documentation: Update changelog

Signed-off-by: Larvan2 <78135608+Larvan2@users.noreply.github.com>

README.md

@@ -8,6 +8,10 @@ The universal proxy platform.
 
 https://sing-box.sagernet.org
 
+## Support
+
+https://community.sagernet.org/c/sing-box/
+
 ## License
 
 ```

adapter/router.go

@@ -37,6 +37,7 @@ type Router interface {
 	LookupDefault(ctx context.Context, domain string) ([]netip.Addr, error)
 
 	InterfaceFinder() control.InterfaceFinder
+	UpdateInterfaces() error
 	DefaultInterface() string
 	AutoDetectInterface() bool
 	AutoDetectInterfaceFunc() control.Func
@@ -55,6 +56,8 @@ type Router interface {
 
 	V2RayServer() V2RayServer
 	SetV2RayServer(server V2RayServer)
+
+	ResetNetwork() error
 }
 
 type routerContextKey struct{}

box.go

@@ -62,6 +62,7 @@ func New(options Options) (*Box, error) {
 		defaultLogWriter = io.Discard
 	}
 	logFactory, err := log.New(log.Options{
+		Context:        ctx,
 		Options:        common.PtrValueOrDefault(options.Log),
 		Observable:     needClashAPI,
 		DefaultWriter:  defaultLogWriter,
@@ -133,10 +134,16 @@ func New(options Options) (*Box, error) {
 	if err != nil {
 		return nil, err
 	}
+	if options.PlatformInterface != nil {
+		err = options.PlatformInterface.Initialize(ctx, router)
+		if err != nil {
+			return nil, E.Cause(err, "initialize platform interface")
+		}
+	}
 	preServices := make(map[string]adapter.Service)
 	postServices := make(map[string]adapter.Service)
 	if needClashAPI {
-		clashServer, err := experimental.NewClashServer(router, logFactory.(log.ObservableFactory), common.PtrValueOrDefault(options.Experimental.ClashAPI))
+		clashServer, err := experimental.NewClashServer(ctx, router, logFactory.(log.ObservableFactory), common.PtrValueOrDefault(options.Experimental.ClashAPI))
 		if err != nil {
 			return nil, E.Cause(err, "create clash api server")
 		}

cmd/internal/build_libbox/main.go

@@ -5,6 +5,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strings"
 
 	_ "github.com/sagernet/gomobile/event/key"
 	"github.com/sagernet/sing-box/cmd/internal/build_shared"
@@ -38,18 +39,23 @@ func main() {
 var (
 	sharedFlags []string
 	debugFlags  []string
+	sharedTags  []string
+	debugTags   []string
 )
 
 func init() {
 	sharedFlags = append(sharedFlags, "-trimpath")
 	sharedFlags = append(sharedFlags, "-ldflags")
-
 	currentTag, err := build_shared.ReadTag()
 	if err != nil {
 		currentTag = "unknown"
 	}
 	sharedFlags = append(sharedFlags, "-X github.com/sagernet/sing-box/constant.Version="+currentTag+" -s -w -buildid=")
 	debugFlags = append(debugFlags, "-X github.com/sagernet/sing-box/constant.Version="+currentTag)
+
+	sharedTags = append(sharedTags, "with_gvisor", "with_quic", "with_wireguard", "with_utls", "with_clash_api")
+	sharedTags = append(sharedTags, "test_sing_shadowsocks2")
+	debugTags = append(debugTags, "debug")
 }
 
 func buildAndroid() {
@@ -70,9 +76,9 @@ func buildAndroid() {
 
 	args = append(args, "-tags")
 	if !debugEnabled {
-		args = append(args, "with_gvisor,with_quic,with_wireguard,with_utls,with_clash_api")
+		args = append(args, strings.Join(sharedTags, ","))
 	} else {
-		args = append(args, "with_gvisor,with_quic,with_wireguard,with_utls,with_clash_api,debug")
+		args = append(args, strings.Join(append(sharedTags, debugTags...), ","))
 	}
 	args = append(args, "./experimental/libbox")
 
@@ -109,11 +115,12 @@ func buildiOS() {
 		args = append(args, debugFlags...)
 	}
 
+	tags := append(sharedTags, "with_low_memory", "with_conntrack")
 	args = append(args, "-tags")
 	if !debugEnabled {
-		args = append(args, "with_gvisor,with_quic,with_utls,with_clash_api,with_low_memory,with_conntrack")
+		args = append(args, strings.Join(tags, ","))
 	} else {
-		args = append(args, "with_gvisor,with_quic,with_utls,with_clash_api,with_low_memory,with_conntrack,debug")
+		args = append(args, strings.Join(append(tags, debugTags...), ","))
 	}
 	args = append(args, "./experimental/libbox")
 

cmd/sing-box/debug.go

@@ -1,44 +0,0 @@
-//go:build debug
-
-package main
-
-import (
-	"encoding/json"
-	"net/http"
-	_ "net/http/pprof"
-	"runtime"
-	"runtime/debug"
-
-	"github.com/sagernet/sing-box/common/badjson"
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/dustin/go-humanize"
-)
-
-func init() {
-	http.HandleFunc("/debug/gc", func(writer http.ResponseWriter, request *http.Request) {
-		writer.WriteHeader(http.StatusNoContent)
-		go debug.FreeOSMemory()
-	})
-	http.HandleFunc("/debug/memory", func(writer http.ResponseWriter, request *http.Request) {
-		var memStats runtime.MemStats
-		runtime.ReadMemStats(&memStats)
-
-		var memObject badjson.JSONObject
-		memObject.Put("heap", humanize.IBytes(memStats.HeapInuse))
-		memObject.Put("stack", humanize.IBytes(memStats.StackInuse))
-		memObject.Put("idle", humanize.IBytes(memStats.HeapIdle-memStats.HeapReleased))
-		memObject.Put("goroutines", runtime.NumGoroutine())
-		memObject.Put("rss", rusageMaxRSS())
-
-		encoder := json.NewEncoder(writer)
-		encoder.SetIndent("", "  ")
-		encoder.Encode(memObject)
-	})
-	go func() {
-		err := http.ListenAndServe("0.0.0.0:8964", nil)
-		if err != nil {
-			log.Debug(err)
-		}
-	}()
-}

common/badtls/badtls.go

@@ -1,4 +1,4 @@
-//go:build go1.19 && !go1.20
+//go:build go1.20 && !go1.21
 
 package badtls
 
@@ -14,39 +14,60 @@ import (
 	"sync/atomic"
 	"unsafe"
 
+	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
 	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
+	aTLS "github.com/sagernet/sing/common/tls"
 )
 
 type Conn struct {
 	*tls.Conn
-	writer           N.ExtendedWriter
-	activeCall       *int32
-	closeNotifySent  *bool
-	version          *uint16
-	rand             io.Reader
-	halfAccess       *sync.Mutex
-	halfError        *error
-	cipher           cipher.AEAD
-	explicitNonceLen int
-	halfPtr          uintptr
-	halfSeq          []byte
-	halfScratchBuf   []byte
+	writer              N.ExtendedWriter
+	isHandshakeComplete *atomic.Bool
+	activeCall          *atomic.Int32
+	closeNotifySent     *bool
+	version             *uint16
+	rand                io.Reader
+	halfAccess          *sync.Mutex
+	halfError           *error
+	cipher              cipher.AEAD
+	explicitNonceLen    int
+	halfPtr             uintptr
+	halfSeq             []byte
+	halfScratchBuf      []byte
 }
 
-func Create(conn *tls.Conn) (TLSConn, error) {
-	if !handshakeComplete(conn) {
+func TryCreate(conn aTLS.Conn) aTLS.Conn {
+	tlsConn, ok := conn.(*tls.Conn)
+	if !ok {
+		return conn
+	}
+	badConn, err := Create(tlsConn)
+	if err != nil {
+		log.Warn("initialize badtls: ", err)
+		return conn
+	}
+	return badConn
+}
+
+func Create(conn *tls.Conn) (aTLS.Conn, error) {
+	rawConn := reflect.Indirect(reflect.ValueOf(conn))
+	rawIsHandshakeComplete := rawConn.FieldByName("isHandshakeComplete")
+	if !rawIsHandshakeComplete.IsValid() || rawIsHandshakeComplete.Kind() != reflect.Struct {
+		return nil, E.New("badtls: invalid isHandshakeComplete")
+	}
+	isHandshakeComplete := (*atomic.Bool)(unsafe.Pointer(rawIsHandshakeComplete.UnsafeAddr()))
+	if !isHandshakeComplete.Load() {
 		return nil, E.New("handshake not finished")
 	}
-	rawConn := reflect.Indirect(reflect.ValueOf(conn))
 	rawActiveCall := rawConn.FieldByName("activeCall")
-	if !rawActiveCall.IsValid() || rawActiveCall.Kind() != reflect.Int32 {
+	if !rawActiveCall.IsValid() || rawActiveCall.Kind() != reflect.Struct {
 		return nil, E.New("badtls: invalid active call")
 	}
-	activeCall := (*int32)(unsafe.Pointer(rawActiveCall.UnsafeAddr()))
+	activeCall := (*atomic.Int32)(unsafe.Pointer(rawActiveCall.UnsafeAddr()))
 	rawHalfConn := rawConn.FieldByName("out")
 	if !rawHalfConn.IsValid() || rawHalfConn.Kind() != reflect.Struct {
 		return nil, E.New("badtls: invalid half conn")
@@ -108,19 +129,20 @@ func Create(conn *tls.Conn) (TLSConn, error) {
 	}
 	halfScratchBuf := rawHalfScratchBuf.Bytes()
 	return &Conn{
-		Conn:             conn,
-		writer:           bufio.NewExtendedWriter(conn.NetConn()),
-		activeCall:       activeCall,
-		closeNotifySent:  closeNotifySent,
-		version:          version,
-		halfAccess:       halfAccess,
-		halfError:        halfError,
-		cipher:           aeadCipher,
-		explicitNonceLen: explicitNonceLen,
-		rand:             randReader,
-		halfPtr:          rawHalfConn.UnsafeAddr(),
-		halfSeq:          halfSeq,
-		halfScratchBuf:   halfScratchBuf,
+		Conn:                conn,
+		writer:              bufio.NewExtendedWriter(conn.NetConn()),
+		isHandshakeComplete: isHandshakeComplete,
+		activeCall:          activeCall,
+		closeNotifySent:     closeNotifySent,
+		version:             version,
+		halfAccess:          halfAccess,
+		halfError:           halfError,
+		cipher:              aeadCipher,
+		explicitNonceLen:    explicitNonceLen,
+		rand:                randReader,
+		halfPtr:             rawHalfConn.UnsafeAddr(),
+		halfSeq:             halfSeq,
+		halfScratchBuf:      halfScratchBuf,
 	}, nil
 }
 
@@ -130,15 +152,15 @@ func (c *Conn) WriteBuffer(buffer *buf.Buffer) error {
 		return common.Error(c.Write(buffer.Bytes()))
 	}
 	for {
-		x := atomic.LoadInt32(c.activeCall)
+		x := c.activeCall.Load()
 		if x&1 != 0 {
 			return net.ErrClosed
 		}
-		if atomic.CompareAndSwapInt32(c.activeCall, x, x+2) {
+		if c.activeCall.CompareAndSwap(x, x+2) {
 			break
 		}
 	}
-	defer atomic.AddInt32(c.activeCall, -2)
+	defer c.activeCall.Add(-2)
 	c.halfAccess.Lock()
 	defer c.halfAccess.Unlock()
 	if err := *c.halfError; err != nil {
@@ -186,6 +208,7 @@ func (c *Conn) WriteBuffer(buffer *buf.Buffer) error {
 		binary.BigEndian.PutUint16(outBuf[3:], uint16(dataLen+c.explicitNonceLen+c.cipher.Overhead()))
 	}
 	incSeq(c.halfPtr)
+	log.Trace("badtls write ", buffer.Len())
 	return c.writer.WriteBuffer(buffer)
 }
 

common/badtls/badtls_stub.go

@@ -1,4 +1,4 @@
-//go:build !go1.19 || go1.20
+//go:build !go1.19 || go1.21
 
 package badtls
 

common/badtls/conn.go

@@ -1,13 +0,0 @@
-package badtls
-
-import (
-	"context"
-	"crypto/tls"
-	"net"
-)
-
-type TLSConn interface {
-	net.Conn
-	HandshakeContext(ctx context.Context) error
-	ConnectionState() tls.ConnectionState
-}

common/badtls/link.go

@@ -1,9 +1,8 @@
-//go:build go1.19 && !go.1.20
+//go:build go1.20 && !go.1.21
 
 package badtls
 
 import (
-	"crypto/tls"
 	"reflect"
 	_ "unsafe"
 )
@@ -16,9 +15,6 @@ const (
 //go:linkname errShutdown crypto/tls.errShutdown
 var errShutdown error
 
-//go:linkname handshakeComplete crypto/tls.(*Conn).handshakeComplete
-func handshakeComplete(conn *tls.Conn) bool
-
 //go:linkname incSeq crypto/tls.(*halfConn).incSeq
 func incSeq(conn uintptr)
 

common/dialer/conntrack/packet_conn.go

@@ -4,6 +4,7 @@ import (
 	"io"
 	"net"
 
+	"github.com/sagernet/sing/common/bufio"
 	"github.com/sagernet/sing/common/x/list"
 )
 
@@ -42,7 +43,7 @@ func (c *PacketConn) Close() error {
 }
 
 func (c *PacketConn) Upstream() any {
-	return c.PacketConn
+	return bufio.NewPacketConn(c.PacketConn)
 }
 
 func (c *PacketConn) ReaderReplaceable() bool {

common/dialer/default.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/dialer/conntrack"
-	"github.com/sagernet/sing-box/common/warning"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing/common/control"
@@ -17,41 +16,6 @@ import (
 	"github.com/sagernet/tfo-go"
 )
 
-var warnBindInterfaceOnUnsupportedPlatform = warning.New(
-	func() bool {
-		return !(C.IsLinux || C.IsWindows || C.IsDarwin)
-	},
-	"outbound option `bind_interface` is only supported on Linux and Windows",
-)
-
-var warnRoutingMarkOnUnsupportedPlatform = warning.New(
-	func() bool {
-		return !C.IsLinux
-	},
-	"outbound option `routing_mark` is only supported on Linux",
-)
-
-var warnReuseAdderOnUnsupportedPlatform = warning.New(
-	func() bool {
-		return !(C.IsDarwin || C.IsDragonfly || C.IsFreebsd || C.IsLinux || C.IsNetbsd || C.IsOpenbsd || C.IsSolaris || C.IsWindows)
-	},
-	"outbound option `reuse_addr` is unsupported on current platform",
-)
-
-var warnProtectPathOnNonAndroid = warning.New(
-	func() bool {
-		return !C.IsAndroid
-	},
-	"outbound option `protect_path` is only supported on Android",
-)
-
-var warnTFOOnUnsupportedPlatform = warning.New(
-	func() bool {
-		return !(C.IsDarwin || C.IsFreebsd || C.IsLinux || C.IsWindows)
-	},
-	"outbound option `tcp_fast_open` is unsupported on current platform",
-)
-
 type DefaultDialer struct {
 	dialer4     tfo.Dialer
 	dialer6     tfo.Dialer
@@ -66,7 +30,6 @@ func NewDefault(router adapter.Router, options option.DialerOptions) *DefaultDia
 	var dialer net.Dialer
 	var listener net.ListenConfig
 	if options.BindInterface != "" {
-		warnBindInterfaceOnUnsupportedPlatform.Check()
 		bindFunc := control.BindToInterface(router.InterfaceFinder(), options.BindInterface, -1)
 		dialer.Control = control.Append(dialer.Control, bindFunc)
 		listener.Control = control.Append(listener.Control, bindFunc)
@@ -80,7 +43,6 @@ func NewDefault(router adapter.Router, options option.DialerOptions) *DefaultDia
 		listener.Control = control.Append(listener.Control, bindFunc)
 	}
 	if options.RoutingMark != 0 {
-		warnRoutingMarkOnUnsupportedPlatform.Check()
 		dialer.Control = control.Append(dialer.Control, control.RoutingMark(options.RoutingMark))
 		listener.Control = control.Append(listener.Control, control.RoutingMark(options.RoutingMark))
 	} else if router.DefaultMark() != 0 {
@@ -88,11 +50,9 @@ func NewDefault(router adapter.Router, options option.DialerOptions) *DefaultDia
 		listener.Control = control.Append(listener.Control, control.RoutingMark(router.DefaultMark()))
 	}
 	if options.ReuseAddr {
-		warnReuseAdderOnUnsupportedPlatform.Check()
 		listener.Control = control.Append(listener.Control, control.ReuseAddr())
 	}
 	if options.ProtectPath != "" {
-		warnProtectPathOnNonAndroid.Check()
 		dialer.Control = control.Append(dialer.Control, control.ProtectPath(options.ProtectPath))
 		listener.Control = control.Append(listener.Control, control.ProtectPath(options.ProtectPath))
 	}
@@ -101,9 +61,6 @@ func NewDefault(router adapter.Router, options option.DialerOptions) *DefaultDia
 	} else {
 		dialer.Timeout = C.TCPTimeout
 	}
-	if options.TCPFastOpen {
-		warnTFOOnUnsupportedPlatform.Check()
-	}
 	var udpFragment bool
 	if options.UDPFragment != nil {
 		udpFragment = *options.UDPFragment

common/mux/client.go

@@ -1,524 +1,21 @@
 package mux
 
 import (
-	"context"
-	"encoding/binary"
-	"io"
-	"net"
-	"sync"
-
 	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	"github.com/sagernet/sing/common/bufio/deadline"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
+	"github.com/sagernet/sing-mux"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/x/list"
 )
 
-var _ N.Dialer = (*Client)(nil)
-
-type Client struct {
-	access         sync.Mutex
-	connections    list.List[abstractSession]
-	ctx            context.Context
-	dialer         N.Dialer
-	protocol       Protocol
-	maxConnections int
-	minStreams     int
-	maxStreams     int
-}
-
-func NewClient(ctx context.Context, dialer N.Dialer, protocol Protocol, maxConnections int, minStreams int, maxStreams int) *Client {
-	return &Client{
-		ctx:            ctx,
-		dialer:         dialer,
-		protocol:       protocol,
-		maxConnections: maxConnections,
-		minStreams:     minStreams,
-		maxStreams:     maxStreams,
-	}
-}
-
-func NewClientWithOptions(ctx context.Context, dialer N.Dialer, options option.MultiplexOptions) (N.Dialer, error) {
+func NewClientWithOptions(dialer N.Dialer, options option.MultiplexOptions) (*Client, error) {
 	if !options.Enabled {
 		return nil, nil
 	}
-	if options.MaxConnections == 0 && options.MaxStreams == 0 {
-		options.MinStreams = 8
-	}
-	protocol, err := ParseProtocol(options.Protocol)
-	if err != nil {
-		return nil, err
-	}
-	return NewClient(ctx, dialer, protocol, options.MaxConnections, options.MinStreams, options.MaxStreams), nil
-}
-
-func (c *Client) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	switch N.NetworkName(network) {
-	case N.NetworkTCP:
-		stream, err := c.openStream()
-		if err != nil {
-			return nil, err
-		}
-		return &ClientConn{Conn: stream, destination: destination}, nil
-	case N.NetworkUDP:
-		stream, err := c.openStream()
-		if err != nil {
-			return nil, err
-		}
-		return bufio.NewBindPacketConn(deadline.NewPacketConn(bufio.NewNetPacketConn(&ClientPacketConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: destination})), destination), nil
-	default:
-		return nil, E.Extend(N.ErrUnknownNetwork, network)
-	}
-}
-
-func (c *Client) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	stream, err := c.openStream()
-	if err != nil {
-		return nil, err
-	}
-	return deadline.NewPacketConn(&ClientPacketAddrConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: destination}), nil
-}
-
-func (c *Client) openStream() (net.Conn, error) {
-	var (
-		session abstractSession
-		stream  net.Conn
-		err     error
-	)
-	for attempts := 0; attempts < 2; attempts++ {
-		session, err = c.offer()
-		if err != nil {
-			continue
-		}
-		stream, err = session.Open()
-		if err != nil {
-			continue
-		}
-		break
-	}
-	if err != nil {
-		return nil, err
-	}
-	return &wrapStream{stream}, nil
-}
-
-func (c *Client) offer() (abstractSession, error) {
-	c.access.Lock()
-	defer c.access.Unlock()
-
-	sessions := make([]abstractSession, 0, c.maxConnections)
-	for element := c.connections.Front(); element != nil; {
-		if element.Value.IsClosed() {
-			nextElement := element.Next()
-			c.connections.Remove(element)
-			element = nextElement
-			continue
-		}
-		sessions = append(sessions, element.Value)
-		element = element.Next()
-	}
-	sLen := len(sessions)
-	if sLen == 0 {
-		return c.offerNew()
-	}
-	session := common.MinBy(sessions, abstractSession.NumStreams)
-	numStreams := session.NumStreams()
-	if numStreams == 0 {
-		return session, nil
-	}
-	if c.maxConnections > 0 {
-		if sLen >= c.maxConnections || numStreams < c.minStreams {
-			return session, nil
-		}
-	} else {
-		if c.maxStreams > 0 && numStreams < c.maxStreams {
-			return session, nil
-		}
-	}
-	return c.offerNew()
-}
-
-func (c *Client) offerNew() (abstractSession, error) {
-	conn, err := c.dialer.DialContext(c.ctx, N.NetworkTCP, Destination)
-	if err != nil {
-		return nil, err
-	}
-	if vectorisedWriter, isVectorised := bufio.CreateVectorisedWriter(conn); isVectorised {
-		conn = &vectorisedProtocolConn{protocolConn{Conn: conn, protocol: c.protocol}, vectorisedWriter}
-	} else {
-		conn = &protocolConn{Conn: conn, protocol: c.protocol}
-	}
-	session, err := c.protocol.newClient(conn)
-	if err != nil {
-		return nil, err
-	}
-	c.connections.PushBack(session)
-	return session, nil
-}
-
-func (c *Client) Close() error {
-	c.access.Lock()
-	defer c.access.Unlock()
-	for _, session := range c.connections.Array() {
-		session.Close()
-	}
-	return nil
-}
-
-type ClientConn struct {
-	net.Conn
-	destination  M.Socksaddr
-	requestWrite bool
-	responseRead bool
-}
-
-func (c *ClientConn) readResponse() error {
-	response, err := ReadStreamResponse(c.Conn)
-	if err != nil {
-		return err
-	}
-	if response.Status == statusError {
-		return E.New("remote error: ", response.Message)
-	}
-	return nil
-}
-
-func (c *ClientConn) Read(b []byte) (n int, err error) {
-	if !c.responseRead {
-		err = c.readResponse()
-		if err != nil {
-			return
-		}
-		c.responseRead = true
-	}
-	return c.Conn.Read(b)
-}
-
-func (c *ClientConn) Write(b []byte) (n int, err error) {
-	if c.requestWrite {
-		return c.Conn.Write(b)
-	}
-	request := StreamRequest{
-		Network:     N.NetworkTCP,
-		Destination: c.destination,
-	}
-	_buffer := buf.StackNewSize(requestLen(request) + len(b))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	EncodeStreamRequest(request, buffer)
-	buffer.Write(b)
-	_, err = c.Conn.Write(buffer.Bytes())
-	if err != nil {
-		return
-	}
-	c.requestWrite = true
-	return len(b), nil
-}
-
-func (c *ClientConn) ReadFrom(r io.Reader) (n int64, err error) {
-	if !c.requestWrite {
-		return bufio.ReadFrom0(c, r)
-	}
-	return bufio.Copy(c.Conn, r)
-}
-
-func (c *ClientConn) WriteTo(w io.Writer) (n int64, err error) {
-	if !c.responseRead {
-		return bufio.WriteTo0(c, w)
-	}
-	return bufio.Copy(w, c.Conn)
-}
-
-func (c *ClientConn) LocalAddr() net.Addr {
-	return c.Conn.LocalAddr()
-}
-
-func (c *ClientConn) RemoteAddr() net.Addr {
-	return c.destination.TCPAddr()
-}
-
-func (c *ClientConn) ReaderReplaceable() bool {
-	return c.responseRead
-}
-
-func (c *ClientConn) WriterReplaceable() bool {
-	return c.requestWrite
-}
-
-func (c *ClientConn) Upstream() any {
-	return c.Conn
-}
-
-type ClientPacketConn struct {
-	N.ExtendedConn
-	destination  M.Socksaddr
-	requestWrite bool
-	responseRead bool
-}
-
-func (c *ClientPacketConn) readResponse() error {
-	response, err := ReadStreamResponse(c.ExtendedConn)
-	if err != nil {
-		return err
-	}
-	if response.Status == statusError {
-		return E.New("remote error: ", response.Message)
-	}
-	return nil
-}
-
-func (c *ClientPacketConn) Read(b []byte) (n int, err error) {
-	if !c.responseRead {
-		err = c.readResponse()
-		if err != nil {
-			return
-		}
-		c.responseRead = true
-	}
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	if cap(b) < int(length) {
-		return 0, io.ErrShortBuffer
-	}
-	return io.ReadFull(c.ExtendedConn, b[:length])
-}
-
-func (c *ClientPacketConn) writeRequest(payload []byte) (n int, err error) {
-	request := StreamRequest{
-		Network:     N.NetworkUDP,
-		Destination: c.destination,
-	}
-	rLen := requestLen(request)
-	if len(payload) > 0 {
-		rLen += 2 + len(payload)
-	}
-	_buffer := buf.StackNewSize(rLen)
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	EncodeStreamRequest(request, buffer)
-	if len(payload) > 0 {
-		common.Must(
-			binary.Write(buffer, binary.BigEndian, uint16(len(payload))),
-			common.Error(buffer.Write(payload)),
-		)
-	}
-	_, err = c.ExtendedConn.Write(buffer.Bytes())
-	if err != nil {
-		return
-	}
-	c.requestWrite = true
-	return len(payload), nil
-}
-
-func (c *ClientPacketConn) Write(b []byte) (n int, err error) {
-	if !c.requestWrite {
-		return c.writeRequest(b)
-	}
-	err = binary.Write(c.ExtendedConn, binary.BigEndian, uint16(len(b)))
-	if err != nil {
-		return
-	}
-	return c.ExtendedConn.Write(b)
-}
-
-func (c *ClientPacketConn) ReadBuffer(buffer *buf.Buffer) (err error) {
-	if !c.responseRead {
-		err = c.readResponse()
-		if err != nil {
-			return
-		}
-		c.responseRead = true
-	}
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
-	return
-}
-
-func (c *ClientPacketConn) WriteBuffer(buffer *buf.Buffer) error {
-	if !c.requestWrite {
-		defer buffer.Release()
-		return common.Error(c.writeRequest(buffer.Bytes()))
-	}
-	bLen := buffer.Len()
-	binary.BigEndian.PutUint16(buffer.ExtendHeader(2), uint16(bLen))
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ClientPacketConn) FrontHeadroom() int {
-	return 2
-}
-
-func (c *ClientPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	err = c.ReadBuffer(buffer)
-	return
-}
-
-func (c *ClientPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	return c.WriteBuffer(buffer)
-}
-
-func (c *ClientPacketConn) LocalAddr() net.Addr {
-	return c.ExtendedConn.LocalAddr()
-}
-
-func (c *ClientPacketConn) RemoteAddr() net.Addr {
-	return c.destination.UDPAddr()
-}
-
-func (c *ClientPacketConn) Upstream() any {
-	return c.ExtendedConn
-}
-
-var _ N.NetPacketConn = (*ClientPacketAddrConn)(nil)
-
-type ClientPacketAddrConn struct {
-	N.ExtendedConn
-	destination  M.Socksaddr
-	requestWrite bool
-	responseRead bool
-}
-
-func (c *ClientPacketAddrConn) readResponse() error {
-	response, err := ReadStreamResponse(c.ExtendedConn)
-	if err != nil {
-		return err
-	}
-	if response.Status == statusError {
-		return E.New("remote error: ", response.Message)
-	}
-	return nil
-}
-
-func (c *ClientPacketAddrConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
-	if !c.responseRead {
-		err = c.readResponse()
-		if err != nil {
-			return
-		}
-		c.responseRead = true
-	}
-	destination, err := M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
-	if err != nil {
-		return
-	}
-	if destination.IsFqdn() {
-		addr = destination
-	} else {
-		addr = destination.UDPAddr()
-	}
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	if cap(p) < int(length) {
-		return 0, nil, io.ErrShortBuffer
-	}
-	n, err = io.ReadFull(c.ExtendedConn, p[:length])
-	return
-}
-
-func (c *ClientPacketAddrConn) writeRequest(payload []byte, destination M.Socksaddr) (n int, err error) {
-	request := StreamRequest{
-		Network:     N.NetworkUDP,
-		Destination: c.destination,
-		PacketAddr:  true,
-	}
-	rLen := requestLen(request)
-	if len(payload) > 0 {
-		rLen += M.SocksaddrSerializer.AddrPortLen(destination) + 2 + len(payload)
-	}
-	_buffer := buf.StackNewSize(rLen)
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	EncodeStreamRequest(request, buffer)
-	if len(payload) > 0 {
-		common.Must(
-			M.SocksaddrSerializer.WriteAddrPort(buffer, destination),
-			binary.Write(buffer, binary.BigEndian, uint16(len(payload))),
-			common.Error(buffer.Write(payload)),
-		)
-	}
-	_, err = c.ExtendedConn.Write(buffer.Bytes())
-	if err != nil {
-		return
-	}
-	c.requestWrite = true
-	return len(payload), nil
-}
-
-func (c *ClientPacketAddrConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
-	if !c.requestWrite {
-		return c.writeRequest(p, M.SocksaddrFromNet(addr))
-	}
-	err = M.SocksaddrSerializer.WriteAddrPort(c.ExtendedConn, M.SocksaddrFromNet(addr))
-	if err != nil {
-		return
-	}
-	err = binary.Write(c.ExtendedConn, binary.BigEndian, uint16(len(p)))
-	if err != nil {
-		return
-	}
-	return c.ExtendedConn.Write(p)
-}
-
-func (c *ClientPacketAddrConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	if !c.responseRead {
-		err = c.readResponse()
-		if err != nil {
-			return
-		}
-		c.responseRead = true
-	}
-	destination, err = M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
-	if err != nil {
-		return
-	}
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
-	return
-}
-
-func (c *ClientPacketAddrConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	if !c.requestWrite {
-		defer buffer.Release()
-		return common.Error(c.writeRequest(buffer.Bytes(), destination))
-	}
-	bLen := buffer.Len()
-	header := buf.With(buffer.ExtendHeader(M.SocksaddrSerializer.AddrPortLen(destination) + 2))
-	common.Must(
-		M.SocksaddrSerializer.WriteAddrPort(header, destination),
-		binary.Write(header, binary.BigEndian, uint16(bLen)),
-	)
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ClientPacketAddrConn) LocalAddr() net.Addr {
-	return c.ExtendedConn.LocalAddr()
-}
-
-func (c *ClientPacketAddrConn) FrontHeadroom() int {
-	return 2 + M.MaxSocksaddrLength
-}
-
-func (c *ClientPacketAddrConn) Upstream() any {
-	return c.ExtendedConn
+	return mux.NewClient(mux.Options{
+		Dialer:         dialer,
+		Protocol:       options.Protocol,
+		MaxConnections: options.MaxConnections,
+		MinStreams:     options.MinStreams,
+		MaxStreams:     options.MaxStreams,
+		Padding:        options.Padding,
+	})
 }

common/mux/protocol.go

@@ -1,240 +1,14 @@
 package mux
 
 import (
-	"encoding/binary"
-	"io"
-	"net"
-
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/buf"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/rw"
-	"github.com/sagernet/smux"
-
-	"github.com/hashicorp/yamux"
+	"github.com/sagernet/sing-mux"
 )
 
-var Destination = M.Socksaddr{
-	Fqdn: "sp.mux.sing-box.arpa",
-	Port: 444,
-}
-
-const (
-	ProtocolSMux Protocol = iota
-	ProtocolYAMux
+type (
+	Client = mux.Client
 )
 
-type Protocol byte
-
-func ParseProtocol(name string) (Protocol, error) {
-	switch name {
-	case "", "smux":
-		return ProtocolSMux, nil
-	case "yamux":
-		return ProtocolYAMux, nil
-	default:
-		return ProtocolYAMux, E.New("unknown multiplex protocol: ", name)
-	}
-}
-
-func (p Protocol) newServer(conn net.Conn) (abstractSession, error) {
-	switch p {
-	case ProtocolSMux:
-		session, err := smux.Server(conn, smuxConfig())
-		if err != nil {
-			return nil, err
-		}
-		return &smuxSession{session}, nil
-	case ProtocolYAMux:
-		return yamux.Server(conn, yaMuxConfig())
-	default:
-		panic("unknown protocol")
-	}
-}
-
-func (p Protocol) newClient(conn net.Conn) (abstractSession, error) {
-	switch p {
-	case ProtocolSMux:
-		session, err := smux.Client(conn, smuxConfig())
-		if err != nil {
-			return nil, err
-		}
-		return &smuxSession{session}, nil
-	case ProtocolYAMux:
-		return yamux.Client(conn, yaMuxConfig())
-	default:
-		panic("unknown protocol")
-	}
-}
-
-func smuxConfig() *smux.Config {
-	config := smux.DefaultConfig()
-	config.KeepAliveDisabled = true
-	return config
-}
-
-func yaMuxConfig() *yamux.Config {
-	config := yamux.DefaultConfig()
-	config.LogOutput = io.Discard
-	config.StreamCloseTimeout = C.TCPTimeout
-	config.StreamOpenTimeout = C.TCPTimeout
-	return config
-}
-
-func (p Protocol) String() string {
-	switch p {
-	case ProtocolSMux:
-		return "smux"
-	case ProtocolYAMux:
-		return "yamux"
-	default:
-		return "unknown"
-	}
-}
-
-const (
-	version0 = 0
+var (
+	Destination      = mux.Destination
+	HandleConnection = mux.HandleConnection
 )
-
-type Request struct {
-	Protocol Protocol
-}
-
-func ReadRequest(reader io.Reader) (*Request, error) {
-	version, err := rw.ReadByte(reader)
-	if err != nil {
-		return nil, err
-	}
-	if version != version0 {
-		return nil, E.New("unsupported version: ", version)
-	}
-	protocol, err := rw.ReadByte(reader)
-	if err != nil {
-		return nil, err
-	}
-	if protocol > byte(ProtocolYAMux) {
-		return nil, E.New("unsupported protocol: ", protocol)
-	}
-	return &Request{Protocol: Protocol(protocol)}, nil
-}
-
-func EncodeRequest(buffer *buf.Buffer, request Request) {
-	buffer.WriteByte(version0)
-	buffer.WriteByte(byte(request.Protocol))
-}
-
-const (
-	flagUDP       = 1
-	flagAddr      = 2
-	statusSuccess = 0
-	statusError   = 1
-)
-
-type StreamRequest struct {
-	Network     string
-	Destination M.Socksaddr
-	PacketAddr  bool
-}
-
-func ReadStreamRequest(reader io.Reader) (*StreamRequest, error) {
-	var flags uint16
-	err := binary.Read(reader, binary.BigEndian, &flags)
-	if err != nil {
-		return nil, err
-	}
-	destination, err := M.SocksaddrSerializer.ReadAddrPort(reader)
-	if err != nil {
-		return nil, err
-	}
-	var network string
-	var udpAddr bool
-	if flags&flagUDP == 0 {
-		network = N.NetworkTCP
-	} else {
-		network = N.NetworkUDP
-		udpAddr = flags&flagAddr != 0
-	}
-	return &StreamRequest{network, destination, udpAddr}, nil
-}
-
-func requestLen(request StreamRequest) int {
-	var rLen int
-	rLen += 1 // version
-	rLen += 2 // flags
-	rLen += M.SocksaddrSerializer.AddrPortLen(request.Destination)
-	return rLen
-}
-
-func EncodeStreamRequest(request StreamRequest, buffer *buf.Buffer) {
-	destination := request.Destination
-	var flags uint16
-	if request.Network == N.NetworkUDP {
-		flags |= flagUDP
-	}
-	if request.PacketAddr {
-		flags |= flagAddr
-		if !destination.IsValid() {
-			destination = Destination
-		}
-	}
-	common.Must(
-		binary.Write(buffer, binary.BigEndian, flags),
-		M.SocksaddrSerializer.WriteAddrPort(buffer, destination),
-	)
-}
-
-type StreamResponse struct {
-	Status  uint8
-	Message string
-}
-
-func ReadStreamResponse(reader io.Reader) (*StreamResponse, error) {
-	var response StreamResponse
-	status, err := rw.ReadByte(reader)
-	if err != nil {
-		return nil, err
-	}
-	response.Status = status
-	if status == statusError {
-		response.Message, err = rw.ReadVString(reader)
-		if err != nil {
-			return nil, err
-		}
-	}
-	return &response, nil
-}
-
-type wrapStream struct {
-	net.Conn
-}
-
-func (w *wrapStream) Read(p []byte) (n int, err error) {
-	n, err = w.Conn.Read(p)
-	err = wrapError(err)
-	return
-}
-
-func (w *wrapStream) Write(p []byte) (n int, err error) {
-	n, err = w.Conn.Write(p)
-	err = wrapError(err)
-	return
-}
-
-func (w *wrapStream) WriteIsThreadUnsafe() {
-}
-
-func (w *wrapStream) Upstream() any {
-	return w.Conn
-}
-
-func wrapError(err error) error {
-	switch err {
-	case yamux.ErrStreamClosed:
-		return io.EOF
-	default:
-		return err
-	}
-}

common/mux/service.go

@@ -1,258 +0,0 @@
-package mux
-
-import (
-	"context"
-	"encoding/binary"
-	"net"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	"github.com/sagernet/sing/common/bufio/deadline"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/rw"
-	"github.com/sagernet/sing/common/task"
-)
-
-func NewConnection(ctx context.Context, router adapter.Router, errorHandler E.Handler, logger log.ContextLogger, conn net.Conn, metadata adapter.InboundContext) error {
-	request, err := ReadRequest(conn)
-	if err != nil {
-		return err
-	}
-	session, err := request.Protocol.newServer(conn)
-	if err != nil {
-		return err
-	}
-	var group task.Group
-	group.Append0(func(ctx context.Context) error {
-		var stream net.Conn
-		for {
-			stream, err = session.Accept()
-			if err != nil {
-				return err
-			}
-			go newConnection(ctx, router, errorHandler, logger, stream, metadata)
-		}
-	})
-	group.Cleanup(func() {
-		session.Close()
-	})
-	return group.Run(ctx)
-}
-
-func newConnection(ctx context.Context, router adapter.Router, errorHandler E.Handler, logger log.ContextLogger, stream net.Conn, metadata adapter.InboundContext) {
-	stream = &wrapStream{stream}
-	request, err := ReadStreamRequest(stream)
-	if err != nil {
-		logger.ErrorContext(ctx, err)
-		return
-	}
-	metadata.Destination = request.Destination
-	if request.Network == N.NetworkTCP {
-		logger.InfoContext(ctx, "inbound multiplex connection to ", metadata.Destination)
-		hErr := router.RouteConnection(ctx, &ServerConn{ExtendedConn: bufio.NewExtendedConn(stream)}, metadata)
-		stream.Close()
-		if hErr != nil {
-			errorHandler.NewError(ctx, hErr)
-		}
-	} else {
-		var packetConn N.PacketConn
-		if !request.PacketAddr {
-			logger.InfoContext(ctx, "inbound multiplex packet connection to ", metadata.Destination)
-			packetConn = &ServerPacketConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: request.Destination}
-		} else {
-			logger.InfoContext(ctx, "inbound multiplex packet connection")
-			packetConn = &ServerPacketAddrConn{ExtendedConn: bufio.NewExtendedConn(stream)}
-		}
-		hErr := router.RoutePacketConnection(ctx, deadline.NewPacketConn(bufio.NewNetPacketConn(packetConn)), metadata)
-		stream.Close()
-		if hErr != nil {
-			errorHandler.NewError(ctx, hErr)
-		}
-	}
-}
-
-var _ N.HandshakeConn = (*ServerConn)(nil)
-
-type ServerConn struct {
-	N.ExtendedConn
-	responseWrite bool
-}
-
-func (c *ServerConn) HandshakeFailure(err error) error {
-	errMessage := err.Error()
-	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	common.Must(
-		buffer.WriteByte(statusError),
-		rw.WriteVString(_buffer, errMessage),
-	)
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerConn) Write(b []byte) (n int, err error) {
-	if c.responseWrite {
-		return c.ExtendedConn.Write(b)
-	}
-	_buffer := buf.StackNewSize(1 + len(b))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	common.Must(
-		buffer.WriteByte(statusSuccess),
-		common.Error(buffer.Write(b)),
-	)
-	_, err = c.ExtendedConn.Write(buffer.Bytes())
-	if err != nil {
-		return
-	}
-	c.responseWrite = true
-	return len(b), nil
-}
-
-func (c *ServerConn) WriteBuffer(buffer *buf.Buffer) error {
-	if c.responseWrite {
-		return c.ExtendedConn.WriteBuffer(buffer)
-	}
-	buffer.ExtendHeader(1)[0] = statusSuccess
-	c.responseWrite = true
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerConn) FrontHeadroom() int {
-	if !c.responseWrite {
-		return 1
-	}
-	return 0
-}
-
-func (c *ServerConn) Upstream() any {
-	return c.ExtendedConn
-}
-
-var (
-	_ N.HandshakeConn = (*ServerPacketConn)(nil)
-	_ N.PacketConn    = (*ServerPacketConn)(nil)
-)
-
-type ServerPacketConn struct {
-	N.ExtendedConn
-	destination   M.Socksaddr
-	responseWrite bool
-}
-
-func (c *ServerPacketConn) HandshakeFailure(err error) error {
-	errMessage := err.Error()
-	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	common.Must(
-		buffer.WriteByte(statusError),
-		rw.WriteVString(_buffer, errMessage),
-	)
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
-	if err != nil {
-		return
-	}
-	destination = c.destination
-	return
-}
-
-func (c *ServerPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	pLen := buffer.Len()
-	common.Must(binary.Write(buf.With(buffer.ExtendHeader(2)), binary.BigEndian, uint16(pLen)))
-	if !c.responseWrite {
-		buffer.ExtendHeader(1)[0] = statusSuccess
-		c.responseWrite = true
-	}
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerPacketConn) Upstream() any {
-	return c.ExtendedConn
-}
-
-func (c *ServerPacketConn) FrontHeadroom() int {
-	if !c.responseWrite {
-		return 3
-	}
-	return 2
-}
-
-var (
-	_ N.HandshakeConn = (*ServerPacketAddrConn)(nil)
-	_ N.PacketConn    = (*ServerPacketAddrConn)(nil)
-)
-
-type ServerPacketAddrConn struct {
-	N.ExtendedConn
-	responseWrite bool
-}
-
-func (c *ServerPacketAddrConn) HandshakeFailure(err error) error {
-	errMessage := err.Error()
-	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	common.Must(
-		buffer.WriteByte(statusError),
-		rw.WriteVString(_buffer, errMessage),
-	)
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerPacketAddrConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	destination, err = M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
-	if err != nil {
-		return
-	}
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
-	if err != nil {
-		return
-	}
-	return
-}
-
-func (c *ServerPacketAddrConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	pLen := buffer.Len()
-	common.Must(binary.Write(buf.With(buffer.ExtendHeader(2)), binary.BigEndian, uint16(pLen)))
-	common.Must(M.SocksaddrSerializer.WriteAddrPort(buf.With(buffer.ExtendHeader(M.SocksaddrSerializer.AddrPortLen(destination))), destination))
-	if !c.responseWrite {
-		buffer.ExtendHeader(1)[0] = statusSuccess
-		c.responseWrite = true
-	}
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerPacketAddrConn) Upstream() any {
-	return c.ExtendedConn
-}
-
-func (c *ServerPacketAddrConn) FrontHeadroom() int {
-	if !c.responseWrite {
-		return 3 + M.MaxSocksaddrLength
-	}
-	return 2 + M.MaxSocksaddrLength
-}

common/mux/session.go

@@ -1,91 +0,0 @@
-package mux
-
-import (
-	"io"
-	"net"
-
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/smux"
-)
-
-type abstractSession interface {
-	Open() (net.Conn, error)
-	Accept() (net.Conn, error)
-	NumStreams() int
-	Close() error
-	IsClosed() bool
-}
-
-var _ abstractSession = (*smuxSession)(nil)
-
-type smuxSession struct {
-	*smux.Session
-}
-
-func (s *smuxSession) Open() (net.Conn, error) {
-	return s.OpenStream()
-}
-
-func (s *smuxSession) Accept() (net.Conn, error) {
-	return s.AcceptStream()
-}
-
-type protocolConn struct {
-	net.Conn
-	protocol        Protocol
-	protocolWritten bool
-}
-
-func (c *protocolConn) Write(p []byte) (n int, err error) {
-	if c.protocolWritten {
-		return c.Conn.Write(p)
-	}
-	_buffer := buf.StackNewSize(2 + len(p))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	EncodeRequest(buffer, Request{
-		Protocol: c.protocol,
-	})
-	common.Must(common.Error(buffer.Write(p)))
-	n, err = c.Conn.Write(buffer.Bytes())
-	if err == nil {
-		n--
-	}
-	c.protocolWritten = true
-	return n, err
-}
-
-func (c *protocolConn) ReadFrom(r io.Reader) (n int64, err error) {
-	if !c.protocolWritten {
-		return bufio.ReadFrom0(c, r)
-	}
-	return bufio.Copy(c.Conn, r)
-}
-
-func (c *protocolConn) Upstream() any {
-	return c.Conn
-}
-
-type vectorisedProtocolConn struct {
-	protocolConn
-	N.VectorisedWriter
-}
-
-func (c *vectorisedProtocolConn) WriteVectorised(buffers []*buf.Buffer) error {
-	if c.protocolWritten {
-		return c.VectorisedWriter.WriteVectorised(buffers)
-	}
-	c.protocolWritten = true
-	_buffer := buf.StackNewSize(2)
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	EncodeRequest(buffer, Request{
-		Protocol: c.protocol,
-	})
-	return c.VectorisedWriter.WriteVectorised(append([]*buf.Buffer{buffer}, buffers...))
-}

common/sniff/http.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/sagernet/sing-box/adapter"
 	C "github.com/sagernet/sing-box/constant"
+	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/protocol/http"
 )
 
@@ -15,5 +16,5 @@ func HTTPHost(ctx context.Context, reader io.Reader) (*adapter.InboundContext, e
 	if err != nil {
 		return nil, err
 	}
-	return &adapter.InboundContext{Protocol: C.ProtocolHTTP, Domain: request.Host}, nil
+	return &adapter.InboundContext{Protocol: C.ProtocolHTTP, Domain: M.ParseSocksaddr(request.Host).AddrString()}, nil
 }

common/sniff/http_test.go

@@ -0,0 +1,27 @@
+package sniff_test
+
+import (
+	"context"
+	"strings"
+	"testing"
+
+	"github.com/sagernet/sing-box/common/sniff"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestSniffHTTP1(t *testing.T) {
+	t.Parallel()
+	pkt := "GET / HTTP/1.1\r\nHost: www.google.com\r\nAccept: */*\r\n\r\n"
+	metadata, err := sniff.HTTPHost(context.Background(), strings.NewReader(pkt))
+	require.NoError(t, err)
+	require.Equal(t, metadata.Domain, "www.google.com")
+}
+
+func TestSniffHTTP1WithPort(t *testing.T) {
+	t.Parallel()
+	pkt := "GET / HTTP/1.1\r\nHost: www.gov.cn:8080\r\nAccept: */*\r\n\r\n"
+	metadata, err := sniff.HTTPHost(context.Background(), strings.NewReader(pkt))
+	require.NoError(t, err)
+	require.Equal(t, metadata.Domain, "www.gov.cn")
+}

common/tls/reality_client.go

@@ -125,7 +125,7 @@ func (e *RealityClientConfig) ClientHandshake(ctx context.Context, conn net.Conn
 
 	hello.SessionId[0] = 1
 	hello.SessionId[1] = 8
-	hello.SessionId[2] = 0
+	hello.SessionId[2] = 1
 	binary.BigEndian.PutUint32(hello.SessionId[4:], uint32(time.Now().Unix()))
 	copy(hello.SessionId[8:], e.shortID[:])
 

common/warning/warning.go

@@ -1,31 +0,0 @@
-package warning
-
-import (
-	"sync"
-
-	"github.com/sagernet/sing-box/log"
-)
-
-type Warning struct {
-	logger    log.Logger
-	check     CheckFunc
-	message   string
-	checkOnce sync.Once
-}
-
-type CheckFunc = func() bool
-
-func New(checkFunc CheckFunc, message string) Warning {
-	return Warning{
-		check:   checkFunc,
-		message: message,
-	}
-}
-
-func (w *Warning) Check() {
-	w.checkOnce.Do(func() {
-		if w.check() {
-			log.Warn(w.message)
-		}
-	})
-}

constant/path.go

@@ -3,40 +3,13 @@ package constant
 import (
 	"os"
 	"path/filepath"
-	"strings"
 
 	"github.com/sagernet/sing/common/rw"
 )
 
 const dirName = "sing-box"
 
-var (
-	basePath      string
-	tempPath      string
-	resourcePaths []string
-)
-
-func BasePath(name string) string {
-	if basePath == "" || strings.HasPrefix(name, "/") {
-		return name
-	}
-	return filepath.Join(basePath, name)
-}
-
-func CreateTemp(pattern string) (*os.File, error) {
-	if tempPath == "" {
-		tempPath = os.TempDir()
-	}
-	return os.CreateTemp(tempPath, pattern)
-}
-
-func SetBasePath(path string) {
-	basePath = path
-}
-
-func SetTempPath(path string) {
-	tempPath = path
-}
+var resourcePaths []string
 
 func FindPath(name string) (string, bool) {
 	name = os.ExpandEnv(name)

debug_go118.go

@@ -10,6 +10,7 @@ import (
 )
 
 func applyDebugOptions(options option.DebugOptions) {
+	applyDebugListenOption(options)
 	if options.GCPercent != nil {
 		debug.SetGCPercent(*options.GCPercent)
 	}

debug_go119.go

@@ -10,6 +10,7 @@ import (
 )
 
 func applyDebugOptions(options option.DebugOptions) {
+	applyDebugListenOption(options)
 	if options.GCPercent != nil {
 		debug.SetGCPercent(*options.GCPercent)
 	}

debug_http.go

@@ -0,0 +1,67 @@
+package box
+
+import (
+	"net/http"
+	"net/http/pprof"
+	"runtime"
+	"runtime/debug"
+
+	"github.com/sagernet/sing-box/common/badjson"
+	"github.com/sagernet/sing-box/common/json"
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing-box/option"
+	E "github.com/sagernet/sing/common/exceptions"
+
+	"github.com/dustin/go-humanize"
+	"github.com/go-chi/chi/v5"
+)
+
+var debugHTTPServer *http.Server
+
+func applyDebugListenOption(options option.DebugOptions) {
+	if debugHTTPServer != nil {
+		debugHTTPServer.Close()
+		debugHTTPServer = nil
+	}
+	if options.Listen == "" {
+		return
+	}
+	r := chi.NewMux()
+	r.Route("/debug", func(r chi.Router) {
+		r.Get("/gc", func(writer http.ResponseWriter, request *http.Request) {
+			writer.WriteHeader(http.StatusNoContent)
+			go debug.FreeOSMemory()
+		})
+		r.Get("/memory", func(writer http.ResponseWriter, request *http.Request) {
+			var memStats runtime.MemStats
+			runtime.ReadMemStats(&memStats)
+
+			var memObject badjson.JSONObject
+			memObject.Put("heap", humanize.IBytes(memStats.HeapInuse))
+			memObject.Put("stack", humanize.IBytes(memStats.StackInuse))
+			memObject.Put("idle", humanize.IBytes(memStats.HeapIdle-memStats.HeapReleased))
+			memObject.Put("goroutines", runtime.NumGoroutine())
+			memObject.Put("rss", rusageMaxRSS())
+
+			encoder := json.NewEncoder(writer)
+			encoder.SetIndent("", "  ")
+			encoder.Encode(memObject)
+		})
+		r.HandleFunc("/pprof", pprof.Index)
+		r.HandleFunc("/pprof/*", pprof.Index)
+		r.HandleFunc("/pprof/cmdline", pprof.Cmdline)
+		r.HandleFunc("/pprof/profile", pprof.Profile)
+		r.HandleFunc("/pprof/symbol", pprof.Symbol)
+		r.HandleFunc("/pprof/trace", pprof.Trace)
+	})
+	debugHTTPServer = &http.Server{
+		Addr:    options.Listen,
+		Handler: r,
+	}
+	go func() {
+		err := debugHTTPServer.ListenAndServe()
+		if err != nil && !E.IsClosed(err) {
+			log.Error(E.Cause(err, "serve debug HTTP server"))
+		}
+	}()
+}

debug_linux.go

@@ -1,6 +1,4 @@
-//go:build debug
-
-package main
+package box
 
 import (
 	"runtime"

debug_stub.go

@@ -1,6 +1,6 @@
-//go:build debug && !linux
+//go:build !linux
 
-package main
+package box
 
 func rusageMaxRSS() float64 {
 	return -1

docs/changelog.md

@@ -1,3 +1,62 @@
+#### 1.3-beta10
+
+* Improve direct copy **1**
+* Improve DNS caching
+* Add `independent_cache` [option](/configuration/dns#independent_cache) for DNS
+* Reimplemented shadowsocks client **2**
+* Add multiplex support for VLESS outbound
+* Set TCP keepalive for WireGuard gVisor TCP connections
+* Fixes and improvements
+
+**1**:
+
+* Make splice work with traffic statistics systems like Clash API
+* Significantly reduces memory usage of idle connections
+
+**2**:
+
+Improved performance and reduced memory usage.
+
+#### 1.3-beta9
+
+* Improve multiplex **1**
+* Fixes and improvements
+
+*1*:
+
+Added new `h2mux` multiplex protocol and `padding` multiplex option, see [Multiplex](/configuration/shared/multiplex).
+
+#### 1.2.6
+
+* Fix bugs and update dependencies
+
+#### 1.3-beta8
+
+* Fix `system` tun stack for ios
+* Fix network monitor for android/ios
+* Update VLESS and XUDP protocol **1**
+* Fixes and improvements
+
+*1:
+
+This is an incompatible update for XUDP in VLESS if vision flow is enabled.
+
+#### 1.3-beta7
+
+* Add `path` and `headers` options for HTTP outbound
+* Add multi-user support for Shadowsocks legacy AEAD inbound
+* Fixes and improvements
+
+#### 1.2.4
+
+* Fixes and improvements
+
+#### 1.3-beta6
+
+* Fix WireGuard reconnect
+* Perform URLTest recheck after network changes
+* Fix bugs and update dependencies
+
 #### 1.3-beta5
 
 * Add Clash.Meta API compatibility for Clash API

docs/configuration/dns/index.md

@@ -11,6 +11,7 @@
     "strategy": "",
     "disable_cache": false,
     "disable_expire": false,
+    "independent_cache": false,
     "reverse_mapping": false,
     "fakeip": {}
   }
@@ -48,6 +49,10 @@ Disable dns cache.
 
 Disable dns cache expire.
 
+#### independent_cache
+
+Make each DNS server's cache independent for special purposes. If enabled, will slightly degrade performance.
+
 #### reverse_mapping
 
 Stores a reverse mapping of IP addresses after responding to a DNS query in order to provide domain names when routing.

docs/configuration/dns/index.zh.md

@@ -11,6 +11,7 @@
     "strategy": "",
     "disable_cache": false,
     "disable_expire": false,
+    "independent_cache": false,
     "reverse_mapping": false,
     "fakeip": {}
   }
@@ -47,6 +48,10 @@
 
 禁用 DNS 缓存过期。
 
+#### independent_cache
+
+使每个 DNS 服务器的缓存独立，以满足特殊目的。如果启用，将轻微降低性能。
+
 #### reverse_mapping
 
 在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。

docs/configuration/dns/server.md

@@ -30,18 +30,18 @@ The tag of the dns server.
 
 The address of the dns server.
 
-| Protocol            | Format                        |
-|---------------------|-------------------------------|
-| `System`            | `local`                       |
-| `TCP`               | `tcp://1.0.0.1`               |
-| `UDP`               | `8.8.8.8` `udp://8.8.4.4`     |
-| `TLS`               | `tls://dns.google`            |
-| `HTTPS`             | `https://1.1.1.1/dns-query`   |
-| `QUIC`              | `quic://dns.adguard.com`      |
-| `HTTP3`             | `h3://8.8.8.8/dns-query`      |
-| `RCode`             | `rcode://refused`             |
-| `DHCP`              | `dhcp://auto` or `dhcp://en0` |
-|  [FakeIP](./fakeip) | `fakeip`                      |
+| Protocol                            | Format                        |
+|-------------------------------------|-------------------------------|
+| `System`                            | `local`                       |
+| `TCP`                               | `tcp://1.0.0.1`               |
+| `UDP`                               | `8.8.8.8` `udp://8.8.4.4`     |
+| `TLS`                               | `tls://dns.google`            |
+| `HTTPS`                             | `https://1.1.1.1/dns-query`   |
+| `QUIC`                              | `quic://dns.adguard.com`      |
+| `HTTP3`                             | `h3://8.8.8.8/dns-query`      |
+| `RCode`                             | `rcode://refused`             |
+| `DHCP`                              | `dhcp://auto` or `dhcp://en0` |
+| [FakeIP](/configuration/dns/fakeip) | `fakeip`                      |
 
 !!! warning ""
 
@@ -94,4 +94,4 @@ Take no effect if override by other settings.
 
 Tag of an outbound for connecting to the dns server.
 
-Default outbound will be used if empty.
+Default outbound will be used if empty.

docs/configuration/dns/server.zh.md

@@ -30,18 +30,18 @@ DNS 服务器的标签。
 
 DNS 服务器的地址。
 
-| 协议                 | 格式                           |
-|--------------------|------------------------------|
-| `System`           | `local`                      |
-| `TCP`              | `tcp://1.0.0.1`              |
-| `UDP`              | `8.8.8.8` `udp://8.8.4.4`    |
-| `TLS`              | `tls://dns.google`           |
-| `HTTPS`            | `https://1.1.1.1/dns-query`  |
-| `QUIC`             | `quic://dns.adguard.com`     |
-| `HTTP3`            | `h3://8.8.8.8/dns-query`     |
-| `RCode`            | `rcode://refused`            |
-| `DHCP`             | `dhcp://auto` 或 `dhcp://en0` |
-| [FakeIP](./fakeip) | `fakeip`                     |
+| 协议                                  | 格式                           |
+|-------------------------------------|------------------------------|
+| `System`                            | `local`                      |
+| `TCP`                               | `tcp://1.0.0.1`              |
+| `UDP`                               | `8.8.8.8` `udp://8.8.4.4`    |
+| `TLS`                               | `tls://dns.google`           |
+| `HTTPS`                             | `https://1.1.1.1/dns-query`  |
+| `QUIC`                              | `quic://dns.adguard.com`     |
+| `HTTP3`                             | `h3://8.8.8.8/dns-query`     |
+| `RCode`                             | `rcode://refused`            |
+| `DHCP`                              | `dhcp://auto` 或 `dhcp://en0` |
+| [FakeIP](/configuration/dns/fakeip) | `fakeip`                     |
 
 !!! warning ""
 

docs/configuration/shared/multiplex.md

@@ -10,7 +10,8 @@
   "protocol": "smux",
   "max_connections": 4,
   "min_streams": 4,
-  "max_streams": 0
+  "max_streams": 0,
+  "padding": false
 }
 ```
 
@@ -28,8 +29,9 @@ Multiplex protocol.
 |----------|------------------------------------|
 | smux     | https://github.com/xtaci/smux      |
 | yamux    | https://github.com/hashicorp/yamux |
+| h2mux    | https://golang.org/x/net/http2     |
 
-SMux is used by default.
+h2mux is used by default.
 
 #### max_connections
 
@@ -48,3 +50,12 @@ Conflict with `max_streams`.
 Maximum multiplexed streams in a connection before opening a new connection.
 
 Conflict with `max_connections` and `min_streams`.
+
+#### padding
+
+!!! info
+
+    Requires sing-box server version 1.3-beta9 or later.
+
+Enable padding.
+

docs/configuration/shared/multiplex.zh.md

@@ -28,8 +28,9 @@
 |-------|------------------------------------|
 | smux  | https://github.com/xtaci/smux      |
 | yamux | https://github.com/hashicorp/yamux |
+| h2mux | https://golang.org/x/net/http2     |
 
-默认使用 SMux。
+默认使用 h2mux。
 
 #### max_connections
 
@@ -47,4 +48,13 @@
 
 在打开新连接之前，连接中的最大多路复用流数量。
 
-与 `max_connections` 和 `min_streams` 冲突。
+与 `max_connections` 和 `min_streams` 冲突。
+
+#### padding
+
+!!! info
+
+    需要 sing-box 服务器版本 1.3-beta9 或更高。
+
+启用填充。
+

docs/installation/clients/sfa.md

@@ -12,5 +12,6 @@ Experimental Android client for sing-box.
 
 #### Note
 
-* Working directory is at `/sdcard/Android/data/io.nekohasekai.sfa/files` (External files directory)
-* User Agent is `SFA/$version ($version_code; sing-box $sing_box_version)` in the remote profile request
+* User Agent in remote profile request is `SFA/$version ($version_code; sing-box $sing_box_version)`
+* The working directory is located at `/sdcard/Android/data/io.nekohasekai.sfa/files` (External files directory)
+* Crash logs is located in `$working_directory/stderr.log`

docs/installation/clients/sfa.zh.md

@@ -12,5 +12,6 @@
 
 #### 注意事项
 
-* 工作目录位于 `/sdcard/Android/data/io.nekohasekai.sfa/files` (外部文件目录)
 * 远程配置文件请求中的 User Agent 为 `SFA/$version ($version_code; sing-box $sing_box_version)`
+* 工作目录位于 `/sdcard/Android/data/io.nekohasekai.sfa/files` (外部文件目录)
+* 崩溃日志位于 `$working_directory/stderr.log`

docs/installation/clients/sfi.md

@@ -13,8 +13,8 @@ Experimental iOS client for sing-box.
 
 #### Note
 
-* `system` tun stack not working on iOS
-* User Agent is `SFI/$version ($version_code; sing-box $sing_box_version)` in the remote profile request
+* User Agent in remote profile request is `SFI/$version ($version_code; sing-box $sing_box_version)`
+* Crash logs is located in `Settings` -> `View Service Log`
 
 #### Privacy policy
 

docs/installation/clients/sfi.zh.md

@@ -13,8 +13,8 @@
 
 #### 注意事项
 
-* `system` tun stack 在 iOS 不工作
 * 远程配置文件请求中的 User Agent 为 `SFI/$version ($version_code; sing-box $sing_box_version)`
+* 崩溃日志位于 `设置` -> `查看服务日志`
 
 #### 隐私政策
 

experimental/clashapi.go

@@ -1,6 +1,7 @@
 package experimental
 
 import (
+	"context"
 	"os"
 
 	"github.com/sagernet/sing-box/adapter"
@@ -8,7 +9,7 @@ import (
 	"github.com/sagernet/sing-box/option"
 )
 
-type ClashServerConstructor = func(router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error)
+type ClashServerConstructor = func(ctx context.Context, router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error)
 
 var clashServerConstructor ClashServerConstructor
 
@@ -16,9 +17,9 @@ func RegisterClashServerConstructor(constructor ClashServerConstructor) {
 	clashServerConstructor = constructor
 }
 
-func NewClashServer(router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error) {
+func NewClashServer(ctx context.Context, router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error) {
 	if clashServerConstructor == nil {
 		return nil, os.ErrInvalid
 	}
-	return clashServerConstructor(router, logFactory, options)
+	return clashServerConstructor(ctx, router, logFactory, options)
 }

experimental/clashapi/connections.go

@@ -6,6 +6,7 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/json"
 	"github.com/sagernet/sing-box/experimental/clashapi/trafficontrol"
 	"github.com/sagernet/websocket"
@@ -14,10 +15,10 @@ import (
 	"github.com/go-chi/render"
 )
 
-func connectionRouter(trafficManager *trafficontrol.Manager) http.Handler {
+func connectionRouter(router adapter.Router, trafficManager *trafficontrol.Manager) http.Handler {
 	r := chi.NewRouter()
 	r.Get("/", getConnections(trafficManager))
-	r.Delete("/", closeAllConnections(trafficManager))
+	r.Delete("/", closeAllConnections(router, trafficManager))
 	r.Delete("/{id}", closeConnection(trafficManager))
 	return r
 }
@@ -86,12 +87,13 @@ func closeConnection(trafficManager *trafficontrol.Manager) func(w http.Response
 	}
 }
 
-func closeAllConnections(trafficManager *trafficontrol.Manager) func(w http.ResponseWriter, r *http.Request) {
+func closeAllConnections(router adapter.Router, trafficManager *trafficontrol.Manager) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		snapshot := trafficManager.Snapshot()
 		for _, c := range snapshot.Connections {
 			c.Close()
 		}
+		router.ResetNetwork()
 		render.NoContent(w, r)
 	}
 }

experimental/clashapi/proxies.go

@@ -134,7 +134,7 @@ func getProxies(server *Server, router adapter.Router) func(w http.ResponseWrite
 			defaultTag = allProxies[0]
 		}
 
-		sort.Slice(allProxies, func(i, j int) bool {
+		sort.SliceStable(allProxies, func(i, j int) bool {
 			return allProxies[i] == defaultTag
 		})
 

experimental/clashapi/server.go

@@ -23,6 +23,7 @@ import (
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
 	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/service/filemanager"
 	"github.com/sagernet/websocket"
 
 	"github.com/go-chi/chi/v5"
@@ -37,6 +38,7 @@ func init() {
 var _ adapter.ClashServer = (*Server)(nil)
 
 type Server struct {
+	ctx            context.Context
 	router         adapter.Router
 	logger         log.Logger
 	httpServer     *http.Server
@@ -53,10 +55,11 @@ type Server struct {
 	externalUIDownloadDetour string
 }
 
-func NewServer(router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error) {
+func NewServer(ctx context.Context, router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error) {
 	trafficManager := trafficontrol.NewManager()
 	chiRouter := chi.NewRouter()
 	server := &Server{
+		ctx:    ctx,
 		router: router,
 		logger: logFactory.NewLogger("clash-api"),
 		httpServer: &http.Server{
@@ -82,7 +85,7 @@ func NewServer(router adapter.Router, logFactory log.ObservableFactory, options
 		if foundPath, loaded := C.FindPath(cachePath); loaded {
 			cachePath = foundPath
 		} else {
-			cachePath = C.BasePath(cachePath)
+			cachePath = filemanager.BasePath(ctx, cachePath)
 		}
 		server.cacheFilePath = cachePath
 	}
@@ -102,7 +105,7 @@ func NewServer(router adapter.Router, logFactory log.ObservableFactory, options
 		r.Mount("/configs", configRouter(server, logFactory, server.logger))
 		r.Mount("/proxies", proxyRouter(server, router))
 		r.Mount("/rules", ruleRouter(router))
-		r.Mount("/connections", connectionRouter(trafficManager))
+		r.Mount("/connections", connectionRouter(router, trafficManager))
 		r.Mount("/providers/proxies", proxyProviderRouter())
 		r.Mount("/providers/rules", ruleProviderRouter())
 		r.Mount("/script", scriptRouter())
@@ -113,7 +116,7 @@ func NewServer(router adapter.Router, logFactory log.ObservableFactory, options
 		server.setupMetaAPI(r)
 	})
 	if options.ExternalUI != "" {
-		server.externalUI = C.BasePath(os.ExpandEnv(options.ExternalUI))
+		server.externalUI = filemanager.BasePath(ctx, os.ExpandEnv(options.ExternalUI))
 		chiRouter.Group(func(r chi.Router) {
 			fs := http.StripPrefix("/ui", http.FileServer(http.Dir(server.externalUI)))
 			r.Get("/ui", http.RedirectHandler("/ui/", http.StatusTemporaryRedirect).ServeHTTP)

experimental/clashapi/server_resources.go

@@ -12,11 +12,11 @@ import (
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/service/filemanager"
 )
 
 func (s *Server) checkAndDownloadExternalUI() {
@@ -79,7 +79,7 @@ func (s *Server) downloadExternalUI() error {
 }
 
 func (s *Server) downloadZIP(name string, body io.Reader, output string) error {
-	tempFile, err := C.CreateTemp(name)
+	tempFile, err := filemanager.CreateTemp(s.ctx, name)
 	if err != nil {
 		return err
 	}
@@ -112,7 +112,7 @@ func (s *Server) downloadZIP(name string, body io.Reader, output string) error {
 			return err
 		}
 		savePath := filepath.Join(saveDirectory, pathElements[len(pathElements)-1])
-		err = downloadZIPEntry(file, savePath)
+		err = downloadZIPEntry(s.ctx, file, savePath)
 		if err != nil {
 			return err
 		}
@@ -120,8 +120,8 @@ func (s *Server) downloadZIP(name string, body io.Reader, output string) error {
 	return nil
 }
 
-func downloadZIPEntry(zipFile *zip.File, savePath string) error {
-	saveFile, err := os.Create(savePath)
+func downloadZIPEntry(ctx context.Context, zipFile *zip.File, savePath string) error {
+	saveFile, err := filemanager.Create(ctx, savePath)
 	if err != nil {
 		return err
 	}

experimental/clashapi/trafficontrol/tracker.go

@@ -7,9 +7,9 @@ import (
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/experimental/trackerconn"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/atomic"
+	"github.com/sagernet/sing/common/bufio"
 	N "github.com/sagernet/sing/common/network"
 
 	"github.com/gofrs/uuid/v5"
@@ -115,13 +115,13 @@ func NewTCPTracker(conn net.Conn, manager *Manager, metadata Metadata, router ad
 	download := new(atomic.Int64)
 
 	t := &tcpTracker{
-		ExtendedConn: trackerconn.NewHook(conn, func(n int64) {
+		ExtendedConn: bufio.NewCounterConn(conn, []N.CountFunc{func(n int64) {
 			upload.Add(n)
 			manager.PushUploaded(n)
-		}, func(n int64) {
+		}}, []N.CountFunc{func(n int64) {
 			download.Add(n)
 			manager.PushDownloaded(n)
-		}),
+		}}),
 		manager: manager,
 		trackerInfo: &trackerInfo{
 			UUID:          uuid,
@@ -202,13 +202,13 @@ func NewUDPTracker(conn N.PacketConn, manager *Manager, metadata Metadata, route
 	download := new(atomic.Int64)
 
 	ut := &udpTracker{
-		PacketConn: trackerconn.NewHookPacket(conn, func(n int64) {
+		PacketConn: bufio.NewCounterPacketConn(conn, []N.CountFunc{func(n int64) {
 			upload.Add(n)
 			manager.PushUploaded(n)
-		}, func(n int64) {
+		}}, []N.CountFunc{func(n int64) {
 			download.Add(n)
 			manager.PushDownloaded(n)
-		}),
+		}}),
 		manager: manager,
 		trackerInfo: &trackerInfo{
 			UUID:          uuid,

experimental/libbox/iterator.go

@@ -29,3 +29,19 @@ func (i *iterator[T]) Next() T {
 func (i *iterator[T]) HasNext() bool {
 	return len(i.values) > 0
 }
+
+type abstractIterator[T any] interface {
+	Next() T
+	HasNext() bool
+}
+
+func iteratorToArray[T any](iterator abstractIterator[T]) []T {
+	if iterator == nil {
+		return nil
+	}
+	var values []T
+	for iterator.HasNext() {
+		values = append(values, iterator.Next())
+	}
+	return values
+}

experimental/libbox/log.go

@@ -27,3 +27,27 @@ func RedirectStderr(path string) error {
 	stderrFile = outputFile
 	return nil
 }
+
+func RedirectStderrAsUser(path string, uid, gid int) error {
+	if stats, err := os.Stat(path); err == nil && stats.Size() > 0 {
+		_ = os.Rename(path, path+".old")
+	}
+	outputFile, err := os.Create(path)
+	if err != nil {
+		return err
+	}
+	err = outputFile.Chown(uid, gid)
+	if err != nil {
+		outputFile.Close()
+		os.Remove(outputFile.Name())
+		return err
+	}
+	err = unix.Dup2(int(outputFile.Fd()), int(os.Stderr.Fd()))
+	if err != nil {
+		outputFile.Close()
+		os.Remove(outputFile.Name())
+		return err
+	}
+	stderrFile = outputFile
+	return nil
+}

experimental/libbox/monitor.go

@@ -0,0 +1,183 @@
+package libbox
+
+import (
+	"context"
+	"net"
+	"net/netip"
+	"sync"
+
+	"github.com/sagernet/sing-tun"
+	"github.com/sagernet/sing/common"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	"github.com/sagernet/sing/common/x/list"
+)
+
+var (
+	_ tun.DefaultInterfaceMonitor = (*platformDefaultInterfaceMonitor)(nil)
+	_ InterfaceUpdateListener     = (*platformDefaultInterfaceMonitor)(nil)
+)
+
+type platformDefaultInterfaceMonitor struct {
+	*platformInterfaceWrapper
+	errorHandler          E.Handler
+	networkAddresses      []networkAddress
+	defaultInterfaceName  string
+	defaultInterfaceIndex int
+	element               *list.Element[tun.NetworkUpdateCallback]
+	access                sync.Mutex
+	callbacks             list.List[tun.DefaultInterfaceUpdateCallback]
+}
+
+type networkAddress struct {
+	interfaceName  string
+	interfaceIndex int
+	addresses      []netip.Prefix
+}
+
+func (m *platformDefaultInterfaceMonitor) Start() error {
+	return m.iif.StartDefaultInterfaceMonitor(m)
+}
+
+func (m *platformDefaultInterfaceMonitor) Close() error {
+	return m.iif.CloseDefaultInterfaceMonitor(m)
+}
+
+func (m *platformDefaultInterfaceMonitor) DefaultInterfaceName(destination netip.Addr) string {
+	for _, address := range m.networkAddresses {
+		for _, prefix := range address.addresses {
+			if prefix.Contains(destination) {
+				return address.interfaceName
+			}
+		}
+	}
+	return m.defaultInterfaceName
+}
+
+func (m *platformDefaultInterfaceMonitor) DefaultInterfaceIndex(destination netip.Addr) int {
+	for _, address := range m.networkAddresses {
+		for _, prefix := range address.addresses {
+			if prefix.Contains(destination) {
+				return address.interfaceIndex
+			}
+		}
+	}
+	return m.defaultInterfaceIndex
+}
+
+func (m *platformDefaultInterfaceMonitor) OverrideAndroidVPN() bool {
+	return false
+}
+
+func (m *platformDefaultInterfaceMonitor) AndroidVPNEnabled() bool {
+	return false
+}
+
+func (m *platformDefaultInterfaceMonitor) RegisterCallback(callback tun.DefaultInterfaceUpdateCallback) *list.Element[tun.DefaultInterfaceUpdateCallback] {
+	m.access.Lock()
+	defer m.access.Unlock()
+	return m.callbacks.PushBack(callback)
+}
+
+func (m *platformDefaultInterfaceMonitor) UnregisterCallback(element *list.Element[tun.DefaultInterfaceUpdateCallback]) {
+	m.access.Lock()
+	defer m.access.Unlock()
+	m.callbacks.Remove(element)
+}
+
+func (m *platformDefaultInterfaceMonitor) UpdateDefaultInterface(interfaceName string, interfaceIndex32 int32) {
+	var err error
+	if m.iif.UsePlatformInterfaceGetter() {
+		err = m.updateInterfacesPlatform()
+	} else {
+		err = m.updateInterfaces()
+	}
+	if err == nil {
+		err = m.router.UpdateInterfaces()
+	}
+	if err != nil {
+		m.errorHandler.NewError(context.Background(), E.Cause(err, "update interfaces"))
+	}
+	interfaceIndex := int(interfaceIndex32)
+	if interfaceName == "" {
+		for _, netIf := range m.networkAddresses {
+			if netIf.interfaceIndex == interfaceIndex {
+				interfaceName = netIf.interfaceName
+				break
+			}
+		}
+	} else if interfaceIndex == -1 {
+		for _, netIf := range m.networkAddresses {
+			if netIf.interfaceName == interfaceName {
+				interfaceIndex = netIf.interfaceIndex
+				break
+			}
+		}
+	}
+	if interfaceName == "" {
+		m.errorHandler.NewError(context.Background(), E.New("invalid interface name for ", interfaceIndex))
+		return
+	} else if interfaceIndex == -1 {
+		m.errorHandler.NewError(context.Background(), E.New("invalid interface index for ", interfaceName))
+		return
+	}
+	if m.defaultInterfaceName == interfaceName && m.defaultInterfaceIndex == interfaceIndex {
+		return
+	}
+	m.defaultInterfaceName = interfaceName
+	m.defaultInterfaceIndex = interfaceIndex
+	m.access.Lock()
+	callbacks := m.callbacks.Array()
+	m.access.Unlock()
+	for _, callback := range callbacks {
+		err = callback(tun.EventInterfaceUpdate)
+		if err != nil {
+			m.errorHandler.NewError(context.Background(), err)
+		}
+	}
+}
+
+func (m *platformDefaultInterfaceMonitor) updateInterfaces() error {
+	interfaces, err := net.Interfaces()
+	if err != nil {
+		return err
+	}
+	var addresses []networkAddress
+	for _, iif := range interfaces {
+		var netAddresses []net.Addr
+		netAddresses, err = iif.Addrs()
+		if err != nil {
+			return err
+		}
+		var address networkAddress
+		address.interfaceName = iif.Name
+		address.interfaceIndex = iif.Index
+		address.addresses = common.Map(common.FilterIsInstance(netAddresses, func(it net.Addr) (*net.IPNet, bool) {
+			value, loaded := it.(*net.IPNet)
+			return value, loaded
+		}), func(it *net.IPNet) netip.Prefix {
+			bits, _ := it.Mask.Size()
+			return netip.PrefixFrom(M.AddrFromIP(it.IP), bits)
+		})
+		addresses = append(addresses, address)
+	}
+	m.networkAddresses = addresses
+	return nil
+}
+
+func (m *platformDefaultInterfaceMonitor) updateInterfacesPlatform() error {
+	interfaces, err := m.Interfaces()
+	if err != nil {
+		return err
+	}
+	var addresses []networkAddress
+	for _, iif := range interfaces {
+		var address networkAddress
+		address.interfaceName = iif.Name
+		address.interfaceIndex = iif.Index
+		// address.addresses = common.Map(iif.Addresses, netip.MustParsePrefix)
+		addresses = append(addresses, address)
+	}
+	m.networkAddresses = addresses
+	return nil
+}

experimental/libbox/platform.go

@@ -1,8 +1,11 @@
 package libbox
 
-import "github.com/sagernet/sing-box/option"
+import (
+	"github.com/sagernet/sing-box/option"
+)
 
 type PlatformInterface interface {
+	UsePlatformAutoDetectInterfaceControl() bool
 	AutoDetectInterfaceControl(fd int32) error
 	OpenTun(options TunOptions) (int32, error)
 	WriteLog(message string)
@@ -10,6 +13,11 @@ type PlatformInterface interface {
 	FindConnectionOwner(ipProtocol int32, sourceAddress string, sourcePort int32, destinationAddress string, destinationPort int32) (int32, error)
 	PackageNameByUid(uid int32) (string, error)
 	UIDByPackageName(packageName string) (int32, error)
+	UsePlatformDefaultInterfaceMonitor() bool
+	StartDefaultInterfaceMonitor(listener InterfaceUpdateListener) error
+	CloseDefaultInterfaceMonitor(listener InterfaceUpdateListener) error
+	UsePlatformInterfaceGetter() bool
+	GetInterfaces() (NetworkInterfaceIterator, error)
 }
 
 type TunInterface interface {
@@ -17,8 +25,19 @@ type TunInterface interface {
 	Close() error
 }
 
-type OnDemandRuleIterator interface {
-	Next() OnDemandRule
+type InterfaceUpdateListener interface {
+	UpdateDefaultInterface(interfaceName string, interfaceIndex int32)
+}
+
+type NetworkInterface struct {
+	Index     int32
+	MTU       int32
+	Name      string
+	Addresses StringIterator
+}
+
+type NetworkInterfaceIterator interface {
+	Next() *NetworkInterface
 	HasNext() bool
 }
 
@@ -31,6 +50,11 @@ type OnDemandRule interface {
 	ProbeURL() string
 }
 
+type OnDemandRuleIterator interface {
+	Next() OnDemandRule
+	HasNext() bool
+}
+
 type onDemandRule struct {
 	option.OnDemandRule
 }

experimental/libbox/platform/interface.go

@@ -1,17 +1,34 @@
 package platform
 
 import (
+	"context"
 	"io"
+	"net/netip"
 
+	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/process"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common/control"
+	E "github.com/sagernet/sing/common/exceptions"
 )
 
 type Interface interface {
+	Initialize(ctx context.Context, router adapter.Router) error
+	UsePlatformAutoDetectInterfaceControl() bool
 	AutoDetectInterfaceControl() control.Func
-	OpenTun(options tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error)
+	OpenTun(options *tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error)
+	UsePlatformDefaultInterfaceMonitor() bool
+	CreateDefaultInterfaceMonitor(errorHandler E.Handler) tun.DefaultInterfaceMonitor
+	UsePlatformInterfaceGetter() bool
+	Interfaces() ([]NetworkInterface, error)
 	process.Searcher
 	io.Writer
 }
+
+type NetworkInterface struct {
+	Index     int
+	MTU       int
+	Name      string
+	Addresses []netip.Prefix
+}

experimental/libbox/service.go

@@ -6,14 +6,17 @@ import (
 	"syscall"
 
 	"github.com/sagernet/sing-box"
+	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/process"
 	"github.com/sagernet/sing-box/experimental/libbox/internal/procfs"
 	"github.com/sagernet/sing-box/experimental/libbox/platform"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-tun"
+	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/service/filemanager"
 )
 
 type BoxService struct {
@@ -28,10 +31,11 @@ func NewService(configContent string, platformInterface PlatformInterface) (*Box
 		return nil, err
 	}
 	ctx, cancel := context.WithCancel(context.Background())
+	ctx = filemanager.WithDefault(ctx, sBasePath, sTempPath, sUserID, sGroupID)
 	instance, err := box.New(box.Options{
 		Context:           ctx,
 		Options:           options,
-		PlatformInterface: &platformInterfaceWrapper{platformInterface, platformInterface.UseProcFS()},
+		PlatformInterface: &platformInterfaceWrapper{iif: platformInterface, useProcFS: platformInterface.UseProcFS()},
 	})
 	if err != nil {
 		cancel()
@@ -58,6 +62,16 @@ var _ platform.Interface = (*platformInterfaceWrapper)(nil)
 type platformInterfaceWrapper struct {
 	iif       PlatformInterface
 	useProcFS bool
+	router    adapter.Router
+}
+
+func (w *platformInterfaceWrapper) Initialize(ctx context.Context, router adapter.Router) error {
+	w.router = router
+	return nil
+}
+
+func (w *platformInterfaceWrapper) UsePlatformAutoDetectInterfaceControl() bool {
+	return w.iif.UsePlatformAutoDetectInterfaceControl()
 }
 
 func (w *platformInterfaceWrapper) AutoDetectInterfaceControl() control.Func {
@@ -68,7 +82,7 @@ func (w *platformInterfaceWrapper) AutoDetectInterfaceControl() control.Func {
 	}
 }
 
-func (w *platformInterfaceWrapper) OpenTun(options tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error) {
+func (w *platformInterfaceWrapper) OpenTun(options *tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error) {
 	if len(options.IncludeUID) > 0 || len(options.ExcludeUID) > 0 {
 		return nil, E.New("android: unsupported uid options")
 	}
@@ -79,12 +93,16 @@ func (w *platformInterfaceWrapper) OpenTun(options tun.Options, platformOptions
 	if err != nil {
 		return nil, err
 	}
+	options.Name, err = getTunnelName(tunFd)
+	if err != nil {
+		return nil, E.Cause(err, "query tun name")
+	}
 	dupFd, err := dup(int(tunFd))
 	if err != nil {
 		return nil, E.Cause(err, "dup tun file descriptor")
 	}
 	options.FileDescriptor = dupFd
-	return tun.New(options)
+	return tun.New(*options)
 }
 
 func (w *platformInterfaceWrapper) Write(p []byte) (n int, err error) {
@@ -118,3 +136,36 @@ func (w *platformInterfaceWrapper) FindProcessInfo(ctx context.Context, network
 	packageName, _ := w.iif.PackageNameByUid(uid)
 	return &process.Info{UserId: uid, PackageName: packageName}, nil
 }
+
+func (w *platformInterfaceWrapper) UsePlatformDefaultInterfaceMonitor() bool {
+	return w.iif.UsePlatformDefaultInterfaceMonitor()
+}
+
+func (w *platformInterfaceWrapper) CreateDefaultInterfaceMonitor(errorHandler E.Handler) tun.DefaultInterfaceMonitor {
+	return &platformDefaultInterfaceMonitor{
+		platformInterfaceWrapper: w,
+		errorHandler:             errorHandler,
+		defaultInterfaceIndex:    -1,
+	}
+}
+
+func (w *platformInterfaceWrapper) UsePlatformInterfaceGetter() bool {
+	return w.iif.UsePlatformInterfaceGetter()
+}
+
+func (w *platformInterfaceWrapper) Interfaces() ([]platform.NetworkInterface, error) {
+	interfaceIterator, err := w.iif.GetInterfaces()
+	if err != nil {
+		return nil, err
+	}
+	var interfaces []platform.NetworkInterface
+	for _, netInterface := range iteratorToArray[*NetworkInterface](interfaceIterator) {
+		interfaces = append(interfaces, platform.NetworkInterface{
+			Index:     int(netInterface.Index),
+			MTU:       int(netInterface.MTU),
+			Name:      netInterface.Name,
+			Addresses: common.Map(iteratorToArray[string](netInterface.Addresses), netip.MustParsePrefix),
+		})
+	}
+	return interfaces, nil
+}

experimental/libbox/setup.go

@@ -1,17 +1,31 @@
 package libbox
 
 import (
+	"os"
+
 	C "github.com/sagernet/sing-box/constant"
 
 	"github.com/dustin/go-humanize"
 )
 
-func SetBasePath(path string) {
-	C.SetBasePath(path)
-}
+var (
+	sBasePath string
+	sTempPath string
+	sUserID   int
+	sGroupID  int
+)
 
-func SetTempPath(path string) {
-	C.SetTempPath(path)
+func Setup(basePath string, tempPath string, userID int, groupID int) {
+	sBasePath = basePath
+	sTempPath = tempPath
+	sUserID = userID
+	sGroupID = groupID
+	if sUserID == -1 {
+		sUserID = os.Getuid()
+	}
+	if sGroupID == -1 {
+		sGroupID = os.Getgid()
+	}
 }
 
 func Version() string {

experimental/libbox/tun.go

@@ -59,7 +59,7 @@ func mapRoutePrefix(prefixes []netip.Prefix) RoutePrefixIterator {
 var _ TunOptions = (*tunOptions)(nil)
 
 type tunOptions struct {
-	tun.Options
+	*tun.Options
 	option.TunPlatformOptions
 }
 

experimental/libbox/tun_name_darwin.go

@@ -0,0 +1,11 @@
+package libbox
+
+import "golang.org/x/sys/unix"
+
+func getTunnelName(fd int32) (string, error) {
+	return unix.GetsockoptString(
+		int(fd),
+		2, /* #define SYSPROTO_CONTROL 2 */
+		2, /* #define UTUN_OPT_IFNAME 2 */
+	)
+}

experimental/libbox/tun_name_linux.go

@@ -0,0 +1,26 @@
+package libbox
+
+import (
+	"fmt"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+const ifReqSize = unix.IFNAMSIZ + 64
+
+func getTunnelName(fd int32) (string, error) {
+	var ifr [ifReqSize]byte
+	var errno syscall.Errno
+	_, _, errno = unix.Syscall(
+		unix.SYS_IOCTL,
+		uintptr(fd),
+		uintptr(unix.TUNGETIFF),
+		uintptr(unsafe.Pointer(&ifr[0])),
+	)
+	if errno != 0 {
+		return "", fmt.Errorf("failed to get name of TUN device: %w", errno)
+	}
+	return unix.ByteSliceToString(ifr[:]), nil
+}

experimental/libbox/tun_name_other.go

@@ -0,0 +1,9 @@
+//go:build !(darwin || linux)
+
+package libbox
+
+import "os"
+
+func getTunnelName(fd int32) (string, error) {
+	return "", os.ErrInvalid
+}

experimental/trackerconn/conn.go

@@ -1,108 +0,0 @@
-package trackerconn
-
-import (
-	"net"
-
-	"github.com/sagernet/sing/common/atomic"
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func New(conn net.Conn, readCounter []*atomic.Int64, writeCounter []*atomic.Int64) *Conn {
-	return &Conn{bufio.NewExtendedConn(conn), readCounter, writeCounter}
-}
-
-func NewHook(conn net.Conn, readCounter func(n int64), writeCounter func(n int64)) *HookConn {
-	return &HookConn{bufio.NewExtendedConn(conn), readCounter, writeCounter}
-}
-
-type Conn struct {
-	N.ExtendedConn
-	readCounter  []*atomic.Int64
-	writeCounter []*atomic.Int64
-}
-
-func (c *Conn) Read(p []byte) (n int, err error) {
-	n, err = c.ExtendedConn.Read(p)
-	for _, counter := range c.readCounter {
-		counter.Add(int64(n))
-	}
-	return n, err
-}
-
-func (c *Conn) ReadBuffer(buffer *buf.Buffer) error {
-	err := c.ExtendedConn.ReadBuffer(buffer)
-	if err != nil {
-		return err
-	}
-	for _, counter := range c.readCounter {
-		counter.Add(int64(buffer.Len()))
-	}
-	return nil
-}
-
-func (c *Conn) Write(p []byte) (n int, err error) {
-	n, err = c.ExtendedConn.Write(p)
-	for _, counter := range c.writeCounter {
-		counter.Add(int64(n))
-	}
-	return n, err
-}
-
-func (c *Conn) WriteBuffer(buffer *buf.Buffer) error {
-	dataLen := int64(buffer.Len())
-	err := c.ExtendedConn.WriteBuffer(buffer)
-	if err != nil {
-		return err
-	}
-	for _, counter := range c.writeCounter {
-		counter.Add(dataLen)
-	}
-	return nil
-}
-
-func (c *Conn) Upstream() any {
-	return c.ExtendedConn
-}
-
-type HookConn struct {
-	N.ExtendedConn
-	readCounter  func(n int64)
-	writeCounter func(n int64)
-}
-
-func (c *HookConn) Read(p []byte) (n int, err error) {
-	n, err = c.ExtendedConn.Read(p)
-	c.readCounter(int64(n))
-	return n, err
-}
-
-func (c *HookConn) ReadBuffer(buffer *buf.Buffer) error {
-	err := c.ExtendedConn.ReadBuffer(buffer)
-	if err != nil {
-		return err
-	}
-	c.readCounter(int64(buffer.Len()))
-	return nil
-}
-
-func (c *HookConn) Write(p []byte) (n int, err error) {
-	n, err = c.ExtendedConn.Write(p)
-	c.writeCounter(int64(n))
-	return n, err
-}
-
-func (c *HookConn) WriteBuffer(buffer *buf.Buffer) error {
-	dataLen := int64(buffer.Len())
-	err := c.ExtendedConn.WriteBuffer(buffer)
-	if err != nil {
-		return err
-	}
-	c.writeCounter(dataLen)
-	return nil
-}
-
-func (c *HookConn) Upstream() any {
-	return c.ExtendedConn
-}

experimental/trackerconn/packet_conn.go

@@ -1,76 +0,0 @@
-package trackerconn
-
-import (
-	"github.com/sagernet/sing/common/atomic"
-	"github.com/sagernet/sing/common/buf"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func NewPacket(conn N.PacketConn, readCounter []*atomic.Int64, writeCounter []*atomic.Int64) *PacketConn {
-	return &PacketConn{conn, readCounter, writeCounter}
-}
-
-func NewHookPacket(conn N.PacketConn, readCounter func(n int64), writeCounter func(n int64)) *HookPacketConn {
-	return &HookPacketConn{conn, readCounter, writeCounter}
-}
-
-type PacketConn struct {
-	N.PacketConn
-	readCounter  []*atomic.Int64
-	writeCounter []*atomic.Int64
-}
-
-func (c *PacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	destination, err = c.PacketConn.ReadPacket(buffer)
-	if err == nil {
-		for _, counter := range c.readCounter {
-			counter.Add(int64(buffer.Len()))
-		}
-	}
-	return
-}
-
-func (c *PacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	dataLen := int64(buffer.Len())
-	err := c.PacketConn.WritePacket(buffer, destination)
-	if err != nil {
-		return err
-	}
-	for _, counter := range c.writeCounter {
-		counter.Add(dataLen)
-	}
-	return nil
-}
-
-func (c *PacketConn) Upstream() any {
-	return c.PacketConn
-}
-
-type HookPacketConn struct {
-	N.PacketConn
-	readCounter  func(n int64)
-	writeCounter func(n int64)
-}
-
-func (c *HookPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	destination, err = c.PacketConn.ReadPacket(buffer)
-	if err == nil {
-		c.readCounter(int64(buffer.Len()))
-	}
-	return
-}
-
-func (c *HookPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	dataLen := int64(buffer.Len())
-	err := c.PacketConn.WritePacket(buffer, destination)
-	if err != nil {
-		return err
-	}
-	c.writeCounter(dataLen)
-	return nil
-}
-
-func (c *HookPacketConn) Upstream() any {
-	return c.PacketConn
-}

experimental/v2rayapi/stats.go

@@ -10,9 +10,9 @@ import (
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/experimental/trackerconn"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing/common/atomic"
+	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
 )
@@ -83,7 +83,7 @@ func (s *StatsService) RoutedConnection(inbound string, outbound string, user st
 		writeCounter = append(writeCounter, s.loadOrCreateCounter("user>>>"+user+">>>traffic>>>downlink"))
 	}
 	s.access.Unlock()
-	return trackerconn.New(conn, readCounter, writeCounter)
+	return bufio.NewInt64CounterConn(conn, readCounter, writeCounter)
 }
 
 func (s *StatsService) RoutedPacketConnection(inbound string, outbound string, user string, conn N.PacketConn) N.PacketConn {
@@ -109,7 +109,7 @@ func (s *StatsService) RoutedPacketConnection(inbound string, outbound string, u
 		writeCounter = append(writeCounter, s.loadOrCreateCounter("user>>>"+user+">>>traffic>>>downlink"))
 	}
 	s.access.Unlock()
-	return trackerconn.NewPacket(conn, readCounter, writeCounter)
+	return bufio.NewInt64CounterPacketConn(conn, readCounter, writeCounter)
 }
 
 func (s *StatsService) GetStats(ctx context.Context, request *GetStatsRequest) (*GetStatsResponse, error) {

go.mod

@@ -4,7 +4,7 @@ go 1.18
 
 require (
 	berty.tech/go-libtor v1.0.385
-	github.com/Dreamacro/clash v1.14.0
+	github.com/Dreamacro/clash v1.15.0
 	github.com/caddyserver/certmagic v0.17.2
 	github.com/cretz/bine v0.2.0
 	github.com/dustin/go-humanize v1.0.1
@@ -13,7 +13,6 @@ require (
 	github.com/go-chi/cors v1.2.1
 	github.com/go-chi/render v1.0.2
 	github.com/gofrs/uuid/v5 v5.0.0
-	github.com/hashicorp/yamux v0.1.1
 	github.com/insomniacslk/dhcp v0.0.0-20230407062729-974c6f05fe16
 	github.com/logrusorgru/aurora v2.0.3+incompatible
 	github.com/mholt/acmez v1.1.0
@@ -25,17 +24,19 @@ require (
 	github.com/sagernet/gomobile v0.0.0-20230413023804-244d7ff07035
 	github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691
-	github.com/sagernet/sing v0.2.3-0.20230413023204-48b019b13e78
-	github.com/sagernet/sing-dns v0.1.5-0.20230408004833-5adaf486d440
-	github.com/sagernet/sing-shadowsocks v0.2.1-0.20230412123110-1a7c32b4e2e7
-	github.com/sagernet/sing-shadowtls v0.1.1-0.20230409094821-9abef019436f
-	github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab
-	github.com/sagernet/sing-vmess v0.1.4-0.20230412122845-9470e68f5e45
+	github.com/sagernet/sing v0.2.5-0.20230427151730-ed2d05ab518a
+	github.com/sagernet/sing-dns v0.1.5-0.20230426113254-25d948c44223
+	github.com/sagernet/sing-mux v0.0.0-20230425130511-b0a6ffd8406f
+	github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507
+	github.com/sagernet/sing-shadowsocks2 v0.0.0-20230430083720-38321e1355cc
+	github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b
+	github.com/sagernet/sing-tun v0.1.5-0.20230422121432-209ec123ca7b
+	github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3
 	github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37
 	github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9
 	github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2
 	github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e
-	github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c
+	github.com/sagernet/wireguard-go v0.0.0-20230420044414-a7bac1754e77
 	github.com/spf13/cobra v1.7.0
 	github.com/stretchr/testify v1.8.2
 	go.etcd.io/bbolt v1.3.7
@@ -48,7 +49,7 @@ require (
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde
 	google.golang.org/grpc v1.54.0
 	google.golang.org/protobuf v1.30.0
-	gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c
+	gvisor.dev/gvisor v0.0.0-20230415003630-3981d5d5e523
 )
 
 //replace github.com/sagernet/sing => ../sing
@@ -63,6 +64,7 @@ require (
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/native v1.1.0 // indirect
 	github.com/klauspost/compress v1.15.15 // indirect
@@ -85,7 +87,7 @@ require (
 	go.uber.org/multierr v1.6.0 // indirect
 	golang.org/x/mod v0.8.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
-	golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
+	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	golang.org/x/tools v0.6.0 // indirect
 	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
 	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect

go.sum

@@ -1,7 +1,7 @@
 berty.tech/go-libtor v1.0.385 h1:RWK94C3hZj6Z2GdvePpHJLnWYobFr3bY/OdUJ5aoEXw=
 berty.tech/go-libtor v1.0.385/go.mod h1:9swOOQVb+kmvuAlsgWUK/4c52pm69AdbJsxLzk+fJEw=
-github.com/Dreamacro/clash v1.14.0 h1:ehJ/C/1m9LEjmME72WSE/Y2YqbR3Q54AbjqiRCvtyW4=
-github.com/Dreamacro/clash v1.14.0/go.mod h1:ia2CU7V713H1QdCqMwOLK9U9V5Ay8X0voj3yQr2tk+I=
+github.com/Dreamacro/clash v1.15.0 h1:mlpD950VEggXZBNahV66hyKDRxcczkj3vymoAt78KyE=
+github.com/Dreamacro/clash v1.15.0/go.mod h1:WNH69bN11LiAdgdSr4hpkEuXVMfBbWyhEKMCTx9BtNE=
 github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
 github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
 github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
@@ -101,8 +101,6 @@ github.com/sagernet/cloudflare-tls v0.0.0-20221031050923-d70792f4c3a0 h1:KyhtFFt
 github.com/sagernet/cloudflare-tls v0.0.0-20221031050923-d70792f4c3a0/go.mod h1:D4SFEOkJK+4W1v86ZhX0jPM0rAL498fyQAChqMtes/I=
 github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 h1:5+m7c6AkmAylhauulqN/c5dnh8/KssrE9c93TQrXldA=
 github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61/go.mod h1:QUQ4RRHD6hGGHdFMEtR8T2P6GS6R3D/CXKdaYHKKXms=
-github.com/sagernet/gomobile v0.0.0-20230413023437-ec061884b992 h1:WkcHhOX3ce9ElLKDUQKJrAt7SjpKNnASsPbMfqfZEPc=
-github.com/sagernet/gomobile v0.0.0-20230413023437-ec061884b992/go.mod h1:5YE39YkJkCcMsfq1jMKkjsrM2GfBoF9JVWnvU89hmvU=
 github.com/sagernet/gomobile v0.0.0-20230413023804-244d7ff07035 h1:KttYh6bBhIw8Y6/Ljn7CGwC3CKZn788rzMJmeAKjY+8=
 github.com/sagernet/gomobile v0.0.0-20230413023804-244d7ff07035/go.mod h1:5YE39YkJkCcMsfq1jMKkjsrM2GfBoF9JVWnvU89hmvU=
 github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE=
@@ -113,18 +111,22 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing v0.2.3-0.20230413023204-48b019b13e78 h1:bTE9RgURmiFiTjXaYN6q9BYPTBPKIzlFYNy2p+WOubI=
-github.com/sagernet/sing v0.2.3-0.20230413023204-48b019b13e78/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
-github.com/sagernet/sing-dns v0.1.5-0.20230408004833-5adaf486d440 h1:VH8/BcOVuApHtS+vKP+khxlGRcXH7KKhgkTDtNynqSQ=
-github.com/sagernet/sing-dns v0.1.5-0.20230408004833-5adaf486d440/go.mod h1:69PNSHyEmXdjf6C+bXBOdr2GQnPeEyWjIzo/MV8gmz8=
-github.com/sagernet/sing-shadowsocks v0.2.1-0.20230412123110-1a7c32b4e2e7 h1:3WDMIF1aE/twc5gJ+9PF2ZJqUxwZ80MPtNBKE3yBevU=
-github.com/sagernet/sing-shadowsocks v0.2.1-0.20230412123110-1a7c32b4e2e7/go.mod h1:WoVjGUvRqsx5yhYeDAB5CijCHpNDi0LUPHl3cf7u8Lc=
-github.com/sagernet/sing-shadowtls v0.1.1-0.20230409094821-9abef019436f h1:qzQvpcDm60zPW8UlZa8UEaBoFORFeGAnhDncPc3VWT4=
-github.com/sagernet/sing-shadowtls v0.1.1-0.20230409094821-9abef019436f/go.mod h1:MxB+Q9H0pAHcrlvNmwSs1crljRwHFFVhtXyOMBy44Nw=
-github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab h1:a9oeWuPBuIZ70qMhIIH6RrYhp886xN9jJIwsuu4ZFUo=
-github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab/go.mod h1:4YxIDEkkCjGXDOTMPw1SXpLmCQUFAWuaQN250oo+928=
-github.com/sagernet/sing-vmess v0.1.4-0.20230412122845-9470e68f5e45 h1:QqYhWah3u+o2tvLRuTfEu3BwsGpf/wNnVK/VNQV2YBM=
-github.com/sagernet/sing-vmess v0.1.4-0.20230412122845-9470e68f5e45/go.mod h1:eULig3LgaeNiWSquSlzXF42Joypsj3fO1W+Qy93o6hk=
+github.com/sagernet/sing v0.2.5-0.20230427151730-ed2d05ab518a h1:qQ4fG1XrlTbLvtkJK5SbtIGJ4cIjObvVjL1AvhD+vrI=
+github.com/sagernet/sing v0.2.5-0.20230427151730-ed2d05ab518a/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
+github.com/sagernet/sing-dns v0.1.5-0.20230426113254-25d948c44223 h1:L4eMuM07iSHY3UCknFnuFuHoe5clZuF2Xnf2wwA6Lwc=
+github.com/sagernet/sing-dns v0.1.5-0.20230426113254-25d948c44223/go.mod h1:ZKuuqgsHRxDahYrzgSgy4vIAGGuKPlIf4hLcNzYzLkY=
+github.com/sagernet/sing-mux v0.0.0-20230425130511-b0a6ffd8406f h1:iEpOTgBTjt0vZJVXMTqYq13XyIu/337TWbq6WZ3CMWc=
+github.com/sagernet/sing-mux v0.0.0-20230425130511-b0a6ffd8406f/go.mod h1:pF+RnLvCAOhECrvauy6LYOpBakJ/vuaF1Wm4lPsWryI=
+github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507 h1:bAHZCdWqJkb8LEW98+YsMVDXGRMUVjka8IC+St6ot88=
+github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507/go.mod h1:UJjvQGw0lyYaDGIDvUraL16fwaAEH1WFw1Y6sUcMPog=
+github.com/sagernet/sing-shadowsocks2 v0.0.0-20230430083720-38321e1355cc h1:Jvm/7wtYYRP4mrZtUpWJxNxwnntqK+n8e/xgMHkOyP0=
+github.com/sagernet/sing-shadowsocks2 v0.0.0-20230430083720-38321e1355cc/go.mod h1:Dpib342FFR68SZ3CSRYxk/zWbanAqRBrCxoLuda5I0A=
+github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b h1:ouW/6IDCrxkBe19YSbdCd7buHix7b+UZ6BM4Zz74XF4=
+github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b/go.mod h1:oG8bPerYI6cZ74KquY3DvA7ynECyrILPBnce6wtBqeI=
+github.com/sagernet/sing-tun v0.1.5-0.20230422121432-209ec123ca7b h1:9NsciSJGwzdkXwVvT2c2g+RvkTVkANeBLr2l+soJ7LM=
+github.com/sagernet/sing-tun v0.1.5-0.20230422121432-209ec123ca7b/go.mod h1:DD7Ce2Gt0GFc6I/1+Uw4D/aUlBsGqrQsC52CMK/V818=
+github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3 h1:BHOnxrbC929JonuKqFdJ7ZbDp7zs4oTlH5KFvKtWu9U=
+github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3/go.mod h1:yKrAr+dqZd64DxBXCHWrYicp+n4qbqO73mtwv3dck8U=
 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as=
 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37/go.mod h1:3skNSftZDJWTGVtVaM2jfbce8qHnmH/AGDRe62iNOg0=
 github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9 h1:2ItpW1nMNkPzmBTxV0/eClCklHrFSQMnUGcpUmJxVeE=
@@ -133,8 +135,8 @@ github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 h1:kDUqhc9Vsk5HJuhfI
 github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2/go.mod h1:JKQMZq/O2qnZjdrt+B57olmfgEmLtY9iiSIEYtWvoSM=
 github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e h1:7uw2njHFGE+VpWamge6o56j2RWk4omF6uLKKxMmcWvs=
 github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e/go.mod h1:45TUl8+gH4SIKr4ykREbxKWTxkDlSzFENzctB1dVRRY=
-github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo=
-github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI=
+github.com/sagernet/wireguard-go v0.0.0-20230420044414-a7bac1754e77 h1:g6QtRWQ2dKX7EQP++1JLNtw4C2TNxd4/ov8YUpOPOSo=
+github.com/sagernet/wireguard-go v0.0.0-20230420044414-a7bac1754e77/go.mod h1:pJDdXzZIwJ+2vmnT0TKzmf8meeum+e2mTDSehw79eE0=
 github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -210,8 +212,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
@@ -238,7 +240,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h1:m5lcgWnL3OElQNVyp3qcncItJ2c0sQlSGjYK2+nJTA4=
-gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c/go.mod h1:TIvkJD0sxe8pIob3p6T8IzxXunlp6yfgktvTNp+DGNM=
+gvisor.dev/gvisor v0.0.0-20230415003630-3981d5d5e523 h1:zUQYeyyPLnSR6yMvLSOmLH37xDWCZ7BqlpE69fE5K3Q=
+gvisor.dev/gvisor v0.0.0-20230415003630-3981d5d5e523/go.mod h1:pzr6sy8gDLfVmDAg8OYrlKvGEHw5C3PGTiBXBTCx76Q=
 lukechampine.com/blake3 v1.1.7 h1:GgRMhmdsuK8+ii6UZFDL8Nb+VyMwadAgcJyfYHxG6n0=
 lukechampine.com/blake3 v1.1.7/go.mod h1:tkKEOtDkNtklkXtLNEOGNq5tcV90tJiA1vAA12R78LA=

inbound/naive.go

@@ -609,6 +609,10 @@ func (c *naiveH2Conn) SetWriteDeadline(t time.Time) error {
 	return os.ErrInvalid
 }
 
+func (c *naiveH2Conn) NeedAdditionalReadDeadline() bool {
+	return true
+}
+
 func (c *naiveH2Conn) UpstreamReader() any {
 	return c.reader
 }

inbound/shadowsocks_multi.go

@@ -9,6 +9,8 @@ import (
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing-shadowsocks"
+	"github.com/sagernet/sing-shadowsocks/shadowaead"
 	"github.com/sagernet/sing-shadowsocks/shadowaead_2022"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/auth"
@@ -25,7 +27,7 @@ var (
 
 type ShadowsocksMulti struct {
 	myInboundAdapter
-	service *shadowaead_2022.MultiService[int]
+	service shadowsocks.MultiService[int]
 	users   []option.ShadowsocksUser
 }
 
@@ -49,16 +51,26 @@ func newShadowsocksMulti(ctx context.Context, router adapter.Router, logger log.
 	} else {
 		udpTimeout = int64(C.UDPTimeout.Seconds())
 	}
-	if !common.Contains(shadowaead_2022.List, options.Method) {
+	var (
+		service shadowsocks.MultiService[int]
+		err     error
+	)
+	if common.Contains(shadowaead_2022.List, options.Method) {
+		service, err = shadowaead_2022.NewMultiServiceWithPassword[int](
+			options.Method,
+			options.Password,
+			udpTimeout,
+			adapter.NewUpstreamContextHandler(inbound.newConnection, inbound.newPacketConnection, inbound),
+			router.TimeFunc(),
+		)
+	} else if common.Contains(shadowaead.List, options.Method) {
+		service, err = shadowaead.NewMultiService[int](
+			options.Method,
+			udpTimeout,
+			adapter.NewUpstreamContextHandler(inbound.newConnection, inbound.newPacketConnection, inbound))
+	} else {
 		return nil, E.New("unsupported method: " + options.Method)
 	}
-	service, err := shadowaead_2022.NewMultiServiceWithPassword[int](
-		options.Method,
-		options.Password,
-		udpTimeout,
-		adapter.NewUpstreamContextHandler(inbound.newConnection, inbound.newPacketConnection, inbound),
-		router.TimeFunc(),
-	)
 	if err != nil {
 		return nil, err
 	}

inbound/tun.go

@@ -152,7 +152,7 @@ func (t *Tun) Start() error {
 	)
 	t.logger.Trace("opening interface")
 	if t.platformInterface != nil {
-		tunInterface, err = t.platformInterface.OpenTun(t.tunOptions, t.platformOptions)
+		tunInterface, err = t.platformInterface.OpenTun(&t.tunOptions, t.platformOptions)
 	} else {
 		tunInterface, err = tun.New(t.tunOptions)
 	}
@@ -177,7 +177,8 @@ func (t *Tun) Start() error {
 		Router:                 tunRouter,
 		Handler:                t,
 		Logger:                 t.logger,
-		UnderPlatform:          t.platformInterface != nil,
+		ForwarderBindInterface: t.platformInterface != nil,
+		InterfaceFinder:        t.router.InterfaceFinder(),
 	})
 	if err != nil {
 		return err

inbound/vless.go

@@ -16,7 +16,6 @@ import (
 	"github.com/sagernet/sing-vmess/packetaddr"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/auth"
-	"github.com/sagernet/sing/common/bufio/deadline"
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
 	M "github.com/sagernet/sing/common/metadata"
@@ -172,7 +171,7 @@ func (h *VLESS) newPacketConnection(ctx context.Context, conn N.PacketConn, meta
 	}
 	if metadata.Destination.Fqdn == packetaddr.SeqPacketMagicAddress {
 		metadata.Destination = M.Socksaddr{}
-		conn = deadline.NewPacketConn(packetaddr.NewConn(conn.(vmess.PacketConn), metadata.Destination))
+		conn = packetaddr.NewConn(conn.(vmess.PacketConn), metadata.Destination)
 		h.logger.InfoContext(ctx, "[", user, "] inbound packet addr connection")
 	} else {
 		h.logger.InfoContext(ctx, "[", user, "] inbound packet connection to ", metadata.Destination)

inbound/vmess.go

@@ -15,7 +15,6 @@ import (
 	"github.com/sagernet/sing-vmess/packetaddr"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/auth"
-	"github.com/sagernet/sing/common/bufio/deadline"
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
 	M "github.com/sagernet/sing/common/metadata"
@@ -180,7 +179,7 @@ func (h *VMess) newPacketConnection(ctx context.Context, conn N.PacketConn, meta
 	}
 	if metadata.Destination.Fqdn == packetaddr.SeqPacketMagicAddress {
 		metadata.Destination = M.Socksaddr{}
-		conn = deadline.NewPacketConn(packetaddr.NewConn(conn.(vmess.PacketConn), metadata.Destination))
+		conn = packetaddr.NewConn(conn.(vmess.PacketConn), metadata.Destination)
 		h.logger.InfoContext(ctx, "[", user, "] inbound packet addr connection")
 	} else {
 		h.logger.InfoContext(ctx, "[", user, "] inbound packet connection to ", metadata.Destination)

include/clashapi_stub.go

@@ -3,6 +3,8 @@
 package include
 
 import (
+	"context"
+
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/experimental"
 	"github.com/sagernet/sing-box/log"
@@ -11,7 +13,7 @@ import (
 )
 
 func init() {
-	experimental.RegisterClashServerConstructor(func(router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error) {
+	experimental.RegisterClashServerConstructor(func(ctx context.Context, router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error) {
 		return nil, E.New(`clash api is not included in this build, rebuild with -tags with_clash_api`)
 	})
 }

log/log.go

@@ -1,14 +1,15 @@
 package log
 
 import (
+	"context"
 	"io"
 	"os"
 	"time"
 
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
+	"github.com/sagernet/sing/service/filemanager"
 )
 
 type factoryWithFile struct {
@@ -36,6 +37,7 @@ func (f *observableFactoryWithFile) Close() error {
 }
 
 type Options struct {
+	Context        context.Context
 	Options        option.LogOptions
 	Observable     bool
 	DefaultWriter  io.Writer
@@ -65,7 +67,7 @@ func New(options Options) (Factory, error) {
 		logWriter = os.Stdout
 	default:
 		var err error
-		logFile, err = os.OpenFile(C.BasePath(logOptions.Output), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o644)
+		logFile, err = filemanager.OpenFile(options.Context, logOptions.Output, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o644)
 		if err != nil {
 			return nil, err
 		}

mkdocs.yml

@@ -147,6 +147,7 @@ extra:
       link: https://github.com/SagerNet/sing-box
   generator: false
 plugins:
+  - search
   - i18n:
       default_language: en
       languages:
@@ -192,4 +193,4 @@ plugins:
           Known Issues: 已知问题
           Examples: 示例
           Linux Server Installation: Linux 服务器安装
-          DNS Hijack: DNS 劫持
+          DNS Hijack: DNS 劫持

option/debug.go

@@ -7,6 +7,7 @@ import (
 )
 
 type DebugOptions struct {
+	Listen       string      `json:"listen,omitempty"`
 	GCPercent    *int        `json:"gc_percent,omitempty"`
 	MaxStack     *int        `json:"max_stack,omitempty"`
 	MaxThreads   *int        `json:"max_threads,omitempty"`

option/dns.go

@@ -20,9 +20,10 @@ type DNSServerOptions struct {
 }
 
 type DNSClientOptions struct {
-	Strategy      DomainStrategy `json:"strategy,omitempty"`
-	DisableCache  bool           `json:"disable_cache,omitempty"`
-	DisableExpire bool           `json:"disable_expire,omitempty"`
+	Strategy         DomainStrategy `json:"strategy,omitempty"`
+	DisableCache     bool           `json:"disable_cache,omitempty"`
+	DisableExpire    bool           `json:"disable_expire,omitempty"`
+	IndependentCache bool           `json:"independent_cache,omitempty"`
 }
 
 type DNSFakeIPOptions struct {

option/outbound.go

@@ -150,4 +150,5 @@ type MultiplexOptions struct {
 	MaxConnections int    `json:"max_connections,omitempty"`
 	MinStreams     int    `json:"min_streams,omitempty"`
 	MaxStreams     int    `json:"max_streams,omitempty"`
+	Padding        bool   `json:"padding,omitempty"`
 }

option/shadowsocks.go

@@ -4,7 +4,7 @@ type ShadowsocksInboundOptions struct {
 	ListenOptions
 	Network      NetworkList              `json:"network,omitempty"`
 	Method       string                   `json:"method"`
-	Password     string                   `json:"password"`
+	Password     string                   `json:"password,omitempty"`
 	Users        []ShadowsocksUser        `json:"users,omitempty"`
 	Destinations []ShadowsocksDestination `json:"destinations,omitempty"`
 }

option/vless.go

@@ -20,6 +20,7 @@ type VLESSOutboundOptions struct {
 	Flow           string                 `json:"flow,omitempty"`
 	Network        NetworkList            `json:"network,omitempty"`
 	TLS            *OutboundTLSOptions    `json:"tls,omitempty"`
+	Multiplex      *MultiplexOptions      `json:"multiplex,omitempty"`
 	Transport      *V2RayTransportOptions `json:"transport,omitempty"`
 	PacketEncoding *string                `json:"packet_encoding,omitempty"`
 }

outbound/default.go

@@ -39,6 +39,10 @@ func (a *myOutboundAdapter) Network() []string {
 	return a.network
 }
 
+func (a *myOutboundAdapter) NewError(ctx context.Context, err error) {
+	NewError(a.logger, ctx, err)
+}
+
 func NewConnection(ctx context.Context, this N.Dialer, conn net.Conn, metadata adapter.InboundContext) error {
 	ctx = adapter.WithContext(ctx, &metadata)
 	var outConn net.Conn
@@ -121,3 +125,12 @@ func CopyEarlyConn(ctx context.Context, conn net.Conn, serverConn net.Conn) erro
 	}
 	return bufio.CopyConn(ctx, conn, serverConn)
 }
+
+func NewError(logger log.ContextLogger, ctx context.Context, err error) {
+	common.Close(err)
+	if E.IsClosedOrCanceled(err) {
+		logger.DebugContext(ctx, "connection closed: ", err)
+		return
+	}
+	logger.ErrorContext(ctx, err)
+}

outbound/dns.go

@@ -11,6 +11,7 @@ import (
 	"github.com/sagernet/sing-dns"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
 	"github.com/sagernet/sing/common/canceler"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
@@ -101,6 +102,24 @@ func (d *DNS) handleConnection(ctx context.Context, conn net.Conn, metadata adap
 }
 
 func (d *DNS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
+	var reader N.PacketReader = conn
+	var counters []N.CountFunc
+	var cachedPackets []*N.PacketBuffer
+	for {
+		reader, counters = N.UnwrapCountPacketReader(reader, counters)
+		if cachedReader, isCached := reader.(N.CachedPacketReader); isCached {
+			packet := cachedReader.ReadCachedPacket()
+			if packet != nil {
+				cachedPackets = append(cachedPackets, packet)
+				continue
+			}
+		}
+		if readWaiter, created := bufio.CreatePacketReadWaiter(reader); created {
+			return d.newPacketConnection(ctx, conn, readWaiter, counters, cachedPackets, metadata)
+		}
+		break
+	}
+
 	ctx = adapter.WithContext(ctx, &metadata)
 	fastClose, cancel := common.ContextWithCancelCause(ctx)
 	timeout := canceler.New(fastClose, cancel, C.DNSTimeout)
@@ -153,3 +172,85 @@ func (d *DNS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metada
 	})
 	return group.Run(fastClose)
 }
+
+func (d *DNS) newPacketConnection(ctx context.Context, conn N.PacketConn, readWaiter N.PacketReadWaiter, readCounters []N.CountFunc, cached []*N.PacketBuffer, metadata adapter.InboundContext) error {
+	ctx = adapter.WithContext(ctx, &metadata)
+	fastClose, cancel := common.ContextWithCancelCause(ctx)
+	timeout := canceler.New(fastClose, cancel, C.DNSTimeout)
+	var group task.Group
+	group.Append0(func(ctx context.Context) error {
+		var buffer *buf.Buffer
+		newBuffer := func() *buf.Buffer {
+			if buffer != nil {
+				buffer.Release()
+			}
+			buffer = buf.NewSize(dns.FixedPacketSize)
+			buffer.FullReset()
+			return buffer
+		}
+		for {
+			var message mDNS.Msg
+			var destination M.Socksaddr
+			var err error
+			if len(cached) > 0 {
+				packet := cached[0]
+				cached = cached[1:]
+				for _, counter := range readCounters {
+					counter(int64(packet.Buffer.Len()))
+				}
+				err = message.Unpack(packet.Buffer.Bytes())
+				packet.Buffer.Release()
+				if err != nil {
+					cancel(err)
+					return err
+				}
+				destination = packet.Destination
+			} else {
+				destination, err = readWaiter.WaitReadPacket(newBuffer)
+				if err != nil {
+					if buffer != nil {
+						buffer.Release()
+					}
+					cancel(err)
+					return err
+				}
+				for _, counter := range readCounters {
+					counter(int64(buffer.Len()))
+				}
+				err = message.Unpack(buffer.Bytes())
+				buffer.Release()
+				if err != nil {
+					cancel(err)
+					return err
+				}
+				timeout.Update()
+			}
+			metadataInQuery := metadata
+			go func() error {
+				response, err := d.router.Exchange(adapter.WithContext(ctx, &metadataInQuery), &message)
+				if err != nil {
+					cancel(err)
+					return err
+				}
+				timeout.Update()
+				responseBuffer := buf.NewPacket()
+				n, err := response.PackBuffer(responseBuffer.FreeBytes())
+				if err != nil {
+					cancel(err)
+					responseBuffer.Release()
+					return err
+				}
+				responseBuffer.Truncate(len(n))
+				err = conn.WritePacket(responseBuffer, destination)
+				if err != nil {
+					cancel(err)
+				}
+				return err
+			}()
+		}
+	})
+	group.Cleanup(func() {
+		conn.Close()
+	})
+	return group.Run(fastClose)
+}

outbound/shadowsocks.go

@@ -11,8 +11,7 @@ import (
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-box/transport/sip003"
-	"github.com/sagernet/sing-shadowsocks"
-	"github.com/sagernet/sing-shadowsocks/shadowimpl"
+	"github.com/sagernet/sing-shadowsocks2"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
@@ -30,11 +29,13 @@ type Shadowsocks struct {
 	serverAddr      M.Socksaddr
 	plugin          sip003.Plugin
 	uotClient       *uot.Client
-	multiplexDialer N.Dialer
+	multiplexDialer *mux.Client
 }
 
 func NewShadowsocks(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.ShadowsocksOutboundOptions) (*Shadowsocks, error) {
-	method, err := shadowimpl.FetchMethod(options.Method, options.Password, router.TimeFunc())
+	method, err := shadowsocks.CreateMethod(ctx, options.Method, shadowsocks.MethodOptions{
+		Password: options.Password,
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -58,7 +59,7 @@ func NewShadowsocks(ctx context.Context, router adapter.Router, logger log.Conte
 	}
 	uotOptions := common.PtrValueOrDefault(options.UDPOverTCPOptions)
 	if !uotOptions.Enabled {
-		outbound.multiplexDialer, err = mux.NewClientWithOptions(ctx, (*shadowsocksDialer)(outbound), common.PtrValueOrDefault(options.MultiplexOptions))
+		outbound.multiplexDialer, err = mux.NewClientWithOptions((*shadowsocksDialer)(outbound), common.PtrValueOrDefault(options.MultiplexOptions))
 		if err != nil {
 			return nil, err
 		}
@@ -127,8 +128,15 @@ func (h *Shadowsocks) NewPacketConnection(ctx context.Context, conn N.PacketConn
 	return NewPacketConnection(ctx, h, conn, metadata)
 }
 
+func (h *Shadowsocks) InterfaceUpdated() error {
+	if h.multiplexDialer != nil {
+		h.multiplexDialer.Reset()
+	}
+	return nil
+}
+
 func (h *Shadowsocks) Close() error {
-	return common.Close(h.multiplexDialer)
+	return common.Close(common.PtrOrNil(h.multiplexDialer))
 }
 
 var _ N.Dialer = (*shadowsocksDialer)(nil)

outbound/trojan.go

@@ -27,7 +27,7 @@ type Trojan struct {
 	dialer          N.Dialer
 	serverAddr      M.Socksaddr
 	key             [56]byte
-	multiplexDialer N.Dialer
+	multiplexDialer *mux.Client
 	tlsConfig       tls.Config
 	transport       adapter.V2RayClientTransport
 }
@@ -58,7 +58,7 @@ func NewTrojan(ctx context.Context, router adapter.Router, logger log.ContextLog
 			return nil, E.Cause(err, "create client transport: ", options.Transport.Type)
 		}
 	}
-	outbound.multiplexDialer, err = mux.NewClientWithOptions(ctx, (*trojanDialer)(outbound), common.PtrValueOrDefault(options.Multiplex))
+	outbound.multiplexDialer, err = mux.NewClientWithOptions((*trojanDialer)(outbound), common.PtrValueOrDefault(options.Multiplex))
 	if err != nil {
 		return nil, err
 	}
@@ -103,8 +103,15 @@ func (h *Trojan) NewPacketConnection(ctx context.Context, conn N.PacketConn, met
 	return NewPacketConnection(ctx, h, conn, metadata)
 }
 
+func (h *Trojan) InterfaceUpdated() error {
+	if h.multiplexDialer != nil {
+		h.multiplexDialer.Reset()
+	}
+	return nil
+}
+
 func (h *Trojan) Close() error {
-	return common.Close(h.multiplexDialer, h.transport)
+	return common.Close(common.PtrOrNil(h.multiplexDialer), h.transport)
 }
 
 type trojanDialer Trojan

outbound/urltest.go

@@ -13,6 +13,7 @@ import (
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/atomic"
 	"github.com/sagernet/sing/common/batch"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
@@ -20,8 +21,9 @@ import (
 )
 
 var (
-	_ adapter.Outbound      = (*URLTest)(nil)
-	_ adapter.OutboundGroup = (*URLTest)(nil)
+	_ adapter.Outbound                = (*URLTest)(nil)
+	_ adapter.OutboundGroup           = (*URLTest)(nil)
+	_ adapter.InterfaceUpdateListener = (*URLTest)(nil)
 )
 
 type URLTest struct {
@@ -71,7 +73,8 @@ func (s *URLTest) Start() error {
 		outbounds = append(outbounds, detour)
 	}
 	s.group = NewURLTestGroup(s.ctx, s.router, s.logger, outbounds, s.link, s.interval, s.tolerance)
-	return s.group.Start()
+	go s.group.CheckOutbounds(false)
+	return nil
 }
 
 func (s *URLTest) Close() error {
@@ -93,6 +96,7 @@ func (s *URLTest) URLTest(ctx context.Context, link string) (map[string]uint16,
 }
 
 func (s *URLTest) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	s.group.Start()
 	outbound := s.group.Select(network)
 	conn, err := outbound.DialContext(ctx, network, destination)
 	if err == nil {
@@ -104,6 +108,7 @@ func (s *URLTest) DialContext(ctx context.Context, network string, destination M
 }
 
 func (s *URLTest) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	s.group.Start()
 	outbound := s.group.Select(N.NetworkUDP)
 	conn, err := outbound.ListenPacket(ctx, destination)
 	if err == nil {
@@ -122,6 +127,11 @@ func (s *URLTest) NewPacketConnection(ctx context.Context, conn N.PacketConn, me
 	return NewPacketConnection(ctx, s, conn, metadata)
 }
 
+func (s *URLTest) InterfaceUpdated() error {
+	go s.group.CheckOutbounds(true)
+	return nil
+}
+
 type URLTestGroup struct {
 	ctx       context.Context
 	router    adapter.Router
@@ -131,7 +141,9 @@ type URLTestGroup struct {
 	interval  time.Duration
 	tolerance uint16
 	history   *urltest.HistoryStorage
+	checking  atomic.Bool
 
+	access sync.Mutex
 	ticker *time.Ticker
 	close  chan struct{}
 }
@@ -162,13 +174,23 @@ func NewURLTestGroup(ctx context.Context, router adapter.Router, logger log.Logg
 	}
 }
 
-func (g *URLTestGroup) Start() error {
+func (g *URLTestGroup) Start() {
+	if g.ticker != nil {
+		return
+	}
+	g.access.Lock()
+	defer g.access.Unlock()
+	if g.ticker != nil {
+		return
+	}
 	g.ticker = time.NewTicker(g.interval)
 	go g.loopCheck()
-	return nil
 }
 
 func (g *URLTestGroup) Close() error {
+	if g.ticker == nil {
+		return nil
+	}
 	g.ticker.Stop()
 	close(g.close)
 	return nil
@@ -211,7 +233,7 @@ func (g *URLTestGroup) Fallback(used adapter.Outbound) []adapter.Outbound {
 			outbounds = append(outbounds, detour)
 		}
 	}
-	sort.Slice(outbounds, func(i, j int) bool {
+	sort.SliceStable(outbounds, func(i, j int) bool {
 		oi := outbounds[i]
 		oj := outbounds[j]
 		hi := g.history.LoadURLTestHistory(RealTag(oi))
@@ -228,25 +250,33 @@ func (g *URLTestGroup) Fallback(used adapter.Outbound) []adapter.Outbound {
 }
 
 func (g *URLTestGroup) loopCheck() {
-	go g.checkOutbounds()
+	go g.CheckOutbounds(true)
 	for {
 		select {
 		case <-g.close:
 			return
 		case <-g.ticker.C:
-			g.checkOutbounds()
+			g.CheckOutbounds(false)
 		}
 	}
 }
 
-func (g *URLTestGroup) checkOutbounds() {
-	_, _ = g.URLTest(g.ctx, g.link)
+func (g *URLTestGroup) CheckOutbounds(force bool) {
+	_, _ = g.urlTest(g.ctx, g.link, force)
 }
 
 func (g *URLTestGroup) URLTest(ctx context.Context, link string) (map[string]uint16, error) {
+	return g.urlTest(ctx, link, false)
+}
+
+func (g *URLTestGroup) urlTest(ctx context.Context, link string, force bool) (map[string]uint16, error) {
+	result := make(map[string]uint16)
+	if g.checking.Swap(true) {
+		return result, nil
+	}
+	defer g.checking.Store(false)
 	b, _ := batch.New(ctx, batch.WithConcurrencyNum[any](10))
 	checked := make(map[string]bool)
-	result := make(map[string]uint16)
 	var resultAccess sync.Mutex
 	for _, detour := range g.outbounds {
 		tag := detour.Tag()
@@ -255,7 +285,7 @@ func (g *URLTestGroup) URLTest(ctx context.Context, link string) (map[string]uin
 			continue
 		}
 		history := g.history.LoadURLTestHistory(realTag)
-		if history != nil && time.Now().Sub(history.Time) < g.interval {
+		if !force && history != nil && time.Now().Sub(history.Time) < g.interval {
 			continue
 		}
 		checked[realTag] = true

outbound/vless.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/dialer"
+	"github.com/sagernet/sing-box/common/mux"
 	"github.com/sagernet/sing-box/common/tls"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
@@ -24,13 +25,14 @@ var _ adapter.Outbound = (*VLESS)(nil)
 
 type VLESS struct {
 	myOutboundAdapter
-	dialer     N.Dialer
-	client     *vless.Client
-	serverAddr M.Socksaddr
-	tlsConfig  tls.Config
-	transport  adapter.V2RayClientTransport
-	packetAddr bool
-	xudp       bool
+	dialer          N.Dialer
+	client          *vless.Client
+	serverAddr      M.Socksaddr
+	multiplexDialer *mux.Client
+	tlsConfig       tls.Config
+	transport       adapter.V2RayClientTransport
+	packetAddr      bool
+	xudp            bool
 }
 
 func NewVLESS(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.VLESSOutboundOptions) (*VLESS, error) {
@@ -75,10 +77,65 @@ func NewVLESS(ctx context.Context, router adapter.Router, logger log.ContextLogg
 	if err != nil {
 		return nil, err
 	}
+	outbound.multiplexDialer, err = mux.NewClientWithOptions((*vlessDialer)(outbound), common.PtrValueOrDefault(options.Multiplex))
+	if err != nil {
+		return nil, err
+	}
 	return outbound, nil
 }
 
 func (h *VLESS) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	if h.multiplexDialer == nil {
+		switch N.NetworkName(network) {
+		case N.NetworkTCP:
+			h.logger.InfoContext(ctx, "outbound connection to ", destination)
+		case N.NetworkUDP:
+			h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
+		}
+		return (*vlessDialer)(h).DialContext(ctx, network, destination)
+	} else {
+		switch N.NetworkName(network) {
+		case N.NetworkTCP:
+			h.logger.InfoContext(ctx, "outbound multiplex connection to ", destination)
+		case N.NetworkUDP:
+			h.logger.InfoContext(ctx, "outbound multiplex packet connection to ", destination)
+		}
+		return h.multiplexDialer.DialContext(ctx, network, destination)
+	}
+}
+
+func (h *VLESS) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	if h.multiplexDialer == nil {
+		h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
+		return (*vlessDialer)(h).ListenPacket(ctx, destination)
+	} else {
+		h.logger.InfoContext(ctx, "outbound multiplex packet connection to ", destination)
+		return h.multiplexDialer.ListenPacket(ctx, destination)
+	}
+}
+
+func (h *VLESS) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
+	return NewConnection(ctx, h, conn, metadata)
+}
+
+func (h *VLESS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
+	return NewPacketConnection(ctx, h, conn, metadata)
+}
+
+func (h *VLESS) InterfaceUpdated() error {
+	if h.multiplexDialer != nil {
+		h.multiplexDialer.Reset()
+	}
+	return nil
+}
+
+func (h *VLESS) Close() error {
+	return common.Close(common.PtrOrNil(h.multiplexDialer), h.transport)
+}
+
+type vlessDialer VLESS
+
+func (h *vlessDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
 	ctx, metadata := adapter.AppendContext(ctx)
 	metadata.Outbound = h.tag
 	metadata.Destination = destination
@@ -120,7 +177,7 @@ func (h *VLESS) DialContext(ctx context.Context, network string, destination M.S
 	}
 }
 
-func (h *VLESS) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+func (h *vlessDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
 	h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
 	ctx, metadata := adapter.AppendContext(ctx)
 	metadata.Outbound = h.tag
@@ -154,15 +211,3 @@ func (h *VLESS) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.
 		return h.client.DialEarlyPacketConn(conn, destination)
 	}
 }
-
-func (h *VLESS) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
-	return NewConnection(ctx, h, conn, metadata)
-}
-
-func (h *VLESS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
-	return NewPacketConnection(ctx, h, conn, metadata)
-}
-
-func (h *VLESS) Close() error {
-	return common.Close(h.transport)
-}

outbound/vmess.go

@@ -27,7 +27,7 @@ type VMess struct {
 	dialer          N.Dialer
 	client          *vmess.Client
 	serverAddr      M.Socksaddr
-	multiplexDialer N.Dialer
+	multiplexDialer *mux.Client
 	tlsConfig       tls.Config
 	transport       adapter.V2RayClientTransport
 	packetAddr      bool
@@ -59,7 +59,7 @@ func NewVMess(ctx context.Context, router adapter.Router, logger log.ContextLogg
 			return nil, E.Cause(err, "create client transport: ", options.Transport.Type)
 		}
 	}
-	outbound.multiplexDialer, err = mux.NewClientWithOptions(ctx, (*vmessDialer)(outbound), common.PtrValueOrDefault(options.Multiplex))
+	outbound.multiplexDialer, err = mux.NewClientWithOptions((*vmessDialer)(outbound), common.PtrValueOrDefault(options.Multiplex))
 	if err != nil {
 		return nil, err
 	}
@@ -97,8 +97,15 @@ func NewVMess(ctx context.Context, router adapter.Router, logger log.ContextLogg
 	return outbound, nil
 }
 
+func (h *VMess) InterfaceUpdated() error {
+	if h.multiplexDialer != nil {
+		h.multiplexDialer.Reset()
+	}
+	return nil
+}
+
 func (h *VMess) Close() error {
-	return common.Close(h.multiplexDialer, h.transport)
+	return common.Close(common.PtrOrNil(h.multiplexDialer), h.transport)
 }
 
 func (h *VMess) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {

outbound/wireguard.go

@@ -67,7 +67,7 @@ func NewWireGuard(ctx context.Context, router adapter.Router, logger log.Context
 			connectAddr = options.ServerOptions.Build()
 		}
 	}
-	outbound.bind = wireguard.NewClientBind(ctx, dialer.New(router, options.DialerOptions), isConnect, connectAddr, reserved)
+	outbound.bind = wireguard.NewClientBind(ctx, outbound, dialer.New(router, options.DialerOptions), isConnect, connectAddr, reserved)
 	localPrefixes := common.Map(options.LocalAddress, option.ListenPrefix.Build)
 	if len(localPrefixes) == 0 {
 		return nil, E.New("missing local address")

route/interface_finder.go

@@ -9,7 +9,7 @@ import (
 var _ control.InterfaceFinder = (*myInterfaceFinder)(nil)
 
 type myInterfaceFinder struct {
-	ifs []net.Interface
+	interfaces []net.Interface
 }
 
 func (f *myInterfaceFinder) update() error {
@@ -17,12 +17,16 @@ func (f *myInterfaceFinder) update() error {
 	if err != nil {
 		return err
 	}
-	f.ifs = ifs
+	f.interfaces = ifs
 	return nil
 }
 
+func (f *myInterfaceFinder) updateInterfaces(interfaces []net.Interface) {
+	f.interfaces = interfaces
+}
+
 func (f *myInterfaceFinder) InterfaceIndexByName(name string) (interfaceIndex int, err error) {
-	for _, netInterface := range f.ifs {
+	for _, netInterface := range f.interfaces {
 		if netInterface.Name == name {
 			return netInterface.Index, nil
 		}
@@ -36,7 +40,7 @@ func (f *myInterfaceFinder) InterfaceIndexByName(name string) (interfaceIndex in
 }
 
 func (f *myInterfaceFinder) InterfaceNameByIndex(index int) (interfaceName string, err error) {
-	for _, netInterface := range f.ifs {
+	for _, netInterface := range f.interfaces {
 		if netInterface.Index == index {
 			return netInterface.Name, nil
 		}

route/router.go

@@ -12,12 +12,12 @@ import (
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/dialer"
+	"github.com/sagernet/sing-box/common/dialer/conntrack"
 	"github.com/sagernet/sing-box/common/geoip"
 	"github.com/sagernet/sing-box/common/geosite"
 	"github.com/sagernet/sing-box/common/mux"
 	"github.com/sagernet/sing-box/common/process"
 	"github.com/sagernet/sing-box/common/sniff"
-	"github.com/sagernet/sing-box/common/warning"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/experimental/libbox/platform"
 	"github.com/sagernet/sing-box/log"
@@ -31,6 +31,7 @@ import (
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
 	"github.com/sagernet/sing/common/bufio"
+	"github.com/sagernet/sing/common/bufio/deadline"
 	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
@@ -39,27 +40,6 @@ import (
 	"github.com/sagernet/sing/common/uot"
 )
 
-var warnDefaultInterfaceOnUnsupportedPlatform = warning.New(
-	func() bool {
-		return !(C.IsLinux || C.IsWindows || C.IsDarwin)
-	},
-	"route option `default_mark` is only supported on Linux and Windows",
-)
-
-var warnDefaultMarkOnNonLinux = warning.New(
-	func() bool {
-		return !C.IsLinux
-	},
-	"route option `default_mark` is only supported on Linux",
-)
-
-var warnFindProcessOnUnsupportedPlatform = warning.New(
-	func() bool {
-		return !(C.IsLinux || C.IsWindows || C.IsDarwin)
-	},
-	"route option `find_process` is only supported on Linux, Windows, and macOS",
-)
-
 var _ adapter.Router = (*Router)(nil)
 
 type Router struct {
@@ -113,16 +93,6 @@ func NewRouter(
 	inbounds []option.Inbound,
 	platformInterface platform.Interface,
 ) (*Router, error) {
-	if options.DefaultInterface != "" {
-		warnDefaultInterfaceOnUnsupportedPlatform.Check()
-	}
-	if options.DefaultMark != 0 {
-		warnDefaultMarkOnNonLinux.Check()
-	}
-	if options.FindProcess {
-		warnFindProcessOnUnsupportedPlatform.Check()
-	}
-
 	router := &Router{
 		ctx:                   ctx,
 		logger:                logFactory.NewLogger("router"),
@@ -143,7 +113,12 @@ func NewRouter(
 		defaultMark:           options.DefaultMark,
 		platformInterface:     platformInterface,
 	}
-	router.dnsClient = dns.NewClient(dnsOptions.DNSClientOptions.DisableCache, dnsOptions.DNSClientOptions.DisableExpire, router.dnsLogger)
+	router.dnsClient = dns.NewClient(dns.ClientOptions{
+		DisableCache:     dnsOptions.DNSClientOptions.DisableCache,
+		DisableExpire:    dnsOptions.DNSClientOptions.DisableExpire,
+		IndependentCache: dnsOptions.DNSClientOptions.IndependentCache,
+		Logger:           router.dnsLogger,
+	})
 	for i, ruleOptions := range options.Rules {
 		routeRule, err := NewRule(router, router.logger, ruleOptions)
 		if err != nil {
@@ -289,29 +264,36 @@ func NewRouter(
 		router.fakeIPStore = fakeip.NewStore(router, inet4Range, inet6Range)
 	}
 
-	needInterfaceMonitor := platformInterface == nil && (options.AutoDetectInterface || common.Any(inbounds, func(inbound option.Inbound) bool {
+	usePlatformDefaultInterfaceMonitor := platformInterface != nil && platformInterface.UsePlatformDefaultInterfaceMonitor()
+	needInterfaceMonitor := options.AutoDetectInterface || common.Any(inbounds, func(inbound option.Inbound) bool {
 		return inbound.HTTPOptions.SetSystemProxy || inbound.MixedOptions.SetSystemProxy || inbound.TunOptions.AutoRoute
-	}))
+	})
 
 	if needInterfaceMonitor {
-		networkMonitor, err := tun.NewNetworkUpdateMonitor(router)
-		if err == nil {
-			router.networkMonitor = networkMonitor
-			networkMonitor.RegisterCallback(router.interfaceFinder.update)
+		if !usePlatformDefaultInterfaceMonitor {
+			networkMonitor, err := tun.NewNetworkUpdateMonitor(router)
+			if err != os.ErrInvalid {
+				if err != nil {
+					return nil, err
+				}
+				router.networkMonitor = networkMonitor
+				networkMonitor.RegisterCallback(router.interfaceFinder.update)
+				interfaceMonitor, err := tun.NewDefaultInterfaceMonitor(router.networkMonitor, tun.DefaultInterfaceMonitorOptions{
+					OverrideAndroidVPN: options.OverrideAndroidVPN,
+				})
+				if err != nil {
+					return nil, E.New("auto_detect_interface unsupported on current platform")
+				}
+				interfaceMonitor.RegisterCallback(router.notifyNetworkUpdate)
+				router.interfaceMonitor = interfaceMonitor
+			}
+		} else {
+			interfaceMonitor := platformInterface.CreateDefaultInterfaceMonitor(router)
+			interfaceMonitor.RegisterCallback(router.notifyNetworkUpdate)
+			router.interfaceMonitor = interfaceMonitor
 		}
 	}
 
-	if router.networkMonitor != nil && needInterfaceMonitor {
-		interfaceMonitor, err := tun.NewDefaultInterfaceMonitor(router.networkMonitor, tun.DefaultInterfaceMonitorOptions{
-			OverrideAndroidVPN: options.OverrideAndroidVPN,
-		})
-		if err != nil {
-			return nil, E.New("auto_detect_interface unsupported on current platform")
-		}
-		interfaceMonitor.RegisterCallback(router.notifyNetworkUpdate)
-		router.interfaceMonitor = interfaceMonitor
-	}
-
 	needFindProcess := hasRule(options.Rules, isProcessRule) || hasDNSRule(dnsOptions.Rules, isProcessDNSRule) || options.FindProcess
 	needPackageManager := C.IsAndroid && platformInterface == nil && (needFindProcess || common.Any(inbounds, func(inbound option.Inbound) bool {
 		return len(inbound.TunOptions.IncludePackage) > 0 || len(inbound.TunOptions.ExcludePackage) > 0
@@ -621,7 +603,8 @@ func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata ad
 	switch metadata.Destination.Fqdn {
 	case mux.Destination.Fqdn:
 		r.logger.InfoContext(ctx, "inbound multiplex connection")
-		return mux.NewConnection(ctx, r, r, r.logger, conn, metadata)
+		handler := adapter.NewUpstreamHandler(metadata, r.RouteConnection, r.RoutePacketConnection, r)
+		return mux.HandleConnection(ctx, handler, r.logger, conn, adapter.UpstreamMetadata(metadata))
 	case vmess.MuxDestination.Fqdn:
 		r.logger.InfoContext(ctx, "inbound legacy multiplex connection")
 		return vmess.HandleMuxConnection(ctx, conn, adapter.NewUpstreamHandler(metadata, r.RouteConnection, r.RoutePacketConnection, r))
@@ -657,6 +640,10 @@ func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata ad
 		r.logger.DebugContext(ctx, "found fakeip domain: ", domain)
 	}
 
+	if deadline.NeedAdditionalReadDeadline(conn) {
+		conn = deadline.NewConn(conn)
+	}
+
 	if metadata.InboundOptions.SniffEnabled {
 		buffer := buf.NewPacket()
 		buffer.FullReset()
@@ -762,6 +749,11 @@ func (r *Router) RoutePacketConnection(ctx context.Context, conn N.PacketConn, m
 		r.logger.DebugContext(ctx, "found fakeip domain: ", domain)
 	}
 
+	// Currently we don't have deadline usages for UDP connections
+	/*if deadline.NeedAdditionalReadDeadline(conn) {
+		conn = deadline.NewPacketConn(bufio.NewNetPacketConn(conn))
+	}*/
+
 	if metadata.InboundOptions.SniffEnabled {
 		buffer := buf.NewPacket()
 		buffer.FullReset()
@@ -886,12 +878,31 @@ func (r *Router) InterfaceFinder() control.InterfaceFinder {
 	return &r.interfaceFinder
 }
 
+func (r *Router) UpdateInterfaces() error {
+	if r.platformInterface == nil || !r.platformInterface.UsePlatformInterfaceGetter() {
+		return r.interfaceFinder.update()
+	} else {
+		interfaces, err := r.platformInterface.Interfaces()
+		if err != nil {
+			return err
+		}
+		r.interfaceFinder.updateInterfaces(common.Map(interfaces, func(it platform.NetworkInterface) net.Interface {
+			return net.Interface{
+				Name:  it.Name,
+				Index: it.Index,
+				MTU:   it.MTU,
+			}
+		}))
+		return nil
+	}
+}
+
 func (r *Router) AutoDetectInterface() bool {
 	return r.autoDetectInterface
 }
 
 func (r *Router) AutoDetectInterfaceFunc() control.Func {
-	if r.platformInterface != nil {
+	if r.platformInterface != nil && r.platformInterface.UsePlatformAutoDetectInterfaceControl() {
 		return r.platformInterface.AutoDetectInterfaceControl()
 	} else {
 		return control.BindToInterfaceFunc(r.InterfaceFinder(), func(network string, address string) (interfaceName string, interfaceIndex int) {
@@ -970,7 +981,7 @@ func (r *Router) NewError(ctx context.Context, err error) {
 }
 
 func (r *Router) notifyNetworkUpdate(int) error {
-	if C.IsAndroid {
+	if C.IsAndroid && r.platformInterface == nil {
 		var vpnStatus string
 		if r.interfaceMonitor.AndroidVPNEnabled() {
 			vpnStatus = "enabled"
@@ -982,6 +993,23 @@ func (r *Router) notifyNetworkUpdate(int) error {
 		r.logger.Info("updated default interface ", r.interfaceMonitor.DefaultInterfaceName(netip.IPv4Unspecified()), ", index ", r.interfaceMonitor.DefaultInterfaceIndex(netip.IPv4Unspecified()))
 	}
 
+	conntrack.Close()
+
+	for _, outbound := range r.outbounds {
+		listener, isListener := outbound.(adapter.InterfaceUpdateListener)
+		if isListener {
+			err := listener.InterfaceUpdated()
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (r *Router) ResetNetwork() error {
+	conntrack.Close()
+
 	for _, outbound := range r.outbounds {
 		listener, isListener := outbound.(adapter.InterfaceUpdateListener)
 		if isListener {

route/router_dns.go

@@ -73,23 +73,31 @@ func (r *Router) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, er
 	if len(message.Question) > 0 {
 		r.dnsLogger.DebugContext(ctx, "exchange ", formatQuestion(message.Question[0].String()))
 	}
-	ctx, metadata := adapter.AppendContext(ctx)
-	if len(message.Question) > 0 {
-		metadata.QueryType = message.Question[0].Qtype
-		switch metadata.QueryType {
-		case mDNS.TypeA:
-			metadata.IPVersion = 4
-		case mDNS.TypeAAAA:
-			metadata.IPVersion = 6
+	var (
+		response *mDNS.Msg
+		cached   bool
+		err      error
+	)
+	response, cached = r.dnsClient.ExchangeCache(ctx, message)
+	if !cached {
+		ctx, metadata := adapter.AppendContext(ctx)
+		if len(message.Question) > 0 {
+			metadata.QueryType = message.Question[0].Qtype
+			switch metadata.QueryType {
+			case mDNS.TypeA:
+				metadata.IPVersion = 4
+			case mDNS.TypeAAAA:
+				metadata.IPVersion = 6
+			}
+			metadata.Domain = fqdnToDomain(message.Question[0].Name)
+		}
+		ctx, transport, strategy := r.matchDNS(ctx)
+		ctx, cancel := context.WithTimeout(ctx, C.DNSTimeout)
+		defer cancel()
+		response, err = r.dnsClient.Exchange(ctx, transport, message, strategy)
+		if err != nil && len(message.Question) > 0 {
+			r.dnsLogger.ErrorContext(ctx, E.Cause(err, "exchange failed for ", formatQuestion(message.Question[0].String())))
 		}
-		metadata.Domain = fqdnToDomain(message.Question[0].Name)
-	}
-	ctx, transport, strategy := r.matchDNS(ctx)
-	ctx, cancel := context.WithTimeout(ctx, C.DNSTimeout)
-	defer cancel()
-	response, err := r.dnsClient.Exchange(ctx, transport, message, strategy)
-	if err != nil && len(message.Question) > 0 {
-		r.dnsLogger.ErrorContext(ctx, E.Cause(err, "exchange failed for ", formatQuestion(message.Question[0].String())))
 	}
 	if len(message.Question) > 0 && response != nil {
 		LogDNSAnswers(r.dnsLogger, ctx, message.Question[0].Name, response.Answer)

route/router_geo_resources.go

@@ -18,6 +18,7 @@ import (
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/rw"
+	"github.com/sagernet/sing/service/filemanager"
 )
 
 func (r *Router) GeoIPReader() *geoip.Reader {
@@ -51,7 +52,7 @@ func (r *Router) prepareGeoIPDatabase() error {
 			geoPath = foundPath
 		}
 	}
-	geoPath = C.BasePath(geoPath)
+	geoPath = filemanager.BasePath(r.ctx, geoPath)
 	if rw.FileExists(geoPath) {
 		geoReader, codes, err := geoip.Open(geoPath)
 		if err == nil {
@@ -95,7 +96,7 @@ func (r *Router) prepareGeositeDatabase() error {
 			geoPath = foundPath
 		}
 	}
-	geoPath = C.BasePath(geoPath)
+	geoPath = filemanager.BasePath(r.ctx, geoPath)
 	if !rw.FileExists(geoPath) {
 		r.logger.Warn("geosite database not exists: ", geoPath)
 		var err error
@@ -142,10 +143,10 @@ func (r *Router) downloadGeoIPDatabase(savePath string) error {
 	}
 
 	if parentDir := filepath.Dir(savePath); parentDir != "" {
-		os.MkdirAll(parentDir, 0o755)
+		filemanager.MkdirAll(r.ctx, parentDir, 0o755)
 	}
 
-	saveFile, err := os.OpenFile(savePath, os.O_CREATE|os.O_WRONLY, 0o644)
+	saveFile, err := filemanager.Create(r.ctx, savePath)
 	if err != nil {
 		return E.Cause(err, "open output file: ", downloadURL)
 	}
@@ -190,10 +191,10 @@ func (r *Router) downloadGeositeDatabase(savePath string) error {
 	}
 
 	if parentDir := filepath.Dir(savePath); parentDir != "" {
-		os.MkdirAll(parentDir, 0o755)
+		filemanager.MkdirAll(r.ctx, parentDir, 0o755)
 	}
 
-	saveFile, err := os.OpenFile(savePath, os.O_CREATE|os.O_WRONLY, 0o644)
+	saveFile, err := filemanager.Create(r.ctx, savePath)
 	if err != nil {
 		return E.Cause(err, "open output file: ", downloadURL)
 	}

route/rule_item_package_name.go

@@ -4,13 +4,6 @@ import (
 	"strings"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/warning"
-	C "github.com/sagernet/sing-box/constant"
-)
-
-var warnPackageNameOnNonAndroid = warning.New(
-	func() bool { return !C.IsAndroid },
-	"rule item `package_name` is only supported on Android",
 )
 
 var _ RuleItem = (*PackageNameItem)(nil)
@@ -21,7 +14,6 @@ type PackageNameItem struct {
 }
 
 func NewPackageNameItem(packageNameList []string) *PackageNameItem {
-	warnPackageNameOnNonAndroid.Check()
 	rule := &PackageNameItem{
 		packageNames: packageNameList,
 		packageMap:   make(map[string]bool),

route/rule_item_process_name.go

@@ -5,13 +5,6 @@ import (
 	"strings"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/warning"
-	C "github.com/sagernet/sing-box/constant"
-)
-
-var warnProcessNameOnNonSupportedPlatform = warning.New(
-	func() bool { return !(C.IsLinux || C.IsWindows || C.IsDarwin) },
-	"rule item `process_name` is only supported on Linux, Windows and macOS",
 )
 
 var _ RuleItem = (*ProcessItem)(nil)
@@ -22,7 +15,6 @@ type ProcessItem struct {
 }
 
 func NewProcessItem(processNameList []string) *ProcessItem {
-	warnProcessNameOnNonSupportedPlatform.Check()
 	rule := &ProcessItem{
 		processes:  processNameList,
 		processMap: make(map[string]bool),

route/rule_item_process_path.go

@@ -4,13 +4,6 @@ import (
 	"strings"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/warning"
-	C "github.com/sagernet/sing-box/constant"
-)
-
-var warnProcessPathOnNonSupportedPlatform = warning.New(
-	func() bool { return !(C.IsLinux || C.IsWindows || C.IsDarwin) },
-	"rule item `process_path` is only supported on Linux, Windows and macOS",
 )
 
 var _ RuleItem = (*ProcessPathItem)(nil)
@@ -21,7 +14,6 @@ type ProcessPathItem struct {
 }
 
 func NewProcessPathItem(processNameList []string) *ProcessPathItem {
-	warnProcessPathOnNonSupportedPlatform.Check()
 	rule := &ProcessPathItem{
 		processes:  processNameList,
 		processMap: make(map[string]bool),

route/rule_item_user.go

@@ -4,16 +4,9 @@ import (
 	"strings"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/warning"
-	C "github.com/sagernet/sing-box/constant"
 	F "github.com/sagernet/sing/common/format"
 )
 
-var warnUserOnNonLinux = warning.New(
-	func() bool { return !C.IsLinux },
-	"rule item `user` is only supported on Linux",
-)
-
 var _ RuleItem = (*UserItem)(nil)
 
 type UserItem struct {
@@ -22,7 +15,6 @@ type UserItem struct {
 }
 
 func NewUserItem(users []string) *UserItem {
-	warnUserOnNonLinux.Check()
 	userMap := make(map[string]bool)
 	for _, protocol := range users {
 		userMap[protocol] = true

route/rule_item_user_id.go

@@ -4,16 +4,9 @@ import (
 	"strings"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/warning"
-	C "github.com/sagernet/sing-box/constant"
 	F "github.com/sagernet/sing/common/format"
 )
 
-var warnUserIDOnNonLinux = warning.New(
-	func() bool { return !C.IsLinux },
-	"rule item `user_id` is only supported on Linux",
-)
-
 var _ RuleItem = (*UserIdItem)(nil)
 
 type UserIdItem struct {
@@ -22,7 +15,6 @@ type UserIdItem struct {
 }
 
 func NewUserIDItem(userIdList []int32) *UserIdItem {
-	warnUserIDOnNonLinux.Check()
 	rule := &UserIdItem{
 		userIds:   userIdList,
 		userIdMap: make(map[int32]bool),

test/go.mod

@@ -7,21 +7,21 @@ require github.com/sagernet/sing-box v0.0.0
 replace github.com/sagernet/sing-box => ../
 
 require (
-	github.com/docker/docker v23.0.3+incompatible
+	github.com/docker/docker v20.10.18+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/gofrs/uuid/v5 v5.0.0
-	github.com/sagernet/sing v0.2.2
-	github.com/sagernet/sing-shadowsocks v0.2.1-0.20230408141421-e40d6a4e42d4
-	github.com/spyzhov/ajson v0.8.0
+	github.com/sagernet/sing v0.2.5-0.20230423085534-0902e6216207
+	github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507
+	github.com/spyzhov/ajson v0.7.1
 	github.com/stretchr/testify v1.8.2
-	go.uber.org/goleak v1.2.1
+	go.uber.org/goleak v1.2.0
 	golang.org/x/net v0.9.0
 )
 
 require (
 	berty.tech/go-libtor v1.0.385 // indirect
-	github.com/Dreamacro/clash v1.14.0 // indirect
-	github.com/Microsoft/go-winio v0.5.1 // indirect
+	github.com/Dreamacro/clash v1.15.0 // indirect
+	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/ajg/form v1.5.1 // indirect
 	github.com/andybalholm/brotli v1.0.5 // indirect
 	github.com/caddyserver/certmagic v0.17.2 // indirect
@@ -50,7 +50,7 @@ require (
 	github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
 	github.com/mholt/acmez v1.1.0 // indirect
 	github.com/miekg/dns v1.1.53 // indirect
-	github.com/moby/term v0.0.0-20221105221325-4eb28fa6025c // indirect
+	github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/onsi/ginkgo/v2 v2.2.0 // indirect
 	github.com/ooni/go-libtor v1.1.7 // indirect
@@ -70,15 +70,17 @@ require (
 	github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect
 	github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32 // indirect
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 // indirect
-	github.com/sagernet/sing-dns v0.1.5-0.20230408004833-5adaf486d440 // indirect
-	github.com/sagernet/sing-shadowtls v0.1.1-0.20230408141548-81d74d2a8661 // indirect
-	github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab // indirect
-	github.com/sagernet/sing-vmess v0.1.4-0.20230409073451-6921c3dd77c7 // indirect
+	github.com/sagernet/sing-dns v0.1.5-0.20230415085626-111ecf799dfc // indirect
+	github.com/sagernet/sing-mux v0.0.0-20230424015424-9b0d527c3bb0 // indirect
+	github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b // indirect
+	github.com/sagernet/sing-tun v0.1.5-0.20230422121432-209ec123ca7b // indirect
+	github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3 // indirect
 	github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 // indirect
 	github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9 // indirect
 	github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 // indirect
 	github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e // indirect
-	github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c // indirect
+	github.com/sagernet/wireguard-go v0.0.0-20230420044414-a7bac1754e77 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923 // indirect
 	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
 	go.etcd.io/bbolt v1.3.7 // indirect
@@ -91,15 +93,12 @@ require (
 	golang.org/x/mod v0.8.0 // indirect
 	golang.org/x/sys v0.7.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
-	golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
+	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	golang.org/x/tools v0.6.0 // indirect
 	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
 	google.golang.org/grpc v1.54.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gotest.tools/v3 v3.4.0 // indirect
-	gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c // indirect
+	gvisor.dev/gvisor v0.0.0-20230415003630-3981d5d5e523 // indirect
 	lukechampine.com/blake3 v1.1.7 // indirect
 )
-
-//replace github.com/sagernet/sing => ../../sing

test/go.sum

@@ -1,10 +1,10 @@
 berty.tech/go-libtor v1.0.385 h1:RWK94C3hZj6Z2GdvePpHJLnWYobFr3bY/OdUJ5aoEXw=
 berty.tech/go-libtor v1.0.385/go.mod h1:9swOOQVb+kmvuAlsgWUK/4c52pm69AdbJsxLzk+fJEw=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
-github.com/Dreamacro/clash v1.14.0 h1:ehJ/C/1m9LEjmME72WSE/Y2YqbR3Q54AbjqiRCvtyW4=
-github.com/Dreamacro/clash v1.14.0/go.mod h1:ia2CU7V713H1QdCqMwOLK9U9V5Ay8X0voj3yQr2tk+I=
-github.com/Microsoft/go-winio v0.5.1 h1:aPJp2QD7OOrhO5tQXqQoGSJc+DjDtWTGLOmNyAm6FgY=
-github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
+github.com/Dreamacro/clash v1.15.0 h1:mlpD950VEggXZBNahV66hyKDRxcczkj3vymoAt78KyE=
+github.com/Dreamacro/clash v1.15.0/go.mod h1:WNH69bN11LiAdgdSr4hpkEuXVMfBbWyhEKMCTx9BtNE=
+github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
+github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
 github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
 github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
@@ -25,8 +25,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v23.0.3+incompatible h1:9GhVsShNWz1hO//9BNg/dpMnZW25KydO4wtVxWAIbho=
-github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.18+incompatible h1:SN84VYXTBNGn92T/QwIRPlum9zfemfitN7pbsp26WSc=
+github.com/docker/docker v20.10.18+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
@@ -82,8 +82,8 @@ github.com/mholt/acmez v1.1.0 h1:IQ9CGHKOHokorxnffsqDvmmE30mDenO1lptYZ1AYkHY=
 github.com/mholt/acmez v1.1.0/go.mod h1:zwo5+fbLLTowAX8o8ETfQzbDtwGEXnPhkmGdKIP+bgs=
 github.com/miekg/dns v1.1.53 h1:ZBkuHr5dxHtB1caEOlZTLPo7D3L3TWckgUUs/RHfDxw=
 github.com/miekg/dns v1.1.53/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
-github.com/moby/term v0.0.0-20221105221325-4eb28fa6025c h1:RC8WMpjonrBfyAh6VN/POIPtYD5tRAq0qMqCRjQNK+g=
-github.com/moby/term v0.0.0-20221105221325-4eb28fa6025c/go.mod h1:9OcmHNQQUTbk4XCffrLgN1NEKc2mh5u++biHVrvHsSU=
+github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
+github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
@@ -126,18 +126,20 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing v0.2.2 h1:qfEdSLuwFgIIkeLOcwVQkVDzKLHtclXb93Ql0zZA+aE=
-github.com/sagernet/sing v0.2.2/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
-github.com/sagernet/sing-dns v0.1.5-0.20230408004833-5adaf486d440 h1:VH8/BcOVuApHtS+vKP+khxlGRcXH7KKhgkTDtNynqSQ=
-github.com/sagernet/sing-dns v0.1.5-0.20230408004833-5adaf486d440/go.mod h1:69PNSHyEmXdjf6C+bXBOdr2GQnPeEyWjIzo/MV8gmz8=
-github.com/sagernet/sing-shadowsocks v0.2.1-0.20230408141421-e40d6a4e42d4 h1:mKpXBBnAhTy9/CvDKqt5cN78LKX8cVUqjoWEXI/g0No=
-github.com/sagernet/sing-shadowsocks v0.2.1-0.20230408141421-e40d6a4e42d4/go.mod h1:NFEROpOEiLG+lEoSPNpSL2yDyXx6q0OJvwWnEAd40cI=
-github.com/sagernet/sing-shadowtls v0.1.1-0.20230408141548-81d74d2a8661 h1:QnV79JbJbJGT0MJJfd8o7QMEfRu3eUVKsmahxFMonrc=
-github.com/sagernet/sing-shadowtls v0.1.1-0.20230408141548-81d74d2a8661/go.mod h1:xCeSRP8cV32aPsY+6BbRdJjyD6q8ufdKwhgqxEbU/3U=
-github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab h1:a9oeWuPBuIZ70qMhIIH6RrYhp886xN9jJIwsuu4ZFUo=
-github.com/sagernet/sing-tun v0.1.4-0.20230326080954-8848c0e4cbab/go.mod h1:4YxIDEkkCjGXDOTMPw1SXpLmCQUFAWuaQN250oo+928=
-github.com/sagernet/sing-vmess v0.1.4-0.20230409073451-6921c3dd77c7 h1:ZArINfN+zcHMdZCeRFOm4rO3SWyvYuLg3VhWcA5zonc=
-github.com/sagernet/sing-vmess v0.1.4-0.20230409073451-6921c3dd77c7/go.mod h1:A9iGfwYmAEmVg8bavkqQ7Hx7nr9Pc2oWMYDwbLIBDjY=
+github.com/sagernet/sing v0.2.5-0.20230423085534-0902e6216207 h1:+dDVjW20IT+e8maKryaDeRY2+RFmTFdrQeIzqE2WOss=
+github.com/sagernet/sing v0.2.5-0.20230423085534-0902e6216207/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
+github.com/sagernet/sing-dns v0.1.5-0.20230415085626-111ecf799dfc h1:hmbuqKv48SAjiKPoqtJGvS5pEHVPZjTHq9CPwQY2cZ4=
+github.com/sagernet/sing-dns v0.1.5-0.20230415085626-111ecf799dfc/go.mod h1:ZKuuqgsHRxDahYrzgSgy4vIAGGuKPlIf4hLcNzYzLkY=
+github.com/sagernet/sing-mux v0.0.0-20230424015424-9b0d527c3bb0 h1:87jyxzTjq01VgEiUVSMNRKjCfsSfp/QwyUVT37eXY50=
+github.com/sagernet/sing-mux v0.0.0-20230424015424-9b0d527c3bb0/go.mod h1:pF+RnLvCAOhECrvauy6LYOpBakJ/vuaF1Wm4lPsWryI=
+github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507 h1:bAHZCdWqJkb8LEW98+YsMVDXGRMUVjka8IC+St6ot88=
+github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507/go.mod h1:UJjvQGw0lyYaDGIDvUraL16fwaAEH1WFw1Y6sUcMPog=
+github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b h1:ouW/6IDCrxkBe19YSbdCd7buHix7b+UZ6BM4Zz74XF4=
+github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b/go.mod h1:oG8bPerYI6cZ74KquY3DvA7ynECyrILPBnce6wtBqeI=
+github.com/sagernet/sing-tun v0.1.5-0.20230422121432-209ec123ca7b h1:9NsciSJGwzdkXwVvT2c2g+RvkTVkANeBLr2l+soJ7LM=
+github.com/sagernet/sing-tun v0.1.5-0.20230422121432-209ec123ca7b/go.mod h1:DD7Ce2Gt0GFc6I/1+Uw4D/aUlBsGqrQsC52CMK/V818=
+github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3 h1:BHOnxrbC929JonuKqFdJ7ZbDp7zs4oTlH5KFvKtWu9U=
+github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3/go.mod h1:yKrAr+dqZd64DxBXCHWrYicp+n4qbqO73mtwv3dck8U=
 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as=
 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37/go.mod h1:3skNSftZDJWTGVtVaM2jfbce8qHnmH/AGDRe62iNOg0=
 github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9 h1:2ItpW1nMNkPzmBTxV0/eClCklHrFSQMnUGcpUmJxVeE=
@@ -146,15 +148,15 @@ github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 h1:kDUqhc9Vsk5HJuhfI
 github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2/go.mod h1:JKQMZq/O2qnZjdrt+B57olmfgEmLtY9iiSIEYtWvoSM=
 github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e h1:7uw2njHFGE+VpWamge6o56j2RWk4omF6uLKKxMmcWvs=
 github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e/go.mod h1:45TUl8+gH4SIKr4ykREbxKWTxkDlSzFENzctB1dVRRY=
-github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo=
-github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/spyzhov/ajson v0.8.0 h1:sFXyMbi4Y/BKjrsfkUZHSjA2JM1184enheSjjoT/zCc=
-github.com/spyzhov/ajson v0.8.0/go.mod h1:63V+CGM6f1Bu/p4nLIN8885ojBdt88TbLoSFzyqMuVA=
+github.com/sagernet/wireguard-go v0.0.0-20230420044414-a7bac1754e77 h1:g6QtRWQ2dKX7EQP++1JLNtw4C2TNxd4/ov8YUpOPOSo=
+github.com/sagernet/wireguard-go v0.0.0-20230420044414-a7bac1754e77/go.mod h1:pJDdXzZIwJ+2vmnT0TKzmf8meeum+e2mTDSehw79eE0=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/spyzhov/ajson v0.7.1 h1:1MDIlPc6x0zjNtpa7tDzRAyFAvRX+X8ZsvtYz5lZg6A=
+github.com/spyzhov/ajson v0.7.1/go.mod h1:63V+CGM6f1Bu/p4nLIN8885ojBdt88TbLoSFzyqMuVA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -174,8 +176,8 @@ go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
-go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
+go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
+go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
 go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
@@ -191,6 +193,7 @@ golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
 golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -213,18 +216,16 @@ golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -237,13 +238,12 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
@@ -266,8 +266,7 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
-gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h1:m5lcgWnL3OElQNVyp3qcncItJ2c0sQlSGjYK2+nJTA4=
-gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c/go.mod h1:TIvkJD0sxe8pIob3p6T8IzxXunlp6yfgktvTNp+DGNM=
+gvisor.dev/gvisor v0.0.0-20230415003630-3981d5d5e523 h1:zUQYeyyPLnSR6yMvLSOmLH37xDWCZ7BqlpE69fE5K3Q=
+gvisor.dev/gvisor v0.0.0-20230415003630-3981d5d5e523/go.mod h1:pzr6sy8gDLfVmDAg8OYrlKvGEHw5C3PGTiBXBTCx76Q=
 lukechampine.com/blake3 v1.1.7 h1:GgRMhmdsuK8+ii6UZFDL8Nb+VyMwadAgcJyfYHxG6n0=
 lukechampine.com/blake3 v1.1.7/go.mod h1:tkKEOtDkNtklkXtLNEOGNq5tcV90tJiA1vAA12R78LA=

test/mux_test.go

@@ -4,7 +4,6 @@ import (
 	"net/netip"
 	"testing"
 
-	"github.com/sagernet/sing-box/common/mux"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-shadowsocks/shadowaead_2022"
@@ -12,24 +11,33 @@ import (
 	"github.com/gofrs/uuid/v5"
 )
 
-var muxProtocols = []mux.Protocol{
-	mux.ProtocolYAMux,
-	mux.ProtocolSMux,
+var muxProtocols = []string{
+	"smux",
+	"yamux",
+	"h2mux",
 }
 
-func TestVMessSMux(t *testing.T) {
-	testVMessMux(t, mux.ProtocolSMux.String())
-}
-
-func TestShadowsocksMux(t *testing.T) {
+func TestMux(t *testing.T) {
 	for _, protocol := range muxProtocols {
-		t.Run(protocol.String(), func(t *testing.T) {
-			testShadowsocksMux(t, protocol.String())
+		t.Run(protocol, func(t *testing.T) {
+			options := option.MultiplexOptions{
+				Enabled:  true,
+				Protocol: protocol,
+			}
+			t.Run("shadowsocks", func(t *testing.T) {
+				testShadowsocksMux(t, options)
+			})
+			t.Run("vmess", func(t *testing.T) {
+				testVMessMux(t, options)
+			})
+			t.Run("vless", func(t *testing.T) {
+				testVLESSMux(t, options)
+			})
 		})
 	}
 }
 
-func testShadowsocksMux(t *testing.T, protocol string) {
+func testShadowsocksMux(t *testing.T, options option.MultiplexOptions) {
 	method := shadowaead_2022.List[0]
 	password := mkBase64(t, 16)
 	startInstance(t, option.Options{
@@ -68,12 +76,9 @@ func testShadowsocksMux(t *testing.T, protocol string) {
 						Server:     "127.0.0.1",
 						ServerPort: serverPort,
 					},
-					Method:   method,
-					Password: password,
-					MultiplexOptions: &option.MultiplexOptions{
-						Enabled:  true,
-						Protocol: protocol,
-					},
+					Method:           method,
+					Password:         password,
+					MultiplexOptions: &options,
 				},
 			},
 		},
@@ -91,7 +96,7 @@ func testShadowsocksMux(t *testing.T, protocol string) {
 	testSuit(t, clientPort, testPort)
 }
 
-func testVMessMux(t *testing.T, protocol string) {
+func testVMessMux(t *testing.T, options option.MultiplexOptions) {
 	user, _ := uuid.NewV4()
 	startInstance(t, option.Options{
 		Inbounds: []option.Inbound{
@@ -132,12 +137,9 @@ func testVMessMux(t *testing.T, protocol string) {
 						Server:     "127.0.0.1",
 						ServerPort: serverPort,
 					},
-					Security: "auto",
-					UUID:     user.String(),
-					Multiplex: &option.MultiplexOptions{
-						Enabled:  true,
-						Protocol: protocol,
-					},
+					Security:  "auto",
+					UUID:      user.String(),
+					Multiplex: &options,
 				},
 			},
 		},
@@ -154,3 +156,63 @@ func testVMessMux(t *testing.T, protocol string) {
 	})
 	testSuit(t, clientPort, testPort)
 }
+
+func testVLESSMux(t *testing.T, options option.MultiplexOptions) {
+	user, _ := uuid.NewV4()
+	startInstance(t, option.Options{
+		Inbounds: []option.Inbound{
+			{
+				Type: C.TypeMixed,
+				Tag:  "mixed-in",
+				MixedOptions: option.HTTPMixedInboundOptions{
+					ListenOptions: option.ListenOptions{
+						Listen:     option.NewListenAddress(netip.IPv4Unspecified()),
+						ListenPort: clientPort,
+					},
+				},
+			},
+			{
+				Type: C.TypeVLESS,
+				VLESSOptions: option.VLESSInboundOptions{
+					ListenOptions: option.ListenOptions{
+						Listen:     option.NewListenAddress(netip.IPv4Unspecified()),
+						ListenPort: serverPort,
+					},
+					Users: []option.VLESSUser{
+						{
+							UUID: user.String(),
+						},
+					},
+				},
+			},
+		},
+		Outbounds: []option.Outbound{
+			{
+				Type: C.TypeDirect,
+			},
+			{
+				Type: C.TypeVLESS,
+				Tag:  "vless-out",
+				VLESSOptions: option.VLESSOutboundOptions{
+					ServerOptions: option.ServerOptions{
+						Server:     "127.0.0.1",
+						ServerPort: serverPort,
+					},
+					UUID:      user.String(),
+					Multiplex: &options,
+				},
+			},
+		},
+		Route: &option.RouteOptions{
+			Rules: []option.Rule{
+				{
+					DefaultOptions: option.DefaultRule{
+						Inbound:  []string{"mixed-in"},
+						Outbound: "vless-out",
+					},
+				},
+			},
+		},
+	})
+	testSuit(t, clientPort, testPort)
+}

test/reality_test.go

@@ -141,6 +141,95 @@ func TestVLESSVisionReality(t *testing.T) {
 	testSuit(t, clientPort, testPort)
 }
 
+func TestVLESSVisionRealityPlain(t *testing.T) {
+	userUUID := newUUID()
+	startInstance(t, option.Options{
+		Inbounds: []option.Inbound{
+			{
+				Type: C.TypeMixed,
+				Tag:  "mixed-in",
+				MixedOptions: option.HTTPMixedInboundOptions{
+					ListenOptions: option.ListenOptions{
+						Listen:     option.NewListenAddress(netip.IPv4Unspecified()),
+						ListenPort: clientPort,
+					},
+				},
+			},
+			{
+				Type: C.TypeVLESS,
+				VLESSOptions: option.VLESSInboundOptions{
+					ListenOptions: option.ListenOptions{
+						Listen:     option.NewListenAddress(netip.IPv4Unspecified()),
+						ListenPort: serverPort,
+					},
+					Users: []option.VLESSUser{
+						{
+							Name: "sekai",
+							UUID: userUUID.String(),
+							Flow: vless.FlowVision,
+						},
+					},
+					TLS: &option.InboundTLSOptions{
+						Enabled:    true,
+						ServerName: "google.com",
+						Reality: &option.InboundRealityOptions{
+							Enabled: true,
+							Handshake: option.InboundRealityHandshakeOptions{
+								ServerOptions: option.ServerOptions{
+									Server:     "google.com",
+									ServerPort: 443,
+								},
+							},
+							ShortID:    []string{"0123456789abcdef"},
+							PrivateKey: "UuMBgl7MXTPx9inmQp2UC7Jcnwc6XYbwDNebonM-FCc",
+						},
+					},
+				},
+			},
+		},
+		Outbounds: []option.Outbound{
+			{
+				Type: C.TypeDirect,
+			},
+			{
+				Type: C.TypeVLESS,
+				Tag:  "vless-out",
+				VLESSOptions: option.VLESSOutboundOptions{
+					ServerOptions: option.ServerOptions{
+						Server:     "127.0.0.1",
+						ServerPort: serverPort,
+					},
+					UUID: userUUID.String(),
+					Flow: vless.FlowVision,
+					TLS: &option.OutboundTLSOptions{
+						Enabled:    true,
+						ServerName: "google.com",
+						Reality: &option.OutboundRealityOptions{
+							Enabled:   true,
+							ShortID:   "0123456789abcdef",
+							PublicKey: "jNXHt1yRo0vDuchQlIP6Z0ZvjT3KtzVI-T4E7RoLJS0",
+						},
+						UTLS: &option.OutboundUTLSOptions{
+							Enabled: true,
+						},
+					},
+				},
+			},
+		},
+		Route: &option.RouteOptions{
+			Rules: []option.Rule{
+				{
+					DefaultOptions: option.DefaultRule{
+						Inbound:  []string{"mixed-in"},
+						Outbound: "vless-out",
+					},
+				},
+			},
+		},
+	})
+	testSuit(t, clientPort, testPort)
+}
+
 func TestVLESSRealityTransport(t *testing.T) {
 	t.Run("grpc", func(t *testing.T) {
 		testVLESSRealityTransport(t, &option.V2RayTransportOptions{
@@ -160,8 +249,6 @@ func TestVLESSRealityTransport(t *testing.T) {
 }
 
 func testVLESSRealityTransport(t *testing.T, transport *option.V2RayTransportOptions) {
-	_, certPem, keyPem := createSelfSignedCertificate(t, "example.org")
-
 	userUUID := newUUID()
 	startInstance(t, option.Options{
 		Inbounds: []option.Inbound{
@@ -206,52 +293,11 @@ func testVLESSRealityTransport(t *testing.T, transport *option.V2RayTransportOpt
 					Transport: transport,
 				},
 			},
-			{
-				Type: C.TypeTrojan,
-				Tag:  "trojan",
-				TrojanOptions: option.TrojanInboundOptions{
-					ListenOptions: option.ListenOptions{
-						Listen:     option.NewListenAddress(netip.IPv4Unspecified()),
-						ListenPort: otherPort,
-					},
-					Users: []option.TrojanUser{
-						{
-							Name:     "sekai",
-							Password: userUUID.String(),
-						},
-					},
-					TLS: &option.InboundTLSOptions{
-						Enabled:         true,
-						ServerName:      "example.org",
-						CertificatePath: certPem,
-						KeyPath:         keyPem,
-					},
-				},
-			},
 		},
 		Outbounds: []option.Outbound{
 			{
 				Type: C.TypeDirect,
 			},
-			{
-				Type: C.TypeTrojan,
-				Tag:  "trojan-out",
-				TrojanOptions: option.TrojanOutboundOptions{
-					ServerOptions: option.ServerOptions{
-						Server:     "127.0.0.1",
-						ServerPort: otherPort,
-					},
-					Password: userUUID.String(),
-					TLS: &option.OutboundTLSOptions{
-						Enabled:         true,
-						ServerName:      "example.org",
-						CertificatePath: certPem,
-					},
-					DialerOptions: option.DialerOptions{
-						Detour: "vless-out",
-					},
-				},
-			},
 			{
 				Type: C.TypeVLESS,
 				Tag:  "vless-out",
@@ -282,7 +328,7 @@ func testVLESSRealityTransport(t *testing.T, transport *option.V2RayTransportOpt
 				{
 					DefaultOptions: option.DefaultRule{
 						Inbound:  []string{"mixed-in"},
-						Outbound: "trojan-out",
+						Outbound: "vless-out",
 					},
 				},
 			},

test/udpnat_test.go

@@ -0,0 +1,59 @@
+package main
+
+import (
+	"context"
+	"net"
+	"testing"
+	"time"
+
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/udpnat"
+)
+
+func TestUDPNatClose(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	connCtx, connCancel := common.ContextWithCancelCause(context.Background())
+	defer connCancel(net.ErrClosed)
+	service := udpnat.New[int](1, &testUDPNatCloseHandler{connCancel})
+	service.NewPacket(ctx, 0, buf.As([]byte("Hello")), M.Metadata{}, func(natConn N.PacketConn) N.PacketWriter {
+		return &testPacketWriter{}
+	})
+	select {
+	case <-connCtx.Done():
+		if E.IsClosed(connCtx.Err()) {
+			t.Fatal(E.New("conn closed unexpectedly: ", connCtx.Err()))
+		}
+	case <-time.After(2 * time.Second):
+		t.Fatal("conn not closed")
+	}
+}
+
+type testUDPNatCloseHandler struct {
+	done common.ContextCancelCauseFunc
+}
+
+func (h *testUDPNatCloseHandler) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
+	for {
+		buffer := buf.NewPacket()
+		_, err := conn.ReadPacket(buffer)
+		buffer.Release()
+		if err != nil {
+			h.done(err)
+			return err
+		}
+	}
+}
+
+func (h *testUDPNatCloseHandler) NewError(ctx context.Context, err error) {
+}
+
+type testPacketWriter struct{}
+
+func (t *testPacketWriter) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	return nil
+}

transport/dhcp/server.go

@@ -119,7 +119,7 @@ func (t *Transport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg,
 func (t *Transport) fetchInterface() (*net.Interface, error) {
 	interfaceName := t.interfaceName
 	if t.autoInterface {
-		if t.router.NetworkMonitor() == nil {
+		if t.router.InterfaceMonitor() == nil {
 			return nil, E.New("missing monitor for auto DHCP, set route.auto_detect_interface")
 		}
 		interfaceName = t.router.InterfaceMonitor().DefaultInterfaceName(netip.Addr{})

transport/hysteria/protocol.go

@@ -535,6 +535,10 @@ func (c *PacketConn) SetWriteDeadline(t time.Time) error {
 	return os.ErrInvalid
 }
 
+func (c *PacketConn) NeedAdditionalReadDeadline() bool {
+	return true
+}
+
 func (c *PacketConn) Read(b []byte) (n int, err error) {
 	return 0, os.ErrInvalid
 }

transport/simple-obfs/tls.go

@@ -32,10 +32,10 @@ type TLSObfs struct {
 func (to *TLSObfs) read(b []byte, discardN int) (int, error) {
 	buf := B.Get(discardN)
 	_, err := io.ReadFull(to.Conn, buf)
+	B.Put(buf)
 	if err != nil {
 		return 0, err
 	}
-	B.Put(buf)
 
 	sizeBuf := make([]byte, 2)
 	_, err = io.ReadFull(to.Conn, sizeBuf)

transport/sip003/v2ray.go

@@ -45,6 +45,7 @@ func newV2RayPlugin(pluginOpts Args, router adapter.Router, dialer N.Dialer, ser
 
 	if hostOpt, loaded := pluginOpts.Get("host"); loaded {
 		host = hostOpt
+		tlsOptions.ServerName = hostOpt
 	}
 	if pathOpt, loaded := pluginOpts.Get("path"); loaded {
 		path = pathOpt

transport/trojan/mux.go

@@ -4,8 +4,6 @@ import (
 	"context"
 	"net"
 
-	"github.com/sagernet/sing/common/bufio"
-	"github.com/sagernet/sing/common/bufio/deadline"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/rw"
@@ -55,7 +53,7 @@ func newMuxConnection0(ctx context.Context, stream net.Conn, metadata M.Metadata
 	case CommandTCP:
 		return handler.NewConnection(ctx, stream, metadata)
 	case CommandUDP:
-		return handler.NewPacketConnection(ctx, deadline.NewPacketConn(bufio.NewNetPacketConn(&PacketConn{stream})), metadata)
+		return handler.NewPacketConnection(ctx, &PacketConn{stream}, metadata)
 	default:
 		return E.New("unknown command ", command)
 	}

transport/trojan/service.go

@@ -8,7 +8,6 @@ import (
 	"github.com/sagernet/sing/common/auth"
 	"github.com/sagernet/sing/common/buf"
 	"github.com/sagernet/sing/common/bufio"
-	"github.com/sagernet/sing/common/bufio/deadline"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
@@ -107,7 +106,7 @@ func (s *Service[K]) NewConnection(ctx context.Context, conn net.Conn, metadata
 	case CommandTCP:
 		return s.handler.NewConnection(ctx, conn, metadata)
 	case CommandUDP:
-		return s.handler.NewPacketConnection(ctx, deadline.NewPacketConn(bufio.NewNetPacketConn(&PacketConn{conn})), metadata)
+		return s.handler.NewPacketConnection(ctx, &PacketConn{conn}, metadata)
 	// case CommandMux:
 	default:
 		return HandleMuxConnection(ctx, conn, metadata, s.handler)
@@ -137,3 +136,11 @@ func (c *PacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) er
 func (c *PacketConn) FrontHeadroom() int {
 	return M.MaxSocksaddrLength + 4
 }
+
+func (c *PacketConn) NeedAdditionalReadDeadline() bool {
+	return true
+}
+
+func (c *PacketConn) Upstream() any {
+	return c.Conn
+}

transport/v2raygrpc/client.go

@@ -10,7 +10,6 @@ import (
 	"github.com/sagernet/sing-box/common/tls"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/bufio/deadline"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 
@@ -110,5 +109,5 @@ func (c *Client) DialContext(ctx context.Context) (net.Conn, error) {
 		cancel(err)
 		return nil, err
 	}
-	return deadline.NewConn(NewGRPCConn(stream, cancel)), nil
+	return NewGRPCConn(stream, cancel), nil
 }