documentation: Update changelog

Fix dns transport read
Fix http2 transport close
2026-04-13 20:28:32 +10:00 · 2023-03-31 16:29:08 +08:00 · 2023-03-31 14:31:35 +08:00 · 2023-03-31 14:31:35 +08:00 · 2023-03-31 14:31:35 +08:00 · 2023-03-31 14:31:35 +08:00
165 changed files with 1932 additions and 1359 deletions
--- a/.github/workflows/debug.yml
+++ b/.github/workflows/debug.yml
@@ -28,7 +28,7 @@ jobs:
        run: |
          echo go_version=$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g') >> $GITHUB_OUTPUT
      - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
        with:
          go-version: ${{ steps.version.outputs.go_version }}
      - name: Cache go module
@@ -58,7 +58,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
        with:
          go-version: 1.18.10
      - name: Cache go module
@@ -193,7 +193,7 @@ jobs:
        run: |
          echo go_version=$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g') >> $GITHUB_OUTPUT
      - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
        with:
          go-version: ${{ steps.version.outputs.go_version }}
      - name: Cache go module
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -28,7 +28,7 @@ jobs:
        run: |
          echo go_version=$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g') >> $GITHUB_OUTPUT
      - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
        with:
          go-version: ${{ steps.version.outputs.go_version }}
      - name: Cache go module
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,4 @@
 /*.aar
 /*.xcframework/
 .DS_Store
 /config.d/
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -16,6 +16,7 @@ builds:
      - with_quic
      - with_wireguard
      - with_utls
      - with_reality_server
      - with_clash_api
    env:
      - CGO_ENABLED=0
@@ -116,9 +117,6 @@ nfpms:
        dst: /etc/systemd/system/sing-box@.service
      - src: LICENSE
        dst: /usr/share/licenses/sing-box/LICENSE
    scripts:
      postinstall: release/config/postinstall.sh
      postremove: release/config/postremove.sh
 source:
  enabled: false
  name_template: '{{ .ProjectName }}-{{ .Version }}.source'
--- a/2
+++ b/2
@@ -9,7 +9,7 @@ RUN set -ex \
    && apk add git build-base \
    && export COMMIT=$(git rev-parse --short HEAD) \
    && export VERSION=$(go run ./cmd/internal/read_tag) \
-    && go build -v -trimpath -tags with_quic,with_wireguard,with_acme \
+    && go build -v -trimpath -tags with_gvisor,with_quic,with_wireguard,with_utls,with_reality_server,with_clash_api,with_acme \
        -o /go/bin/sing-box \
        -ldflags "-X \"github.com/sagernet/sing-box/constant.Version=$VERSION\" -s -w -buildid=" \
        ./cmd/sing-box
--- a/5
+++ b/5
@@ -11,4 +11,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
+along with this program. If not, see <http://www.gnu.org/licenses/>.
 In addition, no derivative work may use the name or imply association
 with this application without prior consent.
--- a/11
+++ b/11
@@ -2,9 +2,14 @@ NAME = sing-box
 COMMIT = $(shell git rev-parse --short HEAD)
 TAGS ?= with_gvisor,with_quic,with_wireguard,with_utls,with_reality_server,with_clash_api
 TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server,with_shadowsocksr
-VERSION=$(shell go run ./cmd/internal/read_tag)
+
-PARAMS = -v -trimpath -tags "$(TAGS)" -ldflags "-X \"github.com/sagernet/sing-box/constant.Version=$(VERSION)\" -s -w -buildid="
+GOHOSTOS = $(shell go env GOHOSTOS)
 GOHOSTARCH = $(shell go env GOHOSTARCH)
 VERSION=$(shell CGO_ENABLED=0 GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) go run ./cmd/internal/read_tag)
 PARAMS = -v -trimpath -tags "$(TAGS)" -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=$(VERSION)' -s -w -buildid="
 MAIN = ./cmd/sing-box
 PREFIX ?= $(shell go env GOPATH)
 .PHONY: test release
@@ -12,7 +17,7 @@ build:
 	go build $(PARAMS) $(MAIN)
 install:
-	go install $(PARAMS) $(MAIN)
+	go build -o $(PREFIX)/bin/$(NAME) $(PARAMS) $(MAIN)
 fmt:
 	@gofumpt -l -w .
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@
 The universal proxy platform.
 [![Packaging status](https://repology.org/badge/vertical-allrepos/sing-box.svg)](https://repology.org/project/sing-box/versions)
 ## Documentation
 https://sing-box.sagernet.org
@@ -23,4 +25,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program. If not, see <http://www.gnu.org/licenses/>.
 In addition, no derivative work may use the name or imply association
 with this application without prior consent.
 ```
--- a/adapter/experimental.go
+++ b/adapter/experimental.go
@@ -10,6 +10,7 @@ import (
 type ClashServer interface {
 	Service
 	PreStarter
 	Mode() string
 	StoreSelected() bool
 	CacheFile() ClashCacheFile
--- a/adapter/prestart.go
+++ b/adapter/prestart.go
@@ -0,0 +1,15 @@
 package adapter
 type PreStarter interface {
 	PreStart() error
 }
 func PreStart(starter any) error {
 	if preService, ok := starter.(PreStarter); ok {
 		err := preService.PreStart()
 		if err != nil {
 			return err
 		}
 	}
 	return nil
 }
--- a/box.go
+++ b/box.go
@@ -25,32 +25,34 @@ import (
 var _ adapter.Service = (*Box)(nil)
 type Box struct {
-	createdAt   time.Time
+	createdAt    time.Time
-	router      adapter.Router
+	router       adapter.Router
-	inbounds    []adapter.Inbound
+	inbounds     []adapter.Inbound
-	outbounds   []adapter.Outbound
+	outbounds    []adapter.Outbound
-	logFactory  log.Factory
+	logFactory   log.Factory
-	logger      log.ContextLogger
+	logger       log.ContextLogger
-	logFile     *os.File
+	logFile      *os.File
-	clashServer adapter.ClashServer
+	preServices  map[string]adapter.Service
-	v2rayServer adapter.V2RayServer
+	postServices map[string]adapter.Service
-	done        chan struct{}
+	done         chan struct{}
 }
 func New(ctx context.Context, options option.Options, platformInterface platform.Interface) (*Box, error) {
 	createdAt := time.Now()
-	logOptions := common.PtrValueOrDefault(options.Log)
+
 	experimentalOptions := common.PtrValueOrDefault(options.Experimental)
 	applyDebugOptions(common.PtrValueOrDefault(experimentalOptions.Debug))
 	var needClashAPI bool
 	var needV2RayAPI bool
-	if options.Experimental != nil {
+	if experimentalOptions.ClashAPI != nil && experimentalOptions.ClashAPI.ExternalController != "" {
-		if options.Experimental.ClashAPI != nil && options.Experimental.ClashAPI.ExternalController != "" {
+		needClashAPI = true
 			needClashAPI = true
 		}
 		if options.Experimental.V2RayAPI != nil && options.Experimental.V2RayAPI.Listen != "" {
 			needV2RayAPI = true
 		}
 	}
 	if experimentalOptions.V2RayAPI != nil && experimentalOptions.V2RayAPI.Listen != "" {
 		needV2RayAPI = true
 	}
 	logOptions := common.PtrValueOrDefault(options.Log)
 	var logFactory log.Factory
 	var observableLogFactory log.ObservableFactory
@@ -164,37 +166,57 @@ func New(ctx context.Context, options option.Options, platformInterface platform
 	if err != nil {
 		return nil, err
 	}
-
+	preServices := make(map[string]adapter.Service)
-	var clashServer adapter.ClashServer
+	postServices := make(map[string]adapter.Service)
 	var v2rayServer adapter.V2RayServer
 	if needClashAPI {
-		clashServer, err = experimental.NewClashServer(router, observableLogFactory, common.PtrValueOrDefault(options.Experimental.ClashAPI))
+		clashServer, err := experimental.NewClashServer(router, observableLogFactory, common.PtrValueOrDefault(options.Experimental.ClashAPI))
 		if err != nil {
 			return nil, E.Cause(err, "create clash api server")
 		}
 		router.SetClashServer(clashServer)
 		preServices["clash api"] = clashServer
 	}
 	if needV2RayAPI {
-		v2rayServer, err = experimental.NewV2RayServer(logFactory.NewLogger("v2ray-api"), common.PtrValueOrDefault(options.Experimental.V2RayAPI))
+		v2rayServer, err := experimental.NewV2RayServer(logFactory.NewLogger("v2ray-api"), common.PtrValueOrDefault(options.Experimental.V2RayAPI))
 		if err != nil {
 			return nil, E.Cause(err, "create v2ray api server")
 		}
 		router.SetV2RayServer(v2rayServer)
 		preServices["v2ray api"] = v2rayServer
 	}
 	return &Box{
-		router:      router,
+		router:       router,
-		inbounds:    inbounds,
+		inbounds:     inbounds,
-		outbounds:   outbounds,
+		outbounds:    outbounds,
-		createdAt:   createdAt,
+		createdAt:    createdAt,
-		logFactory:  logFactory,
+		logFactory:   logFactory,
-		logger:      logFactory.Logger(),
+		logger:       logFactory.Logger(),
-		logFile:     logFile,
+		logFile:      logFile,
-		clashServer: clashServer,
+		preServices:  preServices,
-		v2rayServer: v2rayServer,
+		postServices: postServices,
-		done:        make(chan struct{}),
+		done:         make(chan struct{}),
 	}, nil
 }
 func (s *Box) PreStart() error {
 	err := s.preStart()
 	if err != nil {
 		// TODO: remove catch error
 		defer func() {
 			v := recover()
 			if v != nil {
 				log.Error(E.Cause(err, "origin error"))
 				debug.PrintStack()
 				panic("panic on early close: " + fmt.Sprint(v))
 			}
 		}()
 		s.Close()
 		return err
 	}
 	s.logger.Info("sing-box pre-started (", F.Seconds(time.Since(s.createdAt).Seconds()), "s)")
 	return nil
 }
 func (s *Box) Start() error {
 	err := s.start()
 	if err != nil {
@@ -208,21 +230,17 @@ func (s *Box) Start() error {
 			}
 		}()
 		s.Close()
 		return err
 	}
-	return err
+	s.logger.Info("sing-box started (", F.Seconds(time.Since(s.createdAt).Seconds()), "s)")
 	return nil
 }
-func (s *Box) start() error {
+func (s *Box) preStart() error {
-	if s.clashServer != nil {
+	for serviceName, service := range s.preServices {
-		err := s.clashServer.Start()
+		err := adapter.PreStart(service)
 		if err != nil {
-			return E.Cause(err, "start clash api server")
+			return E.Cause(err, "pre-start ", serviceName)
 		}
 	}
 	if s.v2rayServer != nil {
 		err := s.v2rayServer.Start()
 		if err != nil {
 			return E.Cause(err, "start v2ray api server")
 		}
 	}
 	for i, out := range s.outbounds {
@@ -239,10 +257,20 @@ func (s *Box) start() error {
 			}
 		}
 	}
-	err := s.router.Start()
+	return s.router.Start()
 }
 func (s *Box) start() error {
 	err := s.preStart()
 	if err != nil {
 		return err
 	}
 	for serviceName, service := range s.preServices {
 		err = service.Start()
 		if err != nil {
 			return E.Cause(err, "start ", serviceName)
 		}
 	}
 	for i, in := range s.inbounds {
 		err = in.Start()
 		if err != nil {
@@ -255,8 +283,12 @@ func (s *Box) start() error {
 			return E.Cause(err, "initialize inbound/", in.Type(), "[", tag, "]")
 		}
 	}
-
+	for serviceName, service := range s.postServices {
-	s.logger.Info("sing-box started (", F.Seconds(time.Since(s.createdAt).Seconds()), "s)")
+		err = service.Start()
 		if err != nil {
 			return E.Cause(err, "start ", serviceName)
 		}
 	}
 	return nil
 }
@@ -268,6 +300,11 @@ func (s *Box) Close() error {
 		close(s.done)
 	}
 	var errors error
 	for serviceName, service := range s.postServices {
 		errors = E.Append(errors, service.Close(), func(err error) error {
 			return E.Cause(err, "close ", serviceName)
 		})
 	}
 	for i, in := range s.inbounds {
 		errors = E.Append(errors, in.Close(), func(err error) error {
 			return E.Cause(err, "close inbound/", in.Type(), "[", i, "]")
@@ -283,21 +320,16 @@ func (s *Box) Close() error {
 			return E.Cause(err, "close router")
 		})
 	}
 	for serviceName, service := range s.preServices {
 		errors = E.Append(errors, service.Close(), func(err error) error {
 			return E.Cause(err, "close ", serviceName)
 		})
 	}
 	if err := common.Close(s.logFactory); err != nil {
 		errors = E.Append(errors, err, func(err error) error {
 			return E.Cause(err, "close log factory")
 		})
 	}
 	if err := common.Close(s.clashServer); err != nil {
 		errors = E.Append(errors, err, func(err error) error {
 			return E.Cause(err, "close clash api server")
 		})
 	}
 	if err := common.Close(s.v2rayServer); err != nil {
 		errors = E.Append(errors, err, func(err error) error {
 			return E.Cause(err, "close v2ray api server")
 		})
 	}
 	if s.logFile != nil {
 		errors = E.Append(errors, s.logFile.Close(), func(err error) error {
 			return E.Cause(err, "close log file")
--- a/cmd/internal/build_libbox/main.go
+++ b/cmd/internal/build_libbox/main.go
@@ -111,9 +111,9 @@ func buildiOS() {
 	args = append(args, "-tags")
 	if !debugEnabled {
-		args = append(args, "with_gvisor,with_utls,with_clash_api,with_conntrack")
+		args = append(args, "with_gvisor,with_quic,with_utls,with_clash_api,with_low_memory,with_conntrack")
 	} else {
-		args = append(args, "with_gvisor,with_utls,with_clash_api,with_conntrack,debug")
+		args = append(args, "with_gvisor,with_quic,with_utls,with_clash_api,with_low_memory,with_conntrack,debug")
 	}
 	args = append(args, "./experimental/libbox")
--- a/cmd/internal/build_shared/tag.go
+++ b/cmd/internal/build_shared/tag.go
@@ -1,18 +1,16 @@
 package build_shared
-import (
+import "github.com/sagernet/sing/common/shell"
 	"github.com/sagernet/sing/common"
 )
 func ReadTag() (string, error) {
-	currentTag, err := common.Exec("git", "describe", "--tags").ReadOutput()
+	currentTag, err := shell.Exec("git", "describe", "--tags").ReadOutput()
 	if err != nil {
 		return currentTag, err
 	}
-	currentTagRev, _ := common.Exec("git", "describe", "--tags", "--abbrev=0").ReadOutput()
+	currentTagRev, _ := shell.Exec("git", "describe", "--tags", "--abbrev=0").ReadOutput()
 	if currentTagRev == currentTag {
 		return currentTag[1:], nil
 	}
-	shortCommit, _ := common.Exec("git", "rev-parse", "--short", "HEAD").ReadOutput()
+	shortCommit, _ := shell.Exec("git", "rev-parse", "--short", "HEAD").ReadOutput()
 	return currentTagRev[1:] + "-" + shortCommit, nil
 }
--- a/cmd/sing-box/cmd_check.go
+++ b/cmd/sing-box/cmd_check.go
@@ -26,7 +26,7 @@ func init() {
 }
 func check() error {
-	options, err := readConfig()
+	options, err := readConfigAndMerge()
 	if err != nil {
 		return err
 	}
--- a/cmd/sing-box/cmd_format.go
+++ b/cmd/sing-box/cmd_format.go
@@ -33,6 +33,44 @@ func init() {
 }
 func format() error {
 	optionsList, err := readConfig()
 	if err != nil {
 		return err
 	}
 	for _, optionsEntry := range optionsList {
 		buffer := new(bytes.Buffer)
 		encoder := json.NewEncoder(buffer)
 		encoder.SetIndent("", "  ")
 		err = encoder.Encode(optionsEntry.options)
 		if err != nil {
 			return E.Cause(err, "encode config")
 		}
 		outputPath, _ := filepath.Abs(optionsEntry.path)
 		if !commandFormatFlagWrite {
 			if len(optionsList) > 1 {
 				os.Stdout.WriteString(outputPath + "\n")
 			}
 			os.Stdout.WriteString(buffer.String() + "\n")
 			continue
 		}
 		if bytes.Equal(optionsEntry.content, buffer.Bytes()) {
 			continue
 		}
 		output, err := os.Create(optionsEntry.path)
 		if err != nil {
 			return E.Cause(err, "open output")
 		}
 		_, err = output.Write(buffer.Bytes())
 		output.Close()
 		if err != nil {
 			return E.Cause(err, "write output")
 		}
 		os.Stderr.WriteString(outputPath + "\n")
 	}
 	return nil
 }
 func formatOne(configPath string) error {
 	configContent, err := os.ReadFile(configPath)
 	if err != nil {
 		return E.Cause(err, "read config")
--- a/cmd/sing-box/cmd_run.go
+++ b/cmd/sing-box/cmd_run.go
@@ -5,10 +5,14 @@ import (
 	"io"
 	"os"
 	"os/signal"
 	"path/filepath"
 	runtimeDebug "runtime/debug"
 	"sort"
 	"strings"
 	"syscall"
 	"github.com/sagernet/sing-box"
 	"github.com/sagernet/sing-box/common/badjsonmerge"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	E "github.com/sagernet/sing/common/exceptions"
@@ -31,29 +35,88 @@ func init() {
 	mainCommand.AddCommand(commandRun)
 }
-func readConfig() (option.Options, error) {
+type OptionsEntry struct {
 	content []byte
 	path    string
 	options option.Options
 }
 func readConfigAt(path string) (*OptionsEntry, error) {
 	var (
 		configContent []byte
 		err           error
 	)
-	if configPath == "stdin" {
+	if path == "stdin" {
 		configContent, err = io.ReadAll(os.Stdin)
 	} else {
-		configContent, err = os.ReadFile(configPath)
+		configContent, err = os.ReadFile(path)
 	}
 	if err != nil {
-		return option.Options{}, E.Cause(err, "read config")
+		return nil, E.Cause(err, "read config at ", path)
 	}
 	var options option.Options
 	err = options.UnmarshalJSON(configContent)
 	if err != nil {
-		return option.Options{}, E.Cause(err, "decode config")
+		return nil, E.Cause(err, "decode config at ", path)
 	}
-	return options, nil
+	return &OptionsEntry{
 		content: configContent,
 		path:    path,
 		options: options,
 	}, nil
 }
 func readConfig() ([]*OptionsEntry, error) {
 	var optionsList []*OptionsEntry
 	for _, path := range configPaths {
 		optionsEntry, err := readConfigAt(path)
 		if err != nil {
 			return nil, err
 		}
 		optionsList = append(optionsList, optionsEntry)
 	}
 	for _, directory := range configDirectories {
 		entries, err := os.ReadDir(directory)
 		if err != nil {
 			return nil, E.Cause(err, "read config directory at ", directory)
 		}
 		for _, entry := range entries {
 			if !strings.HasSuffix(entry.Name(), ".json") || entry.IsDir() {
 				continue
 			}
 			optionsEntry, err := readConfigAt(filepath.Join(directory, entry.Name()))
 			if err != nil {
 				return nil, err
 			}
 			optionsList = append(optionsList, optionsEntry)
 		}
 	}
 	sort.Slice(optionsList, func(i, j int) bool {
 		return optionsList[i].path < optionsList[j].path
 	})
 	return optionsList, nil
 }
 func readConfigAndMerge() (option.Options, error) {
 	optionsList, err := readConfig()
 	if err != nil {
 		return option.Options{}, err
 	}
 	if len(optionsList) == 1 {
 		return optionsList[0].options, nil
 	}
 	var mergedOptions option.Options
 	for _, options := range optionsList {
 		mergedOptions, err = badjsonmerge.MergeOptions(options.options, mergedOptions)
 		if err != nil {
 			return option.Options{}, E.Cause(err, "merge config at ", options.path)
 		}
 	}
 	return mergedOptions, nil
 }
 func create() (*box.Box, context.CancelFunc, error) {
-	options, err := readConfig()
+	options, err := readConfigAndMerge()
 	if err != nil {
 		return nil, nil, err
 	}
--- a/cmd/sing-box/cmd_tools.go
+++ b/cmd/sing-box/cmd_tools.go
@@ -0,0 +1,55 @@
 package main
 import (
 	"context"
 	"github.com/sagernet/sing-box"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
 	"github.com/spf13/cobra"
 )
 var commandToolsFlagOutbound string
 var commandTools = &cobra.Command{
 	Use:   "tools",
 	Short: "Experimental tools",
 }
 func init() {
 	commandTools.PersistentFlags().StringVarP(&commandToolsFlagOutbound, "outbound", "o", "", "Use specified tag instead of default outbound")
 	mainCommand.AddCommand(commandTools)
 }
 func createPreStartedClient() (*box.Box, error) {
 	options, err := readConfigAndMerge()
 	if err != nil {
 		return nil, err
 	}
 	instance, err := box.New(context.Background(), options, nil)
 	if err != nil {
 		return nil, E.Cause(err, "create service")
 	}
 	err = instance.PreStart()
 	if err != nil {
 		return nil, E.Cause(err, "start service")
 	}
 	return instance, nil
 }
 func createDialer(instance *box.Box, network string, outboundTag string) (N.Dialer, error) {
 	if outboundTag == "" {
 		outbound := instance.Router().DefaultOutbound(N.NetworkName(network))
 		if outbound == nil {
 			return nil, E.New("missing default outbound")
 		}
 		return outbound, nil
 	} else {
 		outbound, loaded := instance.Router().Outbound(outboundTag)
 		if !loaded {
 			return nil, E.New("outbound not found: ", outboundTag)
 		}
 		return outbound, nil
 	}
 }
--- a/cmd/sing-box/cmd_tools_connect.go
+++ b/cmd/sing-box/cmd_tools_connect.go
@@ -0,0 +1,73 @@
 package main
 import (
 	"context"
 	"os"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 	"github.com/sagernet/sing/common/task"
 	"github.com/spf13/cobra"
 )
 var commandConnectFlagNetwork string
 var commandConnect = &cobra.Command{
 	Use:   "connect [address]",
 	Short: "Connect to an address",
 	Args:  cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		err := connect(args[0])
 		if err != nil {
 			log.Fatal(err)
 		}
 	},
 }
 func init() {
 	commandConnect.Flags().StringVarP(&commandConnectFlagNetwork, "network", "n", "tcp", "network type")
 	commandTools.AddCommand(commandConnect)
 }
 func connect(address string) error {
 	switch N.NetworkName(commandConnectFlagNetwork) {
 	case N.NetworkTCP, N.NetworkUDP:
 	default:
 		return E.Cause(N.ErrUnknownNetwork, commandConnectFlagNetwork)
 	}
 	instance, err := createPreStartedClient()
 	if err != nil {
 		return err
 	}
 	defer instance.Close()
 	dialer, err := createDialer(instance, commandConnectFlagNetwork, commandToolsFlagOutbound)
 	if err != nil {
 		return err
 	}
 	conn, err := dialer.DialContext(context.Background(), commandConnectFlagNetwork, M.ParseSocksaddr(address))
 	if err != nil {
 		return E.Cause(err, "connect to server")
 	}
 	var group task.Group
 	group.Append("upload", func(ctx context.Context) error {
 		return common.Error(bufio.Copy(conn, os.Stdin))
 	})
 	group.Append("download", func(ctx context.Context) error {
 		return common.Error(bufio.Copy(os.Stdout, conn))
 	})
 	group.Cleanup(func() {
 		conn.Close()
 	})
 	err = group.Run(context.Background())
 	if E.IsClosed(err) {
 		log.Info(err)
 	} else {
 		log.Error(err)
 	}
 	return nil
 }
--- a/cmd/sing-box/cmd_tools_fetch.go
+++ b/cmd/sing-box/cmd_tools_fetch.go
@@ -0,0 +1,91 @@
 package main
 import (
 	"context"
 	"errors"
 	"io"
 	"net"
 	"net/http"
 	"net/url"
 	"os"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing/common/bufio"
 	M "github.com/sagernet/sing/common/metadata"
 	"github.com/spf13/cobra"
 )
 var commandFetch = &cobra.Command{
 	Use:   "fetch",
 	Short: "Fetch an URL",
 	Args:  cobra.MinimumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		err := fetch(args)
 		if err != nil {
 			log.Fatal(err)
 		}
 	},
 }
 func init() {
 	commandTools.AddCommand(commandFetch)
 }
 var httpClient *http.Client
 func fetch(args []string) error {
 	instance, err := createPreStartedClient()
 	if err != nil {
 		return err
 	}
 	defer instance.Close()
 	httpClient = &http.Client{
 		Transport: &http.Transport{
 			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
 				dialer, err := createDialer(instance, network, commandToolsFlagOutbound)
 				if err != nil {
 					return nil, err
 				}
 				return dialer.DialContext(ctx, network, M.ParseSocksaddr(addr))
 			},
 			ForceAttemptHTTP2: true,
 		},
 	}
 	defer httpClient.CloseIdleConnections()
 	for _, urlString := range args {
 		parsedURL, err := url.Parse(urlString)
 		if err != nil {
 			return err
 		}
 		switch parsedURL.Scheme {
 		case "":
 			parsedURL.Scheme = "http"
 			fallthrough
 		case "http", "https":
 			err = fetchHTTP(parsedURL)
 			if err != nil {
 				return err
 			}
 		}
 	}
 	return nil
 }
 func fetchHTTP(parsedURL *url.URL) error {
 	request, err := http.NewRequest("GET", parsedURL.String(), nil)
 	if err != nil {
 		return err
 	}
 	request.Header.Add("User-Agent", "curl/7.88.0")
 	response, err := httpClient.Do(request)
 	if err != nil {
 		return err
 	}
 	defer response.Body.Close()
 	_, err = bufio.Copy(os.Stdout, response.Body)
 	if errors.Is(err, io.EOF) {
 		return nil
 	}
 	return err
 }
--- a/cmd/sing-box/cmd_tools_synctime.go
+++ b/cmd/sing-box/cmd_tools_synctime.go
@@ -0,0 +1,69 @@
 package main
 import (
 	"context"
 	"os"
 	"github.com/sagernet/sing-box/common/settings"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 	"github.com/sagernet/sing/common/ntp"
 	"github.com/spf13/cobra"
 )
 var (
 	commandSyncTimeFlagServer   string
 	commandSyncTimeOutputFormat string
 	commandSyncTimeWrite        bool
 )
 var commandSyncTime = &cobra.Command{
 	Use:   "synctime",
 	Short: "Sync time using the NTP protocol",
 	Args:  cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
 		err := syncTime()
 		if err != nil {
 			log.Fatal(err)
 		}
 	},
 }
 func init() {
 	commandSyncTime.Flags().StringVarP(&commandSyncTimeFlagServer, "server", "s", "time.apple.com", "Set NTP server")
 	commandSyncTime.Flags().StringVarP(&commandSyncTimeOutputFormat, "format", "f", C.TimeLayout, "Set output format")
 	commandSyncTime.Flags().BoolVarP(&commandSyncTimeWrite, "write", "w", false, "Write time to system")
 	commandTools.AddCommand(commandSyncTime)
 }
 func syncTime() error {
 	instance, err := createPreStartedClient()
 	if err != nil {
 		return err
 	}
 	dialer, err := createDialer(instance, N.NetworkUDP, commandToolsFlagOutbound)
 	if err != nil {
 		return err
 	}
 	defer instance.Close()
 	serverAddress := M.ParseSocksaddr(commandSyncTimeFlagServer)
 	if serverAddress.Port == 0 {
 		serverAddress.Port = 123
 	}
 	response, err := ntp.Exchange(context.Background(), dialer, serverAddress)
 	if err != nil {
 		return err
 	}
 	if commandSyncTimeWrite {
 		err = settings.SetSystemTime(response.Time)
 		if err != nil {
 			return E.Cause(err, "write time to system")
 		}
 	}
 	os.Stdout.WriteString(response.Time.Local().Format(commandSyncTimeOutputFormat))
 	return nil
 }
--- a/cmd/sing-box/debug.go
+++ b/cmd/sing-box/debug.go
@@ -25,9 +25,9 @@ func init() {
 		runtime.ReadMemStats(&memStats)
 		var memObject badjson.JSONObject
-		memObject.Put("heap", humanize.Bytes(memStats.HeapInuse))
+		memObject.Put("heap", humanize.IBytes(memStats.HeapInuse))
-		memObject.Put("stack", humanize.Bytes(memStats.StackInuse))
+		memObject.Put("stack", humanize.IBytes(memStats.StackInuse))
-		memObject.Put("idle", humanize.Bytes(memStats.HeapIdle-memStats.HeapReleased))
+		memObject.Put("idle", humanize.IBytes(memStats.HeapIdle-memStats.HeapReleased))
 		memObject.Put("goroutines", runtime.NumGoroutine())
 		memObject.Put("rss", rusageMaxRSS())
--- a/cmd/sing-box/main.go
+++ b/cmd/sing-box/main.go
@@ -2,6 +2,7 @@ package main
 import (
 	"os"
 	"time"
 	_ "github.com/sagernet/sing-box/include"
 	"github.com/sagernet/sing-box/log"
@@ -10,9 +11,10 @@ import (
 )
 var (
-	configPath   string
+	configPaths       []string
-	workingDir   string
+	configDirectories []string
-	disableColor bool
+	workingDir        string
 	disableColor      bool
 )
 var mainCommand = &cobra.Command{
@@ -21,7 +23,8 @@ var mainCommand = &cobra.Command{
 }
 func init() {
-	mainCommand.PersistentFlags().StringVarP(&configPath, "config", "c", "config.json", "set configuration file path")
+	mainCommand.PersistentFlags().StringArrayVarP(&configPaths, "config", "c", nil, "set configuration file path")
 	mainCommand.PersistentFlags().StringArrayVarP(&configDirectories, "config-directory", "C", nil, "set configuration directory path")
 	mainCommand.PersistentFlags().StringVarP(&workingDir, "directory", "D", "", "set working directory")
 	mainCommand.PersistentFlags().BoolVarP(&disableColor, "disable-color", "", false, "disable color output")
 }
@@ -33,9 +36,19 @@ func main() {
 }
 func preRun(cmd *cobra.Command, args []string) {
 	if disableColor {
 		log.SetStdLogger(log.NewFactory(log.Formatter{BaseTime: time.Now(), DisableColors: true}, os.Stderr, nil).Logger())
 	}
 	if workingDir != "" {
 		_, err := os.Stat(workingDir)
 		if err != nil {
 			os.MkdirAll(workingDir, 0o777)
 		}
 		if err := os.Chdir(workingDir); err != nil {
 			log.Fatal(err)
 		}
 	}
 	if len(configPaths) == 0 && len(configDirectories) == 0 {
 		configPaths = append(configPaths, "config.json")
 	}
 }
--- a/common/badjsonmerge/merge.go
+++ b/common/badjsonmerge/merge.go
@@ -0,0 +1,80 @@
 package badjsonmerge
 import (
 	"encoding/json"
 	"reflect"
 	"github.com/sagernet/sing-box/common/badjson"
 	"github.com/sagernet/sing-box/option"
 	E "github.com/sagernet/sing/common/exceptions"
 )
 func MergeOptions(source option.Options, destination option.Options) (option.Options, error) {
 	rawSource, err := json.Marshal(source)
 	if err != nil {
 		return option.Options{}, E.Cause(err, "marshal source")
 	}
 	rawDestination, err := json.Marshal(destination)
 	if err != nil {
 		return option.Options{}, E.Cause(err, "marshal destination")
 	}
 	rawMerged, err := MergeJSON(rawSource, rawDestination)
 	if err != nil {
 		return option.Options{}, E.Cause(err, "merge options")
 	}
 	var merged option.Options
 	err = json.Unmarshal(rawMerged, &merged)
 	if err != nil {
 		return option.Options{}, E.Cause(err, "unmarshal merged options")
 	}
 	return merged, nil
 }
 func MergeJSON(rawSource json.RawMessage, rawDestination json.RawMessage) (json.RawMessage, error) {
 	source, err := badjson.Decode(rawSource)
 	if err != nil {
 		return nil, E.Cause(err, "decode source")
 	}
 	destination, err := badjson.Decode(rawDestination)
 	if err != nil {
 		return nil, E.Cause(err, "decode destination")
 	}
 	merged, err := mergeJSON(source, destination)
 	if err != nil {
 		return nil, err
 	}
 	return json.Marshal(merged)
 }
 func mergeJSON(anySource any, anyDestination any) (any, error) {
 	switch destination := anyDestination.(type) {
 	case badjson.JSONArray:
 		switch source := anySource.(type) {
 		case badjson.JSONArray:
 			destination = append(destination, source...)
 		default:
 			destination = append(destination, source)
 		}
 		return destination, nil
 	case *badjson.JSONObject:
 		switch source := anySource.(type) {
 		case *badjson.JSONObject:
 			for _, entry := range source.Entries() {
 				oldValue, loaded := destination.Get(entry.Key)
 				if loaded {
 					var err error
 					entry.Value, err = mergeJSON(entry.Value, oldValue)
 					if err != nil {
 						return nil, E.Cause(err, "merge object item ", entry.Key)
 					}
 				}
 				destination.Put(entry.Key, entry.Value)
 			}
 		default:
 			return nil, E.New("cannot merge json object into ", reflect.TypeOf(destination))
 		}
 		return destination, nil
 	default:
 		return destination, nil
 	}
 }
--- a/common/badjsonmerge/merge_test.go
+++ b/common/badjsonmerge/merge_test.go
@@ -0,0 +1,59 @@
 package badjsonmerge
 import (
 	"testing"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	N "github.com/sagernet/sing/common/network"
 	"github.com/stretchr/testify/require"
 )
 func TestMergeJSON(t *testing.T) {
 	t.Parallel()
 	options := option.Options{
 		Log: &option.LogOptions{
 			Level: "info",
 		},
 		Route: &option.RouteOptions{
 			Rules: []option.Rule{
 				{
 					Type: C.RuleTypeDefault,
 					DefaultOptions: option.DefaultRule{
 						Network:  N.NetworkTCP,
 						Outbound: "direct",
 					},
 				},
 			},
 		},
 	}
 	anotherOptions := option.Options{
 		Outbounds: []option.Outbound{
 			{
 				Type: C.TypeDirect,
 				Tag:  "direct",
 			},
 		},
 	}
 	thirdOptions := option.Options{
 		Route: &option.RouteOptions{
 			Rules: []option.Rule{
 				{
 					Type: C.RuleTypeDefault,
 					DefaultOptions: option.DefaultRule{
 						Network:  N.NetworkUDP,
 						Outbound: "direct",
 					},
 				},
 			},
 		},
 	}
 	mergeOptions, err := MergeOptions(options, anotherOptions)
 	require.NoError(t, err)
 	mergeOptions, err = MergeOptions(thirdOptions, mergeOptions)
 	require.NoError(t, err)
 	require.Equal(t, "info", mergeOptions.Log.Level)
 	require.Equal(t, 2, len(mergeOptions.Route.Rules))
 	require.Equal(t, C.TypeDirect, mergeOptions.Outbounds[0].Type)
 }
--- a/common/canceler/instance.go
+++ b/common/canceler/instance.go
@@ -1,48 +0,0 @@
 package canceler
 import (
 	"context"
 	"time"
 )
 type Instance struct {
 	ctx        context.Context
 	cancelFunc context.CancelFunc
 	timer      *time.Timer
 	timeout    time.Duration
 }
 func New(ctx context.Context, cancelFunc context.CancelFunc, timeout time.Duration) *Instance {
 	instance := &Instance{
 		ctx,
 		cancelFunc,
 		time.NewTimer(timeout),
 		timeout,
 	}
 	go instance.wait()
 	return instance
 }
 func (i *Instance) Update() bool {
 	if !i.timer.Stop() {
 		return false
 	}
 	if !i.timer.Reset(i.timeout) {
 		return false
 	}
 	return true
 }
 func (i *Instance) wait() {
 	select {
 	case <-i.timer.C:
 	case <-i.ctx.Done():
 	}
 	i.Close()
 }
 func (i *Instance) Close() error {
 	i.timer.Stop()
 	i.cancelFunc()
 	return nil
 }
--- a/common/canceler/packet.go
+++ b/common/canceler/packet.go
@@ -1,49 +0,0 @@
 package canceler
 import (
 	"context"
 	"time"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 )
 type PacketConn struct {
 	N.PacketConn
 	instance *Instance
 }
 func NewPacketConn(ctx context.Context, conn N.PacketConn, timeout time.Duration) (context.Context, N.PacketConn) {
 	ctx, cancel := context.WithCancel(ctx)
 	instance := New(ctx, cancel, timeout)
 	return ctx, &PacketConn{conn, instance}
 }
 func (c *PacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
 	destination, err = c.PacketConn.ReadPacket(buffer)
 	if err == nil {
 		c.instance.Update()
 	}
 	return
 }
 func (c *PacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
 	err := c.PacketConn.WritePacket(buffer, destination)
 	if err == nil {
 		c.instance.Update()
 	}
 	return err
 }
 func (c *PacketConn) Close() error {
 	return common.Close(
 		c.PacketConn,
 		c.instance,
 	)
 }
 func (c *PacketConn) Upstream() any {
 	return c.PacketConn
 }
--- a/common/dialer/conntrack/conn.go
+++ b/common/dialer/conntrack/conn.go
@@ -1,29 +1,32 @@
 package conntrack
 import (
 	"io"
 	"net"
 	"runtime/debug"
 	"github.com/sagernet/sing/common/x/list"
 )
 type Conn struct {
 	net.Conn
-	element *list.Element[*ConnEntry]
+	element *list.Element[io.Closer]
 }
-func NewConn(conn net.Conn) *Conn {
+func NewConn(conn net.Conn) (*Conn, error) {
 	entry := &ConnEntry{
 		Conn:  conn,
 		Stack: debug.Stack(),
 	}
 	connAccess.Lock()
-	element := openConnection.PushBack(entry)
+	element := openConnection.PushBack(conn)
 	connAccess.Unlock()
 	if KillerEnabled {
 		err := killerCheck()
 		if err != nil {
 			conn.Close()
 			return nil, err
 		}
 	}
 	return &Conn{
 		Conn:    conn,
 		element: element,
-	}
+	}, nil
 }
 func (c *Conn) Close() error {
--- a/common/dialer/conntrack/killer.go
+++ b/common/dialer/conntrack/killer.go
@@ -0,0 +1,38 @@
 package conntrack
 import (
 	"runtime"
 	runtimeDebug "runtime/debug"
 	"time"
 	E "github.com/sagernet/sing/common/exceptions"
 )
 var (
 	KillerEnabled   bool
 	MemoryLimit     int64
 	killerLastCheck time.Time
 )
 func killerCheck() error {
 	if !KillerEnabled {
 		return nil
 	}
 	nowTime := time.Now()
 	if nowTime.Sub(killerLastCheck) < 3*time.Second {
 		return nil
 	}
 	killerLastCheck = nowTime
 	var memStats runtime.MemStats
 	runtime.ReadMemStats(&memStats)
 	inuseMemory := int64(memStats.StackInuse + memStats.HeapInuse + memStats.HeapIdle - memStats.HeapReleased)
 	if inuseMemory > MemoryLimit {
 		Close()
 		go func() {
 			time.Sleep(time.Second)
 			runtimeDebug.FreeOSMemory()
 		}()
 		return E.New("out of memory")
 	}
 	return nil
 }
--- a/common/dialer/conntrack/packet_conn.go
+++ b/common/dialer/conntrack/packet_conn.go
@@ -1,29 +1,32 @@
 package conntrack
 import (
 	"io"
 	"net"
 	"runtime/debug"
 	"github.com/sagernet/sing/common/x/list"
 )
 type PacketConn struct {
 	net.PacketConn
-	element *list.Element[*ConnEntry]
+	element *list.Element[io.Closer]
 }
-func NewPacketConn(conn net.PacketConn) *PacketConn {
+func NewPacketConn(conn net.PacketConn) (*PacketConn, error) {
 	entry := &ConnEntry{
 		Conn:  conn,
 		Stack: debug.Stack(),
 	}
 	connAccess.Lock()
-	element := openConnection.PushBack(entry)
+	element := openConnection.PushBack(conn)
 	connAccess.Unlock()
 	if KillerEnabled {
 		err := killerCheck()
 		if err != nil {
 			conn.Close()
 			return nil, err
 		}
 	}
 	return &PacketConn{
 		PacketConn: conn,
 		element:    element,
-	}
+	}, nil
 }
 func (c *PacketConn) Close() error {
--- a/common/dialer/conntrack/track.go
+++ b/common/dialer/conntrack/track.go
@@ -10,22 +10,17 @@ import (
 var (
 	connAccess     sync.RWMutex
-	openConnection list.List[*ConnEntry]
+	openConnection list.List[io.Closer]
 )
 type ConnEntry struct {
 	Conn  io.Closer
 	Stack []byte
 }
 func Count() int {
 	return openConnection.Len()
 }
-func List() []*ConnEntry {
+func List() []io.Closer {
 	connAccess.RLock()
 	defer connAccess.RUnlock()
-	connList := make([]*ConnEntry, 0, openConnection.Len())
+	connList := make([]io.Closer, 0, openConnection.Len())
 	for element := openConnection.Front(); element != nil; element = element.Next() {
 		connList = append(connList, element.Value)
 	}
@@ -36,8 +31,8 @@ func Close() {
 	connAccess.Lock()
 	defer connAccess.Unlock()
 	for element := openConnection.Front(); element != nil; element = element.Next() {
-		common.Close(element.Value.Conn)
+		common.Close(element.Value)
 		element.Value = nil
 	}
-	openConnection = list.List[*ConnEntry]{}
+	openConnection.Init()
 }
--- a/common/dialer/default.go
+++ b/common/dialer/default.go
@@ -178,12 +178,12 @@ func trackConn(conn net.Conn, err error) (net.Conn, error) {
 	if !conntrack.Enabled || err != nil {
 		return conn, err
 	}
-	return conntrack.NewConn(conn), nil
+	return conntrack.NewConn(conn)
 }
 func trackPacketConn(conn net.PacketConn, err error) (net.PacketConn, error) {
 	if !conntrack.Enabled || err != nil {
 		return conn, err
 	}
-	return conntrack.NewPacketConn(conn), nil
+	return conntrack.NewPacketConn(conn)
 }
--- a/common/dialer/tfo.go
+++ b/common/dialer/tfo.go
@@ -119,6 +119,10 @@ func (c *slowOpenConn) LazyHeadroom() bool {
 	return c.conn == nil
 }
 func (c *slowOpenConn) NeedHandshake() bool {
 	return c.conn == nil
 }
 func (c *slowOpenConn) ReadFrom(r io.Reader) (n int64, err error) {
 	if c.conn != nil {
 		return bufio.Copy(c.conn, r)
--- a/common/settings/proxy_android.go
+++ b/common/settings/proxy_android.go
@@ -6,8 +6,8 @@ import (
 	"github.com/sagernet/sing-box/adapter"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing/common"
 	F "github.com/sagernet/sing/common/format"
 	"github.com/sagernet/sing/common/shell"
 )
 var (
@@ -26,9 +26,9 @@ func init() {
 func runAndroidShell(name string, args ...string) error {
 	if !useRish {
-		return common.Exec(name, args...).Attach().Run()
+		return shell.Exec(name, args...).Attach().Run()
 	} else {
-		return common.Exec("sh", rishPath, "-c", F.ToString(name, " ", strings.Join(args, " "))).Attach().Run()
+		return shell.Exec("sh", rishPath, "-c", F.ToString(name, " ", strings.Join(args, " "))).Attach().Run()
 	}
 }
--- a/common/settings/proxy_darwin.go
+++ b/common/settings/proxy_darwin.go
@@ -6,9 +6,9 @@ import (
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
 	"github.com/sagernet/sing/common/shell"
 	"github.com/sagernet/sing/common/x/list"
 )
@@ -34,13 +34,13 @@ func (p *systemProxy) update(event int) error {
 		return err
 	}
 	if p.isMixed {
-		err = common.Exec("networksetup", "-setsocksfirewallproxy", interfaceDisplayName, "127.0.0.1", F.ToString(p.port)).Attach().Run()
+		err = shell.Exec("networksetup", "-setsocksfirewallproxy", interfaceDisplayName, "127.0.0.1", F.ToString(p.port)).Attach().Run()
 	}
 	if err == nil {
-		err = common.Exec("networksetup", "-setwebproxy", interfaceDisplayName, "127.0.0.1", F.ToString(p.port)).Attach().Run()
+		err = shell.Exec("networksetup", "-setwebproxy", interfaceDisplayName, "127.0.0.1", F.ToString(p.port)).Attach().Run()
 	}
 	if err == nil {
-		err = common.Exec("networksetup", "-setsecurewebproxy", interfaceDisplayName, "127.0.0.1", F.ToString(p.port)).Attach().Run()
+		err = shell.Exec("networksetup", "-setsecurewebproxy", interfaceDisplayName, "127.0.0.1", F.ToString(p.port)).Attach().Run()
 	}
 	return err
 }
@@ -51,19 +51,19 @@ func (p *systemProxy) unset() error {
 		return err
 	}
 	if p.isMixed {
-		err = common.Exec("networksetup", "-setsocksfirewallproxystate", interfaceDisplayName, "off").Attach().Run()
+		err = shell.Exec("networksetup", "-setsocksfirewallproxystate", interfaceDisplayName, "off").Attach().Run()
 	}
 	if err == nil {
-		err = common.Exec("networksetup", "-setwebproxystate", interfaceDisplayName, "off").Attach().Run()
+		err = shell.Exec("networksetup", "-setwebproxystate", interfaceDisplayName, "off").Attach().Run()
 	}
 	if err == nil {
-		err = common.Exec("networksetup", "-setsecurewebproxystate", interfaceDisplayName, "off").Attach().Run()
+		err = shell.Exec("networksetup", "-setsecurewebproxystate", interfaceDisplayName, "off").Attach().Run()
 	}
 	return err
 }
 func getInterfaceDisplayName(name string) (string, error) {
-	content, err := common.Exec("networksetup", "-listallhardwareports").Read()
+	content, err := shell.Exec("networksetup", "-listallhardwareports").ReadOutput()
 	if err != nil {
 		return "", err
 	}
--- a/common/settings/proxy_linux.go
+++ b/common/settings/proxy_linux.go
@@ -11,6 +11,7 @@ import (
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
 	"github.com/sagernet/sing/common/shell"
 )
 var (
@@ -27,9 +28,9 @@ func init() {
 func runAsUser(name string, args ...string) error {
 	if os.Getuid() != 0 {
-		return common.Exec(name, args...).Attach().Run()
+		return shell.Exec(name, args...).Attach().Run()
 	} else if sudoUser != "" {
-		return common.Exec("su", "-", sudoUser, "-c", F.ToString(name, " ", strings.Join(args, " "))).Attach().Run()
+		return shell.Exec("su", "-", sudoUser, "-c", F.ToString(name, " ", strings.Join(args, " "))).Attach().Run()
 	} else {
 		return E.New("set system proxy: unable to set as root")
 	}
--- a/common/settings/time_stub.go
+++ b/common/settings/time_stub.go
@@ -0,0 +1,12 @@
 //go:build !(windows || linux || darwin)
 package settings
 import (
 	"os"
 	"time"
 )
 func SetSystemTime(nowTime time.Time) error {
 	return os.ErrInvalid
 }
--- a/common/settings/time_unix.go
+++ b/common/settings/time_unix.go
@@ -0,0 +1,14 @@
 //go:build linux || darwin
 package settings
 import (
 	"time"
 	"golang.org/x/sys/unix"
 )
 func SetSystemTime(nowTime time.Time) error {
 	timeVal := unix.NsecToTimeval(nowTime.UnixNano())
 	return unix.Settimeofday(&timeVal)
 }
--- a/common/settings/time_windows.go
+++ b/common/settings/time_windows.go
@@ -0,0 +1,32 @@
 package settings
 import (
 	"time"
 	"unsafe"
 	"golang.org/x/sys/windows"
 )
 func SetSystemTime(nowTime time.Time) error {
 	var systemTime windows.Systemtime
 	systemTime.Year = uint16(nowTime.Year())
 	systemTime.Month = uint16(nowTime.Month())
 	systemTime.Day = uint16(nowTime.Day())
 	systemTime.Hour = uint16(nowTime.Hour())
 	systemTime.Minute = uint16(nowTime.Minute())
 	systemTime.Second = uint16(nowTime.Second())
 	systemTime.Milliseconds = uint16(nowTime.UnixMilli() - nowTime.Unix()*1000)
 	dllKernel32 := windows.NewLazySystemDLL("kernel32.dll")
 	proc := dllKernel32.NewProc("SetSystemTime")
 	_, _, err := proc.Call(
 		uintptr(unsafe.Pointer(&systemTime)),
 	)
 	if err != nil && err.Error() != "The operation completed successfully." {
 		return err
 	}
 	return nil
 }
--- a/common/tls/reality_client.go
+++ b/common/tls/reality_client.go
@@ -42,7 +42,7 @@ var _ ConfigCompat = (*RealityClientConfig)(nil)
 type RealityClientConfig struct {
 	uClient   *UTLSClientConfig
 	publicKey []byte
-	shortID   []byte
+	shortID   [8]byte
 }
 func NewRealityClient(router adapter.Router, serverAddress string, options option.OutboundTLSOptions) (*RealityClientConfig, error) {
@@ -62,11 +62,12 @@ func NewRealityClient(router adapter.Router, serverAddress string, options optio
 	if len(publicKey) != 32 {
 		return nil, E.New("invalid public_key")
 	}
-	shortID, err := hex.DecodeString(options.Reality.ShortID)
+	var shortID [8]byte
 	decodedLen, err := hex.Decode(shortID[:], []byte(options.Reality.ShortID))
 	if err != nil {
 		return nil, E.Cause(err, "decode short_id")
 	}
-	if len(shortID) != 8 {
+	if decodedLen > 8 {
 		return nil, E.New("invalid short_id")
 	}
 	return &RealityClientConfig{uClient, publicKey, shortID}, nil
@@ -125,7 +126,7 @@ func (e *RealityClientConfig) ClientHandshake(ctx context.Context, conn net.Conn
 	hello.SessionId[0] = 1
 	hello.SessionId[1] = 7
 	hello.SessionId[2] = 5
-	copy(hello.SessionId[8:], e.shortID)
+	copy(hello.SessionId[8:], e.shortID[:])
 	if debug.Enabled {
 		fmt.Printf("REALITY hello.sessionId[:16]: %v\n", hello.SessionId[:16])
--- a/common/tls/reality_server.go
+++ b/common/tls/reality_server.go
@@ -89,16 +89,16 @@ func NewRealityServer(ctx context.Context, router adapter.Router, logger log.Log
 	tlsConfig.MaxTimeDiff = time.Duration(options.Reality.MaxTimeDifference)
 	tlsConfig.ShortIds = make(map[[8]byte]bool)
-	for i, shortID := range options.Reality.ShortID {
+	for i, shortIDString := range options.Reality.ShortID {
-		var shortIDBytesArray [8]byte
+		var shortID [8]byte
-		decodedLen, err := hex.Decode(shortIDBytesArray[:], []byte(shortID))
+		decodedLen, err := hex.Decode(shortID[:], []byte(shortIDString))
 		if err != nil {
-			return nil, E.Cause(err, "decode short_id[", i, "]: ", shortID)
+			return nil, E.Cause(err, "decode short_id[", i, "]: ", shortIDString)
 		}
-		if decodedLen != 8 {
+		if decodedLen > 8 {
-			return nil, E.New("invalid short_id[", i, "]: ", shortID)
+			return nil, E.New("invalid short_id[", i, "]: ", shortIDString)
 		}
-		tlsConfig.ShortIds[shortIDBytesArray] = true
+		tlsConfig.ShortIds[shortID] = true
 	}
 	handshakeDialer := dialer.New(router, options.Reality.Handshake.DialerOptions)
--- a/constant/time.go
+++ b/constant/time.go
@@ -0,0 +1,3 @@
 package constant
 const TimeLayout = "2006-01-02 15:04:05 -0700"
--- a/debug.go
+++ b/debug.go
@@ -0,0 +1,35 @@
 //go:build go1.19
 package box
 import (
 	"runtime/debug"
 	"github.com/sagernet/sing-box/common/dialer/conntrack"
 	"github.com/sagernet/sing-box/option"
 )
 func applyDebugOptions(options option.DebugOptions) {
 	if options.GCPercent != nil {
 		debug.SetGCPercent(*options.GCPercent)
 	}
 	if options.MaxStack != nil {
 		debug.SetMaxStack(*options.MaxStack)
 	}
 	if options.MaxThreads != nil {
 		debug.SetMaxThreads(*options.MaxThreads)
 	}
 	if options.PanicOnFault != nil {
 		debug.SetPanicOnFault(*options.PanicOnFault)
 	}
 	if options.TraceBack != "" {
 		debug.SetTraceback(options.TraceBack)
 	}
 	if options.MemoryLimit != 0 {
 		debug.SetMemoryLimit(int64(options.MemoryLimit))
 		conntrack.MemoryLimit = int64(options.MemoryLimit)
 	}
 	if options.OOMKiller != nil {
 		conntrack.KillerEnabled = *options.OOMKiller
 	}
 }
--- a/debug_go118.go
+++ b/debug_go118.go
@@ -0,0 +1,35 @@
 //go:build !go1.19
 package box
 import (
 	"runtime/debug"
 	"github.com/sagernet/sing-box/common/dialer/conntrack"
 	"github.com/sagernet/sing-box/option"
 )
 func applyDebugOptions(options option.DebugOptions) {
 	if options.GCPercent != nil {
 		debug.SetGCPercent(*options.GCPercent)
 	}
 	if options.MaxStack != nil {
 		debug.SetMaxStack(*options.MaxStack)
 	}
 	if options.MaxThreads != nil {
 		debug.SetMaxThreads(*options.MaxThreads)
 	}
 	if options.PanicOnFault != nil {
 		debug.SetPanicOnFault(*options.PanicOnFault)
 	}
 	if options.TraceBack != "" {
 		debug.SetTraceback(options.TraceBack)
 	}
 	if options.MemoryLimit != 0 {
 		// debug.SetMemoryLimit(int64(options.MemoryLimit))
 		conntrack.MemoryLimit = int64(options.MemoryLimit)
 	}
 	if options.OOMKiller != nil {
 		conntrack.KillerEnabled = *options.OOMKiller
 	}
 }
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -1,3 +1,69 @@
 #### 1.2.2
 * Accept `any` outbound in dns rule **1**
 * Fix bugs and update dependencies
 *1*:
 Now you can use the `any` outbound rule to match server address queries instead of filling in all server domains to `domain` rule.
 #### 1.2.1
 * Fix missing default host in v2ray http transport`s request
 * Flush DNS cache for macOS when tun start/close
 * Fix tun's DNS hijacking compatibility with systemd-resolved
 #### 1.2.0
 * Fix bugs and update dependencies
 Important changes since 1.1:
 * Introducing our [new iOS client application](/installation/clients/sfi)
 * Introducing [UDP over TCP protocol version 2](/configuration/shared/udp-over-tcp)
 * Add [platform options](/configuration/inbound/tun#platform) for tun inbound
 * Add [ShadowTLS protocol v3](https://github.com/ihciah/shadow-tls/blob/master/docs/protocol-v3-en.md)
 * Add [VLESS server](/configuration/inbound/vless) and [vision](/configuration/outbound/vless#flow) support
 * Add [reality TLS](/configuration/shared/tls) support
 * Add [NTP service](/configuration/ntp)
 * Add [DHCP DNS server](/configuration/dns/server) support
 * Add SSH [host key validation](/configuration/outbound/ssh) support
 * Add [query_type](/configuration/dns/rule) DNS rule item
 * Add fallback support for v2ray transport
 * Add custom TLS server support for http based v2ray transports
 * Add health check support for http-based v2ray transports
 * Add multiple configuration support
 #### 1.2-rc1
 * Fix bugs and update dependencies
 #### 1.2-beta10
 * Add multiple configuration support **1**
 * Fix bugs and update dependencies
 *1*:
 Now you can pass the parameter `--config` or `-c` multiple times, or use the new parameter `--config-directory` or `-C`
 to load all configuration files in a directory.
 Loaded configuration files are sorted by name. If you want to control the merge order, add a numeric prefix to the file
 name.
 #### 1.1.7
 * Improve the stability of the VMESS server
 * Fix `auto_detect_interface` incorrectly identifying the default interface on Windows
 * Fix bugs and update dependencies
 #### 1.2-beta9
 * Introducing the [UDP over TCP protocol version 2](/configuration/shared/udp-over-tcp)
 * Add health check support for http-based v2ray transports
 * Remove length limit on short_id for reality TLS config
 * Fix bugs and update dependencies
 #### 1.2-beta8
 * Update reality and uTLS libraries
@@ -115,7 +181,7 @@ Important changes since 1.0:
 * Add VLESS outbound and XUDP
 * Skip wait for hysteria tcp handshake response
 * Add v2ray mux support for all inbound
-* Add XUDP support for VMess 
+* Add XUDP support for VMess
 * Improve websocket writer
 * Refine tproxy write back
 * Fix DNS leak caused by
--- a/docs/configuration/dns/rule.md
+++ b/docs/configuration/dns/rule.md
@@ -232,6 +232,8 @@ Invert match result.
 Match outbound.
 `any` can be used as a value to match any outbound.
 #### server
 ==Required==
@@ -254,18 +256,4 @@ Disable cache and save cache in this query.
 #### rules
-Included default rules.
+Included default rules.
 #### invert
 Invert match result.
 #### server
 ==Required==
 Tag of the target dns server.
 #### disable_cache
 Disable cache and save cache in this query.
--- a/docs/configuration/dns/rule.zh.md
+++ b/docs/configuration/dns/rule.zh.md
@@ -231,6 +231,8 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
 匹配出站。
 `any` 可作为值用于匹配任意出站。
 #### server
 ==必填==
@@ -253,18 +255,4 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
 #### rules
-包括的默认规则。
+包括的默认规则。
 #### invert
 反选匹配结果。
 #### server
 ==必填==
 目标 DNS 服务器的标签。
 #### disable_cache
 在此查询中禁用缓存。
--- a/docs/configuration/inbound/http.md
+++ b/docs/configuration/inbound/http.md
@@ -40,4 +40,8 @@ No authentication required if empty.
    Only supported on Linux, Android, Windows, and macOS.
 !!! warning ""
    To work on Android and iOS without privileges, use tun.platform.http_proxy instead.
 Automatically set system proxy configuration when start and clean up when stop.
--- a/docs/configuration/inbound/http.zh.md
+++ b/docs/configuration/inbound/http.zh.md
@@ -40,4 +40,8 @@ HTTP 用户
    仅支持 Linux、Android、Windows 和 macOS。
 !!! warning ""
    要在无特权的 Android 和 iOS 上工作，请改用 tun.platform.http_proxy。
 启动时自动设置系统代理，停止时自动清理。
--- a/docs/configuration/inbound/hysteria.md
+++ b/docs/configuration/inbound/hysteria.md
@@ -74,14 +74,10 @@ Hysteria users
 #### users.auth
 ==Required if `auth_str` is empty==
 Authentication password, in base64.
 #### users.auth_str
 ==Required if `auth` is empty==
 Authentication password.
 #### recv_window_conn
--- a/docs/configuration/inbound/hysteria.zh.md
+++ b/docs/configuration/inbound/hysteria.zh.md
@@ -74,14 +74,10 @@ Hysteria 用户
 #### users.auth
 ==与 auth_str 必填一个==
 base64 编码的认证密码。
 #### users.auth_str
 ==与 auth 必填一个==
 认证密码。
 #### recv_window_conn
--- a/docs/configuration/inbound/mixed.md
+++ b/docs/configuration/inbound/mixed.md
@@ -37,4 +37,8 @@ No authentication required if empty.
    Only supported on Linux, Android, Windows, and macOS.
-Automatically set system proxy configuration when start and clean up when stop.
+!!! warning ""
    To work on Android and iOS without privileges, use tun.platform.http_proxy instead.
 Automatically set system proxy configuration when start and clean up when stop.
--- a/docs/configuration/inbound/mixed.zh.md
+++ b/docs/configuration/inbound/mixed.zh.md
@@ -37,4 +37,8 @@ SOCKS 和 HTTP 用户
    仅支持 Linux、Android、Windows 和 macOS。
 !!! warning ""
    要在无特权的 Android 和 iOS 上工作，请改用 tun.platform.http_proxy。
 启动时自动设置系统代理，停止时自动清理。
--- a/docs/configuration/inbound/tun.md
+++ b/docs/configuration/inbound/tun.md
@@ -107,8 +107,7 @@ Enforce strict routing rules when `auto_route` is enabled:
 * Let unsupported network unreachable
 * Route all connections to tun
-It prevents address leaks and makes DNS hijacking work on Android and Linux with systemd-resolved, but your device will
+It prevents address leaks and makes DNS hijacking work on Android, but your device will not be accessible by others.
 not be accessible by others.
 *In Windows*:
--- a/docs/configuration/inbound/tun.zh.md
+++ b/docs/configuration/inbound/tun.zh.md
@@ -107,7 +107,7 @@ tun 接口的 IPv6 前缀。
 * 让不支持的网络无法到达
 * 将所有连接路由到 tun
-它可以防止地址泄漏，并使 DNS 劫持在 Android 和使用 systemd-resolved 的 Linux 上工作，但你的设备将无法其他设备被访问。
+它可以防止地址泄漏，并使 DNS 劫持在 Android 上工作，但你的设备将无法其他设备被访问。
 *在 Windows 中*:
--- a/docs/configuration/outbound/shadowsocks.md
+++ b/docs/configuration/outbound/shadowsocks.md
@@ -12,7 +12,7 @@
  "plugin": "",
  "plugin_opts": "",
  "network": "udp",
-  "udp_over_tcp": false,
+  "udp_over_tcp": false | {},
  "multiplex": {},
  ... // Dial Fields
@@ -87,7 +87,9 @@ Both is enabled by default.
 #### udp_over_tcp
-Enable the UDP over TCP protocol.
+UDP over TCP configuration.
 See [UDP Over TCP](/configuration/shared/udp-over-tcp) for details.
 Conflict with `multiplex`.
--- a/docs/configuration/outbound/shadowsocks.zh.md
+++ b/docs/configuration/outbound/shadowsocks.zh.md
@@ -12,7 +12,7 @@
  "plugin": "",
  "plugin_opts": "",
  "network": "udp",
-  "udp_over_tcp": false,
+  "udp_over_tcp": false | {},
  "multiplex": {},
  ... // 拨号字段
@@ -87,7 +87,9 @@ Shadowsocks SIP003 插件参数。
 #### udp_over_tcp
-启用 UDP over TCP 协议。
+UDP over TCP 配置。
 参阅 [UDP Over TCP](/zh/configuration/shared/udp-over-tcp)。
 与 `multiplex` 冲突。
--- a/docs/configuration/outbound/socks.md
+++ b/docs/configuration/outbound/socks.md
@@ -13,7 +13,7 @@
  "username": "sekai",
  "password": "admin",
  "network": "udp",
-  "udp_over_tcp": false,
+  "udp_over_tcp": false | {},
  ... // Dial Fields
 }
@@ -57,7 +57,9 @@ Both is enabled by default.
 #### udp_over_tcp
-Enable the UDP over TCP protocol.
+UDP over TCP protocol settings.
 See [UDP Over TCP](/configuration/shared/udp-over-tcp) for details.
 ### Dial Fields
--- a/docs/configuration/outbound/socks.zh.md
+++ b/docs/configuration/outbound/socks.zh.md
@@ -13,7 +13,7 @@
  "username": "sekai",
  "password": "admin",
  "network": "udp",
-  "udp_over_tcp": false,
+  "udp_over_tcp": false | {},
  ... // 拨号字段
 }
@@ -57,7 +57,9 @@ SOCKS5 密码。
 #### udp_over_tcp
-启用 UDP over TCP 协议。
+UDP over TCP 配置。
 参阅 [UDP Over TCP](/zh/configuration/shared/udp-over-tcp)。
 ### 拨号字段
--- a/docs/configuration/shared/tls.md
+++ b/docs/configuration/shared/tls.md
@@ -333,7 +333,7 @@ Public key, generated by `sing-box generate reality-keypair`.
 ==Required==
-A 8-bit hex string.
+A hexadecimal string with zero to eight digits.
 #### max_time_difference
--- a/docs/configuration/shared/tls.zh.md
+++ b/docs/configuration/shared/tls.zh.md
@@ -329,7 +329,7 @@ MAC 密钥。
 ==必填==
-一个八位十六进制的字符串。
+一个零到八位的十六进制字符串。
 #### max_time_difference
--- a/docs/configuration/shared/udp-over-tcp.md
+++ b/docs/configuration/shared/udp-over-tcp.md
@@ -0,0 +1,79 @@
 # UDP over TCP
 !!! warning ""
    It's a proprietary protocol created by SagerNet, not part of shadowsocks.
 The UDP over TCP protocol is used to transmit UDP packets in TCP.
 ### Structure
 ```json
 {
  "enabled": true,
  "version": 2
 }
 ```
 !!! info ""
    The structure can be replaced with a boolean value when the version is not specified.
 ### Fields
 #### enabled
 Enable the UDP over TCP protocol.
 #### version
 The protocol version, `1` or `2`.
 2 is used by default.
 ### Application support
 | Project      | UoT v1               | UoT v2                                                                                                            |
 |--------------|----------------------|-------------------------------------------------------------------------------------------------------------------|
 | sing-box     | v0 (2022/08/11)      | v1.2-beta9                                                                                                        |
 | Xray-core    | v1.5.7 (2022/06/05)  | [f57ec13](https://github.com/XTLS/Xray-core/commit/f57ec1388084df041a2289bacab14e446bf1b357) (Not released)       |
 | Clash.Meta   | v1.12.0 (2022/07/02) | [8cb67b6](https://github.com/MetaCubeX/Clash.Meta/commit/8cb67b6480649edfa45dcc9ac89ce0789651e8b3) (Not released) |
 | Shadowrocket | v2.2.12 (2022/08/13) | /                                                                                                                 |
 ### Protocol details
 #### Protocol version 1
 The client requests the magic address to the upper layer proxy protocol to indicate the request: `sp.udp-over-tcp.arpa`
 #### Stream format
 | ATYP | address  | port  | length | data     |
 |------|----------|-------|--------|----------|
 | u8   | variable | u16be | u16be  | variable |
 **ATYP / address / port**: Uses the SOCKS address format.
 #### Protocol version 2
 Protocol version 2 uses a new magic address: `sp.v2.udp-over-tcp.arpa`
 ##### Request format
 | isConnect | ATYP | address  | port  |
 |-----------|------|----------|-------|
 | u8        | u8   | variable | u16be |
 **isConnect**: Set to 1 to indicates that the stream uses the connect format, 0 to disable.
 **ATYP / address / port**: Request destination, uses the SOCKS address format.
 ##### Connect stream format
 | length | data     |
 |--------|----------|
 | u16be  | variable |
 ##### Non-connect stream format
 As the same as the stream format in protocol version 1.
--- a/docs/configuration/shared/v2ray-transport.md
+++ b/docs/configuration/shared/v2ray-transport.md
@@ -34,7 +34,9 @@ Available transports:
  "host": [],
  "path": "",
  "method": "",
-  "headers": {}
+  "headers": {},
  "idle_timeout": "15s",
  "ping_timeout": "15s"
 }
 ```
@@ -66,6 +68,24 @@ Extra headers of HTTP request.
 The server will write in response if not empty.
 #### idle_timeout
 In HTTP2 server:
 Specifies the time until idle clients should be closed with a GOAWAY frame. PING frames are not considered as activity.
 In HTTP2 client:
 Specifies the period of time after which a health check will be performed using a ping frame if no frames have been received on the connection. Please note that a ping response is considered a received frame, so if there is no other traffic on the connection, the health check will be executed every interval. If the value is zero, no health check will be performed.
 Zero is used by default.
 #### ping_timeout
 In HTTP2 client:
 Specifies the timeout duration after sending a PING frame, within which a response must be received. If a response to the PING frame is not received within the specified timeout duration, the connection will be closed. The default timeout duration is 15 seconds.
 ### WebSocket
 ```json
@@ -126,10 +146,41 @@ It needs to be consistent with the server.
 ```json
 {
  "type": "grpc",
-  "service_name": "TunService"
+  "service_name": "TunService",
  "idle_timeout": "15s",
  "ping_timeout": "15s",
  "permit_without_stream": false
 }
 ```
 #### service_name
-Service name of gRPC.
+Service name of gRPC.
 #### idle_timeout
 In standard gRPC server/client:
 If the transport doesn't see any activity after a duration of this time, it pings the client to check if the connection is still active.
 In default gRPC server/client:
 It has the same behavior as the corresponding setting in HTTP transport.
 #### ping_timeout
 In standard gRPC server/client:
 The timeout that after performing a keepalive check, the client will wait for activity. If no activity is detected, the connection will be closed.
 In default gRPC server/client:
 It has the same behavior as the corresponding setting in HTTP transport.
 #### permit_without_stream
 In standard gRPC client:
 If enabled, the client transport sends keepalive pings even with no active connections. If disabled, when there are no active connections, `idle_timeout` and `ping_timeout` will be ignored and no keepalive pings will be sent.
 Disabled by default.
--- a/docs/configuration/shared/v2ray-transport.zh.md
+++ b/docs/configuration/shared/v2ray-transport.zh.md
@@ -33,7 +33,9 @@ V2Ray Transport 是 v2ray 发明的一组私有协议，并污染了其他协议
  "host": [],
  "path": "",
  "method": "",
-  "headers": {}
+  "headers": {},
  "idle_timeout": "15s",
  "ping_timeout": "15s"
 }
 ```
@@ -65,6 +67,24 @@ HTTP 请求的额外标头
 默认服务器将写入响应。
 #### idle_timeout
 在 HTTP2 服务器中：
 指定闲置客户端应在多长时间内使用 GOAWAY 帧关闭。PING 帧不被视为活动。
 在 HTTP2 客户端中：
 如果连接上没有收到任何帧，指定一段时间后将使用 PING 帧执行健康检查。需要注意的是，PING 响应被视为已接收的帧，因此如果连接上没有其他流量，则健康检查将在每个间隔执行一次。如果值为零，则不会执行健康检查。
 默认使用零。
 #### ping_timeout
 在 HTTP2 客户端中：
 指定发送 PING 帧后，在指定的超时时间内必须接收到响应。如果在指定的超时时间内没有收到 PING 帧的响应，则连接将关闭。默认超时持续时间为 15 秒。
 ### WebSocket
 ```json
@@ -125,10 +145,41 @@ HTTP 请求的额外标头。
 ```json
 {
  "type": "grpc",
-  "service_name": "TunService"
+  "service_name": "TunService",
  "idle_timeout": "15s",
  "ping_timeout": "15s",
  "permit_without_stream": false
 }
 ```
 #### service_name
-gRPC 服务名称。
+gRPC 服务名称。
 #### idle_timeout
 在标准 gRPC 服务器/客户端：
 如果传输在此时间段后没有看到任何活动，它会向客户端发送 ping 请求以检查连接是否仍然活动。
 在默认 gRPC 服务器/客户端：
 它的行为与 HTTP 传输层中的相应设置相同。
 #### ping_timeout
 在标准 gRPC 服务器/客户端：
 经过一段时间之后，客户端将执行 keepalive 检查并等待活动。如果没有检测到任何活动，则会关闭连接。
 在默认 gRPC 服务器/客户端：
 它的行为与 HTTP 传输层中的相应设置相同。
 #### permit_without_stream
 在标准 gRPC 客户端：
 如果启用，客户端传输即使没有活动连接也会发送 keepalive ping。如果禁用，则在没有活动连接时，将忽略 `idle_timeout` 和 `ping_timeout`，并且不会发送 keepalive ping。
 默认禁用。
--- a/docs/examples/linux-server-installation.md
+++ b/docs/examples/linux-server-installation.md
@@ -7,9 +7,9 @@
 #### Install
 ```shell
-git clone https://github.com/SagerNet/sing-box
+git clone -b main https://github.com/SagerNet/sing-box
 cd sing-box
-./release/local/install_go.sh # skip if you have go1.19 already installed
+./release/local/install_go.sh # skip if you have golang already installed
 ./release/local/install.sh
 ```
--- a/docs/examples/linux-server-installation.zh.md
+++ b/docs/examples/linux-server-installation.zh.md
@@ -7,9 +7,9 @@
 #### 安装
 ```shell
-git clone https://github.com/SagerNet/sing-box
+git clone -b main https://github.com/SagerNet/sing-box
 cd sing-box
-./release/local/install_go.sh # 如果已安装 go1.19 则跳过
+./release/local/install_go.sh # 如果已安装 golang 则跳过
 ./release/local/install.sh
 ```
--- a/docs/examples/shadowsocks.md
+++ b/docs/examples/shadowsocks.md
@@ -1,5 +1,9 @@
 # Shadowsocks
 !!! warning ""
    For censorship bypass usage in China, we recommend using UDP over TCP and disabling UDP on the server.
 ## Single User
 #### Server
@@ -11,6 +15,7 @@
      "type": "shadowsocks",
      "listen": "::",
      "listen_port": 8080,
      "network": "tcp",
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    }
@@ -35,7 +40,8 @@
      "server": "127.0.0.1",
      "server_port": 8080,
      "method": "2022-blake3-aes-128-gcm",
-      "password": "8JCsPssfgS8tiRwiMlhARg=="
+      "password": "8JCsPssfgS8tiRwiMlhARg==",
      "udp_over_tcp": true
    }
  ]
 }
--- a/docs/examples/shadowtls.md
+++ b/docs/examples/shadowtls.md
@@ -24,6 +24,7 @@
      "type": "shadowsocks",
      "tag": "shadowsocks-in",
      "listen": "127.0.0.1",
      "network": "tcp",
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    }
@@ -46,6 +47,7 @@
        "max_connections": 4,
        "min_streams": 4
      }
      // or "udp_over_tcp": true
    },
    {
      "type": "shadowtls",
--- a/docs/examples/tun.md
+++ b/docs/examples/tun.md
@@ -23,7 +23,10 @@
        "disable_cache": true
      },
      {
-        "domain": "mydomain.com",
+        "outbound": "any",
        "server": "local"
      },
      {
        "geosite": "cn",
        "server": "local"
      }
--- a/docs/faq/known-issues.md
+++ b/docs/faq/known-issues.md
@@ -9,10 +9,6 @@ the public internet.
 `auto-route` cannot automatically hijack DNS requests when Android's `Private DNS` enabled or `strict_route` disabled.
 ##### on Linux
 `auto-route` cannot automatically hijack DNS requests with `systemd-resolved` enabled and `strict_route` disabled.
 #### System proxy
 ##### on Linux
--- a/docs/faq/known-issues.zh.md
+++ b/docs/faq/known-issues.zh.md
@@ -8,10 +8,6 @@
 `auto-route` 无法自动劫持 DNS 请求如果 `私人 DNS` 开启或 `strict_route` 禁用。
 ##### Linux
 `auto-route` 无法自动劫持 DNS 请求如果 `systemd-resolved` 开启且 `strict_route` 禁用。
 #### 系统代理
 ##### Linux
--- a/docs/index.md
+++ b/docs/index.md
@@ -25,4 +25,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program. If not, see <http://www.gnu.org/licenses/>.
 In addition, no derivative work may use the name or imply association
 with this application without prior consent.
 ```
--- a/docs/index.zh.md
+++ b/docs/index.zh.md
@@ -25,4 +25,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program. If not, see <http://www.gnu.org/licenses/>.
 In addition, no derivative work may use the name or imply association
 with this application without prior consent.
 ```
--- a/docs/installation/from-source.md
+++ b/docs/installation/from-source.md
@@ -36,4 +36,4 @@ sing-box version
 ```
 It is also recommended to use systemd to manage sing-box service,
-see [Linux server installation example](./examples/linux-server-installation).
+see [Linux server installation example](/examples/linux-server-installation).
--- a/docs/installation/from-source.zh.md
+++ b/docs/installation/from-source.zh.md
@@ -36,4 +36,4 @@ sing-box version
 ```
 同时推荐使用 systemd 来管理 sing-box 服务器实例。
-参阅 [Linux 服务器安装示例](./examples/linux-server-installation)。
+参阅 [Linux 服务器安装示例](/examples/linux-server-installation)。
--- a/experimental/clashapi/server.go
+++ b/experimental/clashapi/server.go
@@ -114,7 +114,7 @@ func NewServer(router adapter.Router, logFactory log.ObservableFactory, options
 	return server, nil
 }
-func (s *Server) Start() error {
+func (s *Server) PreStart() error {
 	if s.cacheFilePath != "" {
 		cacheFile, err := cachefile.Open(s.cacheFilePath)
 		if err != nil {
@@ -122,6 +122,10 @@ func (s *Server) Start() error {
 		}
 		s.cacheFile = cacheFile
 	}
 	return nil
 }
 func (s *Server) Start() error {
 	listener, err := net.Listen("tcp", s.httpServer.Addr)
 	if err != nil {
 		return E.Cause(err, "external controller listen error")
--- a/experimental/libbox/config.go
+++ b/experimental/libbox/config.go
@@ -1,3 +1,5 @@
 //go:build linux || darwin
 package libbox
 import (
--- a/experimental/libbox/iterator.go
+++ b/experimental/libbox/iterator.go
@@ -1,3 +1,5 @@
 //go:build linux || darwin
 package libbox
 import "github.com/sagernet/sing/common"
--- a/experimental/libbox/log.go
+++ b/experimental/libbox/log.go
@@ -1,54 +0,0 @@
 package libbox
 import (
 	"bufio"
 	"log"
 	"os"
 )
 type StandardOutput interface {
 	WriteOutput(message string)
 	WriteErrorOutput(message string)
 }
 func SetOutput(output StandardOutput) {
 	log.SetOutput(logWriter{output})
 	pipeIn, pipeOut, err := os.Pipe()
 	if err != nil {
 		panic(err)
 	}
 	os.Stdout = os.NewFile(pipeOut.Fd(), "stdout")
 	go lineLog(pipeIn, output.WriteOutput)
 	pipeIn, pipeOut, err = os.Pipe()
 	if err != nil {
 		panic(err)
 	}
 	os.Stderr = os.NewFile(pipeOut.Fd(), "srderr")
 	go lineLog(pipeIn, output.WriteErrorOutput)
 }
 type logWriter struct {
 	output StandardOutput
 }
 func (w logWriter) Write(p []byte) (n int, err error) {
 	w.output.WriteOutput(string(p))
 	return len(p), nil
 }
 func lineLog(f *os.File, output func(string)) {
 	const logSize = 1024 // matches android/log.h.
 	r := bufio.NewReaderSize(f, logSize)
 	for {
 		line, _, err := r.ReadLine()
 		str := string(line)
 		if err != nil {
 			str += " " + err.Error()
 		}
 		output(str)
 		if err != nil {
 			break
 		}
 	}
 }
--- a/experimental/libbox/memory.go
+++ b/experimental/libbox/memory.go
@@ -1,8 +1,18 @@
 //go:build darwin
 package libbox
-import "runtime/debug"
+import (
 	runtimeDebug "runtime/debug"
 	"github.com/sagernet/sing-box/common/dialer/conntrack"
 )
 const memoryLimit = 30 * 1024 * 1024
 func SetMemoryLimit() {
-	debug.SetGCPercent(10)
+	runtimeDebug.SetGCPercent(10)
-	debug.SetMemoryLimit(30 * 1024 * 1024)
+	runtimeDebug.SetMemoryLimit(memoryLimit)
 	conntrack.KillerEnabled = true
 	conntrack.MemoryLimit = memoryLimit
 }
--- a/experimental/libbox/platform.go
+++ b/experimental/libbox/platform.go
@@ -1,3 +1,5 @@
 //go:build linux || darwin
 package libbox
 import "github.com/sagernet/sing-box/option"
--- a/experimental/libbox/pprof.go
+++ b/experimental/libbox/pprof.go
@@ -1,4 +1,4 @@
-//go:build debug
+//go:build linux || darwin
 package libbox
--- a/experimental/libbox/pprof_stub.go
+++ b/experimental/libbox/pprof_stub.go
@@ -1,21 +0,0 @@
 //go:build !debug
 package libbox
 import (
 	"os"
 )
 type PProfServer struct{}
 func NewPProfServer(port int) *PProfServer {
 	return &PProfServer{}
 }
 func (s *PProfServer) Start() error {
 	return os.ErrInvalid
 }
 func (s *PProfServer) Close() error {
 	return os.ErrInvalid
 }
--- a/experimental/libbox/service.go
+++ b/experimental/libbox/service.go
@@ -1,3 +1,5 @@
 //go:build linux || darwin
 package libbox
 import (
@@ -75,7 +77,11 @@ func (w *platformInterfaceWrapper) OpenTun(options tun.Options, platformOptions
 	if err != nil {
 		return nil, err
 	}
-	options.FileDescriptor = int(tunFd)
+	dupFd, err := syscall.Dup(int(tunFd))
 	if err != nil {
 		return nil, E.Cause(err, "dup tun file descriptor")
 	}
 	options.FileDescriptor = dupFd
 	return tun.New(options)
 }
--- a/experimental/libbox/setup.go
+++ b/experimental/libbox/setup.go
@@ -1,3 +1,5 @@
 //go:build linux || darwin
 package libbox
 import (
@@ -15,5 +17,5 @@ func Version() string {
 }
 func FormatBytes(length int64) string {
-	return humanize.Bytes(uint64(length))
+	return humanize.IBytes(uint64(length))
 }
--- a/experimental/libbox/tun.go
+++ b/experimental/libbox/tun.go
@@ -1,3 +1,5 @@
 //go:build linux || darwin
 package libbox
 import (
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.18
 require (
 	berty.tech/go-libtor v1.0.385
-	github.com/Dreamacro/clash v1.13.0
+	github.com/Dreamacro/clash v1.14.0
 	github.com/caddyserver/certmagic v0.17.2
 	github.com/cretz/bine v0.2.0
 	github.com/dustin/go-humanize v1.0.1
@@ -17,22 +17,21 @@ require (
 	github.com/insomniacslk/dhcp v0.0.0-20230307103557-e252950ab961
 	github.com/logrusorgru/aurora v2.0.3+incompatible
 	github.com/mholt/acmez v1.1.0
-	github.com/miekg/dns v1.1.51
+	github.com/miekg/dns v1.1.53
 	github.com/ooni/go-libtor v1.1.7
 	github.com/oschwald/maxminddb-golang v1.10.0
-	github.com/pires/go-proxyproto v0.6.2
+	github.com/pires/go-proxyproto v0.7.0
 	github.com/sagernet/badhttp v0.0.0-20230228035330-e77eb9a689fd
 	github.com/sagernet/badhttp2 v0.0.0-20230228040529-408b0b8e774d
 	github.com/sagernet/cloudflare-tls v0.0.0-20221031050923-d70792f4c3a0
 	github.com/sagernet/gomobile v0.0.0-20221130124640-349ebaa752ca
 	github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32
-	github.com/sagernet/reality v0.0.0-20230309024642-952cb58391a0
+	github.com/sagernet/reality v0.0.0-20230323230523-5fa25e693e7f
-	github.com/sagernet/sing v0.1.8
+	github.com/sagernet/sing v0.2.1
-	github.com/sagernet/sing-dns v0.1.4
+	github.com/sagernet/sing-dns v0.1.5-0.20230331013337-06044a57b1da
-	github.com/sagernet/sing-shadowsocks v0.1.2-0.20230221080503-769c01d6bba9
+	github.com/sagernet/sing-shadowsocks v0.2.0
 	github.com/sagernet/sing-shadowtls v0.1.0
-	github.com/sagernet/sing-tun v0.1.2
+	github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab
 	github.com/sagernet/sing-vmess v0.1.3
-	github.com/sagernet/smux v0.0.0-20220831015742-e0f1988e3195
+	github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37
 	github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9
 	github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2
 	github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e
@@ -44,16 +43,16 @@ require (
 	go.uber.org/zap v1.24.0
 	go4.org/netipx v0.0.0-20230303233057-f1b76eb4bb35
 	golang.org/x/crypto v0.7.0
-	golang.org/x/exp v0.0.0-20230307190834-24139beb5833
+	golang.org/x/exp v0.0.0-20230321023759-10a507213a29
 	golang.org/x/net v0.8.0
 	golang.org/x/sys v0.6.0
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde
-	google.golang.org/grpc v1.53.0
+	google.golang.org/grpc v1.54.0
-	google.golang.org/protobuf v1.29.0
+	google.golang.org/protobuf v1.30.0
 	gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c
 )
-//replace github.com/sagernet/sing-tun => ../sing-tun
+//replace github.com/sagernet/sing => ../sing
 require (
 	github.com/ajg/form v1.5.1 // indirect
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,7 @@
 berty.tech/go-libtor v1.0.385 h1:RWK94C3hZj6Z2GdvePpHJLnWYobFr3bY/OdUJ5aoEXw=
 berty.tech/go-libtor v1.0.385/go.mod h1:9swOOQVb+kmvuAlsgWUK/4c52pm69AdbJsxLzk+fJEw=
-github.com/Dreamacro/clash v1.13.0 h1:gF0E0TluE1LCmuhhg0/bjqABYDmSnXkUjXjRhZxyrm8=
+github.com/Dreamacro/clash v1.14.0 h1:ehJ/C/1m9LEjmME72WSE/Y2YqbR3Q54AbjqiRCvtyW4=
-github.com/Dreamacro/clash v1.13.0/go.mod h1:hf0RkWPsQ0e8oS8WVJBIRocY/1ILYzQQg9zeMwd8LsM=
+github.com/Dreamacro/clash v1.14.0/go.mod h1:ia2CU7V713H1QdCqMwOLK9U9V5Ay8X0voj3yQr2tk+I=
 github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
 github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
 github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
@@ -70,19 +70,21 @@ github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczG
 github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/mholt/acmez v1.1.0 h1:IQ9CGHKOHokorxnffsqDvmmE30mDenO1lptYZ1AYkHY=
 github.com/mholt/acmez v1.1.0/go.mod h1:zwo5+fbLLTowAX8o8ETfQzbDtwGEXnPhkmGdKIP+bgs=
-github.com/miekg/dns v1.1.51 h1:0+Xg7vObnhrz/4ZCZcZh7zPXlmU0aveS2HDBd0m0qSo=
+github.com/miekg/dns v1.1.53 h1:ZBkuHr5dxHtB1caEOlZTLPo7D3L3TWckgUUs/RHfDxw=
-github.com/miekg/dns v1.1.51/go.mod h1:2Z9d3CP1LQWihRZUf29mQ19yDThaI4DAYzte2CaQW5c=
+github.com/miekg/dns v1.1.53/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI=
 github.com/onsi/ginkgo/v2 v2.2.0/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk=
 github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
 github.com/ooni/go-libtor v1.1.7 h1:ooVcdEPBqDox5OfeXAfXIeQFCbqMLJVfIpO+Irr7N9A=
 github.com/ooni/go-libtor v1.1.7/go.mod h1:q1YyLwRD9GeMyeerVvwc0vJ2YgwDLTp2bdVcrh/JXyI=
 github.com/oschwald/maxminddb-golang v1.10.0 h1:Xp1u0ZhqkSuopaKmk1WwHtjF0H9Hd9181uj2MQ5Vndg=
 github.com/oschwald/maxminddb-golang v1.10.0/go.mod h1:Y2ELenReaLAZ0b400URyGwvYxHV1dLIxBuyOsyYjHK0=
 github.com/pierrec/lz4/v4 v4.1.14 h1:+fL8AQEZtz/ijeNnpduH0bROTu0O3NZAlPjQxGn8LwE=
 github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8=
+github.com/pires/go-proxyproto v0.7.0 h1:IukmRewDQFWC7kfnb66CSomk2q/seBuilHBYFwyq0Hs=
-github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
+github.com/pires/go-proxyproto v0.7.0/go.mod h1:Vz/1JPY/OACxWGQNIRY2BeyDmpoaWmEP40O9LbuiFR4=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -95,10 +97,6 @@ github.com/quic-go/qtls-go1-19 v0.2.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05
 github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV54oAI=
 github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sagernet/badhttp v0.0.0-20230228035330-e77eb9a689fd h1:nv3WtVfPGX+i2Ip/TR+Yd3LO1xFSpKUgWmYsXxKJ6vM=
 github.com/sagernet/badhttp v0.0.0-20230228035330-e77eb9a689fd/go.mod h1:geEm+9ZyRMZ8THRH0XSexeStaMDtkFBf4J1nMK92mAY=
 github.com/sagernet/badhttp2 v0.0.0-20230228040529-408b0b8e774d h1:RmBTGU4SvqxX57SDvpQtrkiQDaCnr4J/DMYMrUBL7OQ=
 github.com/sagernet/badhttp2 v0.0.0-20230228040529-408b0b8e774d/go.mod h1:Ag8QdZjLwuy3V2pyOcqlKz4Cdh0wKEOFlYgR3wPUGkI=
 github.com/sagernet/cloudflare-tls v0.0.0-20221031050923-d70792f4c3a0 h1:KyhtFFt1Jtp5vW2ohNvstvQffTOQ/s5vENuGXzdA+TM=
 github.com/sagernet/cloudflare-tls v0.0.0-20221031050923-d70792f4c3a0/go.mod h1:D4SFEOkJK+4W1v86ZhX0jPM0rAL498fyQAChqMtes/I=
 github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 h1:5+m7c6AkmAylhauulqN/c5dnh8/KssrE9c93TQrXldA=
@@ -109,24 +107,24 @@ github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6E
 github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
 github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32 h1:tztuJB+giOWNRKQEBVY2oI3PsheTooMdh+/yxemYQYY=
 github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32/go.mod h1:QMCkxXAC3CvBgDZVIJp43NWTuwGBScCzMLVLynjERL8=
-github.com/sagernet/reality v0.0.0-20230309024642-952cb58391a0 h1:ffgI5Jo3imRx3AKejBOagcKkd8MTF+WYSQkr64EWBGc=
+github.com/sagernet/reality v0.0.0-20230323230523-5fa25e693e7f h1:plVtFF9NVw5Py4jH/KQuWxojdMFDroTsQ1PVJcU9djM=
-github.com/sagernet/reality v0.0.0-20230309024642-952cb58391a0/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
+github.com/sagernet/reality v0.0.0-20230323230523-5fa25e693e7f/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.0.0-20220812082120-05f9836bff8f/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.1.8 h1:6DKo2FkSHn0nUcjO7bAext/ai7y7pCusK/+fScBJ5Jk=
 github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing-dns v0.1.4 h1:7VxgeoSCiiazDSaXXQVcvrTBxFpOePPq/4XdgnUDN+0=
+github.com/sagernet/sing v0.2.1 h1:r0STYeyfKBBtoAHsBtW1dQonxG+3Qidde7/1VAMhdn8=
-github.com/sagernet/sing-dns v0.1.4/go.mod h1:1+6pCa48B1AI78lD+/i/dLgpw4MwfnsSpZo0Ds8wzzk=
+github.com/sagernet/sing v0.2.1/go.mod h1:9uHswk2hITw8leDbiLS/xn0t9nzBcbePxzm9PJhwdlw=
-github.com/sagernet/sing-shadowsocks v0.1.2-0.20230221080503-769c01d6bba9 h1:qS39eA4C7x+zhEkySbASrtmb6ebdy5v0y2M6mgkmSO0=
+github.com/sagernet/sing-dns v0.1.5-0.20230331013337-06044a57b1da h1:pZV4DRBArbgkajeCZWn3VqwLF+Wl7HOlAt5aSJuuKDk=
-github.com/sagernet/sing-shadowsocks v0.1.2-0.20230221080503-769c01d6bba9/go.mod h1:f3mHTy5shnVM9l8UocMlJgC/1G/zdj5FuEuVXhDinGU=
+github.com/sagernet/sing-dns v0.1.5-0.20230331013337-06044a57b1da/go.mod h1:8x+rlRnPE/5/IagjlAUqR9TceRYRL2WyqmP5QYK3dkI=
 github.com/sagernet/sing-shadowsocks v0.2.0 h1:ILDWL7pwWfkPLEbviE/MyCgfjaBmJY/JVVY+5jhSb58=
 github.com/sagernet/sing-shadowsocks v0.2.0/go.mod h1:ysYzszRLpNzJSorvlWRMuzU6Vchsp7sd52q+JNY4axw=
 github.com/sagernet/sing-shadowtls v0.1.0 h1:05MYce8aR5xfKIn+y7xRFsdKhKt44QZTSEQW+lG5IWQ=
 github.com/sagernet/sing-shadowtls v0.1.0/go.mod h1:Kn1VUIprdkwCgkS6SXYaLmIpKzQbqBIKJBMY+RvBhYc=
-github.com/sagernet/sing-tun v0.1.2 h1:jiz4PJkdNf8yAdpKe8EolaKNQzL9a2/fI4ZHQOqhANc=
+github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab h1:a9oeWuPBuIZ70qMhIIH6RrYhp886xN9jJIwsuu4ZFUo=
-github.com/sagernet/sing-tun v0.1.2/go.mod h1:KnRkwaDHbb06zgeNPu0LQ8A+vA9myMxKEgHN1brCPHg=
+github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab/go.mod h1:4YxIDEkkCjGXDOTMPw1SXpLmCQUFAWuaQN250oo+928=
 github.com/sagernet/sing-vmess v0.1.3 h1:q/+tsF46dvvapL6CpQBgPHJ6nQrDUZqEtLHCbsjO7iM=
 github.com/sagernet/sing-vmess v0.1.3/go.mod h1:GVXqAHwe9U21uS+Voh4YBIrADQyE4F9v0ayGSixSQAE=
-github.com/sagernet/smux v0.0.0-20220831015742-e0f1988e3195 h1:5VBIbVw9q7aKbrFdT83mjkyvQ+VaRsQ6yflTepfln38=
+github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as=
-github.com/sagernet/smux v0.0.0-20220831015742-e0f1988e3195/go.mod h1:yedWtra8nyGJ+SyI+ziwuaGMzBatbB10P1IOOZbbSK8=
+github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37/go.mod h1:3skNSftZDJWTGVtVaM2jfbce8qHnmH/AGDRe62iNOg0=
 github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9 h1:2ItpW1nMNkPzmBTxV0/eClCklHrFSQMnUGcpUmJxVeE=
 github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9/go.mod h1:FUyTEc5ye5NjKnDTDMuiLF2M6T4BE6y6KZuax//UCEg=
 github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 h1:kDUqhc9Vsk5HJuhfIATJ8oQwBmpOZJuozQG7Vk88lL4=
@@ -154,7 +152,6 @@ github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923/go.mod h1:eLL9Nub3yfAho
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
 go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
@@ -171,14 +168,11 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/exp v0.0.0-20230307190834-24139beb5833 h1:SChBja7BCQewoTAU7IgvucQKMIXrEpFxNMs0spT3/5s=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230307190834-24139beb5833/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -186,15 +180,11 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -204,25 +194,18 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
@@ -230,8 +213,6 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
 golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -242,12 +223,12 @@ golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde h1:ybF7AMzI
 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde/go.mod h1:mQqgjkW8GQQcJQsbBvK890TKqUK1DfKWkuBGbOkuMHQ=
 google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w=
 google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
-google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
+google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=
-google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
+google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.29.0 h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0=
+google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
--- a/inbound/default_tcp.go
+++ b/inbound/default_tcp.go
@@ -3,7 +3,6 @@ package inbound
 import (
 	"context"
 	"net"
 	"net/netip"
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/proxyproto"
@@ -16,7 +15,7 @@ import (
 func (a *myInboundAdapter) ListenTCP() (net.Listener, error) {
 	var err error
-	bindAddr := M.SocksaddrFrom(netip.Addr(a.listenOptions.Listen), a.listenOptions.ListenPort)
+	bindAddr := M.SocksaddrFrom(a.listenOptions.Listen.Build(), a.listenOptions.ListenPort)
 	var tcpListener net.Listener
 	if !a.listenOptions.TCPFastOpen {
 		tcpListener, err = net.ListenTCP(M.NetworkFromNetAddr(N.NetworkTCP, bindAddr.Addr), bindAddr.TCPAddr())
--- a/inbound/default_udp.go
+++ b/inbound/default_udp.go
@@ -2,7 +2,6 @@ package inbound
 import (
 	"net"
 	"net/netip"
 	"os"
 	"time"
@@ -16,7 +15,7 @@ import (
 )
 func (a *myInboundAdapter) ListenUDP() (net.PacketConn, error) {
-	bindAddr := M.SocksaddrFrom(netip.Addr(a.listenOptions.Listen), a.listenOptions.ListenPort)
+	bindAddr := M.SocksaddrFrom(a.listenOptions.Listen.Build(), a.listenOptions.ListenPort)
 	var lc net.ListenConfig
 	var udpFragment bool
 	if a.listenOptions.UDPFragment != nil {
--- a/inbound/hysteria.go
+++ b/inbound/hysteria.go
@@ -187,20 +187,24 @@ func (h *Hysteria) accept(ctx context.Context, conn quic.Connection) error {
 	if err != nil {
 		return err
 	}
-	userIndex := slices.Index(h.authKey, string(clientHello.Auth))
+	if len(h.authKey) > 0 {
-	if userIndex == -1 {
+		userIndex := slices.Index(h.authKey, string(clientHello.Auth))
-		err = hysteria.WriteServerHello(controlStream, hysteria.ServerHello{
+		if userIndex == -1 {
-			Message: "wrong password",
+			err = hysteria.WriteServerHello(controlStream, hysteria.ServerHello{
-		})
+				Message: "wrong password",
-		return E.Errors(E.New("wrong password: ", string(clientHello.Auth)), err)
+			})
-	}
+			return E.Errors(E.New("wrong password: ", string(clientHello.Auth)), err)
-	user := h.authUser[userIndex]
+		}
-	if user == "" {
+		user := h.authUser[userIndex]
-		user = F.ToString(userIndex)
+		if user == "" {
 			user = F.ToString(userIndex)
 		} else {
 			ctx = auth.ContextWithUser(ctx, user)
 		}
 		h.logger.InfoContext(ctx, "[", user, "] inbound connection from ", conn.RemoteAddr())
 	} else {
-		ctx = auth.ContextWithUser(ctx, user)
+		h.logger.InfoContext(ctx, "inbound connection from ", conn.RemoteAddr())
 	}
 	h.logger.InfoContext(ctx, "[", user, "] inbound connection from ", conn.RemoteAddr())
 	h.logger.DebugContext(ctx, "peer send speed: ", clientHello.SendBPS/1024/1024, " MBps, peer recv speed: ", clientHello.RecvBPS/1024/1024, " MBps")
 	if clientHello.SendBPS == 0 || clientHello.RecvBPS == 0 {
 		return E.New("invalid rate from client")
--- a/inbound/shadowtls.go
+++ b/inbound/shadowtls.go
@@ -32,6 +32,10 @@ func NewShadowTLS(ctx context.Context, router adapter.Router, logger log.Context
 		},
 	}
 	if options.Version == 0 {
 		options.Version = 1
 	}
 	var handshakeForServerName map[string]shadowtls.HandshakeConfig
 	if options.Version > 1 {
 		handshakeForServerName = make(map[string]shadowtls.HandshakeConfig)
--- a/inbound/tun.go
+++ b/inbound/tun.go
@@ -5,10 +5,8 @@ import (
 	"net"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/canceler"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/experimental/libbox/platform"
 	"github.com/sagernet/sing-box/log"
@@ -169,6 +167,7 @@ func (t *Tun) Start() error {
 		UDPTimeout:             t.udpTimeout,
 		Handler:                t,
 		Logger:                 t.logger,
 		UnderPlatform:          t.platformInterface != nil,
 	})
 	if err != nil {
 		return err
@@ -207,9 +206,6 @@ func (t *Tun) NewConnection(ctx context.Context, conn net.Conn, upstreamMetadata
 func (t *Tun) NewPacketConnection(ctx context.Context, conn N.PacketConn, upstreamMetadata M.Metadata) error {
 	ctx = log.ContextWithNewID(ctx)
 	if tun.NeedTimeoutFromContext(ctx) {
 		ctx, conn = canceler.NewPacketConn(ctx, conn, time.Duration(t.udpTimeout)*time.Second)
 	}
 	var metadata adapter.InboundContext
 	metadata.Inbound = t.tag
 	metadata.InboundType = C.TypeTun
--- a/log/export.go
+++ b/log/export.go
@@ -16,6 +16,10 @@ func StdLogger() ContextLogger {
 	return std
 }
 func SetStdLogger(logger ContextLogger) {
 	std = logger
 }
 func Trace(args ...any) {
 	std.Trace(args...)
 }
--- a/log/factory.go
+++ b/log/factory.go
@@ -1,11 +1,15 @@
 package log
 import (
-	"context"
+	"github.com/sagernet/sing/common/logger"
 	"github.com/sagernet/sing/common/observable"
 )
 type (
 	Logger        logger.Logger
 	ContextLogger logger.ContextLogger
 )
 type Factory interface {
 	Level() Level
 	SetLevel(level Level)
@@ -22,24 +26,3 @@ type Entry struct {
 	Level   Level
 	Message string
 }
 type Logger interface {
 	Trace(args ...any)
 	Debug(args ...any)
 	Info(args ...any)
 	Warn(args ...any)
 	Error(args ...any)
 	Fatal(args ...any)
 	Panic(args ...any)
 }
 type ContextLogger interface {
 	Logger
 	TraceContext(ctx context.Context, args ...any)
 	DebugContext(ctx context.Context, args ...any)
 	InfoContext(ctx context.Context, args ...any)
 	WarnContext(ctx context.Context, args ...any)
 	ErrorContext(ctx context.Context, args ...any)
 	FatalContext(ctx context.Context, args ...any)
 	PanicContext(ctx context.Context, args ...any)
 }
--- a/log/format.go
+++ b/log/format.go
@@ -36,15 +36,16 @@ func (f Formatter) Format(ctx context.Context, level Level, tag string, message
 	if tag != "" {
 		message = tag + ": " + message
 	}
-	var id uint32
+	var id ID
 	var hasId bool
 	if ctx != nil {
 		id, hasId = IDFromContext(ctx)
 	}
 	if hasId {
 		activeDuration := formatDuration(time.Since(id.CreatedAt))
 		if !f.DisableColors {
 			var color aurora.Color
-			color = aurora.Color(uint8(id))
+			color = aurora.Color(uint8(id.ID))
 			color %= 215
 			row := uint(color / 36)
 			column := uint(color % 36)
@@ -62,9 +63,9 @@ func (f Formatter) Format(ctx context.Context, level Level, tag string, message
 			color += 16
 			color = color << 16
 			color |= 1 << 14
-			message = F.ToString("[", aurora.Colorize(id, color).String(), "] ", message)
+			message = F.ToString("[", aurora.Colorize(id.ID, color).String(), " ", activeDuration, "] ", message)
 		} else {
-			message = F.ToString("[", id, "] ", message)
+			message = F.ToString("[", id.ID, " ", activeDuration, "] ", message)
 		}
 	}
 	switch {
@@ -99,15 +100,16 @@ func (f Formatter) FormatWithSimple(ctx context.Context, level Level, tag string
 		message = tag + ": " + message
 	}
 	messageSimple := message
-	var id uint32
+	var id ID
 	var hasId bool
 	if ctx != nil {
 		id, hasId = IDFromContext(ctx)
 	}
 	if hasId {
 		activeDuration := formatDuration(time.Since(id.CreatedAt))
 		if !f.DisableColors {
 			var color aurora.Color
-			color = aurora.Color(uint8(id))
+			color = aurora.Color(uint8(id.ID))
 			color %= 215
 			row := uint(color / 36)
 			column := uint(color % 36)
@@ -125,11 +127,11 @@ func (f Formatter) FormatWithSimple(ctx context.Context, level Level, tag string
 			color += 16
 			color = color << 16
 			color |= 1 << 14
-			message = F.ToString("[", aurora.Colorize(id, color).String(), "] ", message)
+			message = F.ToString("[", aurora.Colorize(id.ID, color).String(), " ", activeDuration, "] ", message)
 		} else {
-			message = F.ToString("[", id, "] ", message)
+			message = F.ToString("[", id.ID, " ", activeDuration, "] ", message)
 		}
-		messageSimple = F.ToString("[", id, "] ", messageSimple)
+		messageSimple = F.ToString("[", id.ID, " ", activeDuration, "] ", messageSimple)
 	}
 	switch {
@@ -153,3 +155,13 @@ func xd(value int, x int) string {
 	}
 	return message
 }
 func formatDuration(duration time.Duration) string {
 	if duration < time.Second {
 		return F.ToString(duration.Milliseconds(), "ms")
 	} else if duration < time.Minute {
 		return F.ToString(int64(duration.Seconds()), ".", int64(duration.Seconds()*100)%100, "s")
 	} else {
 		return F.ToString(int64(duration.Minutes()), "m", int64(duration.Seconds())%60, "s")
 	}
 }
--- a/log/id.go
+++ b/log/id.go
@@ -3,6 +3,7 @@ package log
 import (
 	"context"
 	"math/rand"
 	"time"
 	"github.com/sagernet/sing/common/random"
 )
@@ -13,11 +14,19 @@ func init() {
 type idKey struct{}
-func ContextWithNewID(ctx context.Context) context.Context {
+type ID struct {
-	return context.WithValue(ctx, (*idKey)(nil), rand.Uint32())
+	ID        uint32
 	CreatedAt time.Time
 }
-func IDFromContext(ctx context.Context) (uint32, bool) {
+func ContextWithNewID(ctx context.Context) context.Context {
-	id, loaded := ctx.Value((*idKey)(nil)).(uint32)
+	return context.WithValue(ctx, (*idKey)(nil), ID{
 		ID:        rand.Uint32(),
 		CreatedAt: time.Now(),
 	})
 }
 func IDFromContext(ctx context.Context) (ID, bool) {
 	id, loaded := ctx.Value((*idKey)(nil)).(ID)
 	return id, loaded
 }
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -64,6 +64,7 @@ nav:
          - TLS: configuration/shared/tls.md
          - Multiplex: configuration/shared/multiplex.md
          - V2Ray Transport: configuration/shared/v2ray-transport.md
          - UDP over TCP: configuration/shared/udp-over-tcp.md
      - Inbound:
          - configuration/inbound/index.md
          - Direct: configuration/inbound/direct.md
--- a/ntp/service.go
+++ b/ntp/service.go
@@ -6,6 +6,8 @@ import (
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/dialer"
 	"github.com/sagernet/sing-box/common/settings"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
@@ -14,19 +16,17 @@ import (
 	"github.com/sagernet/sing/common/ntp"
 )
 const timeLayout = "2006-01-02 15:04:05 -0700"
 var _ adapter.TimeService = (*Service)(nil)
 type Service struct {
-	ctx    context.Context
+	ctx           context.Context
-	cancel context.CancelFunc
+	cancel        context.CancelFunc
-	server M.Socksaddr
+	server        M.Socksaddr
-	dialer N.Dialer
+	writeToSystem bool
-	logger logger.Logger
+	dialer        N.Dialer
-
+	logger        logger.Logger
-	ticker      *time.Ticker
+	ticker        *time.Ticker
-	clockOffset time.Duration
+	clockOffset   time.Duration
 }
 func NewService(ctx context.Context, router adapter.Router, logger logger.Logger, options option.NTPOptions) *Service {
@@ -42,12 +42,13 @@ func NewService(ctx context.Context, router adapter.Router, logger logger.Logger
 		interval = 30 * time.Minute
 	}
 	return &Service{
-		ctx:    ctx,
+		ctx:           ctx,
-		cancel: cancel,
+		cancel:        cancel,
-		server: server,
+		server:        server,
-		dialer: dialer.New(router, options.DialerOptions),
+		writeToSystem: options.WriteToSystem,
-		logger: logger,
+		dialer:        dialer.New(router, options.DialerOptions),
-		ticker: time.NewTicker(interval),
+		logger:        logger,
 		ticker:        time.NewTicker(interval),
 	}
 }
@@ -56,7 +57,7 @@ func (s *Service) Start() error {
 	if err != nil {
 		return E.Cause(err, "initialize time")
 	}
-	s.logger.Info("updated time: ", s.TimeFunc()().Local().Format(timeLayout))
+	s.logger.Info("updated time: ", s.TimeFunc()().Local().Format(C.TimeLayout))
 	go s.loopUpdate()
 	return nil
 }
@@ -82,7 +83,7 @@ func (s *Service) loopUpdate() {
 		}
 		err := s.update()
 		if err == nil {
-			s.logger.Debug("updated time: ", s.TimeFunc()().Local().Format(timeLayout))
+			s.logger.Debug("updated time: ", s.TimeFunc()().Local().Format(C.TimeLayout))
 		} else {
 			s.logger.Warn("update time: ", err)
 		}
@@ -95,5 +96,11 @@ func (s *Service) update() error {
 		return err
 	}
 	s.clockOffset = response.ClockOffset
 	if s.writeToSystem {
 		writeErr := settings.SetSystemTime(s.TimeFunc()())
 		if writeErr != nil {
 			s.logger.Warn("write time to system: ", writeErr)
 		}
 	}
 	return nil
 }
--- a/option/config.go
+++ b/option/config.go
@@ -9,6 +9,7 @@ import (
 )
 type _Options struct {
 	Schema       string               `json:"$schema,omitempty"`
 	Log          *LogOptions          `json:"log,omitempty"`
 	DNS          *DNSOptions          `json:"dns,omitempty"`
 	NTP          *NTPOptions          `json:"ntp,omitempty"`
--- a/option/debug.go
+++ b/option/debug.go
@@ -0,0 +1,43 @@
 package option
 import (
 	"encoding/json"
 	"github.com/dustin/go-humanize"
 )
 type DebugOptions struct {
 	GCPercent    *int        `json:"gc_percent,omitempty"`
 	MaxStack     *int        `json:"max_stack,omitempty"`
 	MaxThreads   *int        `json:"max_threads,omitempty"`
 	PanicOnFault *bool       `json:"panic_on_fault,omitempty"`
 	TraceBack    string      `json:"trace_back,omitempty"`
 	MemoryLimit  BytesLength `json:"memory_limit,omitempty"`
 	OOMKiller    *bool       `json:"oom_killer,omitempty"`
 }
 type BytesLength int64
 func (l BytesLength) MarshalJSON() ([]byte, error) {
 	return json.Marshal(humanize.IBytes(uint64(l)))
 }
 func (l *BytesLength) UnmarshalJSON(bytes []byte) error {
 	var valueInteger int64
 	err := json.Unmarshal(bytes, &valueInteger)
 	if err == nil {
 		*l = BytesLength(valueInteger)
 		return nil
 	}
 	var valueString string
 	err = json.Unmarshal(bytes, &valueString)
 	if err != nil {
 		return err
 	}
 	parsedValue, err := humanize.ParseBytes(valueString)
 	if err != nil {
 		return err
 	}
 	*l = BytesLength(parsedValue)
 	return nil
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
世界	4db7eb9d9e	documentation: Update changelog	2023-03-31 16:29:08 +08:00
世界	fd4efd6104	Fix dns transport read	2023-03-31 14:31:35 +08:00
世界	19a35ec6a4	Fix http2 transport close	2023-03-31 14:31:35 +08:00
世界	2012c0ca1e	Update release scripts	2023-03-31 14:31:35 +08:00
世界	187421c754	Append time to session log	2023-03-31 14:31:35 +08:00
世界	b3fb86d415	Accept "any" outbound in dns rule	2023-03-31 14:31:35 +08:00
世界	88fafd4e30	Fix dns routing context	2023-03-31 09:14:04 +08:00
世界	8056932f9c	Update documentation	2023-03-27 08:23:01 +08:00
世界	c8af003bfc	Update dependencies	2023-03-27 08:22:56 +08:00
世界	4999441a85	Fix missing default host in v2ray http transport`s request	2023-03-27 08:20:59 +08:00
世界	09b001e795	Revert remove install shell	2023-03-27 08:20:55 +08:00
世界	3b3a251008	Update LICENSE	2023-03-27 08:20:51 +08:00
世界	2e4eb9aa39	Update dockerfile	2023-03-24 08:29:11 +08:00
世界	77fd284703	documentation: Update changelog	2023-03-24 08:04:36 +08:00
世界	0a4517f4b7	Update dependencies	2023-03-24 07:06:45 +08:00
世界	4395db3206	documentation: Update set_system_proxy usage	2023-03-23 21:27:50 +08:00
世界	dd5b0abc67	Fix slow open	2023-03-23 17:14:38 +08:00
世界	466800aa3a	Fix wireguard mutex	2023-03-23 15:43:17 +08:00
世界	4328c535a9	Improve timeout canceler	2023-03-23 15:39:12 +08:00
世界	f9516709da	Update documentation	2023-03-23 07:54:24 +08:00
世界	5dce722879	Update dependencies	2023-03-23 07:49:14 +08:00
世界	9324a39d4e	Fix import format	2023-03-20 23:01:54 +08:00
世界	84904c5206	Create working directory if not exists	2023-03-20 19:33:00 +08:00
世界	fe4b429fc2	hysteria: Accept inbound configuration without users	2023-03-20 19:22:46 +08:00
世界	f680d0acaf	Add `with_reality_server` to release build tags	2023-03-20 17:36:59 +08:00
世界	4baff5aeb1	documentation: Update changelog	2023-03-20 17:32:59 +08:00
世界	f25296fb23	Update dependencies	2023-03-20 17:27:48 +08:00
世界	e717852c73	Fix optional listen address	2023-03-19 20:46:22 +08:00
世界	13dc70f649	Fix make build	2023-03-19 16:57:07 +08:00
世界	46040a71c3	Fix vision padding overflow	2023-03-19 10:25:35 +08:00
世界	0558b3fc5c	ntp: Add write_to_system service option	2023-03-18 23:11:40 +08:00
世界	99b2ab5526	Add command to fetch a URL	2023-03-18 21:02:29 +08:00
世界	e5f3bb6344	Add command to connect an address	2023-03-18 20:27:38 +08:00
世界	c7f89ad88e	Add multiple configuration support	2023-03-18 20:27:38 +08:00
世界	e0d9f79445	Fix test	2023-03-18 17:02:55 +08:00
世界	b6dbb69fc4	Fix write nil in buffered vectorised writer	2023-03-18 16:32:28 +08:00
世界	b76fabee65	documentation: Fix broken link	2023-03-18 16:31:15 +08:00
世界	872bcfd1c0	readme: Add packaging status	2023-03-17 17:58:08 +08:00
世界	b033c13ca2	documentation: Update stable changelog	2023-03-17 17:58:08 +08:00
renovate[bot]	2db188f3a1	dependencies: Update actions/setup-go action to v4 Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-03-17 17:58:08 +08:00
世界	11de271c8f	Add experimental debug options	2023-03-17 17:58:08 +08:00
世界	40c800c57c	documentation: Fix typo	2023-03-17 13:34:36 +08:00
世界	91b0540e95	documentation: Update UoT application support status	2023-03-17 13:28:05 +08:00
世界	ce6d186345	Update documentation	2023-03-17 13:07:22 +08:00
世界	32bc4450a7	Update dependencies	2023-03-17 12:59:12 +08:00
世界	43f31b40ba	Update UoT protocol	2023-03-17 12:57:48 +08:00
世界	a3a5185b15	platform: Fix bytes format	2023-03-16 11:28:54 +08:00
世界	14a0f180c8	ios: Add `with_quic` tag in build	2023-03-16 11:28:54 +08:00
世界	cc9cb0b477	platform: Add oom killer	2023-03-16 11:28:54 +08:00
世界	2cb0e37f50	platform: Add low memory interface	2023-03-16 00:36:04 +08:00
世界	dbd5be55b0	tun: Create gVisor stack by default in Apple Network Extension	2023-03-15 21:50:18 +08:00
世界	f674b4fbd5	Fix build embed tor for mobile	2023-03-15 20:59:45 +08:00
世界	5a4e8fea81	Fix lint	2023-03-15 14:56:06 +08:00
世界	78e02b52ca	Update UoT protocol	2023-03-15 14:52:32 +08:00
世界	ffdaae90d7	Update dependencies	2023-03-15 11:59:15 +08:00
世界	c77681ea17	Fix close platform tun	2023-03-13 19:47:00 +08:00
世界	d824390167	Fix cross make build	2023-03-13 19:46:20 +08:00
世界	70cf681ff2	Remove length limit on short_id for reality TLS config	2023-03-13 19:46:16 +08:00
wwqgtxx	b004b9ec81	Fix stack wireguard device returning non-nil interface containing nil pointer	2023-03-13 19:46:16 +08:00
世界	657b05fd96	Print command to shell error	2023-03-13 19:46:16 +08:00
世界	caad60da45	Apply `--disable-color` to global logger	2023-03-13 11:23:00 +08:00
世界	7d22cf9b45	Support $schema in configuration file	2023-03-13 10:58:29 +08:00
世界	5cb178ca93	Update documentation	2023-03-12 23:07:38 +08:00
世界	16788008b6	Update dependencies	2023-03-12 23:07:24 +08:00
世界	6ec7a33046	Fix make install	2023-03-11 19:24:19 +08:00
世界	6af9c2b3ca	Add health check support for http-based v2ray transport	2023-03-11 15:49:02 +08:00
世界	bdc620dab1	Fix http server usage	2023-03-11 15:05:07 +08:00
世界	a88820af31	Fix missing default shadowtls version	2023-03-11 10:12:46 +08:00
		`@@ -0,0 +1,3 @@`
							`package constant`

							`const TimeLayout = "2006-01-02 15:04:05 -0700"`
`@@ -1,4 +1,4 @@`
	`//go:build debug`	`//go:build linux \|\| darwin`

	`package libbox`	`package libbox`