口失败或超时时，
+将进入15秒的快速回退状态（同时连接所有首选和回退网络），
+如果首选网络恢复，则立即退出。
+
+与 `bind_interface`, `bind_inet4_address` 和 `bind_inet6_address` 冲突。
+
+#### network_type
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Android 与 iOS 平台图形客户端中支持，并且需要 `route.auto_detect_interface`。
+
+当使用 `default` 或 `hybrid` 网络策略时要使用的网络类型，或当使用 `fallback` 网络策略时要使用的首选网络类型。
+
+可用值：`wifi`, `cellular`, `ethernet`, `other`。
+
+默认使用设备默认网络。
+
+#### fallback_network_type
+
+!!! question "自 sing-box 1.11.0 起"
+
+!!! quote ""
+
+    仅在 Android 与 iOS 平台图形客户端中支持，并且需要 `route.auto_detect_interface`。
+
+当使用 `fallback` 网络策略时，在首选网络不可用或超时的情况下要使用的回退网络类型。
+
+默认使用除首选网络外的所有其他网络。

 #### fallback_delay

 在生成 RFC 6555 快速回退连接之前等待的时间长度。
-也就是说，是在假设之前等待 IPv6 成功的时间量如果设置了 "prefer_ipv4"，则 IPv6 配置错误并回退到 IPv4。
-如果为零，则使用 300 毫秒的默认延迟。

-仅当 `domain_strategy` 为 `prefer_ipv4` 或 `prefer_ipv6` 时生效。
+对于 `domain_strategy`，是在假设之前等待 IPv6 成功的时间量如果设置了 "prefer_ipv4"，则 IPv6 配置错误并回退到 IPv4。
+
+对于 `network_strategy`，对于 `network_strategy`，是在回退到其他接口之前等待连接成功的时间。
+
+仅当 `domain_strategy` 或 `network_strategy` 已设置时生效。
+
+默认使用 `300ms`。
--- a/docs/configuration/shared/tls.md
+++ b/docs/configuration/shared/tls.md
@@ -380,7 +380,7 @@ See [DNS01 Challenge Fields](/configuration/shared/dns01_challenge/) for details

 ==Required==

-Handshake server address and [Dial options](/configuration/shared/dial/).
+Handshake server address and [Dial Fields](/configuration/shared/dial/).

 #### private_key

--- a/docs/configuration/shared/udp-over-tcp.md
+++ b/docs/configuration/shared/udp-over-tcp.md
@@ -1,5 +1,3 @@
-# UDP over TCP
-
 !!! warning ""

    It's a proprietary protocol created by SagerNet, not part of shadowsocks.
--- a/docs/deprecated.md
+++ b/docs/deprecated.md
@@ -22,13 +22,11 @@ check [Migration](../migration/#migrate-legacy-inbound-fields-to-rule-actions).

 Old fields will be removed in sing-box 1.13.0.

-#### Legacy DNS route options
+#### Destination override fields in direct outbound

-Legacy DNS route options (`disable_cache`, `rewrite_ttl`, `client_subnet`) are deprecated
+Destination override fields (`override_address` / `override_port`) in direct outbound are deprecated
 and can be replaced by rule actions,
-check [Migration](../migration/#migrate-legacy-dns-route-options-to-rule-actions).
-
-Old fields will be removed in sing-box 1.12.0.
+check [Migration](../migration/#migrate-destination-override-fields-to-route-options).

 ## 1.10.0

--- a/docs/deprecated.zh.md
+++ b/docs/deprecated.zh.md
@@ -20,12 +20,12 @@ icon: material/delete-alert

 旧字段将在 sing-box 1.13.0 中被移除。

-#### 旧的 DNS 路由参数
+####  direct 出站中的目标地址覆盖字段

-旧的 DNS 路由参数（`disable_cache`、`rewrite_ttl`、`client_subnet`）已废弃且可以通过规则动作替代，
-参阅 [迁移指南](/migration/#migrate-legacy-dns-route-options-to-rule-actions)。
+direct 出站中的目标地址覆盖字段（`override_address` / `override_port`）已废弃且可以通过规则动作替代，
+参阅 [迁移指南](/migration/#migrate-destination-override-fields-to-route-options)。

-旧字段将在 sing-box 1.12.0 中被移除。
+旧字段将在 sing-box 1.13.0 中被移除。

 ## 1.10.0

--- a/docs/migration.md
+++ b/docs/migration.md
@@ -156,31 +156,26 @@ Inbound fields are deprecated and can be replaced by rule actions.
    }
    ```

-### Migrate legacy DNS route options to rule actions
+### Migrate destination override fields to route options

-Legacy DNS route options are deprecated and can be replaced by rule actions.
+Destination override fields in direct outbound are deprecated and can be replaced by route options.

 !!! info "References"

-    [DNS Rule](/configuration/dns/rule/) / 
-    [DNS Rule Action](/configuration/dns/rule_action/)
+    [Rule Action](/configuration/route/rule_action/) /
+    [Direct](/configuration/outbound/direct/)

 === ":material-card-remove: Deprecated"

    ```json
    {
-      "dns": {
-        "rules": [
-          {
-            ...,
-            
-            "server": "local",
-            "disable_cache": true,
-            "rewrite_ttl": 600,
-            "client_subnet": "1.1.1.1/24"
-          }
-        ]
-      }
+      "outbounds": [
+        {
+          "type": "direct",
+          "override_address": "1.1.1.1",
+          "override_port": 443
+        }
+      ]
    }
    ```

@@ -188,24 +183,15 @@ Legacy DNS route options are deprecated and can be replaced by rule actions.

    ```json
    {
-      "dns": {
+      "route": {
        "rules": [
          {
-            ...,
-            
-            "action": "route-options",
-            "disable_cache": true,
-            "rewrite_ttl": 600,
-            "client_subnet": "1.1.1.1/24"
-          },
-          {
-            ...,
-            
-            "server": "local"
+            "action": "route-options", // or route
+            "override_address": "1.1.1.1",
+            "override_port": 443
          }
        ]
      }
-    }
    ```

 ## 1.10.0
--- a/docs/migration.zh.md
+++ b/docs/migration.zh.md
@@ -104,6 +104,7 @@ icon: material/arrange-bring-forward

 ### 迁移旧的入站字段到规则动作

+
 入站选项已被弃用，且可以被规则动作替代。

 !!! info "参考"
@@ -156,31 +157,26 @@ icon: material/arrange-bring-forward
    }
    ```

-### 迁移旧的 DNS 路由选项到规则动作
+### 迁移 direct 出站中的目标地址覆盖字段到路由字段

-旧的 DNS 路由选项已被弃用，且可以被规则动作替代。
+direct 出站中的目标地址覆盖字段已废弃，且可以被路由字段替代。

 !!! info "参考"

-    [DNS 规则](/zh/configuration/dns/rule/) / 
-    [DNS 规则动作](/zh/configuration/dns/rule_action/)
+    [Rule Action](/zh/configuration/route/rule_action/) /
+    [Direct](/zh/configuration/outbound/direct/)

 === ":material-card-remove: 弃用的"

    ```json
    {
-      "dns": {
-        "rules": [
-          {
-            ...,
-            
-            "server": "local",
-            "disable_cache": true,
-            "rewrite_ttl": 600,
-            "client_subnet": "1.1.1.1/24"
-          }
-        ]
-      }
+      "outbounds": [
+        {
+          "type": "direct",
+          "override_address": "1.1.1.1",
+          "override_port": 443
+        }
+      ]
    }
    ```

@@ -188,20 +184,12 @@ icon: material/arrange-bring-forward

    ```json
    {
-      "dns": {
+      "route": {
        "rules": [
          {
-            ...,
-            
-            "action": "route-options",
-            "disable_cache": true,
-            "rewrite_ttl": 600,
-            "client_subnet": "1.1.1.1/24"
-          },
-          {
-            ...,
-            
-            "server": "local"
+            "action": "route-options", // 或 route
+            "override_address": "1.1.1.1",
+            "override_port": 443
          }
        ]
      }
@@ -216,8 +204,6 @@ icon: material/arrange-bring-forward
 `inet4_route_address` 和 `inet6_route_address` 已合并为 `route_address`，
 `inet4_route_exclude_address` 和 `inet6_route_exclude_address` 已合并为 `route_exclude_address`。

-旧字段已废弃，且将在 sing-box 1.11.0 中移除。
-
 !!! info "参考"

    [TUN](/zh/configuration/inbound/tun/)
--- a/experimental/deprecated/constants.go
+++ b/experimental/deprecated/constants.go
@@ -100,13 +100,13 @@ var OptionInboundOptions = Note{
 	MigrationLink:     "https://sing-box.sagernet.org/migration/#migrate-legacy-special-outbounds-to-rule-actions",
 }

-var OptionLegacyDNSRouteOptions = Note{
-	Name:              "legacy-dns-route-options",
-	Description:       "legacy dns route options",
+var OptionDestinationOverrideFields = Note{
+	Name:              "destination-override-fields",
+	Description:       "destination override fields in direct outbound",
 	DeprecatedVersion: "1.11.0",
-	ScheduledVersion:  "1.12.0",
-	EnvName:           "LEGACY_DNS_ROUTE_OPTIONS",
-	MigrationLink:     "https://sing-box.sagernet.org/migration/#migrate-legacy-dns-route-options-to-rule-actions",
+	ScheduledVersion:  "1.13.0",
+	EnvName:           "DESTINATION_OVERRIDE_FIELDS",
+	MigrationLink:     "https://sing-box.sagernet.org/migration/#migrate-destination-override-fields-to-route-options",
 }

 var Options = []Note{
@@ -116,5 +116,5 @@ var Options = []Note{
 	OptionTUNAddressX,
 	OptionSpecialOutbounds,
 	OptionInboundOptions,
-	OptionLegacyDNSRouteOptions,
+	OptionDestinationOverrideFields,
 }
--- a/experimental/libbox/config.go
+++ b/experimental/libbox/config.go
@@ -74,11 +74,7 @@ func (s *platformInterfaceStub) CreateDefaultInterfaceMonitor(logger logger.Logg
 	return (*interfaceMonitorStub)(nil)
 }

-func (s *platformInterfaceStub) UsePlatformInterfaceGetter() bool {
-	return true
-}
-
-func (s *platformInterfaceStub) Interfaces() ([]control.Interface, error) {
+func (s *platformInterfaceStub) Interfaces() ([]adapter.NetworkInterface, error) {
 	return nil, os.ErrInvalid
 }

@@ -111,16 +107,8 @@ func (s *interfaceMonitorStub) Close() error {
 	return os.ErrInvalid
 }

-func (s *interfaceMonitorStub) DefaultInterfaceName(destination netip.Addr) string {
-	return ""
-}
-
-func (s *interfaceMonitorStub) DefaultInterfaceIndex(destination netip.Addr) int {
-	return -1
-}
-
-func (s *interfaceMonitorStub) DefaultInterface(destination netip.Addr) (string, int) {
-	return "", -1
+func (s *interfaceMonitorStub) DefaultInterface() *control.Interface {
+	return nil
 }

 func (s *interfaceMonitorStub) OverrideAndroidVPN() bool {
--- a/experimental/libbox/link_flags_stub.go
+++ b/experimental/libbox/link_flags_stub.go
@@ -1,4 +1,4 @@
-//go:build !linux
+//go:build !unix

 package libbox

--- a/experimental/libbox/link_flags_linux.go
+++ b/experimental/libbox/link_flags_linux.go
@@ -1,3 +1,5 @@
+//go:build unix
+
 package libbox

 import (
--- a/experimental/libbox/monitor.go
+++ b/experimental/libbox/monitor.go
@@ -1,15 +1,10 @@
 package libbox

 import (
-	"net"
-	"net/netip"
-	"sync"
-
 	"github.com/sagernet/sing-tun"
-	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
-	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/x/list"
 )

@@ -20,19 +15,9 @@ var (

 type platformDefaultInterfaceMonitor struct {
 	*platformInterfaceWrapper
-	networkAddresses      []networkAddress
-	defaultInterfaceName  string
-	defaultInterfaceIndex int
-	element               *list.Element[tun.NetworkUpdateCallback]
-	access                sync.Mutex
-	callbacks             list.List[tun.DefaultInterfaceUpdateCallback]
-	logger                logger.Logger
-}
-
-type networkAddress struct {
-	interfaceName  string
-	interfaceIndex int
-	addresses      []netip.Prefix
+	element   *list.Element[tun.NetworkUpdateCallback]
+	callbacks list.List[tun.DefaultInterfaceUpdateCallback]
+	logger    logger.Logger
 }

 func (m *platformDefaultInterfaceMonitor) Start() error {
@@ -43,37 +28,10 @@ func (m *platformDefaultInterfaceMonitor) Close() error {
 	return m.iif.CloseDefaultInterfaceMonitor(m)
 }

-func (m *platformDefaultInterfaceMonitor) DefaultInterfaceName(destination netip.Addr) string {
-	for _, address := range m.networkAddresses {
-		for _, prefix := range address.addresses {
-			if prefix.Contains(destination) {
-				return address.interfaceName
-			}
-		}
-	}
-	return m.defaultInterfaceName
-}
-
-func (m *platformDefaultInterfaceMonitor) DefaultInterfaceIndex(destination netip.Addr) int {
-	for _, address := range m.networkAddresses {
-		for _, prefix := range address.addresses {
-			if prefix.Contains(destination) {
-				return address.interfaceIndex
-			}
-		}
-	}
-	return m.defaultInterfaceIndex
-}
-
-func (m *platformDefaultInterfaceMonitor) DefaultInterface(destination netip.Addr) (string, int) {
-	for _, address := range m.networkAddresses {
-		for _, prefix := range address.addresses {
-			if prefix.Contains(destination) {
-				return address.interfaceName, address.interfaceIndex
-			}
-		}
-	}
-	return m.defaultInterfaceName, m.defaultInterfaceIndex
+func (m *platformDefaultInterfaceMonitor) DefaultInterface() *control.Interface {
+	m.defaultInterfaceAccess.Lock()
+	defer m.defaultInterfaceAccess.Unlock()
+	return m.defaultInterface
 }

 func (m *platformDefaultInterfaceMonitor) OverrideAndroidVPN() bool {
@@ -85,96 +43,49 @@ func (m *platformDefaultInterfaceMonitor) AndroidVPNEnabled() bool {
 }

 func (m *platformDefaultInterfaceMonitor) RegisterCallback(callback tun.DefaultInterfaceUpdateCallback) *list.Element[tun.DefaultInterfaceUpdateCallback] {
-	m.access.Lock()
-	defer m.access.Unlock()
+	m.defaultInterfaceAccess.Lock()
+	defer m.defaultInterfaceAccess.Unlock()
 	return m.callbacks.PushBack(callback)
 }

 func (m *platformDefaultInterfaceMonitor) UnregisterCallback(element *list.Element[tun.DefaultInterfaceUpdateCallback]) {
-	m.access.Lock()
-	defer m.access.Unlock()
+	m.defaultInterfaceAccess.Lock()
+	defer m.defaultInterfaceAccess.Unlock()
 	m.callbacks.Remove(element)
 }

-func (m *platformDefaultInterfaceMonitor) UpdateDefaultInterface(interfaceName string, interfaceIndex32 int32) {
-	if interfaceName == "" || interfaceIndex32 == -1 {
-		m.defaultInterfaceName = ""
-		m.defaultInterfaceIndex = -1
-		m.access.Lock()
-		callbacks := m.callbacks.Array()
-		m.access.Unlock()
-		for _, callback := range callbacks {
-			callback(tun.EventNoRoute)
-		}
-		return
-	}
-	var err error
-	if m.iif.UsePlatformInterfaceGetter() {
-		err = m.updateInterfacesPlatform()
-	} else {
-		err = m.updateInterfaces()
-	}
-	if err == nil {
-		err = m.networkManager.UpdateInterfaces()
-	}
+func (m *platformDefaultInterfaceMonitor) UpdateDefaultInterface(interfaceName string, interfaceIndex32 int32, isExpensive bool, isConstrained bool) {
+	m.isExpensive = isExpensive
+	m.isConstrained = isConstrained
+	err := m.networkManager.UpdateInterfaces()
 	if err != nil {
 		m.logger.Error(E.Cause(err, "update interfaces"))
 	}
-	interfaceIndex := int(interfaceIndex32)
-	if m.defaultInterfaceName == interfaceName && m.defaultInterfaceIndex == interfaceIndex {
+	m.defaultInterfaceAccess.Lock()
+	if interfaceIndex32 == -1 {
+		m.defaultInterface = nil
+		callbacks := m.callbacks.Array()
+		m.defaultInterfaceAccess.Unlock()
+		for _, callback := range callbacks {
+			callback(nil, 0)
+		}
+		return
+	}
+	oldInterface := m.defaultInterface
+	newInterface, err := m.networkManager.InterfaceFinder().ByIndex(int(interfaceIndex32))
+	if err != nil {
+		m.defaultInterfaceAccess.Unlock()
+		m.logger.Error(E.Cause(err, "find updated interface: ", interfaceName))
+		return
+	}
+	m.defaultInterface = newInterface
+	if oldInterface != nil && oldInterface.Name == m.defaultInterface.Name && oldInterface.Index == m.defaultInterface.Index {
+		m.defaultInterfaceAccess.Unlock()
 		return
 	}
-	m.defaultInterfaceName = interfaceName
-	m.defaultInterfaceIndex = interfaceIndex
-	m.access.Lock()
 	callbacks := m.callbacks.Array()
-	m.access.Unlock()
+	m.defaultInterfaceAccess.Unlock()
 	for _, callback := range callbacks {
-		callback(tun.EventInterfaceUpdate)
+		callback(newInterface, 0)
 	}
 }
-
-func (m *platformDefaultInterfaceMonitor) updateInterfaces() error {
-	interfaces, err := net.Interfaces()
-	if err != nil {
-		return err
-	}
-	var addresses []networkAddress
-	for _, iif := range interfaces {
-		var netAddresses []net.Addr
-		netAddresses, err = iif.Addrs()
-		if err != nil {
-			return err
-		}
-		var address networkAddress
-		address.interfaceName = iif.Name
-		address.interfaceIndex = iif.Index
-		address.addresses = common.Map(common.FilterIsInstance(netAddresses, func(it net.Addr) (*net.IPNet, bool) {
-			value, loaded := it.(*net.IPNet)
-			return value, loaded
-		}), func(it *net.IPNet) netip.Prefix {
-			bits, _ := it.Mask.Size()
-			return netip.PrefixFrom(M.AddrFromIP(it.IP), bits)
-		})
-		addresses = append(addresses, address)
-	}
-	m.networkAddresses = addresses
-	return nil
-}
-
-func (m *platformDefaultInterfaceMonitor) updateInterfacesPlatform() error {
-	interfaces, err := m.Interfaces()
-	if err != nil {
-		return err
-	}
-	var addresses []networkAddress
-	for _, iif := range interfaces {
-		var address networkAddress
-		address.interfaceName = iif.Name
-		address.interfaceIndex = iif.Index
-		// address.addresses = common.Map(iif.Addresses, netip.MustParsePrefix)
-		addresses = append(addresses, address)
-	}
-	m.networkAddresses = addresses
-	return nil
-}
--- a/experimental/libbox/platform.go
+++ b/experimental/libbox/platform.go
@@ -1,6 +1,7 @@
 package libbox

 import (
+	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 )

@@ -13,10 +14,8 @@ type PlatformInterface interface {
 	FindConnectionOwner(ipProtocol int32, sourceAddress string, sourcePort int32, destinationAddress string, destinationPort int32) (int32, error)
 	PackageNameByUid(uid int32) (string, error)
 	UIDByPackageName(packageName string) (int32, error)
-	UsePlatformDefaultInterfaceMonitor() bool
 	StartDefaultInterfaceMonitor(listener InterfaceUpdateListener) error
 	CloseDefaultInterfaceMonitor(listener InterfaceUpdateListener) error
-	UsePlatformInterfaceGetter() bool
 	GetInterfaces() (NetworkInterfaceIterator, error)
 	UnderNetworkExtension() bool
 	IncludeAllNetworks() bool
@@ -31,15 +30,26 @@ type TunInterface interface {
 }

 type InterfaceUpdateListener interface {
-	UpdateDefaultInterface(interfaceName string, interfaceIndex int32)
+	UpdateDefaultInterface(interfaceName string, interfaceIndex int32, isExpensive bool, isConstrained bool)
 }

+const (
+	InterfaceTypeWIFI     = int32(C.InterfaceTypeWIFI)
+	InterfaceTypeCellular = int32(C.InterfaceTypeCellular)
+	InterfaceTypeEthernet = int32(C.InterfaceTypeEthernet)
+	InterfaceTypeOther    = int32(C.InterfaceTypeOther)
+)
+
 type NetworkInterface struct {
 	Index     int32
 	MTU       int32
 	Name      string
 	Addresses StringIterator
 	Flags     int32
+
+	Type      int32
+	DNSServer StringIterator
+	Metered   bool
 }

 type WIFIState struct {
--- a/experimental/libbox/platform/interface.go
+++ b/experimental/libbox/platform/interface.go
@@ -5,7 +5,6 @@ import (
 	"github.com/sagernet/sing-box/common/process"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-tun"
-	"github.com/sagernet/sing/common/control"
 	"github.com/sagernet/sing/common/logger"
 )

@@ -14,10 +13,8 @@ type Interface interface {
 	UsePlatformAutoDetectInterfaceControl() bool
 	AutoDetectInterfaceControl(fd int) error
 	OpenTun(options *tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error)
-	UsePlatformDefaultInterfaceMonitor() bool
 	CreateDefaultInterfaceMonitor(logger logger.Logger) tun.DefaultInterfaceMonitor
-	UsePlatformInterfaceGetter() bool
-	Interfaces() ([]control.Interface, error)
+	Interfaces() ([]adapter.NetworkInterface, error)
 	UnderNetworkExtension() bool
 	IncludeAllNetworks() bool
 	ClearDNSCache()
--- a/experimental/libbox/service.go
+++ b/experimental/libbox/service.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"runtime"
 	runtimeDebug "runtime/debug"
+	"sync"
 	"syscall"
 	"time"

@@ -54,7 +55,10 @@ func NewService(configContent string, platformInterface PlatformInterface) (*Box
 	ctx, cancel := context.WithCancel(ctx)
 	urlTestHistoryStorage := urltest.NewHistoryStorage()
 	ctx = service.ContextWithPtr(ctx, urlTestHistoryStorage)
-	platformWrapper := &platformInterfaceWrapper{iif: platformInterface, useProcFS: platformInterface.UseProcFS()}
+	platformWrapper := &platformInterfaceWrapper{
+		iif:       platformInterface,
+		useProcFS: platformInterface.UseProcFS(),
+	}
 	service.MustRegister[platform.Interface](ctx, platformWrapper)
 	instance, err := box.New(box.Options{
 		Context:           ctx,
@@ -106,9 +110,14 @@ var (
 )

 type platformInterfaceWrapper struct {
-	iif            PlatformInterface
-	useProcFS      bool
-	networkManager adapter.NetworkManager
+	iif                    PlatformInterface
+	useProcFS              bool
+	networkManager         adapter.NetworkManager
+	myTunName              string
+	defaultInterfaceAccess sync.Mutex
+	defaultInterface       *control.Interface
+	isExpensive            bool
+	isConstrained          bool
 }

 func (w *platformInterfaceWrapper) Initialize(networkManager adapter.NetworkManager) error {
@@ -148,38 +157,42 @@ func (w *platformInterfaceWrapper) OpenTun(options *tun.Options, platformOptions
 		return nil, E.Cause(err, "dup tun file descriptor")
 	}
 	options.FileDescriptor = dupFd
+	w.myTunName = options.Name
 	return tun.New(*options)
 }

-func (w *platformInterfaceWrapper) UsePlatformDefaultInterfaceMonitor() bool {
-	return w.iif.UsePlatformDefaultInterfaceMonitor()
-}
-
 func (w *platformInterfaceWrapper) CreateDefaultInterfaceMonitor(logger logger.Logger) tun.DefaultInterfaceMonitor {
 	return &platformDefaultInterfaceMonitor{
 		platformInterfaceWrapper: w,
-		defaultInterfaceIndex:    -1,
 		logger:                   logger,
 	}
 }

-func (w *platformInterfaceWrapper) UsePlatformInterfaceGetter() bool {
-	return w.iif.UsePlatformInterfaceGetter()
-}
-
-func (w *platformInterfaceWrapper) Interfaces() ([]control.Interface, error) {
+func (w *platformInterfaceWrapper) Interfaces() ([]adapter.NetworkInterface, error) {
 	interfaceIterator, err := w.iif.GetInterfaces()
 	if err != nil {
 		return nil, err
 	}
-	var interfaces []control.Interface
+	var interfaces []adapter.NetworkInterface
 	for _, netInterface := range iteratorToArray[*NetworkInterface](interfaceIterator) {
-		interfaces = append(interfaces, control.Interface{
-			Index:     int(netInterface.Index),
-			MTU:       int(netInterface.MTU),
-			Name:      netInterface.Name,
-			Addresses: common.Map(iteratorToArray[string](netInterface.Addresses), netip.MustParsePrefix),
-			Flags:     linkFlags(uint32(netInterface.Flags)),
+		if netInterface.Name == w.myTunName {
+			continue
+		}
+		w.defaultInterfaceAccess.Lock()
+		isDefault := w.defaultInterface != nil && int(netInterface.Index) == w.defaultInterface.Index
+		w.defaultInterfaceAccess.Unlock()
+		interfaces = append(interfaces, adapter.NetworkInterface{
+			Interface: control.Interface{
+				Index:     int(netInterface.Index),
+				MTU:       int(netInterface.MTU),
+				Name:      netInterface.Name,
+				Addresses: common.Map(iteratorToArray[string](netInterface.Addresses), netip.MustParsePrefix),
+				Flags:     linkFlags(uint32(netInterface.Flags)),
+			},
+			Type:        C.InterfaceType(netInterface.Type),
+			DNSServers:  iteratorToArray[string](netInterface.DNSServer),
+			Expensive:   netInterface.Metered || isDefault && w.isExpensive,
+			Constrained: isDefault && w.isConstrained,
 		})
 	}
 	return interfaces, nil
--- a/go.mod
+++ b/go.mod
@@ -25,14 +25,14 @@ require (
 	github.com/sagernet/gvisor v0.0.0-20241021032506-a4324256e4a3
 	github.com/sagernet/quic-go v0.48.1-beta.1
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691
-	github.com/sagernet/sing v0.6.0-alpha.3
-	github.com/sagernet/sing-dns v0.4.0-alpha.1
+	github.com/sagernet/sing v0.6.0-alpha.14
+	github.com/sagernet/sing-dns v0.4.0-alpha.2
 	github.com/sagernet/sing-mux v0.3.0-alpha.1
-	github.com/sagernet/sing-quic v0.3.0-rc.2
+	github.com/sagernet/sing-quic v0.4.0-alpha.3
 	github.com/sagernet/sing-shadowsocks v0.2.7
 	github.com/sagernet/sing-shadowsocks2 v0.2.0
 	github.com/sagernet/sing-shadowtls v0.1.4
-	github.com/sagernet/sing-tun v0.6.0-alpha.3
+	github.com/sagernet/sing-tun v0.6.0-alpha.8
 	github.com/sagernet/sing-vmess v0.1.12
 	github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7
 	github.com/sagernet/utls v1.6.7
@@ -53,8 +53,6 @@ require (
 	howett.net/plist v1.0.1
 )

-//replace github.com/sagernet/sing => ../sing
-
 require (
 	github.com/ajg/form v1.5.1 // indirect
 	github.com/andybalholm/brotli v1.0.6 // indirect
--- a/go.sum
+++ b/go.sum
@@ -110,22 +110,22 @@ github.com/sagernet/quic-go v0.48.1-beta.1/go.mod h1:1WgdDIVD1Gybp40JTWketeSfKA/
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byLGkEnIYp6grlXfo1QYUfiYFGjewIdc=
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.2.18/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo=
-github.com/sagernet/sing v0.6.0-alpha.3 h1:GLp9d6Gbt+Ioeplauuzojz1nY2J6moceVGYIOv/h5gA=
-github.com/sagernet/sing v0.6.0-alpha.3/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
-github.com/sagernet/sing-dns v0.4.0-alpha.1 h1:2KlP8DeqtGkULFiZtvG2r7SuoJP6orANFzJwC5vDKvg=
-github.com/sagernet/sing-dns v0.4.0-alpha.1/go.mod h1:vgHATsm4wdymwpvBZPei8RY+546iGXS6hlWv2x6YKcM=
+github.com/sagernet/sing v0.6.0-alpha.14 h1:ORh6yQwLL+/nv+rklrO2W4k+zgf3ZzaOl/83vQbJUl4=
+github.com/sagernet/sing v0.6.0-alpha.14/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing-dns v0.4.0-alpha.2 h1:0x5WjrO+Ifk9sqJlHRz/tKENHwoEinQ8HQCHAhpJHAQ=
+github.com/sagernet/sing-dns v0.4.0-alpha.2/go.mod h1:ZiXcacKL54jSSYZMbYF3qKNFkkW674Jt+85YCmK64K8=
 github.com/sagernet/sing-mux v0.3.0-alpha.1 h1:IgNX5bJBpL41gGbp05pdDOvh/b5eUQ6cv9240+Ngipg=
 github.com/sagernet/sing-mux v0.3.0-alpha.1/go.mod h1:FTcImmdfW38Lz7b+HQ+mxxOth1lz4ao8uEnz+MwIJQE=
-github.com/sagernet/sing-quic v0.3.0-rc.2 h1:7vcC4bdS1GBJzHZhfmJiH0CfzQ4mYLUW51Z2RNHcGwc=
-github.com/sagernet/sing-quic v0.3.0-rc.2/go.mod h1:3UOq51WVqzra7eCgod7t4hqnTaOiZzFUci9avMrtOqs=
+github.com/sagernet/sing-quic v0.4.0-alpha.3 h1:2svvOqgQCJg7FNrIrLTaRB6oDzXPiIyWIt9csjZxD6Q=
+github.com/sagernet/sing-quic v0.4.0-alpha.3/go.mod h1:Fmnpy0XoyYdjJrxNqEyl3LC9uLibMNNbxG7dt6HATY4=
 github.com/sagernet/sing-shadowsocks v0.2.7 h1:zaopR1tbHEw5Nk6FAkM05wCslV6ahVegEZaKMv9ipx8=
 github.com/sagernet/sing-shadowsocks v0.2.7/go.mod h1:0rIKJZBR65Qi0zwdKezt4s57y/Tl1ofkaq6NlkzVuyE=
 github.com/sagernet/sing-shadowsocks2 v0.2.0 h1:wpZNs6wKnR7mh1wV9OHwOyUr21VkS3wKFHi+8XwgADg=
 github.com/sagernet/sing-shadowsocks2 v0.2.0/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
 github.com/sagernet/sing-shadowtls v0.1.4 h1:aTgBSJEgnumzFenPvc+kbD9/W0PywzWevnVpEx6Tw3k=
 github.com/sagernet/sing-shadowtls v0.1.4/go.mod h1:F8NBgsY5YN2beQavdgdm1DPlhaKQlaL6lpDdcBglGK4=
-github.com/sagernet/sing-tun v0.6.0-alpha.3 h1:KddmFF9ZYC1n+HZzpAZ1StMC5v38ir6hH0PJ7uGpAGE=
-github.com/sagernet/sing-tun v0.6.0-alpha.3/go.mod h1:R/UaKB1oFIvAeMIH2btQCaDVsfCNomEjfYBSCSA94sw=
+github.com/sagernet/sing-tun v0.6.0-alpha.8 h1:HhXyUvXxtaXgT+IILZMq6kbrAyDbUwbN+Df/XxpL7Vo=
+github.com/sagernet/sing-tun v0.6.0-alpha.8/go.mod h1:JkgiLLnQUXln1zLGVoJqUwAulJGT0xoiPU4/pYF1fhU=
 github.com/sagernet/sing-vmess v0.1.12 h1:2gFD8JJb+eTFMoa8FIVMnknEi+vCSfaiTXTfEYAYAPg=
 github.com/sagernet/sing-vmess v0.1.12/go.mod h1:luTSsfyBGAc9VhtCqwjR+dt1QgqBhuYBCONB/POhF8I=
 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxeq2z31Fpv8CQqqrUwTbrIRumZqQ=
--- a/option/direct.go
+++ b/option/direct.go
@@ -1,5 +1,12 @@
 package option

+import (
+	"context"
+
+	"github.com/sagernet/sing-box/experimental/deprecated"
+	"github.com/sagernet/sing/common/json"
+)
+
 type DirectInboundOptions struct {
 	ListenOptions
 	Network         NetworkList `json:"network,omitempty"`
@@ -7,9 +14,25 @@ type DirectInboundOptions struct {
 	OverridePort    uint16      `json:"override_port,omitempty"`
 }

-type DirectOutboundOptions struct {
+type _DirectOutboundOptions struct {
 	DialerOptions
+	// Deprecated: Use Route Action instead
 	OverrideAddress string `json:"override_address,omitempty"`
-	OverridePort    uint16 `json:"override_port,omitempty"`
-	ProxyProtocol   uint8  `json:"proxy_protocol,omitempty"`
+	// Deprecated: Use Route Action instead
+	OverridePort uint16 `json:"override_port,omitempty"`
+	// Deprecated: removed
+	ProxyProtocol uint8 `json:"proxy_protocol,omitempty"`
+}
+
+type DirectOutboundOptions _DirectOutboundOptions
+
+func (d *DirectOutboundOptions) UnmarshalJSONContext(ctx context.Context, content []byte) error {
+	err := json.UnmarshalDisallowUnknownFields(content, (*_DirectOutboundOptions)(d))
+	if err != nil {
+		return err
+	}
+	if d.OverrideAddress != "" || d.OverridePort != 0 {
+		deprecated.Report(ctx, deprecated.OptionDestinationOverrideFields)
+	}
+	return nil
 }
--- a/option/dns.go
+++ b/option/dns.go
@@ -31,6 +31,7 @@ type DNSClientOptions struct {
 	DisableCache     bool                  `json:"disable_cache,omitempty"`
 	DisableExpire    bool                  `json:"disable_expire,omitempty"`
 	IndependentCache bool                  `json:"independent_cache,omitempty"`
+	CacheCapacity    uint32                `json:"cache_capacity,omitempty"`
 	ClientSubnet     *badoption.Prefixable `json:"client_subnet,omitempty"`
 }

--- a/option/outbound.go
+++ b/option/outbound.go
@@ -65,21 +65,25 @@ type DialerOptionsWrapper interface {
 }

 type DialerOptions struct {
-	Detour              string             `json:"detour,omitempty"`
-	BindInterface       string             `json:"bind_interface,omitempty"`
-	Inet4BindAddress    *badoption.Addr    `json:"inet4_bind_address,omitempty"`
-	Inet6BindAddress    *badoption.Addr    `json:"inet6_bind_address,omitempty"`
-	ProtectPath         string             `json:"protect_path,omitempty"`
-	RoutingMark         uint32             `json:"routing_mark,omitempty"`
-	ReuseAddr           bool               `json:"reuse_addr,omitempty"`
-	ConnectTimeout      badoption.Duration `json:"connect_timeout,omitempty"`
-	TCPFastOpen         bool               `json:"tcp_fast_open,omitempty"`
-	TCPMultiPath        bool               `json:"tcp_multi_path,omitempty"`
-	UDPFragment         *bool              `json:"udp_fragment,omitempty"`
-	UDPFragmentDefault  bool               `json:"-"`
-	DomainStrategy      DomainStrategy     `json:"domain_strategy,omitempty"`
-	FallbackDelay       badoption.Duration `json:"fallback_delay,omitempty"`
-	IsWireGuardListener bool               `json:"-"`
+	Detour               string                            `json:"detour,omitempty"`
+	BindInterface        string                            `json:"bind_interface,omitempty"`
+	Inet4BindAddress     *badoption.Addr                   `json:"inet4_bind_address,omitempty"`
+	Inet6BindAddress     *badoption.Addr                   `json:"inet6_bind_address,omitempty"`
+	ProtectPath          string                            `json:"protect_path,omitempty"`
+	RoutingMark          FwMark                            `json:"routing_mark,omitempty"`
+	ReuseAddr            bool                              `json:"reuse_addr,omitempty"`
+	ConnectTimeout       badoption.Duration                `json:"connect_timeout,omitempty"`
+	TCPFastOpen          bool                              `json:"tcp_fast_open,omitempty"`
+	TCPMultiPath         bool                              `json:"tcp_multi_path,omitempty"`
+	UDPFragment          *bool                             `json:"udp_fragment,omitempty"`
+	UDPFragmentDefault   bool                              `json:"-"`
+	DomainStrategy       DomainStrategy                    `json:"domain_strategy,omitempty"`
+	NetworkStrategy      NetworkStrategy                   `json:"network_strategy,omitempty"`
+	NetworkType          badoption.Listable[InterfaceType] `json:"network_type,omitempty"`
+	FallbackNetworkType  badoption.Listable[InterfaceType] `json:"fallback_network_type,omitempty"`
+	FallbackDelay        badoption.Duration                `json:"fallback_delay,omitempty"`
+	NetworkFallbackDelay badoption.Duration                `json:"network_fallback_delay,omitempty"`
+	IsWireGuardListener  bool                              `json:"-"`
 }

 func (o *DialerOptions) TakeDialerOptions() DialerOptions {
--- a/option/route.go
+++ b/option/route.go
@@ -1,16 +1,22 @@
 package option

+import "github.com/sagernet/sing/common/json/badoption"
+
 type RouteOptions struct {
-	GeoIP               *GeoIPOptions   `json:"geoip,omitempty"`
-	Geosite             *GeositeOptions `json:"geosite,omitempty"`
-	Rules               []Rule          `json:"rules,omitempty"`
-	RuleSet             []RuleSet       `json:"rule_set,omitempty"`
-	Final               string          `json:"final,omitempty"`
-	FindProcess         bool            `json:"find_process,omitempty"`
-	AutoDetectInterface bool            `json:"auto_detect_interface,omitempty"`
-	OverrideAndroidVPN  bool            `json:"override_android_vpn,omitempty"`
-	DefaultInterface    string          `json:"default_interface,omitempty"`
-	DefaultMark         uint32          `json:"default_mark,omitempty"`
+	GeoIP                      *GeoIPOptions                     `json:"geoip,omitempty"`
+	Geosite                    *GeositeOptions                   `json:"geosite,omitempty"`
+	Rules                      []Rule                            `json:"rules,omitempty"`
+	RuleSet                    []RuleSet                         `json:"rule_set,omitempty"`
+	Final                      string                            `json:"final,omitempty"`
+	FindProcess                bool                              `json:"find_process,omitempty"`
+	AutoDetectInterface        bool                              `json:"auto_detect_interface,omitempty"`
+	OverrideAndroidVPN         bool                              `json:"override_android_vpn,omitempty"`
+	DefaultInterface           string                            `json:"default_interface,omitempty"`
+	DefaultMark                uint32                            `json:"default_mark,omitempty"`
+	DefaultNetworkStrategy     NetworkStrategy                   `json:"default_network_strategy,omitempty"`
+	DefaultNetworkType         badoption.Listable[InterfaceType] `json:"default_network_type,omitempty"`
+	DefaultFallbackNetworkType badoption.Listable[InterfaceType] `json:"default_fallback_network_type,omitempty"`
+	DefaultFallbackDelay       badoption.Duration                `json:"default_fallback_delay,omitempty"`
 }

 type GeoIPOptions struct {
--- a/option/rule.go
+++ b/option/rule.go
@@ -67,39 +67,42 @@ func (r Rule) IsValid() bool {
 }

 type RawDefaultRule struct {
-	Inbound                  badoption.Listable[string] `json:"inbound,omitempty"`
-	IPVersion                int                        `json:"ip_version,omitempty"`
-	Network                  badoption.Listable[string] `json:"network,omitempty"`
-	AuthUser                 badoption.Listable[string] `json:"auth_user,omitempty"`
-	Protocol                 badoption.Listable[string] `json:"protocol,omitempty"`
-	Client                   badoption.Listable[string] `json:"client,omitempty"`
-	Domain                   badoption.Listable[string] `json:"domain,omitempty"`
-	DomainSuffix             badoption.Listable[string] `json:"domain_suffix,omitempty"`
-	DomainKeyword            badoption.Listable[string] `json:"domain_keyword,omitempty"`
-	DomainRegex              badoption.Listable[string] `json:"domain_regex,omitempty"`
-	Geosite                  badoption.Listable[string] `json:"geosite,omitempty"`
-	SourceGeoIP              badoption.Listable[string] `json:"source_geoip,omitempty"`
-	GeoIP                    badoption.Listable[string] `json:"geoip,omitempty"`
-	SourceIPCIDR             badoption.Listable[string] `json:"source_ip_cidr,omitempty"`
-	SourceIPIsPrivate        bool                       `json:"source_ip_is_private,omitempty"`
-	IPCIDR                   badoption.Listable[string] `json:"ip_cidr,omitempty"`
-	IPIsPrivate              bool                       `json:"ip_is_private,omitempty"`
-	SourcePort               badoption.Listable[uint16] `json:"source_port,omitempty"`
-	SourcePortRange          badoption.Listable[string] `json:"source_port_range,omitempty"`
-	Port                     badoption.Listable[uint16] `json:"port,omitempty"`
-	PortRange                badoption.Listable[string] `json:"port_range,omitempty"`
-	ProcessName              badoption.Listable[string] `json:"process_name,omitempty"`
-	ProcessPath              badoption.Listable[string] `json:"process_path,omitempty"`
-	ProcessPathRegex         badoption.Listable[string] `json:"process_path_regex,omitempty"`
-	PackageName              badoption.Listable[string] `json:"package_name,omitempty"`
-	User                     badoption.Listable[string] `json:"user,omitempty"`
-	UserID                   badoption.Listable[int32]  `json:"user_id,omitempty"`
-	ClashMode                string                     `json:"clash_mode,omitempty"`
-	WIFISSID                 badoption.Listable[string] `json:"wifi_ssid,omitempty"`
-	WIFIBSSID                badoption.Listable[string] `json:"wifi_bssid,omitempty"`
-	RuleSet                  badoption.Listable[string] `json:"rule_set,omitempty"`
-	RuleSetIPCIDRMatchSource bool                       `json:"rule_set_ip_cidr_match_source,omitempty"`
-	Invert                   bool                       `json:"invert,omitempty"`
+	Inbound                  badoption.Listable[string]        `json:"inbound,omitempty"`
+	IPVersion                int                               `json:"ip_version,omitempty"`
+	Network                  badoption.Listable[string]        `json:"network,omitempty"`
+	AuthUser                 badoption.Listable[string]        `json:"auth_user,omitempty"`
+	Protocol                 badoption.Listable[string]        `json:"protocol,omitempty"`
+	Client                   badoption.Listable[string]        `json:"client,omitempty"`
+	Domain                   badoption.Listable[string]        `json:"domain,omitempty"`
+	DomainSuffix             badoption.Listable[string]        `json:"domain_suffix,omitempty"`
+	DomainKeyword            badoption.Listable[string]        `json:"domain_keyword,omitempty"`
+	DomainRegex              badoption.Listable[string]        `json:"domain_regex,omitempty"`
+	Geosite                  badoption.Listable[string]        `json:"geosite,omitempty"`
+	SourceGeoIP              badoption.Listable[string]        `json:"source_geoip,omitempty"`
+	GeoIP                    badoption.Listable[string]        `json:"geoip,omitempty"`
+	SourceIPCIDR             badoption.Listable[string]        `json:"source_ip_cidr,omitempty"`
+	SourceIPIsPrivate        bool                              `json:"source_ip_is_private,omitempty"`
+	IPCIDR                   badoption.Listable[string]        `json:"ip_cidr,omitempty"`
+	IPIsPrivate              bool                              `json:"ip_is_private,omitempty"`
+	SourcePort               badoption.Listable[uint16]        `json:"source_port,omitempty"`
+	SourcePortRange          badoption.Listable[string]        `json:"source_port_range,omitempty"`
+	Port                     badoption.Listable[uint16]        `json:"port,omitempty"`
+	PortRange                badoption.Listable[string]        `json:"port_range,omitempty"`
+	ProcessName              badoption.Listable[string]        `json:"process_name,omitempty"`
+	ProcessPath              badoption.Listable[string]        `json:"process_path,omitempty"`
+	ProcessPathRegex         badoption.Listable[string]        `json:"process_path_regex,omitempty"`
+	PackageName              badoption.Listable[string]        `json:"package_name,omitempty"`
+	User                     badoption.Listable[string]        `json:"user,omitempty"`
+	UserID                   badoption.Listable[int32]         `json:"user_id,omitempty"`
+	ClashMode                string                            `json:"clash_mode,omitempty"`
+	NetworkType              badoption.Listable[InterfaceType] `json:"network_type,omitempty"`
+	NetworkIsExpensive       bool                              `json:"network_is_expensive,omitempty"`
+	NetworkIsConstrained     bool                              `json:"network_is_constrained,omitempty"`
+	WIFISSID                 badoption.Listable[string]        `json:"wifi_ssid,omitempty"`
+	WIFIBSSID                badoption.Listable[string]        `json:"wifi_bssid,omitempty"`
+	RuleSet                  badoption.Listable[string]        `json:"rule_set,omitempty"`
+	RuleSetIPCIDRMatchSource bool                              `json:"rule_set_ip_cidr_match_source,omitempty"`
+	Invert                   bool                              `json:"invert,omitempty"`

 	// Deprecated: renamed to rule_set_ip_cidr_match_source
 	Deprecated_RulesetIPCIDRMatchSource bool `json:"rule_set_ipcidr_match_source,omitempty"`
--- a/option/rule_action.go
+++ b/option/rule_action.go
@@ -7,8 +7,7 @@ import (
 	"time"

 	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/experimental/deprecated"
-	dns "github.com/sagernet/sing-dns"
+	"github.com/sagernet/sing-dns"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/json"
 	"github.com/sagernet/sing/common/json/badjson"
@@ -137,29 +136,26 @@ func (r *DNSRuleAction) UnmarshalJSONContext(ctx context.Context, data []byte) e
 	return badjson.UnmarshallExcludedContext(ctx, data, (*_DNSRuleAction)(r), v)
 }

-type _RouteActionOptions struct {
+type RouteActionOptions struct {
 	Outbound string `json:"outbound,omitempty"`
+	RawRouteOptionsActionOptions
 }

-type RouteActionOptions _RouteActionOptions
+type RawRouteOptionsActionOptions struct {
+	OverrideAddress string `json:"override_address,omitempty"`
+	OverridePort    uint16 `json:"override_port,omitempty"`

-func (r *RouteActionOptions) UnmarshalJSON(data []byte) error {
-	err := json.Unmarshal(data, (*_RouteActionOptions)(r))
-	if err != nil {
-		return err
-	}
-	return nil
-}
+	NetworkStrategy NetworkStrategy `json:"network_strategy,omitempty"`
+	FallbackDelay   uint32          `json:"fallback_delay,omitempty"`

-type _RouteOptionsActionOptions struct {
 	UDPDisableDomainUnmapping bool `json:"udp_disable_domain_unmapping,omitempty"`
 	UDPConnect                bool `json:"udp_connect,omitempty"`
 }

-type RouteOptionsActionOptions _RouteOptionsActionOptions
+type RouteOptionsActionOptions RawRouteOptionsActionOptions

 func (r *RouteOptionsActionOptions) UnmarshalJSON(data []byte) error {
-	err := json.Unmarshal(data, (*_RouteOptionsActionOptions)(r))
+	err := json.Unmarshal(data, (*RawRouteOptionsActionOptions)(r))
 	if err != nil {
 		return err
 	}
@@ -169,29 +165,13 @@ func (r *RouteOptionsActionOptions) UnmarshalJSON(data []byte) error {
 	return nil
 }

-type _DNSRouteActionOptions struct {
-	Server string `json:"server,omitempty"`
-	// Deprecated: Use DNSRouteOptionsActionOptions instead.
-	DisableCache bool `json:"disable_cache,omitempty"`
-	// Deprecated: Use DNSRouteOptionsActionOptions instead.
-	RewriteTTL *uint32 `json:"rewrite_ttl,omitempty"`
-	// Deprecated: Use DNSRouteOptionsActionOptions instead.
+type DNSRouteActionOptions struct {
+	Server       string                `json:"server,omitempty"`
+	DisableCache bool                  `json:"disable_cache,omitempty"`
+	RewriteTTL   *uint32               `json:"rewrite_ttl,omitempty"`
 	ClientSubnet *badoption.Prefixable `json:"client_subnet,omitempty"`
 }

-type DNSRouteActionOptions _DNSRouteActionOptions
-
-func (r *DNSRouteActionOptions) UnmarshalJSONContext(ctx context.Context, data []byte) error {
-	err := json.Unmarshal(data, (*_DNSRouteActionOptions)(r))
-	if err != nil {
-		return err
-	}
-	if r.DisableCache || r.RewriteTTL != nil || r.ClientSubnet != nil {
-		deprecated.Report(ctx, deprecated.OptionLegacyDNSRouteOptions)
-	}
-	return nil
-}
-
 type _DNSRouteOptionsActionOptions struct {
 	DisableCache bool                  `json:"disable_cache,omitempty"`
 	RewriteTTL   *uint32               `json:"rewrite_ttl,omitempty"`
--- a/option/rule_dns.go
+++ b/option/rule_dns.go
@@ -68,41 +68,44 @@ func (r DNSRule) IsValid() bool {
 }

 type RawDefaultDNSRule struct {
-	Inbound                  badoption.Listable[string]       `json:"inbound,omitempty"`
-	IPVersion                int                              `json:"ip_version,omitempty"`
-	QueryType                badoption.Listable[DNSQueryType] `json:"query_type,omitempty"`
-	Network                  badoption.Listable[string]       `json:"network,omitempty"`
-	AuthUser                 badoption.Listable[string]       `json:"auth_user,omitempty"`
-	Protocol                 badoption.Listable[string]       `json:"protocol,omitempty"`
-	Domain                   badoption.Listable[string]       `json:"domain,omitempty"`
-	DomainSuffix             badoption.Listable[string]       `json:"domain_suffix,omitempty"`
-	DomainKeyword            badoption.Listable[string]       `json:"domain_keyword,omitempty"`
-	DomainRegex              badoption.Listable[string]       `json:"domain_regex,omitempty"`
-	Geosite                  badoption.Listable[string]       `json:"geosite,omitempty"`
-	SourceGeoIP              badoption.Listable[string]       `json:"source_geoip,omitempty"`
-	GeoIP                    badoption.Listable[string]       `json:"geoip,omitempty"`
-	IPCIDR                   badoption.Listable[string]       `json:"ip_cidr,omitempty"`
-	IPIsPrivate              bool                             `json:"ip_is_private,omitempty"`
-	SourceIPCIDR             badoption.Listable[string]       `json:"source_ip_cidr,omitempty"`
-	SourceIPIsPrivate        bool                             `json:"source_ip_is_private,omitempty"`
-	SourcePort               badoption.Listable[uint16]       `json:"source_port,omitempty"`
-	SourcePortRange          badoption.Listable[string]       `json:"source_port_range,omitempty"`
-	Port                     badoption.Listable[uint16]       `json:"port,omitempty"`
-	PortRange                badoption.Listable[string]       `json:"port_range,omitempty"`
-	ProcessName              badoption.Listable[string]       `json:"process_name,omitempty"`
-	ProcessPath              badoption.Listable[string]       `json:"process_path,omitempty"`
-	ProcessPathRegex         badoption.Listable[string]       `json:"process_path_regex,omitempty"`
-	PackageName              badoption.Listable[string]       `json:"package_name,omitempty"`
-	User                     badoption.Listable[string]       `json:"user,omitempty"`
-	UserID                   badoption.Listable[int32]        `json:"user_id,omitempty"`
-	Outbound                 badoption.Listable[string]       `json:"outbound,omitempty"`
-	ClashMode                string                           `json:"clash_mode,omitempty"`
-	WIFISSID                 badoption.Listable[string]       `json:"wifi_ssid,omitempty"`
-	WIFIBSSID                badoption.Listable[string]       `json:"wifi_bssid,omitempty"`
-	RuleSet                  badoption.Listable[string]       `json:"rule_set,omitempty"`
-	RuleSetIPCIDRMatchSource bool                             `json:"rule_set_ip_cidr_match_source,omitempty"`
-	RuleSetIPCIDRAcceptEmpty bool                             `json:"rule_set_ip_cidr_accept_empty,omitempty"`
-	Invert                   bool                             `json:"invert,omitempty"`
+	Inbound                  badoption.Listable[string]        `json:"inbound,omitempty"`
+	IPVersion                int                               `json:"ip_version,omitempty"`
+	QueryType                badoption.Listable[DNSQueryType]  `json:"query_type,omitempty"`
+	Network                  badoption.Listable[string]        `json:"network,omitempty"`
+	AuthUser                 badoption.Listable[string]        `json:"auth_user,omitempty"`
+	Protocol                 badoption.Listable[string]        `json:"protocol,omitempty"`
+	Domain                   badoption.Listable[string]        `json:"domain,omitempty"`
+	DomainSuffix             badoption.Listable[string]        `json:"domain_suffix,omitempty"`
+	DomainKeyword            badoption.Listable[string]        `json:"domain_keyword,omitempty"`
+	DomainRegex              badoption.Listable[string]        `json:"domain_regex,omitempty"`
+	Geosite                  badoption.Listable[string]        `json:"geosite,omitempty"`
+	SourceGeoIP              badoption.Listable[string]        `json:"source_geoip,omitempty"`
+	GeoIP                    badoption.Listable[string]        `json:"geoip,omitempty"`
+	IPCIDR                   badoption.Listable[string]        `json:"ip_cidr,omitempty"`
+	IPIsPrivate              bool                              `json:"ip_is_private,omitempty"`
+	SourceIPCIDR             badoption.Listable[string]        `json:"source_ip_cidr,omitempty"`
+	SourceIPIsPrivate        bool                              `json:"source_ip_is_private,omitempty"`
+	SourcePort               badoption.Listable[uint16]        `json:"source_port,omitempty"`
+	SourcePortRange          badoption.Listable[string]        `json:"source_port_range,omitempty"`
+	Port                     badoption.Listable[uint16]        `json:"port,omitempty"`
+	PortRange                badoption.Listable[string]        `json:"port_range,omitempty"`
+	ProcessName              badoption.Listable[string]        `json:"process_name,omitempty"`
+	ProcessPath              badoption.Listable[string]        `json:"process_path,omitempty"`
+	ProcessPathRegex         badoption.Listable[string]        `json:"process_path_regex,omitempty"`
+	PackageName              badoption.Listable[string]        `json:"package_name,omitempty"`
+	User                     badoption.Listable[string]        `json:"user,omitempty"`
+	UserID                   badoption.Listable[int32]         `json:"user_id,omitempty"`
+	Outbound                 badoption.Listable[string]        `json:"outbound,omitempty"`
+	ClashMode                string                            `json:"clash_mode,omitempty"`
+	NetworkType              badoption.Listable[InterfaceType] `json:"network_type,omitempty"`
+	NetworkIsExpensive       bool                              `json:"network_is_expensive,omitempty"`
+	NetworkIsConstrained     bool                              `json:"network_is_constrained,omitempty"`
+	WIFISSID                 badoption.Listable[string]        `json:"wifi_ssid,omitempty"`
+	WIFIBSSID                badoption.Listable[string]        `json:"wifi_bssid,omitempty"`
+	RuleSet                  badoption.Listable[string]        `json:"rule_set,omitempty"`
+	RuleSetIPCIDRMatchSource bool                              `json:"rule_set_ip_cidr_match_source,omitempty"`
+	RuleSetIPCIDRAcceptEmpty bool                              `json:"rule_set_ip_cidr_accept_empty,omitempty"`
+	Invert                   bool                              `json:"invert,omitempty"`

 	// Deprecated: renamed to rule_set_ip_cidr_match_source
 	Deprecated_RulesetIPCIDRMatchSource bool `json:"rule_set_ipcidr_match_source,omitempty"`
@@ -143,7 +146,7 @@ type LogicalDNSRule struct {
 	DNSRuleAction
 }

-func (r *LogicalDNSRule) MarshalJSON() ([]byte, error) {
+func (r LogicalDNSRule) MarshalJSON() ([]byte, error) {
 	return badjson.MarshallObjects(r.RawLogicalDNSRule, r.DNSRuleAction)
 }

--- a/option/rule_set.go
+++ b/option/rule_set.go
@@ -146,25 +146,28 @@ func (r HeadlessRule) IsValid() bool {
 }

 type DefaultHeadlessRule struct {
-	QueryType        badoption.Listable[DNSQueryType] `json:"query_type,omitempty"`
-	Network          badoption.Listable[string]       `json:"network,omitempty"`
-	Domain           badoption.Listable[string]       `json:"domain,omitempty"`
-	DomainSuffix     badoption.Listable[string]       `json:"domain_suffix,omitempty"`
-	DomainKeyword    badoption.Listable[string]       `json:"domain_keyword,omitempty"`
-	DomainRegex      badoption.Listable[string]       `json:"domain_regex,omitempty"`
-	SourceIPCIDR     badoption.Listable[string]       `json:"source_ip_cidr,omitempty"`
-	IPCIDR           badoption.Listable[string]       `json:"ip_cidr,omitempty"`
-	SourcePort       badoption.Listable[uint16]       `json:"source_port,omitempty"`
-	SourcePortRange  badoption.Listable[string]       `json:"source_port_range,omitempty"`
-	Port             badoption.Listable[uint16]       `json:"port,omitempty"`
-	PortRange        badoption.Listable[string]       `json:"port_range,omitempty"`
-	ProcessName      badoption.Listable[string]       `json:"process_name,omitempty"`
-	ProcessPath      badoption.Listable[string]       `json:"process_path,omitempty"`
-	ProcessPathRegex badoption.Listable[string]       `json:"process_path_regex,omitempty"`
-	PackageName      badoption.Listable[string]       `json:"package_name,omitempty"`
-	WIFISSID         badoption.Listable[string]       `json:"wifi_ssid,omitempty"`
-	WIFIBSSID        badoption.Listable[string]       `json:"wifi_bssid,omitempty"`
-	Invert           bool                             `json:"invert,omitempty"`
+	QueryType            badoption.Listable[DNSQueryType]  `json:"query_type,omitempty"`
+	Network              badoption.Listable[string]        `json:"network,omitempty"`
+	Domain               badoption.Listable[string]        `json:"domain,omitempty"`
+	DomainSuffix         badoption.Listable[string]        `json:"domain_suffix,omitempty"`
+	DomainKeyword        badoption.Listable[string]        `json:"domain_keyword,omitempty"`
+	DomainRegex          badoption.Listable[string]        `json:"domain_regex,omitempty"`
+	SourceIPCIDR         badoption.Listable[string]        `json:"source_ip_cidr,omitempty"`
+	IPCIDR               badoption.Listable[string]        `json:"ip_cidr,omitempty"`
+	SourcePort           badoption.Listable[uint16]        `json:"source_port,omitempty"`
+	SourcePortRange      badoption.Listable[string]        `json:"source_port_range,omitempty"`
+	Port                 badoption.Listable[uint16]        `json:"port,omitempty"`
+	PortRange            badoption.Listable[string]        `json:"port_range,omitempty"`
+	ProcessName          badoption.Listable[string]        `json:"process_name,omitempty"`
+	ProcessPath          badoption.Listable[string]        `json:"process_path,omitempty"`
+	ProcessPathRegex     badoption.Listable[string]        `json:"process_path_regex,omitempty"`
+	PackageName          badoption.Listable[string]        `json:"package_name,omitempty"`
+	NetworkType          badoption.Listable[InterfaceType] `json:"network_type,omitempty"`
+	NetworkIsExpensive   bool                              `json:"network_is_expensive,omitempty"`
+	NetworkIsConstrained bool                              `json:"network_is_constrained,omitempty"`
+	WIFISSID             badoption.Listable[string]        `json:"wifi_ssid,omitempty"`
+	WIFIBSSID            badoption.Listable[string]        `json:"wifi_bssid,omitempty"`
+	Invert               bool                              `json:"invert,omitempty"`

 	DomainMatcher *domain.Matcher `json:"-"`
 	SourceIPSet   *netipx.IPSet   `json:"-"`
@@ -191,7 +194,7 @@ func (r LogicalHeadlessRule) IsValid() bool {
 }

 type _PlainRuleSetCompat struct {
-	Version int          `json:"version"`
+	Version uint8        `json:"version"`
 	Options PlainRuleSet `json:"-"`
 }

@@ -200,7 +203,7 @@ type PlainRuleSetCompat _PlainRuleSetCompat
 func (r PlainRuleSetCompat) MarshalJSON() ([]byte, error) {
 	var v any
 	switch r.Version {
-	case C.RuleSetVersion1, C.RuleSetVersion2:
+	case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3:
 		v = r.Options
 	default:
 		return nil, E.New("unknown rule-set version: ", r.Version)
@@ -215,7 +218,7 @@ func (r *PlainRuleSetCompat) UnmarshalJSON(bytes []byte) error {
 	}
 	var v any
 	switch r.Version {
-	case C.RuleSetVersion1, C.RuleSetVersion2:
+	case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3:
 		v = &r.Options
 	case 0:
 		return E.New("missing rule-set version")
@@ -231,7 +234,7 @@ func (r *PlainRuleSetCompat) UnmarshalJSON(bytes []byte) error {

 func (r PlainRuleSetCompat) Upgrade() (PlainRuleSet, error) {
 	switch r.Version {
-	case C.RuleSetVersion1, C.RuleSetVersion2:
+	case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3:
 	default:
 		return PlainRuleSet{}, E.New("unknown rule-set version: " + F.ToString(r.Version))
 	}
--- a/option/types.go
+++ b/option/types.go
@@ -3,6 +3,7 @@ package option
 import (
 	"strings"

+	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-dns"
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
@@ -150,3 +151,47 @@ func DNSQueryTypeToString(queryType uint16) string {
 	}
 	return F.ToString(queryType)
 }
+
+type NetworkStrategy C.NetworkStrategy
+
+func (n NetworkStrategy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(C.NetworkStrategy(n).String())
+}
+
+func (n *NetworkStrategy) UnmarshalJSON(content []byte) error {
+	var value string
+	err := json.Unmarshal(content, &value)
+	if err != nil {
+		return err
+	}
+	strategy, loaded := C.StringToNetworkStrategy[value]
+	if !loaded {
+		return E.New("unknown network strategy: ", value)
+	}
+	*n = NetworkStrategy(strategy)
+	return nil
+}
+
+type InterfaceType C.InterfaceType
+
+func (t InterfaceType) Build() C.InterfaceType {
+	return C.InterfaceType(t)
+}
+
+func (t InterfaceType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(C.InterfaceType(t).String())
+}
+
+func (t *InterfaceType) UnmarshalJSON(content []byte) error {
+	var value string
+	err := json.Unmarshal(content, &value)
+	if err != nil {
+		return err
+	}
+	interfaceType, loaded := C.StringToInterfaceType[value]
+	if !loaded {
+		return E.New("unknown interface type: ", value)
+	}
+	*t = InterfaceType(interfaceType)
+	return nil
+}
--- a/protocol/direct/inbound.go
+++ b/protocol/direct/inbound.go
@@ -110,6 +110,8 @@ func (i *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, metadata a
 	i.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
 	metadata.Inbound = i.Tag()
 	metadata.InboundType = i.Type()
+	metadata.InboundDetour = i.listener.ListenOptions().Detour
+	metadata.InboundOptions = i.listener.ListenOptions().InboundOptions
 	i.router.RouteConnectionEx(ctx, conn, metadata, onClose)
 }

@@ -119,6 +121,8 @@ func (i *Inbound) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn,
 	var metadata adapter.InboundContext
 	metadata.Inbound = i.Tag()
 	metadata.InboundType = i.Type()
+	metadata.InboundDetour = i.listener.ListenOptions().Detour
+	metadata.InboundOptions = i.listener.ListenOptions().InboundOptions
 	metadata.Source = source
 	metadata.Destination = destination
 	metadata.OriginDestination = i.listener.UDPAddr()
--- a/protocol/direct/loopback_detect.go
+++ b/protocol/direct/loopback_detect.go
@@ -33,7 +33,7 @@ func (l *loopBackDetector) NewConn(conn net.Conn) net.Conn {
 	}
 	if udpConn, isUDPConn := conn.(abstractUDPConn); isUDPConn {
 		if !source.Addr().IsLoopback() {
-			_, err := l.networkManager.InterfaceFinder().InterfaceByAddr(source.Addr())
+			_, err := l.networkManager.InterfaceFinder().ByAddr(source.Addr())
 			if err != nil {
 				return conn
 			}
@@ -59,7 +59,7 @@ func (l *loopBackDetector) NewPacketConn(conn N.NetPacketConn, destination M.Soc
 		return conn
 	}
 	if !source.Addr().IsLoopback() {
-		_, err := l.networkManager.InterfaceFinder().InterfaceByAddr(source.Addr())
+		_, err := l.networkManager.InterfaceFinder().ByAddr(source.Addr())
 		if err != nil {
 			return conn
 		}
@@ -82,7 +82,7 @@ func (l *loopBackDetector) CheckPacketConn(source netip.AddrPort, local netip.Ad
 		return false
 	}
 	if !source.Addr().IsLoopback() {
-		_, err := l.networkManager.InterfaceFinder().InterfaceByAddr(source.Addr())
+		_, err := l.networkManager.InterfaceFinder().ByAddr(source.Addr())
 		if err != nil {
 			return false
 		}
--- a/protocol/direct/outbound.go
+++ b/protocol/direct/outbound.go
@@ -12,7 +12,8 @@ import (
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
-	dns "github.com/sagernet/sing-dns"
+	"github.com/sagernet/sing-dns"
+	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
@@ -24,31 +25,42 @@ func RegisterOutbound(registry *outbound.Registry) {
 	outbound.Register[option.DirectOutboundOptions](registry, C.TypeDirect, NewOutbound)
 }

-var _ N.ParallelDialer = (*Outbound)(nil)
+var (
+	_ N.ParallelDialer             = (*Outbound)(nil)
+	_ dialer.ParallelNetworkDialer = (*Outbound)(nil)
+)

 type Outbound struct {
 	outbound.Adapter
-	logger              logger.ContextLogger
-	dialer              N.Dialer
-	domainStrategy      dns.DomainStrategy
-	fallbackDelay       time.Duration
-	overrideOption      int
-	overrideDestination M.Socksaddr
+	logger               logger.ContextLogger
+	dialer               dialer.ParallelInterfaceDialer
+	domainStrategy       dns.DomainStrategy
+	fallbackDelay        time.Duration
+	networkStrategy      C.NetworkStrategy
+	networkType          []C.InterfaceType
+	fallbackNetworkType  []C.InterfaceType
+	networkFallbackDelay time.Duration
+	overrideOption       int
+	overrideDestination  M.Socksaddr
 	// loopBack *loopBackDetector
 }

 func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.DirectOutboundOptions) (adapter.Outbound, error) {
 	options.UDPFragmentDefault = true
-	outboundDialer, err := dialer.New(ctx, options.DialerOptions)
+	outboundDialer, err := dialer.NewDirect(ctx, options.DialerOptions)
 	if err != nil {
 		return nil, err
 	}
 	outbound := &Outbound{
-		Adapter:        outbound.NewAdapterWithDialerOptions(C.TypeDirect, []string{N.NetworkTCP, N.NetworkUDP}, tag, options.DialerOptions),
-		logger:         logger,
-		domainStrategy: dns.DomainStrategy(options.DomainStrategy),
-		fallbackDelay:  time.Duration(options.FallbackDelay),
-		dialer:         outboundDialer,
+		Adapter:              outbound.NewAdapterWithDialerOptions(C.TypeDirect, []string{N.NetworkTCP, N.NetworkUDP}, tag, options.DialerOptions),
+		logger:               logger,
+		domainStrategy:       dns.DomainStrategy(options.DomainStrategy),
+		fallbackDelay:        time.Duration(options.FallbackDelay),
+		networkStrategy:      C.NetworkStrategy(options.NetworkStrategy),
+		networkType:          common.Map(options.NetworkType, option.InterfaceType.Build),
+		fallbackNetworkType:  common.Map(options.FallbackNetworkType, option.InterfaceType.Build),
+		networkFallbackDelay: time.Duration(options.NetworkFallbackDelay),
+		dialer:               outboundDialer,
 		// loopBack:       newLoopBackDetector(router),
 	}
 	if options.ProxyProtocol != 0 {
@@ -96,33 +108,6 @@ func (h *Outbound) DialContext(ctx context.Context, network string, destination
 	return h.dialer.DialContext(ctx, network, destination)
 }

-func (h *Outbound) DialParallel(ctx context.Context, network string, destination M.Socksaddr, destinationAddresses []netip.Addr) (net.Conn, error) {
-	ctx, metadata := adapter.ExtendContext(ctx)
-	metadata.Outbound = h.Tag()
-	metadata.Destination = destination
-	switch h.overrideOption {
-	case 1, 2:
-		// override address
-		return h.DialContext(ctx, network, destination)
-	case 3:
-		destination.Port = h.overrideDestination.Port
-	}
-	network = N.NetworkName(network)
-	switch network {
-	case N.NetworkTCP:
-		h.logger.InfoContext(ctx, "outbound connection to ", destination)
-	case N.NetworkUDP:
-		h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
-	}
-	var domainStrategy dns.DomainStrategy
-	if h.domainStrategy != dns.DomainStrategyAsIS {
-		domainStrategy = h.domainStrategy
-	} else {
-		domainStrategy = dns.DomainStrategy(metadata.InboundOptions.DomainStrategy)
-	}
-	return N.DialParallel(ctx, h.dialer, network, destination, destinationAddresses, domainStrategy == dns.DomainStrategyPreferIPv6, h.fallbackDelay)
-}
-
 func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
 	ctx, metadata := adapter.ExtendContext(ctx)
 	metadata.Outbound = h.Tag()
@@ -154,6 +139,110 @@ func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (n
 	return conn, nil
 }

+func (h *Outbound) DialParallel(ctx context.Context, network string, destination M.Socksaddr, destinationAddresses []netip.Addr) (net.Conn, error) {
+	ctx, metadata := adapter.ExtendContext(ctx)
+	metadata.Outbound = h.Tag()
+	metadata.Destination = destination
+	switch h.overrideOption {
+	case 1, 2:
+		// override address
+		return h.DialContext(ctx, network, destination)
+	case 3:
+		destination.Port = h.overrideDestination.Port
+	}
+	network = N.NetworkName(network)
+	switch network {
+	case N.NetworkTCP:
+		h.logger.InfoContext(ctx, "outbound connection to ", destination)
+	case N.NetworkUDP:
+		h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
+	}
+	var domainStrategy dns.DomainStrategy
+	if h.domainStrategy != dns.DomainStrategyAsIS {
+		domainStrategy = h.domainStrategy
+	} else {
+		domainStrategy = dns.DomainStrategy(metadata.InboundOptions.DomainStrategy)
+	}
+	switch domainStrategy {
+	case dns.DomainStrategyUseIPv4:
+		destinationAddresses = common.Filter(destinationAddresses, netip.Addr.Is4)
+		if len(destinationAddresses) == 0 {
+			return nil, E.New("no IPv4 address available for ", destination)
+		}
+	case dns.DomainStrategyUseIPv6:
+		destinationAddresses = common.Filter(destinationAddresses, netip.Addr.Is6)
+		if len(destinationAddresses) == 0 {
+			return nil, E.New("no IPv6 address available for ", destination)
+		}
+	}
+	return dialer.DialParallelNetwork(ctx, h.dialer, network, destination, destinationAddresses, domainStrategy == dns.DomainStrategyPreferIPv6, h.networkStrategy, h.networkType, h.fallbackNetworkType, h.fallbackDelay)
+}
+
+func (h *Outbound) DialParallelNetwork(ctx context.Context, network string, destination M.Socksaddr, destinationAddresses []netip.Addr, networkStrategy C.NetworkStrategy, networkType []C.InterfaceType, fallbackNetworkType []C.InterfaceType, fallbackDelay time.Duration) (net.Conn, error) {
+	ctx, metadata := adapter.ExtendContext(ctx)
+	metadata.Outbound = h.Tag()
+	metadata.Destination = destination
+	switch h.overrideOption {
+	case 1, 2:
+		// override address
+		return h.DialContext(ctx, network, destination)
+	case 3:
+		destination.Port = h.overrideDestination.Port
+	}
+	network = N.NetworkName(network)
+	switch network {
+	case N.NetworkTCP:
+		h.logger.InfoContext(ctx, "outbound connection to ", destination)
+	case N.NetworkUDP:
+		h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
+	}
+	var domainStrategy dns.DomainStrategy
+	if h.domainStrategy != dns.DomainStrategyAsIS {
+		domainStrategy = h.domainStrategy
+	} else {
+		domainStrategy = dns.DomainStrategy(metadata.InboundOptions.DomainStrategy)
+	}
+	switch domainStrategy {
+	case dns.DomainStrategyUseIPv4:
+		destinationAddresses = common.Filter(destinationAddresses, netip.Addr.Is4)
+		if len(destinationAddresses) == 0 {
+			return nil, E.New("no IPv4 address available for ", destination)
+		}
+	case dns.DomainStrategyUseIPv6:
+		destinationAddresses = common.Filter(destinationAddresses, netip.Addr.Is6)
+		if len(destinationAddresses) == 0 {
+			return nil, E.New("no IPv6 address available for ", destination)
+		}
+	}
+	return dialer.DialParallelNetwork(ctx, h.dialer, network, destination, destinationAddresses, domainStrategy == dns.DomainStrategyPreferIPv6, networkStrategy, networkType, fallbackNetworkType, fallbackDelay)
+}
+
+func (h *Outbound) ListenSerialNetworkPacket(ctx context.Context, destination M.Socksaddr, destinationAddresses []netip.Addr, networkStrategy C.NetworkStrategy, networkType []C.InterfaceType, fallbackNetworkType []C.InterfaceType, fallbackDelay time.Duration) (net.PacketConn, netip.Addr, error) {
+	ctx, metadata := adapter.ExtendContext(ctx)
+	metadata.Outbound = h.Tag()
+	metadata.Destination = destination
+	switch h.overrideOption {
+	case 1:
+		destination = h.overrideDestination
+	case 2:
+		newDestination := h.overrideDestination
+		newDestination.Port = destination.Port
+		destination = newDestination
+	case 3:
+		destination.Port = h.overrideDestination.Port
+	}
+	if h.overrideOption == 0 {
+		h.logger.InfoContext(ctx, "outbound packet connection")
+	} else {
+		h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
+	}
+	conn, newDestination, err := dialer.ListenSerialNetworkPacket(ctx, h.dialer, destination, destinationAddresses, networkStrategy, networkType, fallbackNetworkType, fallbackDelay)
+	if err != nil {
+		return nil, netip.Addr{}, err
+	}
+	return conn, newDestination, nil
+}
+
 /*func (h *Outbound) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
 	if h.loopBack.CheckConn(metadata.Source.AddrPort(), M.AddrPortFromNet(conn.LocalAddr())) {
 		return E.New("reject loopback connection to ", metadata.Destination)
--- a/protocol/group/selector.go
+++ b/protocol/group/selector.go
@@ -98,7 +98,11 @@ func (s *Selector) Start() error {
 }

 func (s *Selector) Now() string {
-	return s.selected.Tag()
+	selected := s.selected
+	if selected == nil {
+		return s.tags[0]
+	}
+	return selected.Tag()
 }

 func (s *Selector) All() []string {
--- a/protocol/http/inbound.go
+++ b/protocol/http/inbound.go
@@ -73,7 +73,7 @@ func (h *Inbound) Start() error {

 func (h *Inbound) Close() error {
 	return common.Close(
-		&h.listener,
+		h.listener,
 		h.tlsConfig,
 	)
 }
--- a/protocol/hysteria/inbound.go
+++ b/protocol/hysteria/inbound.go
@@ -17,6 +17,7 @@ import (
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/auth"
 	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 )

@@ -85,7 +86,7 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 		XPlusPassword: options.Obfs,
 		TLSConfig:     tlsConfig,
 		UDPTimeout:    udpTimeout,
-		Handler:       adapter.NewUpstreamHandler(adapter.InboundContext{}, inbound.newConnection, inbound.newPacketConnection, nil),
+		Handler:       inbound,

 		// Legacy options

@@ -117,12 +118,16 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 	return inbound, nil
 }

-func (h *Inbound) newConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
+func (h *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
 	ctx = log.ContextWithNewID(ctx)
+	var metadata adapter.InboundContext
 	metadata.Inbound = h.Tag()
 	metadata.InboundType = h.Type()
 	metadata.InboundDetour = h.listener.ListenOptions().Detour
 	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
+	metadata.OriginDestination = h.listener.UDPAddr()
+	metadata.Source = source
+	metadata.Destination = destination
 	h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source)
 	userID, _ := auth.UserFromContext[int](ctx)
 	if userName := h.userNameList[userID]; userName != "" {
@@ -131,16 +136,19 @@ func (h *Inbound) newConnection(ctx context.Context, conn net.Conn, metadata ada
 	} else {
 		h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
 	}
-	return h.router.RouteConnection(ctx, conn, metadata)
+	h.router.RouteConnectionEx(ctx, conn, metadata, onClose)
 }

-func (h *Inbound) newPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
+func (h *Inbound) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
 	ctx = log.ContextWithNewID(ctx)
+	var metadata adapter.InboundContext
 	metadata.Inbound = h.Tag()
 	metadata.InboundType = h.Type()
 	metadata.InboundDetour = h.listener.ListenOptions().Detour
 	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
 	metadata.OriginDestination = h.listener.UDPAddr()
+	metadata.Source = source
+	metadata.Destination = destination
 	h.logger.InfoContext(ctx, "inbound packet connection from ", metadata.Source)
 	userID, _ := auth.UserFromContext[int](ctx)
 	if userName := h.userNameList[userID]; userName != "" {
@@ -149,7 +157,7 @@ func (h *Inbound) newPacketConnection(ctx context.Context, conn N.PacketConn, me
 	} else {
 		h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination)
 	}
-	return h.router.RoutePacketConnection(ctx, conn, metadata)
+	h.router.RoutePacketConnectionEx(ctx, conn, metadata, onClose)
 }

 func (h *Inbound) Start() error {
@@ -168,7 +176,7 @@ func (h *Inbound) Start() error {

 func (h *Inbound) Close() error {
 	return common.Close(
-		&h.listener,
+		h.listener,
 		h.tlsConfig,
 		common.PtrOrNil(h.service),
 	)
--- a/protocol/hysteria2/inbound.go
+++ b/protocol/hysteria2/inbound.go
@@ -20,6 +20,7 @@ import (
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/auth"
 	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 )

@@ -108,7 +109,7 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 		TLSConfig:             tlsConfig,
 		IgnoreClientBandwidth: options.IgnoreClientBandwidth,
 		UDPTimeout:            udpTimeout,
-		Handler:               adapter.NewUpstreamHandler(adapter.InboundContext{}, inbound.newConnection, inbound.newPacketConnection, nil),
+		Handler:               inbound,
 		MasqueradeHandler:     masqueradeHandler,
 	})
 	if err != nil {
@@ -128,12 +129,16 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 	return inbound, nil
 }

-func (h *Inbound) newConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
+func (h *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
 	ctx = log.ContextWithNewID(ctx)
+	var metadata adapter.InboundContext
 	metadata.Inbound = h.Tag()
 	metadata.InboundType = h.Type()
 	metadata.InboundDetour = h.listener.ListenOptions().Detour
 	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
+	metadata.OriginDestination = h.listener.UDPAddr()
+	metadata.Source = source
+	metadata.Destination = destination
 	h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source)
 	userID, _ := auth.UserFromContext[int](ctx)
 	if userName := h.userNameList[userID]; userName != "" {
@@ -142,16 +147,19 @@ func (h *Inbound) newConnection(ctx context.Context, conn net.Conn, metadata ada
 	} else {
 		h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
 	}
-	return h.router.RouteConnection(ctx, conn, metadata)
+	h.router.RouteConnectionEx(ctx, conn, metadata, onClose)
 }

-func (h *Inbound) newPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
+func (h *Inbound) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
 	ctx = log.ContextWithNewID(ctx)
+	var metadata adapter.InboundContext
 	metadata.Inbound = h.Tag()
 	metadata.InboundType = h.Type()
 	metadata.InboundDetour = h.listener.ListenOptions().Detour
 	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
 	metadata.OriginDestination = h.listener.UDPAddr()
+	metadata.Source = source
+	metadata.Destination = destination
 	h.logger.InfoContext(ctx, "inbound packet connection from ", metadata.Source)
 	userID, _ := auth.UserFromContext[int](ctx)
 	if userName := h.userNameList[userID]; userName != "" {
@@ -160,7 +168,7 @@ func (h *Inbound) newPacketConnection(ctx context.Context, conn N.PacketConn, me
 	} else {
 		h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination)
 	}
-	return h.router.RoutePacketConnection(ctx, conn, metadata)
+	h.router.RoutePacketConnectionEx(ctx, conn, metadata, onClose)
 }

 func (h *Inbound) Start() error {
@@ -179,7 +187,7 @@ func (h *Inbound) Start() error {

 func (h *Inbound) Close() error {
 	return common.Close(
-		&h.listener,
+		h.listener,
 		h.tlsConfig,
 		common.PtrOrNil(h.service),
 	)
--- a/protocol/redirect/redirect.go
+++ b/protocol/redirect/redirect.go
@@ -59,6 +59,8 @@ func (h *Redirect) NewConnectionEx(ctx context.Context, conn net.Conn, metadata
 	}
 	metadata.Inbound = h.Tag()
 	metadata.InboundType = h.Type()
+	metadata.InboundDetour = h.listener.ListenOptions().Detour
+	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
 	metadata.Destination = M.SocksaddrFromNetIP(destination)
 	h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
 	h.router.RouteConnectionEx(ctx, conn, metadata, onClose)
--- a/protocol/redirect/tproxy.go
+++ b/protocol/redirect/tproxy.go
@@ -101,6 +101,8 @@ func (t *TProxy) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn, s
 	var metadata adapter.InboundContext
 	metadata.Inbound = t.Tag()
 	metadata.InboundType = t.Type()
+	metadata.InboundDetour = t.listener.ListenOptions().Detour
+	metadata.InboundOptions = t.listener.ListenOptions().InboundOptions
 	metadata.Source = source
 	metadata.Destination = destination
 	metadata.OriginDestination = t.listener.UDPAddr()
--- a/protocol/shadowsocks/inbound.go
+++ b/protocol/shadowsocks/inbound.go
@@ -120,6 +120,8 @@ func (h *Inbound) newConnection(ctx context.Context, conn net.Conn, metadata ada
 	h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
 	metadata.Inbound = h.Tag()
 	metadata.InboundType = h.Type()
+	metadata.InboundDetour = h.listener.ListenOptions().Detour
+	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
 	return h.router.RouteConnection(ctx, conn, metadata)
 }

--- a/protocol/shadowsocks/inbound_multi.go
+++ b/protocol/shadowsocks/inbound_multi.go
@@ -138,6 +138,8 @@ func (h *MultiInbound) newConnection(ctx context.Context, conn net.Conn, metadat
 	h.logger.InfoContext(ctx, "[", user, "] inbound connection to ", metadata.Destination)
 	metadata.Inbound = h.Tag()
 	metadata.InboundType = h.Type()
+	metadata.InboundDetour = h.listener.ListenOptions().Detour
+	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
 	return h.router.RouteConnection(ctx, conn, metadata)
 }

--- a/protocol/shadowsocks/inbound_relay.go
+++ b/protocol/shadowsocks/inbound_relay.go
@@ -123,6 +123,8 @@ func (h *RelayInbound) newConnection(ctx context.Context, conn net.Conn, metadat
 	h.logger.InfoContext(ctx, "[", destination, "] inbound connection to ", metadata.Destination)
 	metadata.Inbound = h.Tag()
 	metadata.InboundType = h.Type()
+	metadata.InboundDetour = h.listener.ListenOptions().Detour
+	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
 	return h.router.RouteConnection(ctx, conn, metadata)
 }

--- a/protocol/socks/outbound.go
+++ b/protocol/socks/outbound.go
@@ -10,7 +10,6 @@ import (
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-dns"
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
@@ -115,23 +114,3 @@ func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (n
 	h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
 	return h.client.ListenPacket(ctx, destination)
 }
-
-// TODO
-// Deprecated
-func (h *Outbound) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
-	if h.resolve {
-		return outbound.NewDirectConnection(ctx, h.router, h, conn, metadata, dns.DomainStrategyUseIPv4)
-	} else {
-		return outbound.NewConnection(ctx, h, conn, metadata)
-	}
-}
-
-// TODO
-// Deprecated
-func (h *Outbound) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
-	if h.resolve {
-		return outbound.NewDirectPacketConnection(ctx, h.router, h, conn, metadata, dns.DomainStrategyUseIPv4)
-	} else {
-		return outbound.NewPacketConnection(ctx, h, conn, metadata)
-	}
-}
--- a/protocol/trojan/inbound.go
+++ b/protocol/trojan/inbound.go
@@ -149,7 +149,7 @@ func (h *Inbound) Start() error {

 func (h *Inbound) Close() error {
 	return common.Close(
-		&h.listener,
+		h.listener,
 		h.tlsConfig,
 		h.transport,
 	)
--- a/protocol/tuic/inbound.go
+++ b/protocol/tuic/inbound.go
@@ -17,6 +17,7 @@ import (
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/auth"
 	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"

 	"github.com/gofrs/uuid/v5"
@@ -71,7 +72,7 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 		ZeroRTTHandshake:  options.ZeroRTTHandshake,
 		Heartbeat:         time.Duration(options.Heartbeat),
 		UDPTimeout:        udpTimeout,
-		Handler:           adapter.NewUpstreamHandler(adapter.InboundContext{}, inbound.newConnection, inbound.newPacketConnection, nil),
+		Handler:           inbound,
 	})
 	if err != nil {
 		return nil, err
@@ -99,12 +100,16 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 	return inbound, nil
 }

-func (h *Inbound) newConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
+func (h *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
 	ctx = log.ContextWithNewID(ctx)
+	var metadata adapter.InboundContext
 	metadata.Inbound = h.Tag()
 	metadata.InboundType = h.Type()
 	metadata.InboundDetour = h.listener.ListenOptions().Detour
 	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
+	metadata.OriginDestination = h.listener.UDPAddr()
+	metadata.Source = source
+	metadata.Destination = destination
 	h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source)
 	userID, _ := auth.UserFromContext[int](ctx)
 	if userName := h.userNameList[userID]; userName != "" {
@@ -113,16 +118,19 @@ func (h *Inbound) newConnection(ctx context.Context, conn net.Conn, metadata ada
 	} else {
 		h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
 	}
-	return h.router.RouteConnection(ctx, conn, metadata)
+	h.router.RouteConnectionEx(ctx, conn, metadata, onClose)
 }

-func (h *Inbound) newPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
+func (h *Inbound) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
 	ctx = log.ContextWithNewID(ctx)
+	var metadata adapter.InboundContext
 	metadata.Inbound = h.Tag()
 	metadata.InboundType = h.Type()
 	metadata.InboundDetour = h.listener.ListenOptions().Detour
 	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
 	metadata.OriginDestination = h.listener.UDPAddr()
+	metadata.Source = source
+	metadata.Destination = destination
 	h.logger.InfoContext(ctx, "inbound packet connection from ", metadata.Source)
 	userID, _ := auth.UserFromContext[int](ctx)
 	if userName := h.userNameList[userID]; userName != "" {
@@ -131,7 +139,7 @@ func (h *Inbound) newPacketConnection(ctx context.Context, conn N.PacketConn, me
 	} else {
 		h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination)
 	}
-	return h.router.RoutePacketConnection(ctx, conn, metadata)
+	h.router.RoutePacketConnectionEx(ctx, conn, metadata, onClose)
 }

 func (h *Inbound) Start() error {
@@ -150,7 +158,7 @@ func (h *Inbound) Start() error {

 func (h *Inbound) Close() error {
 	return common.Close(
-		&h.listener,
+		h.listener,
 		h.tlsConfig,
 		common.PtrOrNil(h.server),
 	)
--- a/protocol/vless/inbound.go
+++ b/protocol/vless/inbound.go
@@ -129,7 +129,7 @@ func (h *Inbound) Start() error {
 func (h *Inbound) Close() error {
 	return common.Close(
 		h.service,
-		&h.listener,
+		h.listener,
 		h.tlsConfig,
 		h.transport,
 	)
--- a/protocol/vmess/inbound.go
+++ b/protocol/vmess/inbound.go
@@ -143,7 +143,7 @@ func (h *Inbound) Start() error {
 func (h *Inbound) Close() error {
 	return common.Close(
 		h.service,
-		&h.listener,
+		h.listener,
 		h.tlsConfig,
 		h.transport,
 	)
--- a/protocol/wireguard/outbound.go
+++ b/protocol/wireguard/outbound.go
@@ -16,7 +16,6 @@ import (
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-box/transport/wireguard"
-	"github.com/sagernet/sing-dns"
 	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
@@ -231,15 +230,3 @@ func (w *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (n
 	}
 	return w.tunDevice.ListenPacket(ctx, destination)
 }
-
-// TODO
-// Deprecated
-func (w *Outbound) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
-	return outbound.NewDirectConnection(ctx, w.router, w, conn, metadata, dns.DomainStrategyAsIS)
-}
-
-// TODO
-// Deprecated
-func (w *Outbound) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
-	return outbound.NewDirectPacketConnection(ctx, w.router, w, conn, metadata, dns.DomainStrategyAsIS)
-}
--- a/route/network.go
+++ b/route/network.go
@@ -3,10 +3,12 @@ package route
 import (
 	"context"
 	"errors"
-	"net/netip"
+	"net"
 	"os"
 	"runtime"
+	"strings"
 	"syscall"
+	"time"

 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/conntrack"
@@ -15,33 +17,40 @@ import (
 	"github.com/sagernet/sing-box/experimental/libbox/platform"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-tun"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/atomic"
 	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
+	F "github.com/sagernet/sing/common/format"
 	"github.com/sagernet/sing/common/logger"
 	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/winpowrprof"
 	"github.com/sagernet/sing/service"
 	"github.com/sagernet/sing/service/pause"
+
+	"golang.org/x/exp/slices"
 )

 var _ adapter.NetworkManager = (*NetworkManager)(nil)

 type NetworkManager struct {
-	logger                 logger.ContextLogger
-	interfaceFinder        *control.DefaultInterfaceFinder
+	logger            logger.ContextLogger
+	interfaceFinder   *control.DefaultInterfaceFinder
+	networkInterfaces atomic.TypedValue[[]adapter.NetworkInterface]
+
 	autoDetectInterface    bool
-	defaultInterface       string
-	defaultMark            uint32
+	defaultOptions         adapter.NetworkOptions
 	autoRedirectOutputMark uint32
-	networkMonitor         tun.NetworkUpdateMonitor
-	interfaceMonitor       tun.DefaultInterfaceMonitor
-	packageManager         tun.PackageManager
-	powerListener          winpowrprof.EventListener
-	pauseManager           pause.Manager
-	platformInterface      platform.Interface
-	outboundManager        adapter.OutboundManager
-	wifiState              adapter.WIFIState
-	started                bool
+
+	networkMonitor    tun.NetworkUpdateMonitor
+	interfaceMonitor  tun.DefaultInterfaceMonitor
+	packageManager    tun.PackageManager
+	powerListener     winpowrprof.EventListener
+	pauseManager      pause.Manager
+	platformInterface platform.Interface
+	outboundManager   adapter.OutboundManager
+	wifiState         adapter.WIFIState
+	started           bool
 }

 func NewNetworkManager(ctx context.Context, logger logger.ContextLogger, routeOptions option.RouteOptions) (*NetworkManager, error) {
@@ -49,13 +58,27 @@ func NewNetworkManager(ctx context.Context, logger logger.ContextLogger, routeOp
 		logger:              logger,
 		interfaceFinder:     control.NewDefaultInterfaceFinder(),
 		autoDetectInterface: routeOptions.AutoDetectInterface,
-		defaultInterface:    routeOptions.DefaultInterface,
-		defaultMark:         routeOptions.DefaultMark,
-		pauseManager:        service.FromContext[pause.Manager](ctx),
-		platformInterface:   service.FromContext[platform.Interface](ctx),
-		outboundManager:     service.FromContext[adapter.OutboundManager](ctx),
+		defaultOptions: adapter.NetworkOptions{
+			BindInterface:       routeOptions.DefaultInterface,
+			RoutingMark:         routeOptions.DefaultMark,
+			NetworkStrategy:     C.NetworkStrategy(routeOptions.DefaultNetworkStrategy),
+			NetworkType:         common.Map(routeOptions.DefaultNetworkType, option.InterfaceType.Build),
+			FallbackNetworkType: common.Map(routeOptions.DefaultFallbackNetworkType, option.InterfaceType.Build),
+			FallbackDelay:       time.Duration(routeOptions.DefaultFallbackDelay),
+		},
+		pauseManager:      service.FromContext[pause.Manager](ctx),
+		platformInterface: service.FromContext[platform.Interface](ctx),
+		outboundManager:   service.FromContext[adapter.OutboundManager](ctx),
 	}
-	usePlatformDefaultInterfaceMonitor := nm.platformInterface != nil && nm.platformInterface.UsePlatformDefaultInterfaceMonitor()
+	if C.NetworkStrategy(routeOptions.DefaultNetworkStrategy) != C.NetworkStrategyDefault {
+		if routeOptions.DefaultInterface != "" {
+			return nil, E.New("`default_network_strategy` is conflict with `default_interface`")
+		}
+		if !routeOptions.AutoDetectInterface {
+			return nil, E.New("`auto_detect_interface` is required by `default_network_strategy`")
+		}
+	}
+	usePlatformDefaultInterfaceMonitor := nm.platformInterface != nil
 	enforceInterfaceMonitor := routeOptions.AutoDetectInterface
 	if !usePlatformDefaultInterfaceMonitor {
 		networkMonitor, err := tun.NewNetworkUpdateMonitor(logger)
@@ -75,12 +98,12 @@ func NewNetworkManager(ctx context.Context, logger logger.ContextLogger, routeOp
 			if err != nil {
 				return nil, E.New("auto_detect_interface unsupported on current platform")
 			}
-			interfaceMonitor.RegisterCallback(nm.notifyNetworkUpdate)
+			interfaceMonitor.RegisterCallback(nm.notifyInterfaceUpdate)
 			nm.interfaceMonitor = interfaceMonitor
 		}
 	} else {
 		interfaceMonitor := nm.platformInterface.CreateDefaultInterfaceMonitor(logger)
-		interfaceMonitor.RegisterCallback(nm.notifyNetworkUpdate)
+		interfaceMonitor.RegisterCallback(nm.notifyInterfaceUpdate)
 		nm.interfaceMonitor = interfaceMonitor
 	}
 	return nm, nil
@@ -90,17 +113,17 @@ func (r *NetworkManager) Start(stage adapter.StartStage) error {
 	monitor := taskmonitor.New(r.logger, C.StartTimeout)
 	switch stage {
 	case adapter.StartStateInitialize:
-		if r.interfaceMonitor != nil {
-			monitor.Start("initialize interface monitor")
-			err := r.interfaceMonitor.Start()
+		if r.networkMonitor != nil {
+			monitor.Start("initialize network monitor")
+			err := r.networkMonitor.Start()
 			monitor.Finish()
 			if err != nil {
 				return err
 			}
 		}
-		if r.networkMonitor != nil {
-			monitor.Start("initialize network monitor")
-			err := r.networkMonitor.Start()
+		if r.interfaceMonitor != nil {
+			monitor.Start("initialize interface monitor")
+			err := r.interfaceMonitor.Start()
 			monitor.Finish()
 			if err != nil {
 				return err
@@ -151,20 +174,6 @@ func (r *NetworkManager) Start(stage adapter.StartStage) error {
 func (r *NetworkManager) Close() error {
 	monitor := taskmonitor.New(r.logger, C.StopTimeout)
 	var err error
-	if r.interfaceMonitor != nil {
-		monitor.Start("close interface monitor")
-		err = E.Append(err, r.interfaceMonitor.Close(), func(err error) error {
-			return E.Cause(err, "close interface monitor")
-		})
-		monitor.Finish()
-	}
-	if r.networkMonitor != nil {
-		monitor.Start("close network monitor")
-		err = E.Append(err, r.networkMonitor.Close(), func(err error) error {
-			return E.Cause(err, "close network monitor")
-		})
-		monitor.Finish()
-	}
 	if r.packageManager != nil {
 		monitor.Start("close package manager")
 		err = E.Append(err, r.packageManager.Close(), func(err error) error {
@@ -179,6 +188,20 @@ func (r *NetworkManager) Close() error {
 		})
 		monitor.Finish()
 	}
+	if r.interfaceMonitor != nil {
+		monitor.Start("close interface monitor")
+		err = E.Append(err, r.interfaceMonitor.Close(), func(err error) error {
+			return E.Cause(err, "close interface monitor")
+		})
+		monitor.Finish()
+	}
+	if r.networkMonitor != nil {
+		monitor.Start("close network monitor")
+		err = E.Append(err, r.networkMonitor.Close(), func(err error) error {
+			return E.Cause(err, "close network monitor")
+		})
+		monitor.Finish()
+	}
 	return nil
 }

@@ -187,20 +210,73 @@ func (r *NetworkManager) InterfaceFinder() control.InterfaceFinder {
 }

 func (r *NetworkManager) UpdateInterfaces() error {
-	if r.platformInterface == nil || !r.platformInterface.UsePlatformInterfaceGetter() {
+	if r.platformInterface == nil {
 		return r.interfaceFinder.Update()
 	} else {
 		interfaces, err := r.platformInterface.Interfaces()
 		if err != nil {
 			return err
 		}
-		r.interfaceFinder.UpdateInterfaces(interfaces)
+		if C.IsDarwin {
+			err = r.interfaceFinder.Update()
+			if err != nil {
+				return err
+			}
+			// NEInterface only provides name,index and type
+			interfaces = common.Map(interfaces, func(it adapter.NetworkInterface) adapter.NetworkInterface {
+				iif, _ := r.interfaceFinder.ByIndex(it.Index)
+				if iif != nil {
+					it.Interface = *iif
+				}
+				return it
+			})
+		} else {
+			r.interfaceFinder.UpdateInterfaces(common.Map(interfaces, func(it adapter.NetworkInterface) control.Interface { return it.Interface }))
+		}
+		oldInterfaces := r.networkInterfaces.Load()
+		newInterfaces := common.Filter(interfaces, func(it adapter.NetworkInterface) bool {
+			return it.Flags&net.FlagUp != 0
+		})
+		r.networkInterfaces.Store(newInterfaces)
+		if !slices.EqualFunc(oldInterfaces, newInterfaces, func(oldInterface adapter.NetworkInterface, newInterface adapter.NetworkInterface) bool {
+			return oldInterface.Interface.Index == newInterface.Interface.Index &&
+				oldInterface.Interface.Name == newInterface.Interface.Name &&
+				oldInterface.Interface.Flags == newInterface.Interface.Flags &&
+				oldInterface.Type == newInterface.Type &&
+				oldInterface.Expensive == newInterface.Expensive &&
+				oldInterface.Constrained == newInterface.Constrained
+		}) {
+			r.logger.Info("updated available networks: ", strings.Join(common.Map(newInterfaces, func(it adapter.NetworkInterface) string {
+				var options []string
+				options = append(options, F.ToString(it.Type))
+				if it.Expensive {
+					options = append(options, "expensive")
+				}
+				if it.Constrained {
+					options = append(options, "constrained")
+				}
+				return F.ToString(it.Name, " (", strings.Join(options, ", "), ")")
+			}), ", "))
+		}
 		return nil
 	}
 }

-func (r *NetworkManager) DefaultInterface() string {
-	return r.defaultInterface
+func (r *NetworkManager) DefaultNetworkInterface() *adapter.NetworkInterface {
+	iif := r.interfaceMonitor.DefaultInterface()
+	if iif == nil {
+		return nil
+	}
+	for _, it := range r.networkInterfaces.Load() {
+		if it.Interface.Index == iif.Index {
+			return &it
+		}
+	}
+	return &adapter.NetworkInterface{Interface: *iif}
+}
+
+func (r *NetworkManager) NetworkInterfaces() []adapter.NetworkInterface {
+	return r.networkInterfaces.Load()
 }

 func (r *NetworkManager) AutoDetectInterface() bool {
@@ -220,24 +296,34 @@ func (r *NetworkManager) AutoDetectInterfaceFunc() control.Func {
 		}
 		return control.BindToInterfaceFunc(r.interfaceFinder, func(network string, address string) (interfaceName string, interfaceIndex int, err error) {
 			remoteAddr := M.ParseSocksaddr(address).Addr
-			if C.IsLinux {
-				interfaceName, interfaceIndex = r.interfaceMonitor.DefaultInterface(remoteAddr)
-				if interfaceIndex == -1 {
-					err = tun.ErrNoRoute
-				}
-			} else {
-				interfaceIndex = r.interfaceMonitor.DefaultInterfaceIndex(remoteAddr)
-				if interfaceIndex == -1 {
-					err = tun.ErrNoRoute
+			if remoteAddr.IsValid() {
+				iif, err := r.interfaceFinder.ByAddr(remoteAddr)
+				if err == nil {
+					return iif.Name, iif.Index, nil
 				}
 			}
-			return
+			defaultInterface := r.interfaceMonitor.DefaultInterface()
+			if defaultInterface == nil {
+				return "", -1, tun.ErrNoRoute
+			}
+			return defaultInterface.Name, defaultInterface.Index, nil
 		})
 	}
 }

-func (r *NetworkManager) DefaultMark() uint32 {
-	return r.defaultMark
+func (r *NetworkManager) ProtectFunc() control.Func {
+	if r.platformInterface != nil && r.platformInterface.UsePlatformAutoDetectInterfaceControl() {
+		return func(network, address string, conn syscall.RawConn) error {
+			return control.Raw(conn, func(fd uintptr) error {
+				return r.platformInterface.AutoDetectInterfaceControl(int(fd))
+			})
+		}
+	}
+	return nil
+}
+
+func (r *NetworkManager) DefaultOptions() adapter.NetworkOptions {
+	return r.defaultOptions
 }

 func (r *NetworkManager) RegisterAutoRedirectOutputMark(mark uint32) error {
@@ -279,32 +365,47 @@ func (r *NetworkManager) ResetNetwork() {
 	}
 }

-func (r *NetworkManager) notifyNetworkUpdate(event int) {
-	if event == tun.EventNoRoute {
+func (r *NetworkManager) notifyInterfaceUpdate(defaultInterface *control.Interface, flags int) {
+	if defaultInterface == nil {
 		r.pauseManager.NetworkPause()
 		r.logger.Error("missing default interface")
-	} else {
-		r.pauseManager.NetworkWake()
-		if C.IsAndroid && r.platformInterface == nil {
-			var vpnStatus string
-			if r.interfaceMonitor.AndroidVPNEnabled() {
-				vpnStatus = "enabled"
-			} else {
-				vpnStatus = "disabled"
-			}
-			r.logger.Info("updated default interface ", r.interfaceMonitor.DefaultInterfaceName(netip.IPv4Unspecified()), ", index ", r.interfaceMonitor.DefaultInterfaceIndex(netip.IPv4Unspecified()), ", vpn ", vpnStatus)
+		return
+	}
+
+	r.pauseManager.NetworkWake()
+	var options []string
+	options = append(options, F.ToString("index ", defaultInterface.Index))
+	if C.IsAndroid && r.platformInterface == nil {
+		var vpnStatus string
+		if r.interfaceMonitor.AndroidVPNEnabled() {
+			vpnStatus = "enabled"
 		} else {
-			r.logger.Info("updated default interface ", r.interfaceMonitor.DefaultInterfaceName(netip.IPv4Unspecified()), ", index ", r.interfaceMonitor.DefaultInterfaceIndex(netip.IPv4Unspecified()))
+			vpnStatus = "disabled"
 		}
-		if r.platformInterface != nil {
-			state := r.platformInterface.ReadWIFIState()
-			if state != r.wifiState {
-				r.wifiState = state
-				if state.SSID == "" && state.BSSID == "" {
-					r.logger.Info("updated WIFI state: disconnected")
-				} else {
-					r.logger.Info("updated WIFI state: SSID=", state.SSID, ", BSSID=", state.BSSID)
-				}
+		options = append(options, "vpn "+vpnStatus)
+	} else if r.platformInterface != nil {
+		networkInterface := common.Find(r.networkInterfaces.Load(), func(it adapter.NetworkInterface) bool {
+			return it.Interface.Index == defaultInterface.Index
+		})
+		if networkInterface.Name == "" {
+			// race
+			return
+		}
+		options = append(options, F.ToString("type ", networkInterface.Type))
+		if networkInterface.Expensive {
+			options = append(options, "expensive")
+		}
+		if networkInterface.Constrained {
+			options = append(options, "constrained")
+		}
+	}
+	r.logger.Info("updated default interface ", defaultInterface.Name, ", ", strings.Join(options, ", "))
+	if r.platformInterface != nil {
+		state := r.platformInterface.ReadWIFIState()
+		if state != r.wifiState {
+			r.wifiState = state
+			if state.SSID != "" {
+				r.logger.Info("updated WIFI state: SSID=", state.SSID, ", BSSID=", state.BSSID)
 			}
 		}
 	}
@@ -312,7 +413,6 @@ func (r *NetworkManager) notifyNetworkUpdate(event int) {
 	if !r.started {
 		return
 	}
-
 	r.ResetNetwork()
 }

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
世界	7aab073aa5	documentation: Bump version	2024-11-15 17:21:48 +08:00
世界	0c7c64c2d4	Fix missing inbound options	2024-11-15 17:21:48 +08:00
世界	94abfdcab2	Fix HandshakeFailure usages	2024-11-15 17:14:19 +08:00
世界	8e4327c6cb	Fix close listener	2024-11-15 17:14:19 +08:00
世界	fe610db7ab	documentation: Add override destination to route options	2024-11-15 17:14:19 +08:00
世界	0ac42102aa	Add override destination to route options	2024-11-15 17:11:20 +08:00
世界	667e2ba083	release: Notarize macos standalone manually with --no-s3-acceleration	2024-11-14 17:53:50 +08:00
世界	2fb041ac9a	Fix logical dns rule	2024-11-14 17:53:48 +08:00
世界	5139e5232e	Add `dns.cache_capacity`	2024-11-14 17:53:44 +08:00
世界	d1eff7fcca	documentation: Bump version	2024-11-13 22:07:38 +08:00
世界	61f89206ec	documentation: Refactor multi networks strategy	2024-11-13 22:07:38 +08:00
世界	55b2e114f6	Refactor multi networks strategy	2024-11-13 22:07:38 +08:00
世界	2be7482e32	Fix match clash mode	2024-11-13 17:06:39 +08:00
世界	e18b527eaa	documentation: Bump version	2024-11-13 14:33:23 +08:00
世界	63e38cccf5	documentation: Add parallel network dialing	2024-11-13 14:33:23 +08:00
世界	9e42012737	documentation: Remove unused titles	2024-11-13 14:33:14 +08:00
世界	96dab3ba25	selector: Fix crash before start	2024-11-13 14:33:14 +08:00
世界	4d9f11d5f0	http: Fix proxying websocket	2024-11-13 14:33:14 +08:00
世界	15a9876a10	Add multi network dialing	2024-11-13 14:33:14 +08:00
世界	8cb11bf322	Fix rule match	2024-11-13 10:39:00 +08:00
世界	edf40da07c	Fix check interface	2024-11-12 14:37:27 +08:00
世界	7f99cab893	Downgrade NDK to 26.2.11394342	2024-11-12 12:56:31 +08:00
世界	c0e48f865e	documentation: Bump version	2024-11-12 11:25:30 +08:00
世界	0d1b3226cd	Fix match rules	2024-11-12 11:25:12 +08:00
世界	26064a9fdc	documentation: Bump version	2024-11-11 20:13:55 +08:00
世界	d8e66b9180	documentation: Add new rule item types	2024-11-11 20:13:55 +08:00
世界	c59f282b7d	documentation: Merge route options to route actions	2024-11-11 20:13:55 +08:00
世界	aa35ae1736	Add `network_[type/is_expensive/is_constrained]` rule items	2024-11-11 20:13:55 +08:00
世界	ef2a2fdd52	Merge route options to route actions	2024-11-11 20:13:55 +08:00
世界	9988144868	Fix decompile rule-set	2024-11-11 20:13:55 +08:00
世界	412701d4c5	refactor: Platform Interfaces	2024-11-11 20:13:55 +08:00
世界	b6c940af61	Fix match rules	2024-11-11 16:06:56 +08:00
世界	1edb80adcc	Fix start stage	2024-11-11 16:04:27 +08:00