documentation: Bump version

adapter/connections.go

@@ -8,7 +8,8 @@ import (
 )
 
 type ConnectionManager interface {
-	Lifecycle
+	Start() error
+	Close() error
 	NewConnection(ctx context.Context, this N.Dialer, conn net.Conn, metadata InboundContext, onClose N.CloseHandlerFunc)
 	NewPacketConnection(ctx context.Context, this N.Dialer, conn N.PacketConn, metadata InboundContext, onClose N.CloseHandlerFunc)
 }

adapter/inbound.go

@@ -70,12 +70,10 @@ type InboundContext struct {
 	InboundOptions            option.InboundOptions
 	UDPDisableDomainUnmapping bool
 	UDPConnect                bool
-	UDPTimeout                time.Duration
-
-	NetworkStrategy     C.NetworkStrategy
-	NetworkType         []C.InterfaceType
-	FallbackNetworkType []C.InterfaceType
-	FallbackDelay       time.Duration
+	NetworkStrategy           C.NetworkStrategy
+	NetworkType               []C.InterfaceType
+	FallbackNetworkType       []C.InterfaceType
+	FallbackDelay             time.Duration
 
 	DNSServer string
 

adapter/outbound/default.go

@@ -0,0 +1,157 @@
+package outbound
+
+import (
+	"context"
+	"net"
+	"net/netip"
+	"os"
+	"time"
+
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/common/dialer"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	"github.com/sagernet/sing/common/canceler"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+func NewConnection(ctx context.Context, this N.Dialer, conn net.Conn, metadata adapter.InboundContext) error {
+	defer conn.Close()
+	ctx = adapter.WithContext(ctx, &metadata)
+	var outConn net.Conn
+	var err error
+	if len(metadata.DestinationAddresses) > 0 {
+		outConn, err = dialer.DialSerialNetwork(ctx, this, N.NetworkTCP, metadata.Destination, metadata.DestinationAddresses, metadata.NetworkStrategy, metadata.NetworkType, metadata.FallbackNetworkType, metadata.FallbackDelay)
+	} else {
+		outConn, err = this.DialContext(ctx, N.NetworkTCP, metadata.Destination)
+	}
+	if err != nil {
+		return N.ReportHandshakeFailure(conn, err)
+	}
+	err = N.ReportConnHandshakeSuccess(conn, outConn)
+	if err != nil {
+		outConn.Close()
+		return err
+	}
+	return CopyEarlyConn(ctx, conn, outConn)
+}
+
+func NewPacketConnection(ctx context.Context, this N.Dialer, conn N.PacketConn, metadata adapter.InboundContext) error {
+	defer conn.Close()
+	ctx = adapter.WithContext(ctx, &metadata)
+	var (
+		outPacketConn      net.PacketConn
+		outConn            net.Conn
+		destinationAddress netip.Addr
+		err                error
+	)
+	if metadata.UDPConnect {
+		if len(metadata.DestinationAddresses) > 0 {
+			if parallelDialer, isParallelDialer := this.(dialer.ParallelInterfaceDialer); isParallelDialer {
+				outConn, err = dialer.DialSerialNetwork(ctx, parallelDialer, N.NetworkUDP, metadata.Destination, metadata.DestinationAddresses, metadata.NetworkStrategy, metadata.NetworkType, metadata.FallbackNetworkType, metadata.FallbackDelay)
+			} else {
+				outConn, err = N.DialSerial(ctx, this, N.NetworkUDP, metadata.Destination, metadata.DestinationAddresses)
+			}
+		} else {
+			outConn, err = this.DialContext(ctx, N.NetworkUDP, metadata.Destination)
+		}
+		if err != nil {
+			return N.ReportHandshakeFailure(conn, err)
+		}
+		outPacketConn = bufio.NewUnbindPacketConn(outConn)
+		connRemoteAddr := M.AddrFromNet(outConn.RemoteAddr())
+		if connRemoteAddr != metadata.Destination.Addr {
+			destinationAddress = connRemoteAddr
+		}
+	} else {
+		if len(metadata.DestinationAddresses) > 0 {
+			outPacketConn, destinationAddress, err = dialer.ListenSerialNetworkPacket(ctx, this, metadata.Destination, metadata.DestinationAddresses, metadata.NetworkStrategy, metadata.NetworkType, metadata.FallbackNetworkType, metadata.FallbackDelay)
+		} else {
+			outPacketConn, err = this.ListenPacket(ctx, metadata.Destination)
+		}
+		if err != nil {
+			return N.ReportHandshakeFailure(conn, err)
+		}
+	}
+	err = N.ReportPacketConnHandshakeSuccess(conn, outPacketConn)
+	if err != nil {
+		outPacketConn.Close()
+		return err
+	}
+	if destinationAddress.IsValid() {
+		var originDestination M.Socksaddr
+		if metadata.RouteOriginalDestination.IsValid() {
+			originDestination = metadata.RouteOriginalDestination
+		} else {
+			originDestination = metadata.Destination
+		}
+		if metadata.Destination != M.SocksaddrFrom(destinationAddress, metadata.Destination.Port) {
+			if metadata.UDPDisableDomainUnmapping {
+				outPacketConn = bufio.NewUnidirectionalNATPacketConn(bufio.NewPacketConn(outPacketConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), originDestination)
+			} else {
+				outPacketConn = bufio.NewNATPacketConn(bufio.NewPacketConn(outPacketConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), originDestination)
+			}
+		}
+		if natConn, loaded := common.Cast[bufio.NATPacketConn](conn); loaded {
+			natConn.UpdateDestination(destinationAddress)
+		}
+	}
+	switch metadata.Protocol {
+	case C.ProtocolSTUN:
+		ctx, conn = canceler.NewPacketConn(ctx, conn, C.STUNTimeout)
+	case C.ProtocolQUIC:
+		ctx, conn = canceler.NewPacketConn(ctx, conn, C.QUICTimeout)
+	case C.ProtocolDNS:
+		ctx, conn = canceler.NewPacketConn(ctx, conn, C.DNSTimeout)
+	}
+	return bufio.CopyPacketConn(ctx, conn, bufio.NewPacketConn(outPacketConn))
+}
+
+func CopyEarlyConn(ctx context.Context, conn net.Conn, serverConn net.Conn) error {
+	if cachedReader, isCached := conn.(N.CachedReader); isCached {
+		payload := cachedReader.ReadCached()
+		if payload != nil && !payload.IsEmpty() {
+			_, err := serverConn.Write(payload.Bytes())
+			payload.Release()
+			if err != nil {
+				serverConn.Close()
+				return err
+			}
+			return bufio.CopyConn(ctx, conn, serverConn)
+		}
+	}
+	if earlyConn, isEarlyConn := common.Cast[N.EarlyConn](serverConn); isEarlyConn && earlyConn.NeedHandshake() {
+		payload := buf.NewPacket()
+		err := conn.SetReadDeadline(time.Now().Add(C.ReadPayloadTimeout))
+		if err != os.ErrInvalid {
+			if err != nil {
+				payload.Release()
+				serverConn.Close()
+				return err
+			}
+			_, err = payload.ReadOnceFrom(conn)
+			if err != nil && !E.IsTimeout(err) {
+				payload.Release()
+				serverConn.Close()
+				return E.Cause(err, "read payload")
+			}
+			err = conn.SetReadDeadline(time.Time{})
+			if err != nil {
+				payload.Release()
+				serverConn.Close()
+				return err
+			}
+		}
+		_, err = serverConn.Write(payload.Bytes())
+		payload.Release()
+		if err != nil {
+			serverConn.Close()
+			return N.ReportHandshakeFailure(conn, err)
+		}
+	}
+	return bufio.CopyConn(ctx, conn, serverConn)
+}

box.go

@@ -336,11 +336,11 @@ func (s *Box) preStart() error {
 	if err != nil {
 		return err
 	}
-	err = adapter.Start(adapter.StartStateInitialize, s.network, s.connection, s.router, s.outbound, s.inbound, s.endpoint)
+	err = adapter.Start(adapter.StartStateInitialize, s.network, s.router, s.outbound, s.inbound, s.endpoint)
 	if err != nil {
 		return err
 	}
-	err = adapter.Start(adapter.StartStateStart, s.outbound, s.network, s.connection, s.router)
+	err = adapter.Start(adapter.StartStateStart, s.outbound, s.network, s.router)
 	if err != nil {
 		return err
 	}
@@ -364,7 +364,7 @@ func (s *Box) start() error {
 	if err != nil {
 		return err
 	}
-	err = adapter.Start(adapter.StartStatePostStart, s.outbound, s.network, s.connection, s.router, s.inbound, s.endpoint)
+	err = adapter.Start(adapter.StartStatePostStart, s.outbound, s.network, s.router, s.inbound, s.endpoint)
 	if err != nil {
 		return err
 	}
@@ -372,7 +372,7 @@ func (s *Box) start() error {
 	if err != nil {
 		return err
 	}
-	err = adapter.Start(adapter.StartStateStarted, s.network, s.connection, s.router, s.outbound, s.inbound, s.endpoint)
+	err = adapter.Start(adapter.StartStateStarted, s.network, s.router, s.outbound, s.inbound, s.endpoint)
 	if err != nil {
 		return err
 	}
@@ -391,7 +391,7 @@ func (s *Box) Close() error {
 		close(s.done)
 	}
 	err := common.Close(
-		s.inbound, s.outbound, s.router, s.connection, s.network,
+		s.inbound, s.outbound, s.router, s.network,
 	)
 	for _, lifecycleService := range s.services {
 		err = E.Append(err, lifecycleService.Close(), func(err error) error {

constant/protocol.go

@@ -10,7 +10,6 @@ const (
 	ProtocolDTLS       = "dtls"
 	ProtocolSSH        = "ssh"
 	ProtocolRDP        = "rdp"
-	ProtocolNTP        = "ntp"
 )
 
 const (

constant/timeout.go

@@ -9,6 +9,8 @@ const (
 	TCPTimeout                 = 15 * time.Second
 	ReadPayloadTimeout         = 300 * time.Millisecond
 	DNSTimeout                 = 10 * time.Second
+	QUICTimeout                = 30 * time.Second
+	STUNTimeout                = 15 * time.Second
 	UDPTimeout                 = 5 * time.Minute
 	DefaultURLTestInterval     = 3 * time.Minute
 	DefaultURLTestIdleTimeout  = 30 * time.Minute
@@ -17,18 +19,3 @@ const (
 	FatalStopTimeout           = 10 * time.Second
 	FakeIPMetadataSaveInterval = 10 * time.Second
 )
-
-var PortProtocols = map[uint16]string{
-	53:   ProtocolDNS,
-	123:  ProtocolNTP,
-	3478: ProtocolSTUN,
-	443:  ProtocolQUIC,
-}
-
-var ProtocolTimeouts = map[string]time.Duration{
-	ProtocolDNS:  10 * time.Second,
-	ProtocolNTP:  10 * time.Second,
-	ProtocolSTUN: 10 * time.Second,
-	ProtocolQUIC: 30 * time.Second,
-	ProtocolDTLS: 30 * time.Second,
-}

docs/changelog.md

@@ -2,20 +2,10 @@
 icon: material/alert-decagram
 ---
 
-#### 1.11.0-alpha.25
+#### 1.11.0-alpha.21
 
-* Update quic-go to v0.48.2
 * Fixes and improvements
 
-#### 1.11.0-alpha.22
-
-* Add UDP timeout route option **1**
-* Fixes and improvements
-
-**1**:
-
-See [Rule Action](/configuration/route/rule_action/#udp_timeout).
-
 #### 1.11.0-alpha.20
 
 * Add UDP GSO support for WireGuard

docs/configuration/route/rule_action.md

@@ -41,8 +41,7 @@ See `route-options` fields below.
   "network_strategy": "",
   "fallback_delay": "",
   "udp_disable_domain_unmapping": false,
-  "udp_connect": false,
-  "udp_timeout": ""
+  "udp_connect": false
 }
 ```
 
@@ -87,28 +86,6 @@ do not support receiving UDP packets with domain addresses, such as Surge.
 
 If enabled, attempts to connect UDP connection to the destination instead of listen.
 
-#### udp_timeout
-
-Timeout for UDP connections.
-
-Setting a larger value than the UDP timeout in inbounds will have no effect.
-
-Default value for protocol sniffed connections:
-
-| Timeout | Protocol             |
-|---------|----------------------|
-| `10s`   | `dns`, `ntp`, `stun` |
-| `30s`   | `quic`, `dtls`       |
-
-If no protocol is sniffed, the following ports will be recognized as protocols by default:
-
-| Port | Protocol |
-|------|----------|
-| 53   | `dns`    |
-| 123  | `ntp`    |
-| 443  | `quic`   |
-| 3478 | `stun`   |
-
 ### reject
 
 ```json

docs/configuration/route/rule_action.zh.md

@@ -37,8 +37,7 @@ icon: material/new-box
   "network_strategy": "",
   "fallback_delay": "",
   "udp_disable_domain_unmapping": false,
-  "udp_connect": false,
-  "udp_timeout": ""
+  "udp_connect": false
 }
 ```
 
@@ -85,28 +84,6 @@ icon: material/new-box
 
 如果启用，将尝试将 UDP 连接 connect 到目标而不是 listen。
 
-#### udp_timeout
-
-UDP 连接超时时间。
-
-设置比入站 UDP 超时更大的值将无效。
-
-已探测协议连接的默认值：
-
-| 超时    | 协议                   |
-|-------|----------------------|
-| `10s` | `dns`, `ntp`, `stun` |
-| `30s` | `quic`, `dtls`       |
-
-如果没有探测到协议，以下端口将默认识别为协议：
-
-| 端口   | 协议     |
-|------|--------|
-| 53   | `dns`  |
-| 123  | `ntp`  |
-| 443  | `quic` |
-| 3478 | `stun` |
-
 ### reject
 
 ```json

experimental/clashapi/configs.go

@@ -18,19 +18,17 @@ func configRouter(server *Server, logFactory log.Factory) http.Handler {
 }
 
 type configSchema struct {
-	Port        int    `json:"port"`
-	SocksPort   int    `json:"socks-port"`
-	RedirPort   int    `json:"redir-port"`
-	TProxyPort  int    `json:"tproxy-port"`
-	MixedPort   int    `json:"mixed-port"`
-	AllowLan    bool   `json:"allow-lan"`
-	BindAddress string `json:"bind-address"`
-	Mode        string `json:"mode"`
-	// sing-box added
-	ModeList []string       `json:"mode-list"`
-	LogLevel string         `json:"log-level"`
-	IPv6     bool           `json:"ipv6"`
-	Tun      map[string]any `json:"tun"`
+	Port        int            `json:"port"`
+	SocksPort   int            `json:"socks-port"`
+	RedirPort   int            `json:"redir-port"`
+	TProxyPort  int            `json:"tproxy-port"`
+	MixedPort   int            `json:"mixed-port"`
+	AllowLan    bool           `json:"allow-lan"`
+	BindAddress string         `json:"bind-address"`
+	Mode        string         `json:"mode"`
+	LogLevel    string         `json:"log-level"`
+	IPv6        bool           `json:"ipv6"`
+	Tun         map[string]any `json:"tun"`
 }
 
 func getConfigs(server *Server, logFactory log.Factory) func(w http.ResponseWriter, r *http.Request) {
@@ -43,7 +41,6 @@ func getConfigs(server *Server, logFactory log.Factory) func(w http.ResponseWrit
 		}
 		render.JSON(w, r, &configSchema{
 			Mode:        server.mode,
-			ModeList:    server.modeList,
 			BindAddress: "*",
 			LogLevel:    log.FormatLevel(logLevel),
 		})

go.mod

@@ -23,16 +23,16 @@ require (
 	github.com/sagernet/fswatch v0.1.1
 	github.com/sagernet/gomobile v0.1.4
 	github.com/sagernet/gvisor v0.0.0-20241123041152-536d05261cff
-	github.com/sagernet/quic-go v0.48.2-beta.1
+	github.com/sagernet/quic-go v0.48.1-beta.1
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691
-	github.com/sagernet/sing v0.6.0-alpha.23
+	github.com/sagernet/sing v0.6.0-alpha.18
 	github.com/sagernet/sing-dns v0.4.0-alpha.3
 	github.com/sagernet/sing-mux v0.3.0-alpha.1
 	github.com/sagernet/sing-quic v0.4.0-alpha.4
 	github.com/sagernet/sing-shadowsocks v0.2.7
 	github.com/sagernet/sing-shadowsocks2 v0.2.0
 	github.com/sagernet/sing-shadowtls v0.2.0-alpha.2
-	github.com/sagernet/sing-tun v0.6.0-alpha.15
+	github.com/sagernet/sing-tun v0.6.0-alpha.14
 	github.com/sagernet/sing-vmess v0.2.0-beta.1
 	github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7
 	github.com/sagernet/utls v1.6.7

go.sum

@@ -105,13 +105,13 @@ github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZN
 github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
 github.com/sagernet/nftables v0.3.0-beta.4 h1:kbULlAwAC3jvdGAC1P5Fa3GSxVwQJibNenDW2zaXr8I=
 github.com/sagernet/nftables v0.3.0-beta.4/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/llyVDeapVoENYBDS8=
-github.com/sagernet/quic-go v0.48.2-beta.1 h1:W0plrLWa1XtOWDTdX3CJwxmQuxkya12nN5BRGZ87kEg=
-github.com/sagernet/quic-go v0.48.2-beta.1/go.mod h1:1WgdDIVD1Gybp40JTWketeSfKA/+or9YMLaG5VeTk4k=
+github.com/sagernet/quic-go v0.48.1-beta.1 h1:ElPaV5yzlXIKZpqFMAcUGax6vddi3zt4AEpT94Z0vwo=
+github.com/sagernet/quic-go v0.48.1-beta.1/go.mod h1:1WgdDIVD1Gybp40JTWketeSfKA/+or9YMLaG5VeTk4k=
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byLGkEnIYp6grlXfo1QYUfiYFGjewIdc=
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.2.18/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo=
-github.com/sagernet/sing v0.6.0-alpha.23 h1:heJW7Lo1FtzXB9Ov5aVGhidFc9IcC4yXqCXJWkWaQ6I=
-github.com/sagernet/sing v0.6.0-alpha.23/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing v0.6.0-alpha.18 h1:ih4CurU8KvbhfagYjSqVrE2LR0oBSXSZTNH2sAGPGiM=
+github.com/sagernet/sing v0.6.0-alpha.18/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/sagernet/sing-dns v0.4.0-alpha.3 h1:TcAQdz68Gs28VD9o9zDIW7IS8A9LZDruTPI9g9JbGHA=
 github.com/sagernet/sing-dns v0.4.0-alpha.3/go.mod h1:9LHcYKg2bGQpbtXrfNbopz8ok/zBK9ljiI2kmFG9JKg=
 github.com/sagernet/sing-mux v0.3.0-alpha.1 h1:IgNX5bJBpL41gGbp05pdDOvh/b5eUQ6cv9240+Ngipg=
@@ -124,8 +124,10 @@ github.com/sagernet/sing-shadowsocks2 v0.2.0 h1:wpZNs6wKnR7mh1wV9OHwOyUr21VkS3wK
 github.com/sagernet/sing-shadowsocks2 v0.2.0/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
 github.com/sagernet/sing-shadowtls v0.2.0-alpha.2 h1:RPrpgAdkP5td0vLfS5ldvYosFjSsZtRPxiyLV6jyKg0=
 github.com/sagernet/sing-shadowtls v0.2.0-alpha.2/go.mod h1:0j5XlzKxaWRIEjc1uiSKmVoWb0k+L9QgZVb876+thZA=
-github.com/sagernet/sing-tun v0.6.0-alpha.15 h1:ZsngBYUQMTXpQ7K6Y0zJibdFuGO4lNuQ4VceNGOzdUI=
-github.com/sagernet/sing-tun v0.6.0-alpha.15/go.mod h1:keTVH3yiyP6pxCtTREYiUbq3U3zPMeG6AjEgAie63DA=
+github.com/sagernet/sing-tun v0.6.0-alpha.14 h1:0nE66HdC6nBSOaUG0CEV5rwB5Te3Gts9buVOPvWrGT4=
+github.com/sagernet/sing-tun v0.6.0-alpha.14/go.mod h1:xvZlEl1EGBbQeshv4UXmG7hA3f0ngFjpdCIYk308vfg=
+github.com/sagernet/sing-vmess v0.1.13-0.20241123134803-8b806fd4b087 h1:p92kbwAIm5Is8V+fK6IB61AZs/nfWoyxxJeib2Dh2o0=
+github.com/sagernet/sing-vmess v0.1.13-0.20241123134803-8b806fd4b087/go.mod h1:fLyE1emIcvQ5DV8reFWnufquZ7MkCSYM5ThodsR9NrQ=
 github.com/sagernet/sing-vmess v0.2.0-beta.1 h1:5sXQ23uwNlZuDvygzi0dFtnG0Csm/SNqTjAHXJkpuj4=
 github.com/sagernet/sing-vmess v0.2.0-beta.1/go.mod h1:fLyE1emIcvQ5DV8reFWnufquZ7MkCSYM5ThodsR9NrQ=
 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxeq2z31Fpv8CQqqrUwTbrIRumZqQ=

option/rule_action.go

@@ -148,9 +148,8 @@ type RawRouteOptionsActionOptions struct {
 	NetworkStrategy NetworkStrategy `json:"network_strategy,omitempty"`
 	FallbackDelay   uint32          `json:"fallback_delay,omitempty"`
 
-	UDPDisableDomainUnmapping bool               `json:"udp_disable_domain_unmapping,omitempty"`
-	UDPConnect                bool               `json:"udp_connect,omitempty"`
-	UDPTimeout                badoption.Duration `json:"udp_timeout,omitempty"`
+	UDPDisableDomainUnmapping bool `json:"udp_disable_domain_unmapping,omitempty"`
+	UDPConnect                bool `json:"udp_connect,omitempty"`
 }
 
 type RouteOptionsActionOptions RawRouteOptionsActionOptions

option/wireguard.go

@@ -14,7 +14,7 @@ type WireGuardEndpointOptions struct {
 	PrivateKey string                           `json:"private_key"`
 	ListenPort uint16                           `json:"listen_port,omitempty"`
 	Peers      []WireGuardPeer                  `json:"peers,omitempty"`
-	UDPTimeout badoption.Duration               `json:"udp_timeout,omitempty"`
+	UDPTimeout UDPTimeoutCompat                 `json:"udp_timeout,omitempty"`
 	Workers    int                              `json:"workers,omitempty"`
 	DialerOptions
 }

protocol/group/selector.go

@@ -10,7 +10,6 @@ import (
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing/common/atomic"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
 	M "github.com/sagernet/sing/common/metadata"
@@ -22,22 +21,17 @@ func RegisterSelector(registry *outbound.Registry) {
 	outbound.Register[option.SelectorOutboundOptions](registry, C.TypeSelector, NewSelector)
 }
 
-var (
-	_ adapter.OutboundGroup             = (*Selector)(nil)
-	_ adapter.ConnectionHandlerEx       = (*Selector)(nil)
-	_ adapter.PacketConnectionHandlerEx = (*Selector)(nil)
-)
+var _ adapter.OutboundGroup = (*Selector)(nil)
 
 type Selector struct {
 	outbound.Adapter
 	ctx                          context.Context
-	outbound                     adapter.OutboundManager
-	connection                   adapter.ConnectionManager
+	outboundManager              adapter.OutboundManager
 	logger                       logger.ContextLogger
 	tags                         []string
 	defaultTag                   string
 	outbounds                    map[string]adapter.Outbound
-	selected                     atomic.TypedValue[adapter.Outbound]
+	selected                     adapter.Outbound
 	interruptGroup               *interrupt.Group
 	interruptExternalConnections bool
 }
@@ -46,8 +40,7 @@ func NewSelector(ctx context.Context, router adapter.Router, logger log.ContextL
 	outbound := &Selector{
 		Adapter:                      outbound.NewAdapter(C.TypeSelector, tag, nil, options.Outbounds),
 		ctx:                          ctx,
-		outbound:                     service.FromContext[adapter.OutboundManager](ctx),
-		connection:                   service.FromContext[adapter.ConnectionManager](ctx),
+		outboundManager:              service.FromContext[adapter.OutboundManager](ctx),
 		logger:                       logger,
 		tags:                         options.Outbounds,
 		defaultTag:                   options.Default,
@@ -62,16 +55,15 @@ func NewSelector(ctx context.Context, router adapter.Router, logger log.ContextL
 }
 
 func (s *Selector) Network() []string {
-	selected := s.selected.Load()
-	if selected == nil {
+	if s.selected == nil {
 		return []string{N.NetworkTCP, N.NetworkUDP}
 	}
-	return selected.Network()
+	return s.selected.Network()
 }
 
 func (s *Selector) Start() error {
 	for i, tag := range s.tags {
-		detour, loaded := s.outbound.Outbound(tag)
+		detour, loaded := s.outboundManager.Outbound(tag)
 		if !loaded {
 			return E.New("outbound ", i, " not found: ", tag)
 		}
@@ -85,7 +77,7 @@ func (s *Selector) Start() error {
 			if selected != "" {
 				detour, loaded := s.outbounds[selected]
 				if loaded {
-					s.selected.Store(detour)
+					s.selected = detour
 					return nil
 				}
 			}
@@ -97,16 +89,16 @@ func (s *Selector) Start() error {
 		if !loaded {
 			return E.New("default outbound not found: ", s.defaultTag)
 		}
-		s.selected.Store(detour)
+		s.selected = detour
 		return nil
 	}
 
-	s.selected.Store(s.outbounds[s.tags[0]])
+	s.selected = s.outbounds[s.tags[0]]
 	return nil
 }
 
 func (s *Selector) Now() string {
-	selected := s.selected.Load()
+	selected := s.selected
 	if selected == nil {
 		return s.tags[0]
 	}
@@ -122,9 +114,10 @@ func (s *Selector) SelectOutbound(tag string) bool {
 	if !loaded {
 		return false
 	}
-	if s.selected.Swap(detour) == detour {
+	if s.selected == detour {
 		return true
 	}
+	s.selected = detour
 	if s.Tag() != "" {
 		cacheFile := service.FromContext[adapter.CacheFile](s.ctx)
 		if cacheFile != nil {
@@ -139,7 +132,7 @@ func (s *Selector) SelectOutbound(tag string) bool {
 }
 
 func (s *Selector) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	conn, err := s.selected.Load().DialContext(ctx, network, destination)
+	conn, err := s.selected.DialContext(ctx, network, destination)
 	if err != nil {
 		return nil, err
 	}
@@ -147,30 +140,32 @@ func (s *Selector) DialContext(ctx context.Context, network string, destination
 }
 
 func (s *Selector) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	conn, err := s.selected.Load().ListenPacket(ctx, destination)
+	conn, err := s.selected.ListenPacket(ctx, destination)
 	if err != nil {
 		return nil, err
 	}
 	return s.interruptGroup.NewPacketConn(conn, interrupt.IsExternalConnectionFromContext(ctx)), nil
 }
 
-func (s *Selector) NewConnectionEx(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
+// TODO
+// Deprecated
+func (s *Selector) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
 	ctx = interrupt.ContextWithIsExternalConnection(ctx)
-	selected := s.selected.Load()
-	if outboundHandler, isHandler := selected.(adapter.ConnectionHandlerEx); isHandler {
-		outboundHandler.NewConnectionEx(ctx, conn, metadata, onClose)
+	if legacyHandler, ok := s.selected.(adapter.ConnectionHandler); ok {
+		return legacyHandler.NewConnection(ctx, conn, metadata)
 	} else {
-		s.connection.NewConnection(ctx, selected, conn, metadata, onClose)
+		return outbound.NewConnection(ctx, s.selected, conn, metadata)
 	}
 }
 
-func (s *Selector) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
+// TODO
+// Deprecated
+func (s *Selector) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
 	ctx = interrupt.ContextWithIsExternalConnection(ctx)
-	selected := s.selected.Load()
-	if outboundHandler, isHandler := selected.(adapter.PacketConnectionHandlerEx); isHandler {
-		outboundHandler.NewPacketConnectionEx(ctx, conn, metadata, onClose)
+	if legacyHandler, ok := s.selected.(adapter.PacketConnectionHandler); ok {
+		return legacyHandler.NewPacketConnection(ctx, conn, metadata)
 	} else {
-		s.connection.NewPacketConnection(ctx, selected, conn, metadata, onClose)
+		return outbound.NewPacketConnection(ctx, s.selected, conn, metadata)
 	}
 }
 

protocol/group/urltest.go

@@ -36,8 +36,7 @@ type URLTest struct {
 	outbound.Adapter
 	ctx                          context.Context
 	router                       adapter.Router
-	outbound                     adapter.OutboundManager
-	connection                   adapter.ConnectionManager
+	outboundManager              adapter.OutboundManager
 	logger                       log.ContextLogger
 	tags                         []string
 	link                         string
@@ -53,8 +52,7 @@ func NewURLTest(ctx context.Context, router adapter.Router, logger log.ContextLo
 		Adapter:                      outbound.NewAdapter(C.TypeURLTest, tag, []string{N.NetworkTCP, N.NetworkUDP}, options.Outbounds),
 		ctx:                          ctx,
 		router:                       router,
-		outbound:                     service.FromContext[adapter.OutboundManager](ctx),
-		connection:                   service.FromContext[adapter.ConnectionManager](ctx),
+		outboundManager:              service.FromContext[adapter.OutboundManager](ctx),
 		logger:                       logger,
 		tags:                         options.Outbounds,
 		link:                         options.URL,
@@ -72,13 +70,13 @@ func NewURLTest(ctx context.Context, router adapter.Router, logger log.ContextLo
 func (s *URLTest) Start() error {
 	outbounds := make([]adapter.Outbound, 0, len(s.tags))
 	for i, tag := range s.tags {
-		detour, loaded := s.outbound.Outbound(tag)
+		detour, loaded := s.outboundManager.Outbound(tag)
 		if !loaded {
 			return E.New("outbound ", i, " not found: ", tag)
 		}
 		outbounds = append(outbounds, detour)
 	}
-	group, err := NewURLTestGroup(s.ctx, s.outbound, s.logger, outbounds, s.link, s.interval, s.tolerance, s.idleTimeout, s.interruptExternalConnections)
+	group, err := NewURLTestGroup(s.ctx, s.outboundManager, s.logger, outbounds, s.link, s.interval, s.tolerance, s.idleTimeout, s.interruptExternalConnections)
 	if err != nil {
 		return err
 	}
@@ -162,14 +160,18 @@ func (s *URLTest) ListenPacket(ctx context.Context, destination M.Socksaddr) (ne
 	return nil, err
 }
 
-func (s *URLTest) NewConnectionEx(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
+// TODO
+// Deprecated
+func (s *URLTest) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
 	ctx = interrupt.ContextWithIsExternalConnection(ctx)
-	s.connection.NewConnection(ctx, s, conn, metadata, onClose)
+	return outbound.NewConnection(ctx, s, conn, metadata)
 }
 
-func (s *URLTest) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
+// TODO
+// Deprecated
+func (s *URLTest) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
 	ctx = interrupt.ContextWithIsExternalConnection(ctx)
-	s.connection.NewPacketConnection(ctx, s, conn, metadata, onClose)
+	return outbound.NewPacketConnection(ctx, s, conn, metadata)
 }
 
 func (s *URLTest) InterfaceUpdated() {

route/conn.go

@@ -5,49 +5,38 @@ import (
 	"io"
 	"net"
 	"net/netip"
-	"sync"
 	"sync/atomic"
-	"time"
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/dialer"
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/bufio"
-	"github.com/sagernet/sing/common/canceler"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/x/list"
 )
 
 var _ adapter.ConnectionManager = (*ConnectionManager)(nil)
 
 type ConnectionManager struct {
-	logger      logger.ContextLogger
-	access      sync.Mutex
-	connections list.List[io.Closer]
+	logger  logger.ContextLogger
+	monitor *ConnectionMonitor
 }
 
 func NewConnectionManager(logger logger.ContextLogger) *ConnectionManager {
 	return &ConnectionManager{
-		logger: logger,
+		logger:  logger,
+		monitor: NewConnectionMonitor(),
 	}
 }
 
-func (m *ConnectionManager) Start(stage adapter.StartStage) error {
-	return nil
+func (m *ConnectionManager) Start() error {
+	return m.monitor.Start()
 }
 
 func (m *ConnectionManager) Close() error {
-	m.access.Lock()
-	defer m.access.Unlock()
-	for element := m.connections.Front(); element != nil; element = element.Next() {
-		common.Close(element.Value)
-	}
-	m.connections.Init()
-	return nil
+	return m.monitor.Close()
 }
 
 func (m *ConnectionManager) NewConnection(ctx context.Context, this N.Dialer, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
@@ -62,32 +51,92 @@ func (m *ConnectionManager) NewConnection(ctx context.Context, this N.Dialer, co
 		remoteConn, err = this.DialContext(ctx, N.NetworkTCP, metadata.Destination)
 	}
 	if err != nil {
-		err = E.Cause(err, "open outbound connection")
 		N.CloseOnHandshakeFailure(conn, onClose, err)
-		m.logger.ErrorContext(ctx, err)
+		m.logger.ErrorContext(ctx, "open outbound connection: ", err)
 		return
 	}
 	err = N.ReportConnHandshakeSuccess(conn, remoteConn)
 	if err != nil {
-		err = E.Cause(err, "report handshake success")
 		remoteConn.Close()
 		N.CloseOnHandshakeFailure(conn, onClose, err)
-		m.logger.ErrorContext(ctx, err)
+		m.logger.ErrorContext(ctx, "report handshake success: ", err)
 		return
 	}
-	m.access.Lock()
-	element := m.connections.PushBack(conn)
-	m.access.Unlock()
-	onClose = N.AppendClose(onClose, func(it error) {
-		m.access.Lock()
-		defer m.access.Unlock()
-		m.connections.Remove(element)
-	})
 	var done atomic.Bool
+	if ctx.Done() != nil {
+		onClose = N.AppendClose(onClose, m.monitor.Add(ctx, conn))
+	}
 	go m.connectionCopy(ctx, conn, remoteConn, false, &done, onClose)
 	go m.connectionCopy(ctx, remoteConn, conn, true, &done, onClose)
 }
 
+func (m *ConnectionManager) connectionCopy(ctx context.Context, source io.Reader, destination io.Writer, direction bool, done *atomic.Bool, onClose N.CloseHandlerFunc) {
+	originSource := source
+	var readCounters, writeCounters []N.CountFunc
+	for {
+		source, readCounters = N.UnwrapCountReader(source, readCounters)
+		destination, writeCounters = N.UnwrapCountWriter(destination, writeCounters)
+		if cachedSrc, isCached := source.(N.CachedReader); isCached {
+			cachedBuffer := cachedSrc.ReadCached()
+			if cachedBuffer != nil {
+				if !cachedBuffer.IsEmpty() {
+					dataLen := cachedBuffer.Len()
+					for _, counter := range readCounters {
+						counter(int64(dataLen))
+					}
+					_, err := destination.Write(cachedBuffer.Bytes())
+					if err != nil {
+						m.logger.ErrorContext(ctx, "connection upload payload: ", err)
+						cachedBuffer.Release()
+						if done.Swap(true) {
+							if onClose != nil {
+								onClose(err)
+							}
+						}
+						common.Close(source, destination)
+						return
+					}
+					for _, counter := range writeCounters {
+						counter(int64(dataLen))
+					}
+				}
+				cachedBuffer.Release()
+				continue
+			}
+		}
+		break
+	}
+	_, err := bufio.CopyWithCounters(destination, source, originSource, readCounters, writeCounters)
+	if _, dstDuplex := common.Cast[N.WriteCloser](destination); dstDuplex && err == nil {
+		N.CloseWrite(destination)
+	} else {
+		common.Close(destination)
+	}
+	if done.Swap(true) {
+		if onClose != nil {
+			onClose(err)
+		}
+		common.Close(source, destination)
+	}
+	if !direction {
+		if err == nil {
+			m.logger.DebugContext(ctx, "connection upload finished")
+		} else if !E.IsClosedOrCanceled(err) {
+			m.logger.ErrorContext(ctx, "connection upload closed: ", err)
+		} else {
+			m.logger.TraceContext(ctx, "connection upload closed")
+		}
+	} else {
+		if err == nil {
+			m.logger.DebugContext(ctx, "connection download finished")
+		} else if !E.IsClosedOrCanceled(err) {
+			m.logger.ErrorContext(ctx, "connection download closed: ", err)
+		} else {
+			m.logger.TraceContext(ctx, "connection download closed")
+		}
+	}
+}
+
 func (m *ConnectionManager) NewPacketConnection(ctx context.Context, this N.Dialer, conn N.PacketConn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
 	ctx = adapter.WithContext(ctx, &metadata)
 	var (
@@ -153,107 +202,59 @@ func (m *ConnectionManager) NewPacketConnection(ctx context.Context, this N.Dial
 			natConn.UpdateDestination(destinationAddress)
 		}
 	}
-	var udpTimeout time.Duration
-	if metadata.UDPTimeout > 0 {
-		udpTimeout = metadata.UDPTimeout
-	} else {
-		protocol := metadata.Protocol
-		if protocol == "" {
-			protocol = C.PortProtocols[metadata.Destination.Port]
-		}
-		if protocol != "" {
-			udpTimeout = C.ProtocolTimeouts[protocol]
-		}
-	}
-	if udpTimeout > 0 {
-		ctx, conn = canceler.NewPacketConn(ctx, conn, udpTimeout)
-	}
 	destination := bufio.NewPacketConn(remotePacketConn)
-	m.access.Lock()
-	element := m.connections.PushBack(conn)
-	m.access.Unlock()
-	onClose = N.AppendClose(onClose, func(it error) {
-		m.access.Lock()
-		defer m.access.Unlock()
-		m.connections.Remove(element)
-	})
+	if ctx.Done() != nil {
+		onClose = N.AppendClose(onClose, m.monitor.Add(ctx, conn))
+	}
 	var done atomic.Bool
 	go m.packetConnectionCopy(ctx, conn, destination, false, &done, onClose)
 	go m.packetConnectionCopy(ctx, destination, conn, true, &done, onClose)
 }
 
-func (m *ConnectionManager) connectionCopy(ctx context.Context, source io.Reader, destination io.Writer, direction bool, done *atomic.Bool, onClose N.CloseHandlerFunc) {
+func (m *ConnectionManager) packetConnectionCopy(ctx context.Context, source N.PacketReader, destination N.PacketWriter, direction bool, done *atomic.Bool, onClose N.CloseHandlerFunc) {
+	_, err := bufio.CopyPacket(destination, source)
+	/*var readCounters, writeCounters []N.CountFunc
+	var cachedPackets []*N.PacketBuffer
 	originSource := source
-	originDestination := destination
-	var readCounters, writeCounters []N.CountFunc
 	for {
-		source, readCounters = N.UnwrapCountReader(source, readCounters)
-		destination, writeCounters = N.UnwrapCountWriter(destination, writeCounters)
-		if cachedSrc, isCached := source.(N.CachedReader); isCached {
-			cachedBuffer := cachedSrc.ReadCached()
-			if cachedBuffer != nil {
-				dataLen := cachedBuffer.Len()
-				_, err := destination.Write(cachedBuffer.Bytes())
-				cachedBuffer.Release()
-				if err != nil {
-					if done.Swap(true) {
-						onClose(err)
-					}
-					common.Close(originSource, originDestination)
-					if !direction {
-						m.logger.ErrorContext(ctx, "connection upload payload: ", err)
-					} else {
-						m.logger.ErrorContext(ctx, "connection download payload: ", err)
-					}
-					return
-				}
-				for _, counter := range readCounters {
-					counter(int64(dataLen))
-				}
-				for _, counter := range writeCounters {
-					counter(int64(dataLen))
-				}
+		source, readCounters = N.UnwrapCountPacketReader(source, readCounters)
+		destination, writeCounters = N.UnwrapCountPacketWriter(destination, writeCounters)
+		if cachedReader, isCached := source.(N.CachedPacketReader); isCached {
+			packet := cachedReader.ReadCachedPacket()
+			if packet != nil {
+				cachedPackets = append(cachedPackets, packet)
+				continue
 			}
-			continue
 		}
 		break
 	}
-	_, err := bufio.CopyWithCounters(destination, source, originSource, readCounters, writeCounters)
-	if err != nil {
-		common.Close(originDestination)
-	} else if duplexDst, isDuplex := destination.(N.WriteCloser); isDuplex {
-		err = duplexDst.CloseWrite()
+	var handled bool
+	if natConn, isNatConn := source.(udpnat.Conn); isNatConn {
+		natConn.SetHandler(&udpHijacker{
+			ctx:           ctx,
+			logger:        m.logger,
+			source:        natConn,
+			destination:   destination,
+			direction:     direction,
+			readCounters:  readCounters,
+			writeCounters: writeCounters,
+			done:          done,
+			onClose:       onClose,
+		})
+		handled = true
+	}
+	if cachedPackets != nil {
+		_, err := bufio.WritePacketWithPool(originSource, destination, cachedPackets, readCounters, writeCounters)
 		if err != nil {
-			common.Close(originSource, originDestination)
-		}
-	} else {
-		common.Close(originDestination)
-	}
-	if done.Swap(true) {
-		onClose(err)
-		common.Close(originSource, originDestination)
-	}
-	if !direction {
-		if err == nil {
-			m.logger.DebugContext(ctx, "connection upload finished")
-		} else if !E.IsClosedOrCanceled(err) {
-			m.logger.ErrorContext(ctx, "connection upload closed: ", err)
-		} else {
-			m.logger.TraceContext(ctx, "connection upload closed")
-		}
-	} else {
-		if err == nil {
-			m.logger.DebugContext(ctx, "connection download finished")
-		} else if !E.IsClosedOrCanceled(err) {
-			m.logger.ErrorContext(ctx, "connection download closed: ", err)
-		} else {
-			m.logger.TraceContext(ctx, "connection download closed")
+			common.Close(source, destination)
+			m.logger.ErrorContext(ctx, "packet upload payload: ", err)
+			return
 		}
 	}
-}
-
-func (m *ConnectionManager) packetConnectionCopy(ctx context.Context, source N.PacketReader, destination N.PacketWriter, direction bool, done *atomic.Bool, onClose N.CloseHandlerFunc) {
-	_, err := bufio.CopyPacket(destination, source)
+	if handled {
+		return
+	}
+	_, err := bufio.CopyPacketWithCounters(destination, source, originSource, readCounters, writeCounters)*/
 	if !direction {
 		if E.IsClosedOrCanceled(err) {
 			m.logger.TraceContext(ctx, "packet upload closed")
@@ -268,7 +269,58 @@ func (m *ConnectionManager) packetConnectionCopy(ctx context.Context, source N.P
 		}
 	}
 	if !done.Swap(true) {
-		onClose(err)
+		if onClose != nil {
+			onClose(err)
+		}
 	}
 	common.Close(source, destination)
 }
+
+/*type udpHijacker struct {
+	ctx           context.Context
+	logger        logger.ContextLogger
+	source        io.Closer
+	destination   N.PacketWriter
+	direction     bool
+	readCounters  []N.CountFunc
+	writeCounters []N.CountFunc
+	done          *atomic.Bool
+	onClose       N.CloseHandlerFunc
+}
+
+func (u *udpHijacker) NewPacketEx(buffer *buf.Buffer, source M.Socksaddr) {
+	dataLen := buffer.Len()
+	for _, counter := range u.readCounters {
+		counter(int64(dataLen))
+	}
+	err := u.destination.WritePacket(buffer, source)
+	if err != nil {
+		common.Close(u.source, u.destination)
+		u.logger.DebugContext(u.ctx, "packet upload closed: ", err)
+		return
+	}
+	for _, counter := range u.writeCounters {
+		counter(int64(dataLen))
+	}
+}
+
+func (u *udpHijacker) Close() error {
+	var err error
+	if !u.done.Swap(true) {
+		err = common.Close(u.source, u.destination)
+		if u.onClose != nil {
+			u.onClose(net.ErrClosed)
+		}
+	}
+	if u.direction {
+		u.logger.TraceContext(u.ctx, "packet  download closed")
+	} else {
+		u.logger.TraceContext(u.ctx, "packet upload closed")
+	}
+	return err
+}
+
+func (u *udpHijacker) Upstream() any {
+	return u.destination
+}
+*/

route/conn_monitor.go

@@ -0,0 +1,124 @@
+package route
+
+import (
+	"context"
+	"io"
+	"reflect"
+	"sync"
+	"time"
+
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/x/list"
+)
+
+type ConnectionMonitor struct {
+	access      sync.RWMutex
+	reloadChan  chan struct{}
+	connections list.List[*monitorEntry]
+}
+
+type monitorEntry struct {
+	ctx    context.Context
+	closer io.Closer
+}
+
+func NewConnectionMonitor() *ConnectionMonitor {
+	return &ConnectionMonitor{
+		reloadChan: make(chan struct{}, 1),
+	}
+}
+
+func (m *ConnectionMonitor) Add(ctx context.Context, closer io.Closer) N.CloseHandlerFunc {
+	m.access.Lock()
+	defer m.access.Unlock()
+	element := m.connections.PushBack(&monitorEntry{
+		ctx:    ctx,
+		closer: closer,
+	})
+	select {
+	case <-m.reloadChan:
+		return nil
+	default:
+		select {
+		case m.reloadChan <- struct{}{}:
+		default:
+		}
+	}
+	return func(it error) {
+		m.access.Lock()
+		defer m.access.Unlock()
+		m.connections.Remove(element)
+		select {
+		case <-m.reloadChan:
+		default:
+			select {
+			case m.reloadChan <- struct{}{}:
+			default:
+			}
+		}
+	}
+}
+
+func (m *ConnectionMonitor) Start() error {
+	go m.monitor()
+	return nil
+}
+
+func (m *ConnectionMonitor) Close() error {
+	m.access.Lock()
+	defer m.access.Unlock()
+	close(m.reloadChan)
+	return nil
+}
+
+func (m *ConnectionMonitor) monitor() {
+	var (
+		selectCases []reflect.SelectCase
+		elements    []*list.Element[*monitorEntry]
+	)
+	rootCase := reflect.SelectCase{
+		Dir:  reflect.SelectRecv,
+		Chan: reflect.ValueOf(m.reloadChan),
+	}
+	for {
+		m.access.RLock()
+		if m.connections.Len() == 0 {
+			m.access.RUnlock()
+			if _, loaded := <-m.reloadChan; !loaded {
+				return
+			} else {
+				continue
+			}
+		}
+		if len(elements) < m.connections.Len() {
+			elements = make([]*list.Element[*monitorEntry], 0, m.connections.Len())
+		}
+		if len(selectCases) < m.connections.Len()+1 {
+			selectCases = make([]reflect.SelectCase, 0, m.connections.Len()+1)
+		}
+		selectCases = selectCases[:1]
+		selectCases[0] = rootCase
+		for element := m.connections.Front(); element != nil; element = element.Next() {
+			elements = append(elements, element)
+			selectCases = append(selectCases, reflect.SelectCase{
+				Dir:  reflect.SelectRecv,
+				Chan: reflect.ValueOf(element.Value.ctx.Done()),
+			})
+		}
+		m.access.RUnlock()
+		selected, _, loaded := reflect.Select(selectCases)
+		if selected == 0 {
+			if !loaded {
+				return
+			} else {
+				time.Sleep(time.Second)
+				continue
+			}
+		}
+		element := elements[selected-1]
+		m.access.Lock()
+		m.connections.Remove(element)
+		m.access.Unlock()
+		element.Value.closer.Close() // maybe go close
+	}
+}

route/conn_monitor_test.go

@@ -0,0 +1,43 @@
+package route_test
+
+import (
+	"context"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/sagernet/sing-box/route"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestMonitor(t *testing.T) {
+	t.Parallel()
+	var closer myCloser
+	closer.Add(1)
+	monitor := route.NewConnectionMonitor()
+	require.NoError(t, monitor.Start())
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	monitor.Add(ctx, &closer)
+	done := make(chan struct{})
+	go func() {
+		closer.Wait()
+		close(done)
+	}()
+	select {
+	case <-done:
+	case <-time.After(time.Second + 100*time.Millisecond):
+		t.Fatal("timeout")
+	}
+	cancel()
+	require.NoError(t, monitor.Close())
+}
+
+type myCloser struct {
+	sync.WaitGroup
+}
+
+func (c *myCloser) Close() error {
+	c.Done()
+	return nil
+}

route/route.go

@@ -132,11 +132,23 @@ func (r *Router) routeConnection(ctx context.Context, conn net.Conn, metadata ad
 	if r.tracker != nil {
 		conn = r.tracker.RoutedConnection(ctx, conn, metadata, selectedRule, selectedOutbound)
 	}
-	if outboundHandler, isHandler := selectedOutbound.(adapter.ConnectionHandlerEx); isHandler {
-		outboundHandler.NewConnectionEx(ctx, conn, metadata, onClose)
-	} else {
-		r.connection.NewConnection(ctx, selectedOutbound, conn, metadata, onClose)
+	legacyOutbound, isLegacy := selectedOutbound.(adapter.ConnectionHandler)
+	if isLegacy {
+		err = legacyOutbound.NewConnection(ctx, conn, metadata)
+		if err != nil {
+			conn.Close()
+			if onClose != nil {
+				onClose(err)
+			}
+			return E.Cause(err, F.ToString("outbound/", selectedOutbound.Type(), "[", selectedOutbound.Tag(), "]"))
+		} else {
+			if onClose != nil {
+				onClose(nil)
+			}
+		}
+		return nil
 	}
+	r.connection.NewConnection(ctx, selectedOutbound, conn, metadata, onClose)
 	return nil
 }
 
@@ -428,9 +440,6 @@ match:
 			if routeOptions.UDPConnect {
 				metadata.UDPConnect = true
 			}
-			if routeOptions.UDPTimeout > 0 {
-				metadata.UDPTimeout = routeOptions.UDPTimeout
-			}
 		}
 		switch action := currentRule.Action().(type) {
 		case *rule.RuleActionSniff:

route/rule/rule_action.go

@@ -47,7 +47,6 @@ func NewRuleAction(ctx context.Context, logger logger.ContextLogger, action opti
 			FallbackDelay:             time.Duration(action.RouteOptionsOptions.FallbackDelay),
 			UDPDisableDomainUnmapping: action.RouteOptionsOptions.UDPDisableDomainUnmapping,
 			UDPConnect:                action.RouteOptionsOptions.UDPConnect,
-			UDPTimeout:                time.Duration(action.RouteOptionsOptions.UDPTimeout),
 		}, nil
 	case C.RuleActionTypeDirect:
 		directDialer, err := dialer.New(ctx, option.DialerOptions(action.DirectOptions))
@@ -153,7 +152,6 @@ type RuleActionRouteOptions struct {
 	FallbackDelay             time.Duration
 	UDPDisableDomainUnmapping bool
 	UDPConnect                bool
-	UDPTimeout                time.Duration
 }
 
 func (r *RuleActionRouteOptions) Type() string {

transport/wireguard/device_system.go

@@ -71,7 +71,6 @@ func (w *systemDevice) Start() error {
 		Inet6RouteAddress: common.Filter(w.options.AllowedAddress, func(it netip.Prefix) bool { return it.Addr().Is6() }),
 		InterfaceMonitor:  networkManager.InterfaceMonitor(),
 		InterfaceFinder:   networkManager.InterfaceFinder(),
-		Logger:            w.options.Logger,
 	}
 	// works with Linux, macOS with IFSCOPE routes, not tested on Windows
 	if runtime.GOOS == "darwin" {