Fix shadowsocks none client

Signed-off-by: Larvan2 <78135608+Larvan2@users.noreply.github.com>

Makefile

@@ -22,7 +22,7 @@ install:
 fmt:
 	@gofumpt -l -w .
 	@gofmt -s -w .
-	@gci write --custom-order -s "standard,prefix(github.com/sagernet/),default" .
+	@gci write --custom-order -s standard -s "prefix(github.com/sagernet/)" -s "default" .
 
 fmt_install:
 	go install -v mvdan.cc/gofumpt@latest

adapter/router.go

@@ -56,6 +56,8 @@ type Router interface {
 
 	V2RayServer() V2RayServer
 	SetV2RayServer(server V2RayServer)
+
+	ResetNetwork() error
 }
 
 type routerContextKey struct{}

cmd/internal/build_libbox/main.go

@@ -5,6 +5,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strings"
 
 	_ "github.com/sagernet/gomobile/event/key"
 	"github.com/sagernet/sing-box/cmd/internal/build_shared"
@@ -38,18 +39,23 @@ func main() {
 var (
 	sharedFlags []string
 	debugFlags  []string
+	sharedTags  []string
+	debugTags   []string
 )
 
 func init() {
 	sharedFlags = append(sharedFlags, "-trimpath")
 	sharedFlags = append(sharedFlags, "-ldflags")
-
 	currentTag, err := build_shared.ReadTag()
 	if err != nil {
 		currentTag = "unknown"
 	}
 	sharedFlags = append(sharedFlags, "-X github.com/sagernet/sing-box/constant.Version="+currentTag+" -s -w -buildid=")
 	debugFlags = append(debugFlags, "-X github.com/sagernet/sing-box/constant.Version="+currentTag)
+
+	sharedTags = append(sharedTags, "with_gvisor", "with_quic", "with_wireguard", "with_utls", "with_clash_api")
+	sharedTags = append(sharedTags, "test_sing_shadowsocks2")
+	debugTags = append(debugTags, "debug")
 }
 
 func buildAndroid() {
@@ -70,9 +76,9 @@ func buildAndroid() {
 
 	args = append(args, "-tags")
 	if !debugEnabled {
-		args = append(args, "with_gvisor,with_quic,with_wireguard,with_utls,with_clash_api")
+		args = append(args, strings.Join(sharedTags, ","))
 	} else {
-		args = append(args, "with_gvisor,with_quic,with_wireguard,with_utls,with_clash_api,debug")
+		args = append(args, strings.Join(append(sharedTags, debugTags...), ","))
 	}
 	args = append(args, "./experimental/libbox")
 
@@ -109,11 +115,12 @@ func buildiOS() {
 		args = append(args, debugFlags...)
 	}
 
+	tags := append(sharedTags, "with_low_memory", "with_conntrack")
 	args = append(args, "-tags")
 	if !debugEnabled {
-		args = append(args, "with_gvisor,with_quic,with_utls,with_clash_api,with_low_memory,with_conntrack")
+		args = append(args, strings.Join(tags, ","))
 	} else {
-		args = append(args, "with_gvisor,with_quic,with_utls,with_clash_api,with_low_memory,with_conntrack,debug")
+		args = append(args, strings.Join(append(tags, debugTags...), ","))
 	}
 	args = append(args, "./experimental/libbox")
 

common/dialer/conntrack/packet_conn.go

@@ -4,6 +4,7 @@ import (
 	"io"
 	"net"
 
+	"github.com/sagernet/sing/common/bufio"
 	"github.com/sagernet/sing/common/x/list"
 )
 
@@ -42,7 +43,7 @@ func (c *PacketConn) Close() error {
 }
 
 func (c *PacketConn) Upstream() any {
-	return c.PacketConn
+	return bufio.NewPacketConn(c.PacketConn)
 }
 
 func (c *PacketConn) ReaderReplaceable() bool {

common/mux/client.go

@@ -1,554 +1,21 @@
 package mux
 
 import (
-	"context"
-	"encoding/binary"
-	"io"
-	"net"
-	"sync"
-
 	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
+	"github.com/sagernet/sing-mux"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/x/list"
 )
 
-var _ N.Dialer = (*Client)(nil)
-
-type Client struct {
-	access         sync.Mutex
-	connections    list.List[abstractSession]
-	ctx            context.Context
-	dialer         N.Dialer
-	protocol       Protocol
-	maxConnections int
-	minStreams     int
-	maxStreams     int
-	paddingEnabled bool
-}
-
-func NewClient(ctx context.Context, dialer N.Dialer, protocol Protocol, maxConnections int, minStreams int, maxStreams int, paddingEnabled bool) (*Client, error) {
-	return &Client{
-		ctx:            ctx,
-		dialer:         dialer,
-		protocol:       protocol,
-		maxConnections: maxConnections,
-		minStreams:     minStreams,
-		maxStreams:     maxStreams,
-		paddingEnabled: paddingEnabled,
-	}, nil
-}
-
-func NewClientWithOptions(ctx context.Context, dialer N.Dialer, options option.MultiplexOptions) (*Client, error) {
+func NewClientWithOptions(dialer N.Dialer, options option.MultiplexOptions) (*Client, error) {
 	if !options.Enabled {
 		return nil, nil
 	}
-	if options.MaxConnections == 0 && options.MaxStreams == 0 {
-		options.MinStreams = 8
-	}
-	protocol, err := ParseProtocol(options.Protocol)
-	if err != nil {
-		return nil, err
-	}
-	return NewClient(ctx, dialer, protocol, options.MaxConnections, options.MinStreams, options.MaxStreams, options.Padding)
-}
-
-func (c *Client) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	switch N.NetworkName(network) {
-	case N.NetworkTCP:
-		stream, err := c.openStream()
-		if err != nil {
-			return nil, err
-		}
-		return &ClientConn{Conn: stream, destination: destination}, nil
-	case N.NetworkUDP:
-		stream, err := c.openStream()
-		if err != nil {
-			return nil, err
-		}
-		return bufio.NewUnbindPacketConn(&ClientPacketConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: destination}), nil
-	default:
-		return nil, E.Extend(N.ErrUnknownNetwork, network)
-	}
-}
-
-func (c *Client) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	stream, err := c.openStream()
-	if err != nil {
-		return nil, err
-	}
-	return &ClientPacketAddrConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: destination}, nil
-}
-
-func (c *Client) openStream() (net.Conn, error) {
-	var (
-		session abstractSession
-		stream  net.Conn
-		err     error
-	)
-	for attempts := 0; attempts < 2; attempts++ {
-		session, err = c.offer()
-		if err != nil {
-			continue
-		}
-		stream, err = session.Open()
-		if err != nil {
-			continue
-		}
-		break
-	}
-	if err != nil {
-		return nil, err
-	}
-	return &wrapStream{stream}, nil
-}
-
-func (c *Client) offer() (abstractSession, error) {
-	c.access.Lock()
-	defer c.access.Unlock()
-
-	sessions := make([]abstractSession, 0, c.maxConnections)
-	for element := c.connections.Front(); element != nil; {
-		if element.Value.IsClosed() {
-			nextElement := element.Next()
-			c.connections.Remove(element)
-			element = nextElement
-			continue
-		}
-		sessions = append(sessions, element.Value)
-		element = element.Next()
-	}
-	session := common.MinBy(common.Filter(sessions, abstractSession.CanTakeNewRequest), abstractSession.NumStreams)
-	if session == nil {
-		return c.offerNew()
-	}
-	numStreams := session.NumStreams()
-	if numStreams == 0 {
-		return session, nil
-	}
-	if c.maxConnections > 0 {
-		if len(sessions) >= c.maxConnections || numStreams < c.minStreams {
-			return session, nil
-		}
-	} else {
-		if c.maxStreams > 0 && numStreams < c.maxStreams {
-			return session, nil
-		}
-	}
-	return c.offerNew()
-}
-
-func (c *Client) offerNew() (abstractSession, error) {
-	conn, err := c.dialer.DialContext(c.ctx, N.NetworkTCP, Destination)
-	if err != nil {
-		return nil, err
-	}
-	var version byte
-	if c.paddingEnabled {
-		version = Version1
-	} else {
-		version = Version0
-	}
-	conn = newProtocolConn(conn, Request{
-		Version:        version,
-		Protocol:       c.protocol,
-		PaddingEnabled: c.paddingEnabled,
+	return mux.NewClient(mux.Options{
+		Dialer:         dialer,
+		Protocol:       options.Protocol,
+		MaxConnections: options.MaxConnections,
+		MinStreams:     options.MinStreams,
+		MaxStreams:     options.MaxStreams,
+		Padding:        options.Padding,
 	})
-	if c.paddingEnabled {
-		conn = newPaddingConn(conn)
-	}
-	session, err := c.protocol.newClient(conn)
-	if err != nil {
-		return nil, err
-	}
-	c.connections.PushBack(session)
-	return session, nil
-}
-
-func (c *Client) Reset() {
-	c.access.Lock()
-	defer c.access.Unlock()
-	for _, session := range c.connections.Array() {
-		session.Close()
-	}
-	c.connections.Init()
-}
-
-func (c *Client) Close() error {
-	c.access.Lock()
-	defer c.access.Unlock()
-	for _, session := range c.connections.Array() {
-		session.Close()
-	}
-	return nil
-}
-
-type ClientConn struct {
-	net.Conn
-	destination  M.Socksaddr
-	requestWrite bool
-	responseRead bool
-}
-
-func (c *ClientConn) readResponse() error {
-	response, err := ReadStreamResponse(c.Conn)
-	if err != nil {
-		return err
-	}
-	if response.Status == statusError {
-		return E.New("remote error: ", response.Message)
-	}
-	return nil
-}
-
-func (c *ClientConn) Read(b []byte) (n int, err error) {
-	if !c.responseRead {
-		err = c.readResponse()
-		if err != nil {
-			return
-		}
-		c.responseRead = true
-	}
-	return c.Conn.Read(b)
-}
-
-func (c *ClientConn) Write(b []byte) (n int, err error) {
-	if c.requestWrite {
-		return c.Conn.Write(b)
-	}
-	request := StreamRequest{
-		Network:     N.NetworkTCP,
-		Destination: c.destination,
-	}
-	_buffer := buf.StackNewSize(streamRequestLen(request) + len(b))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	EncodeStreamRequest(request, buffer)
-	buffer.Write(b)
-	_, err = c.Conn.Write(buffer.Bytes())
-	if err != nil {
-		return
-	}
-	c.requestWrite = true
-	return len(b), nil
-}
-
-func (c *ClientConn) ReadFrom(r io.Reader) (n int64, err error) {
-	if !c.requestWrite {
-		return bufio.ReadFrom0(c, r)
-	}
-	return bufio.Copy(c.Conn, r)
-}
-
-func (c *ClientConn) WriteTo(w io.Writer) (n int64, err error) {
-	if !c.responseRead {
-		return bufio.WriteTo0(c, w)
-	}
-	return bufio.Copy(w, c.Conn)
-}
-
-func (c *ClientConn) LocalAddr() net.Addr {
-	return c.Conn.LocalAddr()
-}
-
-func (c *ClientConn) RemoteAddr() net.Addr {
-	return c.destination.TCPAddr()
-}
-
-func (c *ClientConn) ReaderReplaceable() bool {
-	return c.responseRead
-}
-
-func (c *ClientConn) WriterReplaceable() bool {
-	return c.requestWrite
-}
-
-func (c *ClientConn) NeedAdditionalReadDeadline() bool {
-	return true
-}
-
-func (c *ClientConn) Upstream() any {
-	return c.Conn
-}
-
-type ClientPacketConn struct {
-	N.ExtendedConn
-	destination  M.Socksaddr
-	requestWrite bool
-	responseRead bool
-}
-
-func (c *ClientPacketConn) readResponse() error {
-	response, err := ReadStreamResponse(c.ExtendedConn)
-	if err != nil {
-		return err
-	}
-	if response.Status == statusError {
-		return E.New("remote error: ", response.Message)
-	}
-	return nil
-}
-
-func (c *ClientPacketConn) Read(b []byte) (n int, err error) {
-	if !c.responseRead {
-		err = c.readResponse()
-		if err != nil {
-			return
-		}
-		c.responseRead = true
-	}
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	if cap(b) < int(length) {
-		return 0, io.ErrShortBuffer
-	}
-	return io.ReadFull(c.ExtendedConn, b[:length])
-}
-
-func (c *ClientPacketConn) writeRequest(payload []byte) (n int, err error) {
-	request := StreamRequest{
-		Network:     N.NetworkUDP,
-		Destination: c.destination,
-	}
-	rLen := streamRequestLen(request)
-	if len(payload) > 0 {
-		rLen += 2 + len(payload)
-	}
-	_buffer := buf.StackNewSize(rLen)
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	EncodeStreamRequest(request, buffer)
-	if len(payload) > 0 {
-		common.Must(
-			binary.Write(buffer, binary.BigEndian, uint16(len(payload))),
-			common.Error(buffer.Write(payload)),
-		)
-	}
-	_, err = c.ExtendedConn.Write(buffer.Bytes())
-	if err != nil {
-		return
-	}
-	c.requestWrite = true
-	return len(payload), nil
-}
-
-func (c *ClientPacketConn) Write(b []byte) (n int, err error) {
-	if !c.requestWrite {
-		return c.writeRequest(b)
-	}
-	err = binary.Write(c.ExtendedConn, binary.BigEndian, uint16(len(b)))
-	if err != nil {
-		return
-	}
-	return c.ExtendedConn.Write(b)
-}
-
-func (c *ClientPacketConn) ReadBuffer(buffer *buf.Buffer) (err error) {
-	if !c.responseRead {
-		err = c.readResponse()
-		if err != nil {
-			return
-		}
-		c.responseRead = true
-	}
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
-	return
-}
-
-func (c *ClientPacketConn) WriteBuffer(buffer *buf.Buffer) error {
-	if !c.requestWrite {
-		defer buffer.Release()
-		return common.Error(c.writeRequest(buffer.Bytes()))
-	}
-	bLen := buffer.Len()
-	binary.BigEndian.PutUint16(buffer.ExtendHeader(2), uint16(bLen))
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ClientPacketConn) FrontHeadroom() int {
-	return 2
-}
-
-func (c *ClientPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	err = c.ReadBuffer(buffer)
-	return
-}
-
-func (c *ClientPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	return c.WriteBuffer(buffer)
-}
-
-func (c *ClientPacketConn) LocalAddr() net.Addr {
-	return c.ExtendedConn.LocalAddr()
-}
-
-func (c *ClientPacketConn) RemoteAddr() net.Addr {
-	return c.destination.UDPAddr()
-}
-
-func (c *ClientPacketConn) NeedAdditionalReadDeadline() bool {
-	return true
-}
-
-func (c *ClientPacketConn) Upstream() any {
-	return c.ExtendedConn
-}
-
-var _ N.NetPacketConn = (*ClientPacketAddrConn)(nil)
-
-type ClientPacketAddrConn struct {
-	N.ExtendedConn
-	destination  M.Socksaddr
-	requestWrite bool
-	responseRead bool
-}
-
-func (c *ClientPacketAddrConn) readResponse() error {
-	response, err := ReadStreamResponse(c.ExtendedConn)
-	if err != nil {
-		return err
-	}
-	if response.Status == statusError {
-		return E.New("remote error: ", response.Message)
-	}
-	return nil
-}
-
-func (c *ClientPacketAddrConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
-	if !c.responseRead {
-		err = c.readResponse()
-		if err != nil {
-			return
-		}
-		c.responseRead = true
-	}
-	destination, err := M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
-	if err != nil {
-		return
-	}
-	if destination.IsFqdn() {
-		addr = destination
-	} else {
-		addr = destination.UDPAddr()
-	}
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	if cap(p) < int(length) {
-		return 0, nil, io.ErrShortBuffer
-	}
-	n, err = io.ReadFull(c.ExtendedConn, p[:length])
-	return
-}
-
-func (c *ClientPacketAddrConn) writeRequest(payload []byte, destination M.Socksaddr) (n int, err error) {
-	request := StreamRequest{
-		Network:     N.NetworkUDP,
-		Destination: c.destination,
-		PacketAddr:  true,
-	}
-	rLen := streamRequestLen(request)
-	if len(payload) > 0 {
-		rLen += M.SocksaddrSerializer.AddrPortLen(destination) + 2 + len(payload)
-	}
-	_buffer := buf.StackNewSize(rLen)
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	EncodeStreamRequest(request, buffer)
-	if len(payload) > 0 {
-		common.Must(
-			M.SocksaddrSerializer.WriteAddrPort(buffer, destination),
-			binary.Write(buffer, binary.BigEndian, uint16(len(payload))),
-			common.Error(buffer.Write(payload)),
-		)
-	}
-	_, err = c.ExtendedConn.Write(buffer.Bytes())
-	if err != nil {
-		return
-	}
-	c.requestWrite = true
-	return len(payload), nil
-}
-
-func (c *ClientPacketAddrConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
-	if !c.requestWrite {
-		return c.writeRequest(p, M.SocksaddrFromNet(addr))
-	}
-	err = M.SocksaddrSerializer.WriteAddrPort(c.ExtendedConn, M.SocksaddrFromNet(addr))
-	if err != nil {
-		return
-	}
-	err = binary.Write(c.ExtendedConn, binary.BigEndian, uint16(len(p)))
-	if err != nil {
-		return
-	}
-	return c.ExtendedConn.Write(p)
-}
-
-func (c *ClientPacketAddrConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	if !c.responseRead {
-		err = c.readResponse()
-		if err != nil {
-			return
-		}
-		c.responseRead = true
-	}
-	destination, err = M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
-	if err != nil {
-		return
-	}
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
-	return
-}
-
-func (c *ClientPacketAddrConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	if !c.requestWrite {
-		defer buffer.Release()
-		return common.Error(c.writeRequest(buffer.Bytes(), destination))
-	}
-	bLen := buffer.Len()
-	header := buf.With(buffer.ExtendHeader(M.SocksaddrSerializer.AddrPortLen(destination) + 2))
-	common.Must(
-		M.SocksaddrSerializer.WriteAddrPort(header, destination),
-		binary.Write(header, binary.BigEndian, uint16(bLen)),
-	)
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ClientPacketAddrConn) LocalAddr() net.Addr {
-	return c.ExtendedConn.LocalAddr()
-}
-
-func (c *ClientPacketAddrConn) FrontHeadroom() int {
-	return 2 + M.MaxSocksaddrLength
-}
-
-func (c *ClientPacketAddrConn) NeedAdditionalReadDeadline() bool {
-	return true
-}
-
-func (c *ClientPacketAddrConn) Upstream() any {
-	return c.ExtendedConn
 }

common/mux/h2mux.go

@@ -1,235 +0,0 @@
-package mux
-
-import (
-	"context"
-	"crypto/tls"
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-	"time"
-
-	"github.com/sagernet/sing-box/transport/v2rayhttp"
-	"github.com/sagernet/sing/common/atomic"
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	E "github.com/sagernet/sing/common/exceptions"
-	N "github.com/sagernet/sing/common/network"
-
-	"golang.org/x/net/http2"
-)
-
-const idleTimeout = 30 * time.Second
-
-var _ abstractSession = (*H2MuxServerSession)(nil)
-
-type H2MuxServerSession struct {
-	server  http2.Server
-	active  atomic.Int32
-	conn    net.Conn
-	inbound chan net.Conn
-	done    chan struct{}
-}
-
-func NewH2MuxServer(conn net.Conn) *H2MuxServerSession {
-	session := &H2MuxServerSession{
-		conn:    conn,
-		inbound: make(chan net.Conn),
-		done:    make(chan struct{}),
-		server: http2.Server{
-			IdleTimeout: idleTimeout,
-		},
-	}
-	go func() {
-		session.server.ServeConn(conn, &http2.ServeConnOpts{
-			Handler: session,
-		})
-		_ = session.Close()
-	}()
-	return session
-}
-
-func (s *H2MuxServerSession) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
-	s.active.Add(1)
-	defer s.active.Add(-1)
-	writer.WriteHeader(http.StatusOK)
-	conn := newHTTP2Wrapper(&v2rayhttp.ServerHTTPConn{
-		HTTP2Conn: v2rayhttp.NewHTTPConn(request.Body, writer),
-		Flusher:   writer.(http.Flusher),
-	})
-	s.inbound <- conn
-	select {
-	case <-conn.done:
-	case <-s.done:
-	}
-}
-
-func (s *H2MuxServerSession) Open() (net.Conn, error) {
-	return nil, os.ErrInvalid
-}
-
-func (s *H2MuxServerSession) Accept() (net.Conn, error) {
-	select {
-	case conn := <-s.inbound:
-		return conn, nil
-	case <-s.done:
-		return nil, os.ErrClosed
-	}
-}
-
-func (s *H2MuxServerSession) NumStreams() int {
-	return int(s.active.Load())
-}
-
-func (s *H2MuxServerSession) Close() error {
-	select {
-	case <-s.done:
-	default:
-		close(s.done)
-	}
-	return s.conn.Close()
-}
-
-func (s *H2MuxServerSession) IsClosed() bool {
-	select {
-	case <-s.done:
-		return true
-	default:
-		return false
-	}
-}
-
-func (s *H2MuxServerSession) CanTakeNewRequest() bool {
-	return false
-}
-
-type h2MuxConnWrapper struct {
-	N.ExtendedConn
-	done chan struct{}
-}
-
-func newHTTP2Wrapper(conn net.Conn) *h2MuxConnWrapper {
-	return &h2MuxConnWrapper{
-		ExtendedConn: bufio.NewExtendedConn(conn),
-		done:         make(chan struct{}),
-	}
-}
-
-func (w *h2MuxConnWrapper) Write(p []byte) (n int, err error) {
-	select {
-	case <-w.done:
-		return 0, net.ErrClosed
-	default:
-	}
-	return w.ExtendedConn.Write(p)
-}
-
-func (w *h2MuxConnWrapper) WriteBuffer(buffer *buf.Buffer) error {
-	select {
-	case <-w.done:
-		return net.ErrClosed
-	default:
-	}
-	return w.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (w *h2MuxConnWrapper) Close() error {
-	select {
-	case <-w.done:
-	default:
-		close(w.done)
-	}
-	return w.ExtendedConn.Close()
-}
-
-func (w *h2MuxConnWrapper) Upstream() any {
-	return w.ExtendedConn
-}
-
-var _ abstractSession = (*H2MuxClientSession)(nil)
-
-type H2MuxClientSession struct {
-	transport  *http2.Transport
-	clientConn *http2.ClientConn
-	done       chan struct{}
-}
-
-func NewH2MuxClient(conn net.Conn) (*H2MuxClientSession, error) {
-	session := &H2MuxClientSession{
-		transport: &http2.Transport{
-			DialTLSContext: func(ctx context.Context, network, addr string, cfg *tls.Config) (net.Conn, error) {
-				return conn, nil
-			},
-			ReadIdleTimeout: idleTimeout,
-		},
-		done: make(chan struct{}),
-	}
-	session.transport.ConnPool = session
-	clientConn, err := session.transport.NewClientConn(conn)
-	if err != nil {
-		return nil, err
-	}
-	session.clientConn = clientConn
-	return session, nil
-}
-
-func (s *H2MuxClientSession) GetClientConn(req *http.Request, addr string) (*http2.ClientConn, error) {
-	return s.clientConn, nil
-}
-
-func (s *H2MuxClientSession) MarkDead(conn *http2.ClientConn) {
-	s.Close()
-}
-
-func (s *H2MuxClientSession) Open() (net.Conn, error) {
-	pipeInReader, pipeInWriter := io.Pipe()
-	request := &http.Request{
-		Method: http.MethodConnect,
-		Body:   pipeInReader,
-		URL:    &url.URL{Scheme: "https", Host: "localhost"},
-	}
-	conn := v2rayhttp.NewLateHTTPConn(pipeInWriter)
-	go func() {
-		response, err := s.transport.RoundTrip(request)
-		if err != nil {
-			conn.Setup(nil, err)
-		} else if response.StatusCode != 200 {
-			response.Body.Close()
-			conn.Setup(nil, E.New("unexpected status: ", response.StatusCode, " ", response.Status))
-		} else {
-			conn.Setup(response.Body, nil)
-		}
-	}()
-	return conn, nil
-}
-
-func (s *H2MuxClientSession) Accept() (net.Conn, error) {
-	return nil, os.ErrInvalid
-}
-
-func (s *H2MuxClientSession) NumStreams() int {
-	return s.clientConn.State().StreamsActive
-}
-
-func (s *H2MuxClientSession) Close() error {
-	select {
-	case <-s.done:
-	default:
-		close(s.done)
-	}
-	return s.clientConn.Close()
-}
-
-func (s *H2MuxClientSession) IsClosed() bool {
-	select {
-	case <-s.done:
-		return true
-	default:
-	}
-	return s.clientConn.State().Closed
-}
-
-func (s *H2MuxClientSession) CanTakeNewRequest() bool {
-	return s.clientConn.CanTakeNewRequest()
-}

common/mux/padding.go

@@ -1,240 +0,0 @@
-package mux
-
-import (
-	"encoding/binary"
-	"io"
-	"math/rand"
-	"net"
-
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/rw"
-)
-
-const kFirstPaddings = 16
-
-type paddingConn struct {
-	N.ExtendedConn
-	writer           N.VectorisedWriter
-	readPadding      int
-	writePadding     int
-	readRemaining    int
-	paddingRemaining int
-}
-
-func newPaddingConn(conn net.Conn) net.Conn {
-	writer, isVectorised := bufio.CreateVectorisedWriter(conn)
-	if isVectorised {
-		return &vectorisedPaddingConn{
-			paddingConn{
-				ExtendedConn: bufio.NewExtendedConn(conn),
-				writer:       bufio.NewVectorisedWriter(conn),
-			},
-			writer,
-		}
-	} else {
-		return &paddingConn{
-			ExtendedConn: bufio.NewExtendedConn(conn),
-			writer:       bufio.NewVectorisedWriter(conn),
-		}
-	}
-}
-
-func (c *paddingConn) Read(p []byte) (n int, err error) {
-	if c.readRemaining > 0 {
-		if len(p) > c.readRemaining {
-			p = p[:c.readRemaining]
-		}
-		n, err = c.ExtendedConn.Read(p)
-		if err != nil {
-			return
-		}
-		c.readRemaining -= n
-		return
-	}
-	if c.paddingRemaining > 0 {
-		err = rw.SkipN(c.ExtendedConn, c.paddingRemaining)
-		if err != nil {
-			return
-		}
-		c.paddingRemaining = 0
-	}
-	if c.readPadding < kFirstPaddings {
-		var paddingHdr []byte
-		if len(p) >= 4 {
-			paddingHdr = p[:4]
-		} else {
-			_paddingHdr := make([]byte, 4)
-			defer common.KeepAlive(_paddingHdr)
-			paddingHdr = common.Dup(_paddingHdr)
-		}
-		_, err = io.ReadFull(c.ExtendedConn, paddingHdr)
-		if err != nil {
-			return
-		}
-		originalDataSize := int(binary.BigEndian.Uint16(paddingHdr[:2]))
-		paddingLen := int(binary.BigEndian.Uint16(paddingHdr[2:]))
-		if len(p) > originalDataSize {
-			p = p[:originalDataSize]
-		}
-		n, err = c.ExtendedConn.Read(p)
-		if err != nil {
-			return
-		}
-		c.readPadding++
-		c.readRemaining = originalDataSize - n
-		c.paddingRemaining = paddingLen
-		return
-	}
-	return c.ExtendedConn.Read(p)
-}
-
-func (c *paddingConn) Write(p []byte) (n int, err error) {
-	for pLen := len(p); pLen > 0; {
-		var data []byte
-		if pLen > 65535 {
-			data = p[:65535]
-			p = p[65535:]
-			pLen -= 65535
-		} else {
-			data = p
-			pLen = 0
-		}
-		var writeN int
-		writeN, err = c.write(data)
-		n += writeN
-		if err != nil {
-			break
-		}
-	}
-	return n, err
-}
-
-func (c *paddingConn) write(p []byte) (n int, err error) {
-	if c.writePadding < kFirstPaddings {
-		paddingLen := 256 + rand.Intn(512)
-		_buffer := buf.StackNewSize(4 + len(p) + paddingLen)
-		defer common.KeepAlive(_buffer)
-		buffer := common.Dup(_buffer)
-		defer buffer.Release()
-		header := buffer.Extend(4)
-		binary.BigEndian.PutUint16(header[:2], uint16(len(p)))
-		binary.BigEndian.PutUint16(header[2:], uint16(paddingLen))
-		common.Must1(buffer.Write(p))
-		buffer.Extend(paddingLen)
-		_, err = c.ExtendedConn.Write(buffer.Bytes())
-		if err == nil {
-			n = len(p)
-		}
-		c.writePadding++
-		return
-	}
-	return c.ExtendedConn.Write(p)
-}
-
-func (c *paddingConn) ReadBuffer(buffer *buf.Buffer) error {
-	p := buffer.FreeBytes()
-	if c.readRemaining > 0 {
-		if len(p) > c.readRemaining {
-			p = p[:c.readRemaining]
-		}
-		n, err := c.ExtendedConn.Read(p)
-		if err != nil {
-			return err
-		}
-		c.readRemaining -= n
-		buffer.Truncate(n)
-		return nil
-	}
-	if c.paddingRemaining > 0 {
-		err := rw.SkipN(c.ExtendedConn, c.paddingRemaining)
-		if err != nil {
-			return err
-		}
-		c.paddingRemaining = 0
-	}
-	if c.readPadding < kFirstPaddings {
-		var paddingHdr []byte
-		if len(p) >= 4 {
-			paddingHdr = p[:4]
-		} else {
-			_paddingHdr := make([]byte, 4)
-			defer common.KeepAlive(_paddingHdr)
-			paddingHdr = common.Dup(_paddingHdr)
-		}
-		_, err := io.ReadFull(c.ExtendedConn, paddingHdr)
-		if err != nil {
-			return err
-		}
-		originalDataSize := int(binary.BigEndian.Uint16(paddingHdr[:2]))
-		paddingLen := int(binary.BigEndian.Uint16(paddingHdr[2:]))
-
-		if len(p) > originalDataSize {
-			p = p[:originalDataSize]
-		}
-		n, err := c.ExtendedConn.Read(p)
-		if err != nil {
-			return err
-		}
-		c.readPadding++
-		c.readRemaining = originalDataSize - n
-		c.paddingRemaining = paddingLen
-		buffer.Truncate(n)
-		return nil
-	}
-	return c.ExtendedConn.ReadBuffer(buffer)
-}
-
-func (c *paddingConn) WriteBuffer(buffer *buf.Buffer) error {
-	if c.writePadding < kFirstPaddings {
-		bufferLen := buffer.Len()
-		if bufferLen > 65535 {
-			return common.Error(c.Write(buffer.Bytes()))
-		}
-		paddingLen := 256 + rand.Intn(512)
-		header := buffer.ExtendHeader(4)
-		binary.BigEndian.PutUint16(header[:2], uint16(bufferLen))
-		binary.BigEndian.PutUint16(header[2:], uint16(paddingLen))
-		buffer.Extend(paddingLen)
-		c.writePadding++
-	}
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *paddingConn) FrontHeadroom() int {
-	return 4 + 256 + 1024
-}
-
-type vectorisedPaddingConn struct {
-	paddingConn
-	writer N.VectorisedWriter
-}
-
-func (c *vectorisedPaddingConn) WriteVectorised(buffers []*buf.Buffer) error {
-	if c.writePadding < kFirstPaddings {
-		bufferLen := buf.LenMulti(buffers)
-		if bufferLen > 65535 {
-			defer buf.ReleaseMulti(buffers)
-			for _, buffer := range buffers {
-				_, err := c.Write(buffer.Bytes())
-				if err != nil {
-					return err
-				}
-			}
-			return nil
-		}
-		paddingLen := 256 + rand.Intn(512)
-		header := buf.NewSize(4)
-		common.Must(
-			binary.Write(header, binary.BigEndian, uint16(bufferLen)),
-			binary.Write(header, binary.BigEndian, uint16(paddingLen)),
-		)
-		c.writePadding++
-		padding := buf.NewSize(paddingLen)
-		padding.Extend(paddingLen)
-		buffers = append(append([]*buf.Buffer{header}, buffers...), padding)
-	}
-	return c.writer.WriteVectorised(buffers)
-}

common/mux/protocol.go

@@ -1,299 +1,14 @@
 package mux
 
 import (
-	"encoding/binary"
-	"io"
-	"math/rand"
-	"net"
-
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/buf"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/rw"
-	"github.com/sagernet/smux"
-
-	"github.com/hashicorp/yamux"
+	"github.com/sagernet/sing-mux"
 )
 
-var Destination = M.Socksaddr{
-	Fqdn: "sp.mux.sing-box.arpa",
-	Port: 444,
-}
-
-const (
-	ProtocolSMux Protocol = iota
-	ProtocolYAMux
-	ProtocolH2Mux
+type (
+	Client = mux.Client
 )
 
-type Protocol byte
-
-func ParseProtocol(name string) (Protocol, error) {
-	switch name {
-	case "", "smux":
-		return ProtocolSMux, nil
-	case "yamux":
-		return ProtocolYAMux, nil
-	case "h2mux":
-		return ProtocolH2Mux, nil
-	default:
-		return ProtocolSMux, E.New("unknown multiplex protocol: ", name)
-	}
-}
-
-func (p Protocol) newServer(conn net.Conn) (abstractSession, error) {
-	switch p {
-	case ProtocolSMux:
-		session, err := smux.Server(conn, smuxConfig())
-		if err != nil {
-			return nil, err
-		}
-		return &smuxSession{session}, nil
-	case ProtocolYAMux:
-		session, err := yamux.Server(conn, yaMuxConfig())
-		if err != nil {
-			return nil, err
-		}
-		return &yamuxSession{session}, nil
-	case ProtocolH2Mux:
-		return NewH2MuxServer(conn), nil
-	default:
-		panic("unknown protocol")
-	}
-}
-
-func (p Protocol) newClient(conn net.Conn) (abstractSession, error) {
-	switch p {
-	case ProtocolSMux:
-		session, err := smux.Client(conn, smuxConfig())
-		if err != nil {
-			return nil, err
-		}
-		return &smuxSession{session}, nil
-	case ProtocolYAMux:
-		session, err := yamux.Client(conn, yaMuxConfig())
-		if err != nil {
-			return nil, err
-		}
-		return &yamuxSession{session}, nil
-	case ProtocolH2Mux:
-		return NewH2MuxClient(conn)
-	default:
-		panic("unknown protocol")
-	}
-}
-
-func smuxConfig() *smux.Config {
-	config := smux.DefaultConfig()
-	config.KeepAliveDisabled = true
-	return config
-}
-
-func yaMuxConfig() *yamux.Config {
-	config := yamux.DefaultConfig()
-	config.LogOutput = io.Discard
-	config.StreamCloseTimeout = C.TCPTimeout
-	config.StreamOpenTimeout = C.TCPTimeout
-	return config
-}
-
-func (p Protocol) String() string {
-	switch p {
-	case ProtocolSMux:
-		return "smux"
-	case ProtocolYAMux:
-		return "yamux"
-	case ProtocolH2Mux:
-		return "h2mux"
-	default:
-		return "unknown"
-	}
-}
-
-const (
-	Version0 = iota
-	Version1
+var (
+	Destination      = mux.Destination
+	HandleConnection = mux.HandleConnection
 )
-
-type Request struct {
-	Version        byte
-	Protocol       Protocol
-	PaddingEnabled bool
-}
-
-func ReadRequest(reader io.Reader) (*Request, error) {
-	version, err := rw.ReadByte(reader)
-	if err != nil {
-		return nil, err
-	}
-	if version < Version0 || version > Version1 {
-		return nil, E.New("unsupported version: ", version)
-	}
-	protocol, err := rw.ReadByte(reader)
-	if err != nil {
-		return nil, err
-	}
-	var paddingEnabled bool
-	if version == Version1 {
-		err = binary.Read(reader, binary.BigEndian, &paddingEnabled)
-		if err != nil {
-			return nil, err
-		}
-		if paddingEnabled {
-			var paddingLen uint16
-			err = binary.Read(reader, binary.BigEndian, &paddingLen)
-			if err != nil {
-				return nil, err
-			}
-			err = rw.SkipN(reader, int(paddingLen))
-			if err != nil {
-				return nil, err
-			}
-		}
-	}
-	return &Request{Version: version, Protocol: Protocol(protocol), PaddingEnabled: paddingEnabled}, nil
-}
-
-func EncodeRequest(request Request, payload []byte) *buf.Buffer {
-	var requestLen int
-	requestLen += 2
-	var paddingLen uint16
-	if request.Version == Version1 {
-		requestLen += 1
-		if request.PaddingEnabled {
-			requestLen += 2
-			paddingLen = uint16(256 + rand.Intn(512))
-			requestLen += int(paddingLen)
-		}
-	}
-	buffer := buf.NewSize(requestLen + len(payload))
-	common.Must(
-		buffer.WriteByte(request.Version),
-		buffer.WriteByte(byte(request.Protocol)),
-	)
-	if request.Version == Version1 {
-		common.Must(binary.Write(buffer, binary.BigEndian, request.PaddingEnabled))
-		if request.PaddingEnabled {
-			common.Must(binary.Write(buffer, binary.BigEndian, paddingLen))
-			buffer.Extend(int(paddingLen))
-		}
-	}
-	common.Must1(buffer.Write(payload))
-	return buffer
-}
-
-const (
-	flagUDP       = 1
-	flagAddr      = 2
-	statusSuccess = 0
-	statusError   = 1
-)
-
-type StreamRequest struct {
-	Network     string
-	Destination M.Socksaddr
-	PacketAddr  bool
-}
-
-func ReadStreamRequest(reader io.Reader) (*StreamRequest, error) {
-	var flags uint16
-	err := binary.Read(reader, binary.BigEndian, &flags)
-	if err != nil {
-		return nil, err
-	}
-	destination, err := M.SocksaddrSerializer.ReadAddrPort(reader)
-	if err != nil {
-		return nil, err
-	}
-	var network string
-	var udpAddr bool
-	if flags&flagUDP == 0 {
-		network = N.NetworkTCP
-	} else {
-		network = N.NetworkUDP
-		udpAddr = flags&flagAddr != 0
-	}
-	return &StreamRequest{network, destination, udpAddr}, nil
-}
-
-func streamRequestLen(request StreamRequest) int {
-	var rLen int
-	rLen += 1 // version
-	rLen += 2 // flags
-	rLen += M.SocksaddrSerializer.AddrPortLen(request.Destination)
-	return rLen
-}
-
-func EncodeStreamRequest(request StreamRequest, buffer *buf.Buffer) {
-	destination := request.Destination
-	var flags uint16
-	if request.Network == N.NetworkUDP {
-		flags |= flagUDP
-	}
-	if request.PacketAddr {
-		flags |= flagAddr
-		if !destination.IsValid() {
-			destination = Destination
-		}
-	}
-	common.Must(
-		binary.Write(buffer, binary.BigEndian, flags),
-		M.SocksaddrSerializer.WriteAddrPort(buffer, destination),
-	)
-}
-
-type StreamResponse struct {
-	Status  uint8
-	Message string
-}
-
-func ReadStreamResponse(reader io.Reader) (*StreamResponse, error) {
-	var response StreamResponse
-	status, err := rw.ReadByte(reader)
-	if err != nil {
-		return nil, err
-	}
-	response.Status = status
-	if status == statusError {
-		response.Message, err = rw.ReadVString(reader)
-		if err != nil {
-			return nil, err
-		}
-	}
-	return &response, nil
-}
-
-type wrapStream struct {
-	net.Conn
-}
-
-func (w *wrapStream) Read(p []byte) (n int, err error) {
-	n, err = w.Conn.Read(p)
-	err = wrapError(err)
-	return
-}
-
-func (w *wrapStream) Write(p []byte) (n int, err error) {
-	n, err = w.Conn.Write(p)
-	err = wrapError(err)
-	return
-}
-
-func (w *wrapStream) WriteIsThreadUnsafe() {
-}
-
-func (w *wrapStream) Upstream() any {
-	return w.Conn
-}
-
-func wrapError(err error) error {
-	switch err {
-	case yamux.ErrStreamClosed:
-		return io.EOF
-	default:
-		return err
-	}
-}

common/mux/service.go

@@ -1,272 +0,0 @@
-package mux
-
-import (
-	"context"
-	"encoding/binary"
-	"net"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/rw"
-	"github.com/sagernet/sing/common/task"
-)
-
-func NewConnection(ctx context.Context, router adapter.Router, errorHandler E.Handler, logger log.ContextLogger, conn net.Conn, metadata adapter.InboundContext) error {
-	request, err := ReadRequest(conn)
-	if err != nil {
-		return err
-	}
-	if request.PaddingEnabled {
-		conn = newPaddingConn(conn)
-	}
-	session, err := request.Protocol.newServer(conn)
-	if err != nil {
-		return err
-	}
-	var group task.Group
-	group.Append0(func(ctx context.Context) error {
-		var stream net.Conn
-		for {
-			stream, err = session.Accept()
-			if err != nil {
-				return err
-			}
-			go newConnection(ctx, router, errorHandler, logger, stream, metadata)
-		}
-	})
-	group.Cleanup(func() {
-		session.Close()
-	})
-	return group.Run(ctx)
-}
-
-func newConnection(ctx context.Context, router adapter.Router, errorHandler E.Handler, logger log.ContextLogger, stream net.Conn, metadata adapter.InboundContext) {
-	stream = &wrapStream{stream}
-	request, err := ReadStreamRequest(stream)
-	if err != nil {
-		logger.ErrorContext(ctx, err)
-		return
-	}
-	metadata.Destination = request.Destination
-	if request.Network == N.NetworkTCP {
-		logger.InfoContext(ctx, "inbound multiplex connection to ", metadata.Destination)
-		hErr := router.RouteConnection(ctx, &ServerConn{ExtendedConn: bufio.NewExtendedConn(stream)}, metadata)
-		stream.Close()
-		if hErr != nil {
-			errorHandler.NewError(ctx, hErr)
-		}
-	} else {
-		var packetConn N.PacketConn
-		if !request.PacketAddr {
-			logger.InfoContext(ctx, "inbound multiplex packet connection to ", metadata.Destination)
-			packetConn = &ServerPacketConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: request.Destination}
-		} else {
-			logger.InfoContext(ctx, "inbound multiplex packet connection")
-			packetConn = &ServerPacketAddrConn{ExtendedConn: bufio.NewExtendedConn(stream)}
-		}
-		hErr := router.RoutePacketConnection(ctx, packetConn, metadata)
-		stream.Close()
-		if hErr != nil {
-			errorHandler.NewError(ctx, hErr)
-		}
-	}
-}
-
-var _ N.HandshakeConn = (*ServerConn)(nil)
-
-type ServerConn struct {
-	N.ExtendedConn
-	responseWrite bool
-}
-
-func (c *ServerConn) HandshakeFailure(err error) error {
-	errMessage := err.Error()
-	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	common.Must(
-		buffer.WriteByte(statusError),
-		rw.WriteVString(_buffer, errMessage),
-	)
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerConn) Write(b []byte) (n int, err error) {
-	if c.responseWrite {
-		return c.ExtendedConn.Write(b)
-	}
-	_buffer := buf.StackNewSize(1 + len(b))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	common.Must(
-		buffer.WriteByte(statusSuccess),
-		common.Error(buffer.Write(b)),
-	)
-	_, err = c.ExtendedConn.Write(buffer.Bytes())
-	if err != nil {
-		return
-	}
-	c.responseWrite = true
-	return len(b), nil
-}
-
-func (c *ServerConn) WriteBuffer(buffer *buf.Buffer) error {
-	if c.responseWrite {
-		return c.ExtendedConn.WriteBuffer(buffer)
-	}
-	buffer.ExtendHeader(1)[0] = statusSuccess
-	c.responseWrite = true
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerConn) FrontHeadroom() int {
-	if !c.responseWrite {
-		return 1
-	}
-	return 0
-}
-
-func (c *ServerConn) NeedAdditionalReadDeadline() bool {
-	return true
-}
-
-func (c *ServerConn) Upstream() any {
-	return c.ExtendedConn
-}
-
-var (
-	_ N.HandshakeConn = (*ServerPacketConn)(nil)
-	_ N.PacketConn    = (*ServerPacketConn)(nil)
-)
-
-type ServerPacketConn struct {
-	N.ExtendedConn
-	destination   M.Socksaddr
-	responseWrite bool
-}
-
-func (c *ServerPacketConn) HandshakeFailure(err error) error {
-	errMessage := err.Error()
-	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	common.Must(
-		buffer.WriteByte(statusError),
-		rw.WriteVString(_buffer, errMessage),
-	)
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
-	if err != nil {
-		return
-	}
-	destination = c.destination
-	return
-}
-
-func (c *ServerPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	pLen := buffer.Len()
-	common.Must(binary.Write(buf.With(buffer.ExtendHeader(2)), binary.BigEndian, uint16(pLen)))
-	if !c.responseWrite {
-		buffer.ExtendHeader(1)[0] = statusSuccess
-		c.responseWrite = true
-	}
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerPacketConn) NeedAdditionalReadDeadline() bool {
-	return true
-}
-
-func (c *ServerPacketConn) Upstream() any {
-	return c.ExtendedConn
-}
-
-func (c *ServerPacketConn) FrontHeadroom() int {
-	if !c.responseWrite {
-		return 3
-	}
-	return 2
-}
-
-var (
-	_ N.HandshakeConn = (*ServerPacketAddrConn)(nil)
-	_ N.PacketConn    = (*ServerPacketAddrConn)(nil)
-)
-
-type ServerPacketAddrConn struct {
-	N.ExtendedConn
-	responseWrite bool
-}
-
-func (c *ServerPacketAddrConn) HandshakeFailure(err error) error {
-	errMessage := err.Error()
-	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
-	defer common.KeepAlive(_buffer)
-	buffer := common.Dup(_buffer)
-	defer buffer.Release()
-	common.Must(
-		buffer.WriteByte(statusError),
-		rw.WriteVString(_buffer, errMessage),
-	)
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerPacketAddrConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	destination, err = M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
-	if err != nil {
-		return
-	}
-	var length uint16
-	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
-	if err != nil {
-		return
-	}
-	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
-	if err != nil {
-		return
-	}
-	return
-}
-
-func (c *ServerPacketAddrConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	pLen := buffer.Len()
-	common.Must(binary.Write(buf.With(buffer.ExtendHeader(2)), binary.BigEndian, uint16(pLen)))
-	common.Must(M.SocksaddrSerializer.WriteAddrPort(buf.With(buffer.ExtendHeader(M.SocksaddrSerializer.AddrPortLen(destination))), destination))
-	if !c.responseWrite {
-		buffer.ExtendHeader(1)[0] = statusSuccess
-		c.responseWrite = true
-	}
-	return c.ExtendedConn.WriteBuffer(buffer)
-}
-
-func (c *ServerPacketAddrConn) NeedAdditionalReadDeadline() bool {
-	return true
-}
-
-func (c *ServerPacketAddrConn) Upstream() any {
-	return c.ExtendedConn
-}
-
-func (c *ServerPacketAddrConn) FrontHeadroom() int {
-	if !c.responseWrite {
-		return 3 + M.MaxSocksaddrLength
-	}
-	return 2 + M.MaxSocksaddrLength
-}

common/mux/session.go

@@ -1,111 +0,0 @@
-package mux
-
-import (
-	"io"
-	"net"
-
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/smux"
-
-	"github.com/hashicorp/yamux"
-)
-
-type abstractSession interface {
-	Open() (net.Conn, error)
-	Accept() (net.Conn, error)
-	NumStreams() int
-	Close() error
-	IsClosed() bool
-	CanTakeNewRequest() bool
-}
-
-var _ abstractSession = (*smuxSession)(nil)
-
-type smuxSession struct {
-	*smux.Session
-}
-
-func (s *smuxSession) Open() (net.Conn, error) {
-	return s.OpenStream()
-}
-
-func (s *smuxSession) Accept() (net.Conn, error) {
-	return s.AcceptStream()
-}
-
-func (s *smuxSession) CanTakeNewRequest() bool {
-	return true
-}
-
-type yamuxSession struct {
-	*yamux.Session
-}
-
-func (y *yamuxSession) CanTakeNewRequest() bool {
-	return true
-}
-
-type protocolConn struct {
-	net.Conn
-	request         Request
-	protocolWritten bool
-}
-
-func newProtocolConn(conn net.Conn, request Request) net.Conn {
-	writer, isVectorised := bufio.CreateVectorisedWriter(conn)
-	if isVectorised {
-		return &vectorisedProtocolConn{
-			protocolConn{
-				Conn:    conn,
-				request: request,
-			},
-			writer,
-		}
-	} else {
-		return &protocolConn{
-			Conn:    conn,
-			request: request,
-		}
-	}
-}
-
-func (c *protocolConn) Write(p []byte) (n int, err error) {
-	if c.protocolWritten {
-		return c.Conn.Write(p)
-	}
-	buffer := EncodeRequest(c.request, p)
-	n, err = c.Conn.Write(buffer.Bytes())
-	buffer.Release()
-	if err == nil {
-		n--
-	}
-	c.protocolWritten = true
-	return n, err
-}
-
-func (c *protocolConn) ReadFrom(r io.Reader) (n int64, err error) {
-	if !c.protocolWritten {
-		return bufio.ReadFrom0(c, r)
-	}
-	return bufio.Copy(c.Conn, r)
-}
-
-func (c *protocolConn) Upstream() any {
-	return c.Conn
-}
-
-type vectorisedProtocolConn struct {
-	protocolConn
-	writer N.VectorisedWriter
-}
-
-func (c *vectorisedProtocolConn) WriteVectorised(buffers []*buf.Buffer) error {
-	if c.protocolWritten {
-		return c.writer.WriteVectorised(buffers)
-	}
-	c.protocolWritten = true
-	buffer := EncodeRequest(c.request, nil)
-	return c.writer.WriteVectorised(append([]*buf.Buffer{buffer}, buffers...))
-}

common/tls/reality_client.go

@@ -111,6 +111,16 @@ func (e *RealityClientConfig) ClientHandshake(ctx context.Context, conn net.Conn
 	if err != nil {
 		return nil, err
 	}
+
+	if len(uConfig.NextProtos) > 0 {
+		for _, extension := range uConn.Extensions {
+			if alpnExtension, isALPN := extension.(*utls.ALPNExtension); isALPN {
+				alpnExtension.AlpnProtocols = uConfig.NextProtos
+				break
+			}
+		}
+	}
+
 	hello := uConn.HandshakeState.Hello
 	hello.SessionId = make([]byte, 32)
 	copy(hello.Raw[39:], hello.SessionId)

common/tls/utls_client.go

@@ -3,6 +3,7 @@
 package tls
 
 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"math/rand"
@@ -47,7 +48,7 @@ func (e *UTLSClientConfig) Config() (*STDConfig, error) {
 }
 
 func (e *UTLSClientConfig) Client(conn net.Conn) (Conn, error) {
-	return &utlsConnWrapper{utls.UClient(conn, e.config.Clone(), e.id)}, nil
+	return &utlsALPNWrapper{utlsConnWrapper{utls.UClient(conn, e.config.Clone(), e.id)}, e.config.NextProtos}, nil
 }
 
 func (e *UTLSClientConfig) SetSessionIDGenerator(generator func(clientHello []byte, sessionID []byte) error) {
@@ -87,6 +88,31 @@ func (c *utlsConnWrapper) Upstream() any {
 	return c.UConn
 }
 
+type utlsALPNWrapper struct {
+	utlsConnWrapper
+	nextProtocols []string
+}
+
+func (c *utlsALPNWrapper) HandshakeContext(ctx context.Context) error {
+	if len(c.nextProtocols) > 0 {
+		err := c.BuildHandshakeState()
+		if err != nil {
+			return err
+		}
+		for _, extension := range c.Extensions {
+			if alpnExtension, isALPN := extension.(*utls.ALPNExtension); isALPN {
+				alpnExtension.AlpnProtocols = c.nextProtocols
+				err = c.BuildHandshakeState()
+				if err != nil {
+					return err
+				}
+				break
+			}
+		}
+	}
+	return c.UConn.HandshakeContext(ctx)
+}
+
 func NewUTLSClient(router adapter.Router, serverAddress string, options option.OutboundTLSOptions) (*UTLSClientConfig, error) {
 	var serverName string
 	if options.ServerName != "" {

docs/changelog.md

@@ -1,3 +1,33 @@
+#### 1.3-beta12
+
+* Automatically add Windows firewall rules in order for the system tun stack to work
+* Fix TLS 1.2 support for shadow-tls client
+* Add `cache_id` [option](/configuration/experimental#cache_id) for Clash cache file
+* Fixes and improvements
+
+#### 1.3-beta11
+
+* Fix bugs and update dependencies
+
+#### 1.3-beta10
+
+* Improve direct copy **1**
+* Improve DNS caching
+* Add `independent_cache` [option](/configuration/dns#independent_cache) for DNS
+* Reimplemented shadowsocks client **2**
+* Add multiplex support for VLESS outbound
+* Set TCP keepalive for WireGuard gVisor TCP connections
+* Fixes and improvements
+
+**1**:
+
+* Make splice work with traffic statistics systems like Clash API
+* Significantly reduces memory usage of idle connections
+
+**2**:
+
+Improved performance and reduced memory usage.
+
 #### 1.3-beta9
 
 * Improve multiplex **1**

docs/configuration/dns/index.md

@@ -11,6 +11,7 @@
     "strategy": "",
     "disable_cache": false,
     "disable_expire": false,
+    "independent_cache": false,
     "reverse_mapping": false,
     "fakeip": {}
   }
@@ -48,6 +49,10 @@ Disable dns cache.
 
 Disable dns cache expire.
 
+#### independent_cache
+
+Make each DNS server's cache independent for special purposes. If enabled, will slightly degrade performance.
+
 #### reverse_mapping
 
 Stores a reverse mapping of IP addresses after responding to a DNS query in order to provide domain names when routing.

docs/configuration/dns/index.zh.md

@@ -11,6 +11,7 @@
     "strategy": "",
     "disable_cache": false,
     "disable_expire": false,
+    "independent_cache": false,
     "reverse_mapping": false,
     "fakeip": {}
   }
@@ -47,6 +48,10 @@
 
 禁用 DNS 缓存过期。
 
+#### independent_cache
+
+使每个 DNS 服务器的缓存独立，以满足特殊目的。如果启用，将轻微降低性能。
+
 #### reverse_mapping
 
 在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。

docs/configuration/dns/server.md

@@ -30,18 +30,18 @@ The tag of the dns server.
 
 The address of the dns server.
 
-| Protocol            | Format                        |
-|---------------------|-------------------------------|
-| `System`            | `local`                       |
-| `TCP`               | `tcp://1.0.0.1`               |
-| `UDP`               | `8.8.8.8` `udp://8.8.4.4`     |
-| `TLS`               | `tls://dns.google`            |
-| `HTTPS`             | `https://1.1.1.1/dns-query`   |
-| `QUIC`              | `quic://dns.adguard.com`      |
-| `HTTP3`             | `h3://8.8.8.8/dns-query`      |
-| `RCode`             | `rcode://refused`             |
-| `DHCP`              | `dhcp://auto` or `dhcp://en0` |
-|  [FakeIP](./fakeip) | `fakeip`                      |
+| Protocol                            | Format                        |
+|-------------------------------------|-------------------------------|
+| `System`                            | `local`                       |
+| `TCP`                               | `tcp://1.0.0.1`               |
+| `UDP`                               | `8.8.8.8` `udp://8.8.4.4`     |
+| `TLS`                               | `tls://dns.google`            |
+| `HTTPS`                             | `https://1.1.1.1/dns-query`   |
+| `QUIC`                              | `quic://dns.adguard.com`      |
+| `HTTP3`                             | `h3://8.8.8.8/dns-query`      |
+| `RCode`                             | `rcode://refused`             |
+| `DHCP`                              | `dhcp://auto` or `dhcp://en0` |
+| [FakeIP](/configuration/dns/fakeip) | `fakeip`                      |
 
 !!! warning ""
 
@@ -94,4 +94,4 @@ Take no effect if override by other settings.
 
 Tag of an outbound for connecting to the dns server.
 
-Default outbound will be used if empty.
+Default outbound will be used if empty.

docs/configuration/dns/server.zh.md

@@ -30,18 +30,18 @@ DNS 服务器的标签。
 
 DNS 服务器的地址。
 
-| 协议                 | 格式                           |
-|--------------------|------------------------------|
-| `System`           | `local`                      |
-| `TCP`              | `tcp://1.0.0.1`              |
-| `UDP`              | `8.8.8.8` `udp://8.8.4.4`    |
-| `TLS`              | `tls://dns.google`           |
-| `HTTPS`            | `https://1.1.1.1/dns-query`  |
-| `QUIC`             | `quic://dns.adguard.com`     |
-| `HTTP3`            | `h3://8.8.8.8/dns-query`     |
-| `RCode`            | `rcode://refused`            |
-| `DHCP`             | `dhcp://auto` 或 `dhcp://en0` |
-| [FakeIP](./fakeip) | `fakeip`                     |
+| 协议                                  | 格式                           |
+|-------------------------------------|------------------------------|
+| `System`                            | `local`                      |
+| `TCP`                               | `tcp://1.0.0.1`              |
+| `UDP`                               | `8.8.8.8` `udp://8.8.4.4`    |
+| `TLS`                               | `tls://dns.google`           |
+| `HTTPS`                             | `https://1.1.1.1/dns-query`  |
+| `QUIC`                              | `quic://dns.adguard.com`     |
+| `HTTP3`                             | `h3://8.8.8.8/dns-query`     |
+| `RCode`                             | `rcode://refused`            |
+| `DHCP`                              | `dhcp://auto` 或 `dhcp://en0` |
+| [FakeIP](/configuration/dns/fakeip) | `fakeip`                     |
 
 !!! warning ""
 

docs/configuration/experimental/index.md

@@ -7,13 +7,14 @@
   "experimental": {
     "clash_api": {
       "external_controller": "127.0.0.1:9090",
-      "external_ui": "folder",
+      "external_ui": "",
       "external_ui_download_url": "",
       "external_ui_download_detour": "",
       "secret": "",
-      "default_mode": "rule",
+      "default_mode": "",
       "store_selected": false,
-      "cache_file": "cache.db"
+      "cache_file": "",
+      "cache_id": ""
     },
     "v2ray_api": {
       "listen": "127.0.0.1:8080",
@@ -91,6 +92,12 @@ Store selected outbound for the `Selector` outbound in cache file.
 
 Cache file path, `cache.db` will be used if empty.
 
+#### cache_id
+
+Cache ID.
+
+If not empty, `store_selected` will use a separate store keyed by it.
+
 ### V2Ray API Fields
 
 !!! error ""

docs/configuration/experimental/index.zh.md

@@ -7,13 +7,14 @@
   "experimental": {
     "clash_api": {
       "external_controller": "127.0.0.1:9090",
-      "external_ui": "folder",
+      "external_ui": "",
       "external_ui_download_url": "",
       "external_ui_download_detour": "",
       "secret": "",
-      "default_mode": "rule",
+      "default_mode": "",
       "store_selected": false,
-      "cache_file": "cache.db"
+      "cache_file": "",
+      "cache_id": ""
     },
     "v2ray_api": {
       "listen": "127.0.0.1:8080",
@@ -89,6 +90,12 @@ Clash 中的默认模式，默认使用 `rule`。
 
 缓存文件路径，默认使用`cache.db`。
 
+#### cache_id
+
+缓存 ID。
+
+如果不为空，`store_selected` 将会使用以此为键的独立存储。
+
 ### V2Ray API 字段
 
 !!! error ""

docs/configuration/shared/multiplex.md

@@ -31,7 +31,7 @@ Multiplex protocol.
 | yamux    | https://github.com/hashicorp/yamux |
 | h2mux    | https://golang.org/x/net/http2     |
 
-SMux is used by default.
+h2mux is used by default.
 
 #### max_connections
 

docs/configuration/shared/multiplex.zh.md

@@ -30,7 +30,7 @@
 | yamux | https://github.com/hashicorp/yamux |
 | h2mux | https://golang.org/x/net/http2     |
 
-默认使用 SMux。
+默认使用 h2mux。
 
 #### max_connections
 

docs/examples/fakeip.md

@@ -0,0 +1,105 @@
+```json
+{
+  "dns": {
+    "servers": [
+      {
+        "tag": "google",
+        "address": "tls://8.8.8.8"
+      },
+      {
+        "tag": "local",
+        "address": "223.5.5.5",
+        "detour": "direct"
+      },
+      {
+        "tag": "remote",
+        "address": "fakeip"
+      },
+      {
+        "tag": "block",
+        "address": "rcode://success"
+      }
+    ],
+    "rules": [
+      {
+        "geosite": "category-ads-all",
+        "server": "block",
+        "disable_cache": true
+      },
+      {
+        "outbound": "any",
+        "server": "local"
+      },
+      {
+        "geosite": "cn",
+        "server": "local"
+      },
+      {
+        "query_type": [
+          "A",
+          "AAAA"
+        ],
+        "server": "remote"
+      }
+    ],
+    "fakeip": {
+      "enabled": true,
+      "inet4_range": "198.18.0.0/15",
+      "inet6_range": "fc00::/18"
+    },
+    "strategy": "ipv4_only"
+  },
+  "inbounds": [
+    {
+      "type": "tun",
+      "inet4_address": "172.19.0.1/30",
+      "auto_route": true,
+      "sniff": true,
+      "domain_strategy": "ipv4_only" // remove this line if you want to resolve the domain remotely (if the server is not sing-box, UDP may not work due to wrong behavior).
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "shadowsocks",
+      "tag": "proxy",
+      "server": "mydomain.com",
+      "server_port": 8080,
+      "method": "2022-blake3-aes-128-gcm",
+      "password": "8JCsPssfgS8tiRwiMlhARg=="
+    },
+    {
+      "type": "direct",
+      "tag": "direct"
+    },
+    {
+      "type": "block",
+      "tag": "block"
+    },
+    {
+      "type": "dns",
+      "tag": "dns-out"
+    }
+  ],
+  "route": {
+    "rules": [
+      {
+        "protocol": "dns",
+        "outbound": "dns-out"
+      },
+      {
+        "geosite": "cn",
+        "geoip": [
+          "private",
+          "cn"
+        ],
+        "outbound": "direct"
+      },
+      {
+        "geosite": "category-ads-all",
+        "outbound": "block"
+      }
+    ],
+    "auto_detect_interface": true
+  }
+}
+```

docs/examples/fakeip.zh.md

@@ -0,0 +1,105 @@
+```json
+{
+  "dns": {
+    "servers": [
+      {
+        "tag": "google",
+        "address": "tls://8.8.8.8"
+      },
+      {
+        "tag": "local",
+        "address": "223.5.5.5",
+        "detour": "direct"
+      },
+      {
+        "tag": "remote",
+        "address": "fakeip"
+      },
+      {
+        "tag": "block",
+        "address": "rcode://success"
+      }
+    ],
+    "rules": [
+      {
+        "geosite": "category-ads-all",
+        "server": "block",
+        "disable_cache": true
+      },
+      {
+        "outbound": "any",
+        "server": "local"
+      },
+      {
+        "geosite": "cn",
+        "server": "local"
+      },
+      {
+        "query_type": [
+          "A",
+          "AAAA"
+        ],
+        "server": "remote"
+      }
+    ],
+    "fakeip": {
+      "enabled": true,
+      "inet4_range": "198.18.0.0/15",
+      "inet6_range": "fc00::/18"
+    },
+    "strategy": "ipv4_only"
+  },
+  "inbounds": [
+    {
+      "type": "tun",
+      "inet4_address": "172.19.0.1/30",
+      "auto_route": true,
+      "sniff": true,
+      "domain_strategy": "ipv4_only" // 如果您想在远程解析域，删除此行 (如果服务器程序不为 sing-box，可能由于错误的行为导致 UDP 无法使用)。
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "shadowsocks",
+      "tag": "proxy",
+      "server": "mydomain.com",
+      "server_port": 8080,
+      "method": "2022-blake3-aes-128-gcm",
+      "password": "8JCsPssfgS8tiRwiMlhARg=="
+    },
+    {
+      "type": "direct",
+      "tag": "direct"
+    },
+    {
+      "type": "block",
+      "tag": "block"
+    },
+    {
+      "type": "dns",
+      "tag": "dns-out"
+    }
+  ],
+  "route": {
+    "rules": [
+      {
+        "protocol": "dns",
+        "outbound": "dns-out"
+      },
+      {
+        "geosite": "cn",
+        "geoip": [
+          "private",
+          "cn"
+        ],
+        "outbound": "direct"
+      },
+      {
+        "geosite": "category-ads-all",
+        "outbound": "block"
+      }
+    ],
+    "auto_detect_interface": true
+  }
+}
+```

docs/examples/index.md

@@ -9,3 +9,4 @@ Configuration examples for sing-box.
 * [ShadowTLS](./shadowtls)
 * [Clash API](./clash-api)
 * [WireGuard Direct](./wireguard-direct)
+* [FakeIP](./fakeip)

docs/examples/index.zh.md

@@ -9,3 +9,4 @@ sing-box 的配置示例。
 * [ShadowTLS](./shadowtls)
 * [Clash API](./clash-api)
 * [WireGuard Direct](./wireguard-direct)
+* [FakeIP](./fakeip)

docs/installation/clients/sfi.md

@@ -13,7 +13,7 @@ Experimental iOS client for sing-box.
 
 #### Note
 
-* User Agent in remote profile request is `SFA/$version ($version_code; sing-box $sing_box_version)`
+* User Agent in remote profile request is `SFI/$version ($version_code; sing-box $sing_box_version)`
 * Crash logs is located in `Settings` -> `View Service Log`
 
 #### Privacy policy

experimental/clashapi/cachefile/cache.go

@@ -14,10 +14,11 @@ var bucketSelected = []byte("selected")
 var _ adapter.ClashCacheFile = (*CacheFile)(nil)
 
 type CacheFile struct {
-	DB *bbolt.DB
+	DB      *bbolt.DB
+	cacheID []byte
 }
 
-func Open(path string) (*CacheFile, error) {
+func Open(path string, cacheID string) (*CacheFile, error) {
 	const fileMode = 0o666
 	options := bbolt.Options{Timeout: time.Second}
 	db, err := bbolt.Open(path, fileMode, &options)
@@ -31,13 +32,39 @@ func Open(path string) (*CacheFile, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &CacheFile{db}, nil
+	var cacheIDBytes []byte
+	if cacheID != "" {
+		cacheIDBytes = append([]byte{0}, []byte(cacheID)...)
+	}
+	return &CacheFile{db, cacheIDBytes}, nil
+}
+
+func (c *CacheFile) bucket(t *bbolt.Tx, key []byte) *bbolt.Bucket {
+	if c.cacheID == nil {
+		return t.Bucket(key)
+	}
+	bucket := t.Bucket(c.cacheID)
+	if bucket == nil {
+		return nil
+	}
+	return bucket.Bucket(key)
+}
+
+func (c *CacheFile) createBucket(t *bbolt.Tx, key []byte) (*bbolt.Bucket, error) {
+	if c.cacheID == nil {
+		return t.CreateBucketIfNotExists(key)
+	}
+	bucket, err := t.CreateBucketIfNotExists(c.cacheID)
+	if bucket == nil {
+		return nil, err
+	}
+	return bucket.CreateBucketIfNotExists(key)
 }
 
 func (c *CacheFile) LoadSelected(group string) string {
 	var selected string
 	c.DB.View(func(t *bbolt.Tx) error {
-		bucket := t.Bucket(bucketSelected)
+		bucket := c.bucket(t, bucketSelected)
 		if bucket == nil {
 			return nil
 		}
@@ -52,7 +79,7 @@ func (c *CacheFile) LoadSelected(group string) string {
 
 func (c *CacheFile) StoreSelected(group, selected string) error {
 	return c.DB.Batch(func(t *bbolt.Tx) error {
-		bucket, err := t.CreateBucketIfNotExists(bucketSelected)
+		bucket, err := c.createBucket(t, bucketSelected)
 		if err != nil {
 			return err
 		}

experimental/clashapi/connections.go

@@ -6,6 +6,7 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/json"
 	"github.com/sagernet/sing-box/experimental/clashapi/trafficontrol"
 	"github.com/sagernet/websocket"
@@ -14,10 +15,10 @@ import (
 	"github.com/go-chi/render"
 )
 
-func connectionRouter(trafficManager *trafficontrol.Manager) http.Handler {
+func connectionRouter(router adapter.Router, trafficManager *trafficontrol.Manager) http.Handler {
 	r := chi.NewRouter()
 	r.Get("/", getConnections(trafficManager))
-	r.Delete("/", closeAllConnections(trafficManager))
+	r.Delete("/", closeAllConnections(router, trafficManager))
 	r.Delete("/{id}", closeConnection(trafficManager))
 	return r
 }
@@ -86,12 +87,13 @@ func closeConnection(trafficManager *trafficontrol.Manager) func(w http.Response
 	}
 }
 
-func closeAllConnections(trafficManager *trafficontrol.Manager) func(w http.ResponseWriter, r *http.Request) {
+func closeAllConnections(router adapter.Router, trafficManager *trafficontrol.Manager) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		snapshot := trafficManager.Snapshot()
 		for _, c := range snapshot.Connections {
 			c.Close()
 		}
+		router.ResetNetwork()
 		render.NoContent(w, r)
 	}
 }

experimental/clashapi/proxies.go

@@ -134,7 +134,7 @@ func getProxies(server *Server, router adapter.Router) func(w http.ResponseWrite
 			defaultTag = allProxies[0]
 		}
 
-		sort.Slice(allProxies, func(i, j int) bool {
+		sort.SliceStable(allProxies, func(i, j int) bool {
 			return allProxies[i] == defaultTag
 		})
 

experimental/clashapi/server.go

@@ -48,6 +48,7 @@ type Server struct {
 	storeSelected  bool
 	storeFakeIP    bool
 	cacheFilePath  string
+	cacheID        string
 	cacheFile      adapter.ClashCacheFile
 
 	externalUI               string
@@ -88,6 +89,7 @@ func NewServer(ctx context.Context, router adapter.Router, logFactory log.Observ
 			cachePath = filemanager.BasePath(ctx, cachePath)
 		}
 		server.cacheFilePath = cachePath
+		server.cacheID = options.CacheID
 	}
 	cors := cors.New(cors.Options{
 		AllowedOrigins: []string{"*"},
@@ -105,7 +107,7 @@ func NewServer(ctx context.Context, router adapter.Router, logFactory log.Observ
 		r.Mount("/configs", configRouter(server, logFactory, server.logger))
 		r.Mount("/proxies", proxyRouter(server, router))
 		r.Mount("/rules", ruleRouter(router))
-		r.Mount("/connections", connectionRouter(trafficManager))
+		r.Mount("/connections", connectionRouter(router, trafficManager))
 		r.Mount("/providers/proxies", proxyProviderRouter())
 		r.Mount("/providers/rules", ruleProviderRouter())
 		r.Mount("/script", scriptRouter())
@@ -130,7 +132,7 @@ func NewServer(ctx context.Context, router adapter.Router, logFactory log.Observ
 
 func (s *Server) PreStart() error {
 	if s.cacheFilePath != "" {
-		cacheFile, err := cachefile.Open(s.cacheFilePath)
+		cacheFile, err := cachefile.Open(s.cacheFilePath, s.cacheID)
 		if err != nil {
 			return E.Cause(err, "open cache file")
 		}

experimental/clashapi/trafficontrol/tracker.go

@@ -7,9 +7,9 @@ import (
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/experimental/trackerconn"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/atomic"
+	"github.com/sagernet/sing/common/bufio"
 	N "github.com/sagernet/sing/common/network"
 
 	"github.com/gofrs/uuid/v5"
@@ -115,13 +115,13 @@ func NewTCPTracker(conn net.Conn, manager *Manager, metadata Metadata, router ad
 	download := new(atomic.Int64)
 
 	t := &tcpTracker{
-		ExtendedConn: trackerconn.NewHook(conn, func(n int64) {
+		ExtendedConn: bufio.NewCounterConn(conn, []N.CountFunc{func(n int64) {
 			upload.Add(n)
 			manager.PushUploaded(n)
-		}, func(n int64) {
+		}}, []N.CountFunc{func(n int64) {
 			download.Add(n)
 			manager.PushDownloaded(n)
-		}),
+		}}),
 		manager: manager,
 		trackerInfo: &trackerInfo{
 			UUID:          uuid,
@@ -202,13 +202,13 @@ func NewUDPTracker(conn N.PacketConn, manager *Manager, metadata Metadata, route
 	download := new(atomic.Int64)
 
 	ut := &udpTracker{
-		PacketConn: trackerconn.NewHookPacket(conn, func(n int64) {
+		PacketConn: bufio.NewCounterPacketConn(conn, []N.CountFunc{func(n int64) {
 			upload.Add(n)
 			manager.PushUploaded(n)
-		}, func(n int64) {
+		}}, []N.CountFunc{func(n int64) {
 			download.Add(n)
 			manager.PushDownloaded(n)
-		}),
+		}}),
 		manager: manager,
 		trackerInfo: &trackerInfo{
 			UUID:          uuid,

experimental/libbox/platform.go

@@ -18,6 +18,7 @@ type PlatformInterface interface {
 	CloseDefaultInterfaceMonitor(listener InterfaceUpdateListener) error
 	UsePlatformInterfaceGetter() bool
 	GetInterfaces() (NetworkInterfaceIterator, error)
+	UnderNetworkExtension() bool
 }
 
 type TunInterface interface {

experimental/libbox/platform/interface.go

@@ -22,6 +22,7 @@ type Interface interface {
 	CreateDefaultInterfaceMonitor(errorHandler E.Handler) tun.DefaultInterfaceMonitor
 	UsePlatformInterfaceGetter() bool
 	Interfaces() ([]NetworkInterface, error)
+	UnderNetworkExtension() bool
 	process.Searcher
 	io.Writer
 }

experimental/libbox/service.go

@@ -169,3 +169,7 @@ func (w *platformInterfaceWrapper) Interfaces() ([]platform.NetworkInterface, er
 	}
 	return interfaces, nil
 }
+
+func (w *platformInterfaceWrapper) UnderNetworkExtension() bool {
+	return w.iif.UnderNetworkExtension()
+}

experimental/trackerconn/conn.go

@@ -1,108 +0,0 @@
-package trackerconn
-
-import (
-	"net"
-
-	"github.com/sagernet/sing/common/atomic"
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func New(conn net.Conn, readCounter []*atomic.Int64, writeCounter []*atomic.Int64) *Conn {
-	return &Conn{bufio.NewExtendedConn(conn), readCounter, writeCounter}
-}
-
-func NewHook(conn net.Conn, readCounter func(n int64), writeCounter func(n int64)) *HookConn {
-	return &HookConn{bufio.NewExtendedConn(conn), readCounter, writeCounter}
-}
-
-type Conn struct {
-	N.ExtendedConn
-	readCounter  []*atomic.Int64
-	writeCounter []*atomic.Int64
-}
-
-func (c *Conn) Read(p []byte) (n int, err error) {
-	n, err = c.ExtendedConn.Read(p)
-	for _, counter := range c.readCounter {
-		counter.Add(int64(n))
-	}
-	return n, err
-}
-
-func (c *Conn) ReadBuffer(buffer *buf.Buffer) error {
-	err := c.ExtendedConn.ReadBuffer(buffer)
-	if err != nil {
-		return err
-	}
-	for _, counter := range c.readCounter {
-		counter.Add(int64(buffer.Len()))
-	}
-	return nil
-}
-
-func (c *Conn) Write(p []byte) (n int, err error) {
-	n, err = c.ExtendedConn.Write(p)
-	for _, counter := range c.writeCounter {
-		counter.Add(int64(n))
-	}
-	return n, err
-}
-
-func (c *Conn) WriteBuffer(buffer *buf.Buffer) error {
-	dataLen := int64(buffer.Len())
-	err := c.ExtendedConn.WriteBuffer(buffer)
-	if err != nil {
-		return err
-	}
-	for _, counter := range c.writeCounter {
-		counter.Add(dataLen)
-	}
-	return nil
-}
-
-func (c *Conn) Upstream() any {
-	return c.ExtendedConn
-}
-
-type HookConn struct {
-	N.ExtendedConn
-	readCounter  func(n int64)
-	writeCounter func(n int64)
-}
-
-func (c *HookConn) Read(p []byte) (n int, err error) {
-	n, err = c.ExtendedConn.Read(p)
-	c.readCounter(int64(n))
-	return n, err
-}
-
-func (c *HookConn) ReadBuffer(buffer *buf.Buffer) error {
-	err := c.ExtendedConn.ReadBuffer(buffer)
-	if err != nil {
-		return err
-	}
-	c.readCounter(int64(buffer.Len()))
-	return nil
-}
-
-func (c *HookConn) Write(p []byte) (n int, err error) {
-	n, err = c.ExtendedConn.Write(p)
-	c.writeCounter(int64(n))
-	return n, err
-}
-
-func (c *HookConn) WriteBuffer(buffer *buf.Buffer) error {
-	dataLen := int64(buffer.Len())
-	err := c.ExtendedConn.WriteBuffer(buffer)
-	if err != nil {
-		return err
-	}
-	c.writeCounter(dataLen)
-	return nil
-}
-
-func (c *HookConn) Upstream() any {
-	return c.ExtendedConn
-}

experimental/trackerconn/packet_conn.go

@@ -1,76 +0,0 @@
-package trackerconn
-
-import (
-	"github.com/sagernet/sing/common/atomic"
-	"github.com/sagernet/sing/common/buf"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func NewPacket(conn N.PacketConn, readCounter []*atomic.Int64, writeCounter []*atomic.Int64) *PacketConn {
-	return &PacketConn{conn, readCounter, writeCounter}
-}
-
-func NewHookPacket(conn N.PacketConn, readCounter func(n int64), writeCounter func(n int64)) *HookPacketConn {
-	return &HookPacketConn{conn, readCounter, writeCounter}
-}
-
-type PacketConn struct {
-	N.PacketConn
-	readCounter  []*atomic.Int64
-	writeCounter []*atomic.Int64
-}
-
-func (c *PacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	destination, err = c.PacketConn.ReadPacket(buffer)
-	if err == nil {
-		for _, counter := range c.readCounter {
-			counter.Add(int64(buffer.Len()))
-		}
-	}
-	return
-}
-
-func (c *PacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	dataLen := int64(buffer.Len())
-	err := c.PacketConn.WritePacket(buffer, destination)
-	if err != nil {
-		return err
-	}
-	for _, counter := range c.writeCounter {
-		counter.Add(dataLen)
-	}
-	return nil
-}
-
-func (c *PacketConn) Upstream() any {
-	return c.PacketConn
-}
-
-type HookPacketConn struct {
-	N.PacketConn
-	readCounter  func(n int64)
-	writeCounter func(n int64)
-}
-
-func (c *HookPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
-	destination, err = c.PacketConn.ReadPacket(buffer)
-	if err == nil {
-		c.readCounter(int64(buffer.Len()))
-	}
-	return
-}
-
-func (c *HookPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
-	dataLen := int64(buffer.Len())
-	err := c.PacketConn.WritePacket(buffer, destination)
-	if err != nil {
-		return err
-	}
-	c.writeCounter(dataLen)
-	return nil
-}
-
-func (c *HookPacketConn) Upstream() any {
-	return c.PacketConn
-}

experimental/v2rayapi/stats.go

@@ -10,9 +10,9 @@ import (
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/experimental/trackerconn"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing/common/atomic"
+	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
 )
@@ -83,7 +83,7 @@ func (s *StatsService) RoutedConnection(inbound string, outbound string, user st
 		writeCounter = append(writeCounter, s.loadOrCreateCounter("user>>>"+user+">>>traffic>>>downlink"))
 	}
 	s.access.Unlock()
-	return trackerconn.New(conn, readCounter, writeCounter)
+	return bufio.NewInt64CounterConn(conn, readCounter, writeCounter)
 }
 
 func (s *StatsService) RoutedPacketConnection(inbound string, outbound string, user string, conn N.PacketConn) N.PacketConn {
@@ -109,7 +109,7 @@ func (s *StatsService) RoutedPacketConnection(inbound string, outbound string, u
 		writeCounter = append(writeCounter, s.loadOrCreateCounter("user>>>"+user+">>>traffic>>>downlink"))
 	}
 	s.access.Unlock()
-	return trackerconn.NewPacket(conn, readCounter, writeCounter)
+	return bufio.NewInt64CounterPacketConn(conn, readCounter, writeCounter)
 }
 
 func (s *StatsService) GetStats(ctx context.Context, request *GetStatsRequest) (*GetStatsResponse, error) {

go.mod

@@ -4,7 +4,7 @@ go 1.18
 
 require (
 	berty.tech/go-libtor v1.0.385
-	github.com/Dreamacro/clash v1.15.0
+	github.com/Dreamacro/clash v1.15.1
 	github.com/caddyserver/certmagic v0.17.2
 	github.com/cretz/bine v0.2.0
 	github.com/dustin/go-humanize v1.0.1
@@ -13,11 +13,10 @@ require (
 	github.com/go-chi/cors v1.2.1
 	github.com/go-chi/render v1.0.2
 	github.com/gofrs/uuid/v5 v5.0.0
-	github.com/hashicorp/yamux v0.1.1
 	github.com/insomniacslk/dhcp v0.0.0-20230407062729-974c6f05fe16
 	github.com/logrusorgru/aurora v2.0.3+incompatible
 	github.com/mholt/acmez v1.1.0
-	github.com/miekg/dns v1.1.53
+	github.com/miekg/dns v1.1.54
 	github.com/ooni/go-libtor v1.1.7
 	github.com/oschwald/maxminddb-golang v1.10.0
 	github.com/pires/go-proxyproto v0.7.0
@@ -25,11 +24,13 @@ require (
 	github.com/sagernet/gomobile v0.0.0-20230413023804-244d7ff07035
 	github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691
-	github.com/sagernet/sing v0.2.4
-	github.com/sagernet/sing-dns v0.1.5-0.20230415085626-111ecf799dfc
-	github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507
-	github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b
-	github.com/sagernet/sing-tun v0.1.5-0.20230422121432-209ec123ca7b
+	github.com/sagernet/sing v0.2.5-0.20230517124404-be6013893626
+	github.com/sagernet/sing-dns v0.1.5-0.20230426113254-25d948c44223
+	github.com/sagernet/sing-mux v0.0.0-20230517134606-1ebe6bb26646
+	github.com/sagernet/sing-shadowsocks v0.2.2-0.20230509053848-d83f8fe1194c
+	github.com/sagernet/sing-shadowsocks2 v0.0.0-20230605050515-45409ce8283d
+	github.com/sagernet/sing-shadowtls v0.1.2-0.20230531025805-ebadc7615da3
+	github.com/sagernet/sing-tun v0.1.5-0.20230520041100-b02f2529160e
 	github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3
 	github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37
 	github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9
@@ -42,10 +43,10 @@ require (
 	go.uber.org/zap v1.24.0
 	go4.org/netipx v0.0.0-20230303233057-f1b76eb4bb35
 	golang.org/x/crypto v0.8.0
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29
+	golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53
 	golang.org/x/net v0.9.0
 	golang.org/x/sys v0.7.0
-	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde
+	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6
 	google.golang.org/grpc v1.54.0
 	google.golang.org/protobuf v1.30.0
 	gvisor.dev/gvisor v0.0.0-20230415003630-3981d5d5e523
@@ -58,11 +59,13 @@ require (
 	github.com/andybalholm/brotli v1.0.5 // indirect
 	github.com/cloudflare/circl v1.2.1-0.20221019164342-6ab4dfed8f3c // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
 	github.com/golang/mock v1.6.0 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/native v1.1.0 // indirect
 	github.com/klauspost/compress v1.15.15 // indirect
@@ -78,6 +81,7 @@ require (
 	github.com/quic-go/qtls-go1-20 v0.1.0 // indirect
 	github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 // indirect
 	github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect
+	github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923 // indirect
 	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect

go.sum

@@ -1,7 +1,7 @@
 berty.tech/go-libtor v1.0.385 h1:RWK94C3hZj6Z2GdvePpHJLnWYobFr3bY/OdUJ5aoEXw=
 berty.tech/go-libtor v1.0.385/go.mod h1:9swOOQVb+kmvuAlsgWUK/4c52pm69AdbJsxLzk+fJEw=
-github.com/Dreamacro/clash v1.15.0 h1:mlpD950VEggXZBNahV66hyKDRxcczkj3vymoAt78KyE=
-github.com/Dreamacro/clash v1.15.0/go.mod h1:WNH69bN11LiAdgdSr4hpkEuXVMfBbWyhEKMCTx9BtNE=
+github.com/Dreamacro/clash v1.15.1 h1:AwwtrVYbeXg9ZCxpPxAurGXwaR3FxDdHv3rB/vAGXj4=
+github.com/Dreamacro/clash v1.15.1/go.mod h1:WNH69bN11LiAdgdSr4hpkEuXVMfBbWyhEKMCTx9BtNE=
 github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
 github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
 github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
@@ -31,6 +31,8 @@ github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
 github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-chi/render v1.0.2 h1:4ER/udB0+fMWB2Jlf15RV3F4A2FDuYi/9f+lFttR/Lg=
 github.com/go-chi/render v1.0.2/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0=
+github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/gofrs/uuid/v5 v5.0.0 h1:p544++a97kEL+svbcFbCQVM9KFu0Yo25UoISXGNNH9M=
@@ -70,8 +72,8 @@ github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczG
 github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/mholt/acmez v1.1.0 h1:IQ9CGHKOHokorxnffsqDvmmE30mDenO1lptYZ1AYkHY=
 github.com/mholt/acmez v1.1.0/go.mod h1:zwo5+fbLLTowAX8o8ETfQzbDtwGEXnPhkmGdKIP+bgs=
-github.com/miekg/dns v1.1.53 h1:ZBkuHr5dxHtB1caEOlZTLPo7D3L3TWckgUUs/RHfDxw=
-github.com/miekg/dns v1.1.53/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI=
+github.com/miekg/dns v1.1.54/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI=
@@ -111,16 +113,20 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing v0.2.4 h1:gC8BR5sglbJZX23RtMyFa8EETP9YEUADhfbEzU1yVbo=
-github.com/sagernet/sing v0.2.4/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
-github.com/sagernet/sing-dns v0.1.5-0.20230415085626-111ecf799dfc h1:hmbuqKv48SAjiKPoqtJGvS5pEHVPZjTHq9CPwQY2cZ4=
-github.com/sagernet/sing-dns v0.1.5-0.20230415085626-111ecf799dfc/go.mod h1:ZKuuqgsHRxDahYrzgSgy4vIAGGuKPlIf4hLcNzYzLkY=
-github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507 h1:bAHZCdWqJkb8LEW98+YsMVDXGRMUVjka8IC+St6ot88=
-github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507/go.mod h1:UJjvQGw0lyYaDGIDvUraL16fwaAEH1WFw1Y6sUcMPog=
-github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b h1:ouW/6IDCrxkBe19YSbdCd7buHix7b+UZ6BM4Zz74XF4=
-github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b/go.mod h1:oG8bPerYI6cZ74KquY3DvA7ynECyrILPBnce6wtBqeI=
-github.com/sagernet/sing-tun v0.1.5-0.20230422121432-209ec123ca7b h1:9NsciSJGwzdkXwVvT2c2g+RvkTVkANeBLr2l+soJ7LM=
-github.com/sagernet/sing-tun v0.1.5-0.20230422121432-209ec123ca7b/go.mod h1:DD7Ce2Gt0GFc6I/1+Uw4D/aUlBsGqrQsC52CMK/V818=
+github.com/sagernet/sing v0.2.5-0.20230517124404-be6013893626 h1:2TlOqs05+PXadWOubVBhXM27/UaI1If2k/ISjtYZiPE=
+github.com/sagernet/sing v0.2.5-0.20230517124404-be6013893626/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
+github.com/sagernet/sing-dns v0.1.5-0.20230426113254-25d948c44223 h1:L4eMuM07iSHY3UCknFnuFuHoe5clZuF2Xnf2wwA6Lwc=
+github.com/sagernet/sing-dns v0.1.5-0.20230426113254-25d948c44223/go.mod h1:ZKuuqgsHRxDahYrzgSgy4vIAGGuKPlIf4hLcNzYzLkY=
+github.com/sagernet/sing-mux v0.0.0-20230517134606-1ebe6bb26646 h1:X3ADfMqeGns1Q1FlXc9kaL9FwW1UM6D6tEQo8jFstpc=
+github.com/sagernet/sing-mux v0.0.0-20230517134606-1ebe6bb26646/go.mod h1:pF+RnLvCAOhECrvauy6LYOpBakJ/vuaF1Wm4lPsWryI=
+github.com/sagernet/sing-shadowsocks v0.2.2-0.20230509053848-d83f8fe1194c h1:EiQ+i4gdPpSI8D2YUlOeBZA3R1ZGi0ShSLSXoSd/13A=
+github.com/sagernet/sing-shadowsocks v0.2.2-0.20230509053848-d83f8fe1194c/go.mod h1:UJjvQGw0lyYaDGIDvUraL16fwaAEH1WFw1Y6sUcMPog=
+github.com/sagernet/sing-shadowsocks2 v0.0.0-20230605050515-45409ce8283d h1:obf7pm6aRav465lIGPGN8fx8pD8iWg15RQhwGwkyNNc=
+github.com/sagernet/sing-shadowsocks2 v0.0.0-20230605050515-45409ce8283d/go.mod h1:i6Eoor37Cy4JKBcelMMFfUVBNjqRYuvcqOBjUI3Zw80=
+github.com/sagernet/sing-shadowtls v0.1.2-0.20230531025805-ebadc7615da3 h1:PNwJs1F+3e/iZguYQR7YzxsH8Sm0Eu7vVuHawD89r34=
+github.com/sagernet/sing-shadowtls v0.1.2-0.20230531025805-ebadc7615da3/go.mod h1:oG8bPerYI6cZ74KquY3DvA7ynECyrILPBnce6wtBqeI=
+github.com/sagernet/sing-tun v0.1.5-0.20230520041100-b02f2529160e h1:fivkzQowiOPBafklJmNePBu/sr83rsY5SuSakvoJ2A0=
+github.com/sagernet/sing-tun v0.1.5-0.20230520041100-b02f2529160e/go.mod h1:6yju6cNdTow38IZHwcbFA3lHnHeSd5HG/zCzHyaxScI=
 github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3 h1:BHOnxrbC929JonuKqFdJ7ZbDp7zs4oTlH5KFvKtWu9U=
 github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3/go.mod h1:yKrAr+dqZd64DxBXCHWrYicp+n4qbqO73mtwv3dck8U=
 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as=
@@ -133,6 +139,8 @@ github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e h1:7uw2njHFGE+V
 github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e/go.mod h1:45TUl8+gH4SIKr4ykREbxKWTxkDlSzFENzctB1dVRRY=
 github.com/sagernet/wireguard-go v0.0.0-20230420044414-a7bac1754e77 h1:g6QtRWQ2dKX7EQP++1JLNtw4C2TNxd4/ov8YUpOPOSo=
 github.com/sagernet/wireguard-go v0.0.0-20230420044414-a7bac1754e77/go.mod h1:pJDdXzZIwJ+2vmnT0TKzmf8meeum+e2mTDSehw79eE0=
+github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg=
+github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s=
 github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -170,8 +178,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
 golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 h1:5llv2sWeaMSnA3w2kS57ouQQ4pudlXrR0dCgw51QK9o=
+golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
@@ -188,6 +196,7 @@ golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -219,8 +228,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde h1:ybF7AMzIUikL9x4LgwEmzhXtzRpKNqngme1VGDWz+Nk=
-golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde/go.mod h1:mQqgjkW8GQQcJQsbBvK890TKqUK1DfKWkuBGbOkuMHQ=
+golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6 h1:CawjfCvYQH2OU3/TnxLx97WDSUDRABfT18pCOYwc2GE=
+golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6/go.mod h1:3rxYc4HtVcSG9gVaTs2GEBdehh+sYPOwKtyUWEOTb80=
 google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w=
 google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=

mkdocs.yml

@@ -115,6 +115,7 @@ nav:
       - ShadowTLS: examples/shadowtls.md
       - Clash API: examples/clash-api.md
       - WireGuard Direct: examples/wireguard-direct.md
+      - FakeIP: examples/fakeip.md
   - Contributing:
       - contributing/index.md
       - Developing:
@@ -147,6 +148,7 @@ extra:
       link: https://github.com/SagerNet/sing-box
   generator: false
 plugins:
+  - search
   - i18n:
       default_language: en
       languages:
@@ -192,4 +194,4 @@ plugins:
           Known Issues: 已知问题
           Examples: 示例
           Linux Server Installation: Linux 服务器安装
-          DNS Hijack: DNS 劫持
+          DNS Hijack: DNS 劫持

option/clash.go

@@ -10,6 +10,7 @@ type ClashAPIOptions struct {
 	StoreSelected            bool   `json:"store_selected,omitempty"`
 	StoreFakeIP              bool   `json:"store_fakeip,omitempty"`
 	CacheFile                string `json:"cache_file,omitempty"`
+	CacheID                  string `json:"cache_id,omitempty"`
 }
 
 type SelectorOutboundOptions struct {

option/dns.go

@@ -20,9 +20,10 @@ type DNSServerOptions struct {
 }
 
 type DNSClientOptions struct {
-	Strategy      DomainStrategy `json:"strategy,omitempty"`
-	DisableCache  bool           `json:"disable_cache,omitempty"`
-	DisableExpire bool           `json:"disable_expire,omitempty"`
+	Strategy         DomainStrategy `json:"strategy,omitempty"`
+	DisableCache     bool           `json:"disable_cache,omitempty"`
+	DisableExpire    bool           `json:"disable_expire,omitempty"`
+	IndependentCache bool           `json:"independent_cache,omitempty"`
 }
 
 type DNSFakeIPOptions struct {

option/vless.go

@@ -20,6 +20,7 @@ type VLESSOutboundOptions struct {
 	Flow           string                 `json:"flow,omitempty"`
 	Network        NetworkList            `json:"network,omitempty"`
 	TLS            *OutboundTLSOptions    `json:"tls,omitempty"`
+	Multiplex      *MultiplexOptions      `json:"multiplex,omitempty"`
 	Transport      *V2RayTransportOptions `json:"transport,omitempty"`
 	PacketEncoding *string                `json:"packet_encoding,omitempty"`
 }

outbound/dns.go

@@ -11,6 +11,7 @@ import (
 	"github.com/sagernet/sing-dns"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
 	"github.com/sagernet/sing/common/canceler"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
@@ -101,29 +102,142 @@ func (d *DNS) handleConnection(ctx context.Context, conn net.Conn, metadata adap
 }
 
 func (d *DNS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
+	var reader N.PacketReader = conn
+	var counters []N.CountFunc
+	var cachedPackets []*N.PacketBuffer
+	for {
+		reader, counters = N.UnwrapCountPacketReader(reader, counters)
+		if cachedReader, isCached := reader.(N.CachedPacketReader); isCached {
+			packet := cachedReader.ReadCachedPacket()
+			if packet != nil {
+				cachedPackets = append(cachedPackets, packet)
+				continue
+			}
+		}
+		if readWaiter, created := bufio.CreatePacketReadWaiter(reader); created {
+			return d.newPacketConnection(ctx, conn, readWaiter, counters, cachedPackets, metadata)
+		}
+		break
+	}
 	ctx = adapter.WithContext(ctx, &metadata)
 	fastClose, cancel := common.ContextWithCancelCause(ctx)
 	timeout := canceler.New(fastClose, cancel, C.DNSTimeout)
 	var group task.Group
 	group.Append0(func(ctx context.Context) error {
-		_buffer := buf.StackNewSize(dns.FixedPacketSize)
-		defer common.KeepAlive(_buffer)
-		buffer := common.Dup(_buffer)
-		defer buffer.Release()
 		for {
-			buffer.FullReset()
-			destination, err := conn.ReadPacket(buffer)
-			if err != nil {
-				cancel(err)
-				return err
-			}
 			var message mDNS.Msg
-			err = message.Unpack(buffer.Bytes())
-			if err != nil {
-				cancel(err)
-				return err
+			var destination M.Socksaddr
+			var err error
+			if len(cachedPackets) > 0 {
+				packet := cachedPackets[0]
+				cachedPackets = cachedPackets[1:]
+				for _, counter := range counters {
+					counter(int64(packet.Buffer.Len()))
+				}
+				err = message.Unpack(packet.Buffer.Bytes())
+				packet.Buffer.Release()
+				if err != nil {
+					cancel(err)
+					return err
+				}
+				destination = packet.Destination
+			} else {
+				buffer := buf.NewPacket()
+				destination, err = conn.ReadPacket(buffer)
+				if err != nil {
+					buffer.Release()
+					cancel(err)
+					return err
+				}
+				for _, counter := range counters {
+					counter(int64(buffer.Len()))
+				}
+				err = message.Unpack(buffer.Bytes())
+				buffer.Release()
+				if err != nil {
+					cancel(err)
+					return err
+				}
+				timeout.Update()
+			}
+			metadataInQuery := metadata
+			go func() error {
+				response, err := d.router.Exchange(adapter.WithContext(ctx, &metadataInQuery), &message)
+				if err != nil {
+					cancel(err)
+					return err
+				}
+				timeout.Update()
+				responseBuffer := buf.NewPacket()
+				n, err := response.PackBuffer(responseBuffer.FreeBytes())
+				if err != nil {
+					cancel(err)
+					responseBuffer.Release()
+					return err
+				}
+				responseBuffer.Truncate(len(n))
+				err = conn.WritePacket(responseBuffer, destination)
+				if err != nil {
+					cancel(err)
+				}
+				return err
+			}()
+		}
+	})
+	group.Cleanup(func() {
+		conn.Close()
+	})
+	return group.Run(fastClose)
+}
+
+func (d *DNS) newPacketConnection(ctx context.Context, conn N.PacketConn, readWaiter N.PacketReadWaiter, readCounters []N.CountFunc, cached []*N.PacketBuffer, metadata adapter.InboundContext) error {
+	ctx = adapter.WithContext(ctx, &metadata)
+	fastClose, cancel := common.ContextWithCancelCause(ctx)
+	timeout := canceler.New(fastClose, cancel, C.DNSTimeout)
+	var group task.Group
+	group.Append0(func(ctx context.Context) error {
+		var buffer *buf.Buffer
+		readWaiter.InitializeReadWaiter(func() *buf.Buffer {
+			buffer = buf.NewSize(dns.FixedPacketSize)
+			buffer.FullReset()
+			return buffer
+		})
+		defer readWaiter.InitializeReadWaiter(nil)
+		for {
+			var message mDNS.Msg
+			var destination M.Socksaddr
+			var err error
+			if len(cached) > 0 {
+				packet := cached[0]
+				cached = cached[1:]
+				for _, counter := range readCounters {
+					counter(int64(packet.Buffer.Len()))
+				}
+				err = message.Unpack(packet.Buffer.Bytes())
+				packet.Buffer.Release()
+				if err != nil {
+					cancel(err)
+					return err
+				}
+				destination = packet.Destination
+			} else {
+				destination, err = readWaiter.WaitReadPacket()
+				if err != nil {
+					buffer.Release()
+					cancel(err)
+					return err
+				}
+				for _, counter := range readCounters {
+					counter(int64(buffer.Len()))
+				}
+				err = message.Unpack(buffer.Bytes())
+				buffer.Release()
+				if err != nil {
+					cancel(err)
+					return err
+				}
+				timeout.Update()
 			}
-			timeout.Update()
 			metadataInQuery := metadata
 			go func() error {
 				response, err := d.router.Exchange(adapter.WithContext(ctx, &metadataInQuery), &message)

outbound/shadowsocks.go

@@ -11,8 +11,7 @@ import (
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-box/transport/sip003"
-	"github.com/sagernet/sing-shadowsocks"
-	"github.com/sagernet/sing-shadowsocks/shadowimpl"
+	"github.com/sagernet/sing-shadowsocks2"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
@@ -34,7 +33,9 @@ type Shadowsocks struct {
 }
 
 func NewShadowsocks(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.ShadowsocksOutboundOptions) (*Shadowsocks, error) {
-	method, err := shadowimpl.FetchMethod(options.Method, options.Password, router.TimeFunc())
+	method, err := shadowsocks.CreateMethod(ctx, options.Method, shadowsocks.MethodOptions{
+		Password: options.Password,
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -58,7 +59,7 @@ func NewShadowsocks(ctx context.Context, router adapter.Router, logger log.Conte
 	}
 	uotOptions := common.PtrValueOrDefault(options.UDPOverTCPOptions)
 	if !uotOptions.Enabled {
-		outbound.multiplexDialer, err = mux.NewClientWithOptions(ctx, (*shadowsocksDialer)(outbound), common.PtrValueOrDefault(options.MultiplexOptions))
+		outbound.multiplexDialer, err = mux.NewClientWithOptions((*shadowsocksDialer)(outbound), common.PtrValueOrDefault(options.MultiplexOptions))
 		if err != nil {
 			return nil, err
 		}

outbound/trojan.go

@@ -58,7 +58,7 @@ func NewTrojan(ctx context.Context, router adapter.Router, logger log.ContextLog
 			return nil, E.Cause(err, "create client transport: ", options.Transport.Type)
 		}
 	}
-	outbound.multiplexDialer, err = mux.NewClientWithOptions(ctx, (*trojanDialer)(outbound), common.PtrValueOrDefault(options.Multiplex))
+	outbound.multiplexDialer, err = mux.NewClientWithOptions((*trojanDialer)(outbound), common.PtrValueOrDefault(options.Multiplex))
 	if err != nil {
 		return nil, err
 	}

outbound/urltest.go

@@ -233,7 +233,7 @@ func (g *URLTestGroup) Fallback(used adapter.Outbound) []adapter.Outbound {
 			outbounds = append(outbounds, detour)
 		}
 	}
-	sort.Slice(outbounds, func(i, j int) bool {
+	sort.SliceStable(outbounds, func(i, j int) bool {
 		oi := outbounds[i]
 		oj := outbounds[j]
 		hi := g.history.LoadURLTestHistory(RealTag(oi))

outbound/vless.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/dialer"
+	"github.com/sagernet/sing-box/common/mux"
 	"github.com/sagernet/sing-box/common/tls"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
@@ -24,13 +25,14 @@ var _ adapter.Outbound = (*VLESS)(nil)
 
 type VLESS struct {
 	myOutboundAdapter
-	dialer     N.Dialer
-	client     *vless.Client
-	serverAddr M.Socksaddr
-	tlsConfig  tls.Config
-	transport  adapter.V2RayClientTransport
-	packetAddr bool
-	xudp       bool
+	dialer          N.Dialer
+	client          *vless.Client
+	serverAddr      M.Socksaddr
+	multiplexDialer *mux.Client
+	tlsConfig       tls.Config
+	transport       adapter.V2RayClientTransport
+	packetAddr      bool
+	xudp            bool
 }
 
 func NewVLESS(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.VLESSOutboundOptions) (*VLESS, error) {
@@ -75,10 +77,65 @@ func NewVLESS(ctx context.Context, router adapter.Router, logger log.ContextLogg
 	if err != nil {
 		return nil, err
 	}
+	outbound.multiplexDialer, err = mux.NewClientWithOptions((*vlessDialer)(outbound), common.PtrValueOrDefault(options.Multiplex))
+	if err != nil {
+		return nil, err
+	}
 	return outbound, nil
 }
 
 func (h *VLESS) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	if h.multiplexDialer == nil {
+		switch N.NetworkName(network) {
+		case N.NetworkTCP:
+			h.logger.InfoContext(ctx, "outbound connection to ", destination)
+		case N.NetworkUDP:
+			h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
+		}
+		return (*vlessDialer)(h).DialContext(ctx, network, destination)
+	} else {
+		switch N.NetworkName(network) {
+		case N.NetworkTCP:
+			h.logger.InfoContext(ctx, "outbound multiplex connection to ", destination)
+		case N.NetworkUDP:
+			h.logger.InfoContext(ctx, "outbound multiplex packet connection to ", destination)
+		}
+		return h.multiplexDialer.DialContext(ctx, network, destination)
+	}
+}
+
+func (h *VLESS) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	if h.multiplexDialer == nil {
+		h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
+		return (*vlessDialer)(h).ListenPacket(ctx, destination)
+	} else {
+		h.logger.InfoContext(ctx, "outbound multiplex packet connection to ", destination)
+		return h.multiplexDialer.ListenPacket(ctx, destination)
+	}
+}
+
+func (h *VLESS) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
+	return NewConnection(ctx, h, conn, metadata)
+}
+
+func (h *VLESS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
+	return NewPacketConnection(ctx, h, conn, metadata)
+}
+
+func (h *VLESS) InterfaceUpdated() error {
+	if h.multiplexDialer != nil {
+		h.multiplexDialer.Reset()
+	}
+	return nil
+}
+
+func (h *VLESS) Close() error {
+	return common.Close(common.PtrOrNil(h.multiplexDialer), h.transport)
+}
+
+type vlessDialer VLESS
+
+func (h *vlessDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
 	ctx, metadata := adapter.AppendContext(ctx)
 	metadata.Outbound = h.tag
 	metadata.Destination = destination
@@ -120,7 +177,7 @@ func (h *VLESS) DialContext(ctx context.Context, network string, destination M.S
 	}
 }
 
-func (h *VLESS) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+func (h *vlessDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
 	h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
 	ctx, metadata := adapter.AppendContext(ctx)
 	metadata.Outbound = h.tag
@@ -154,15 +211,3 @@ func (h *VLESS) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.
 		return h.client.DialEarlyPacketConn(conn, destination)
 	}
 }
-
-func (h *VLESS) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
-	return NewConnection(ctx, h, conn, metadata)
-}
-
-func (h *VLESS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
-	return NewPacketConnection(ctx, h, conn, metadata)
-}
-
-func (h *VLESS) Close() error {
-	return common.Close(h.transport)
-}

outbound/vmess.go

@@ -59,7 +59,7 @@ func NewVMess(ctx context.Context, router adapter.Router, logger log.ContextLogg
 			return nil, E.Cause(err, "create client transport: ", options.Transport.Type)
 		}
 	}
-	outbound.multiplexDialer, err = mux.NewClientWithOptions(ctx, (*vmessDialer)(outbound), common.PtrValueOrDefault(options.Multiplex))
+	outbound.multiplexDialer, err = mux.NewClientWithOptions((*vmessDialer)(outbound), common.PtrValueOrDefault(options.Multiplex))
 	if err != nil {
 		return nil, err
 	}

route/router.go

@@ -113,7 +113,12 @@ func NewRouter(
 		defaultMark:           options.DefaultMark,
 		platformInterface:     platformInterface,
 	}
-	router.dnsClient = dns.NewClient(dnsOptions.DNSClientOptions.DisableCache, dnsOptions.DNSClientOptions.DisableExpire, router.dnsLogger)
+	router.dnsClient = dns.NewClient(dns.ClientOptions{
+		DisableCache:     dnsOptions.DNSClientOptions.DisableCache,
+		DisableExpire:    dnsOptions.DNSClientOptions.DisableExpire,
+		IndependentCache: dnsOptions.DNSClientOptions.IndependentCache,
+		Logger:           router.dnsLogger,
+	})
 	for i, ruleOptions := range options.Rules {
 		routeRule, err := NewRule(router, router.logger, ruleOptions)
 		if err != nil {
@@ -274,7 +279,8 @@ func NewRouter(
 				router.networkMonitor = networkMonitor
 				networkMonitor.RegisterCallback(router.interfaceFinder.update)
 				interfaceMonitor, err := tun.NewDefaultInterfaceMonitor(router.networkMonitor, tun.DefaultInterfaceMonitorOptions{
-					OverrideAndroidVPN: options.OverrideAndroidVPN,
+					OverrideAndroidVPN:    options.OverrideAndroidVPN,
+					UnderNetworkExtension: platformInterface != nil && platformInterface.UnderNetworkExtension(),
 				})
 				if err != nil {
 					return nil, E.New("auto_detect_interface unsupported on current platform")
@@ -598,7 +604,8 @@ func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata ad
 	switch metadata.Destination.Fqdn {
 	case mux.Destination.Fqdn:
 		r.logger.InfoContext(ctx, "inbound multiplex connection")
-		return mux.NewConnection(ctx, r, r, r.logger, conn, metadata)
+		handler := adapter.NewUpstreamHandler(metadata, r.RouteConnection, r.RoutePacketConnection, r)
+		return mux.HandleConnection(ctx, handler, r.logger, conn, adapter.UpstreamMetadata(metadata))
 	case vmess.MuxDestination.Fqdn:
 		r.logger.InfoContext(ctx, "inbound legacy multiplex connection")
 		return vmess.HandleMuxConnection(ctx, conn, adapter.NewUpstreamHandler(metadata, r.RouteConnection, r.RoutePacketConnection, r))
@@ -987,9 +994,22 @@ func (r *Router) notifyNetworkUpdate(int) error {
 		r.logger.Info("updated default interface ", r.interfaceMonitor.DefaultInterfaceName(netip.IPv4Unspecified()), ", index ", r.interfaceMonitor.DefaultInterfaceIndex(netip.IPv4Unspecified()))
 	}
 
-	if conntrack.Enabled {
-		conntrack.Close()
-	}
+	conntrack.Close()
+
+	for _, outbound := range r.outbounds {
+		listener, isListener := outbound.(adapter.InterfaceUpdateListener)
+		if isListener {
+			err := listener.InterfaceUpdated()
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (r *Router) ResetNetwork() error {
+	conntrack.Close()
 
 	for _, outbound := range r.outbounds {
 		listener, isListener := outbound.(adapter.InterfaceUpdateListener)

route/router_dns.go

@@ -73,23 +73,31 @@ func (r *Router) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, er
 	if len(message.Question) > 0 {
 		r.dnsLogger.DebugContext(ctx, "exchange ", formatQuestion(message.Question[0].String()))
 	}
-	ctx, metadata := adapter.AppendContext(ctx)
-	if len(message.Question) > 0 {
-		metadata.QueryType = message.Question[0].Qtype
-		switch metadata.QueryType {
-		case mDNS.TypeA:
-			metadata.IPVersion = 4
-		case mDNS.TypeAAAA:
-			metadata.IPVersion = 6
+	var (
+		response *mDNS.Msg
+		cached   bool
+		err      error
+	)
+	response, cached = r.dnsClient.ExchangeCache(ctx, message)
+	if !cached {
+		ctx, metadata := adapter.AppendContext(ctx)
+		if len(message.Question) > 0 {
+			metadata.QueryType = message.Question[0].Qtype
+			switch metadata.QueryType {
+			case mDNS.TypeA:
+				metadata.IPVersion = 4
+			case mDNS.TypeAAAA:
+				metadata.IPVersion = 6
+			}
+			metadata.Domain = fqdnToDomain(message.Question[0].Name)
+		}
+		ctx, transport, strategy := r.matchDNS(ctx)
+		ctx, cancel := context.WithTimeout(ctx, C.DNSTimeout)
+		defer cancel()
+		response, err = r.dnsClient.Exchange(ctx, transport, message, strategy)
+		if err != nil && len(message.Question) > 0 {
+			r.dnsLogger.ErrorContext(ctx, E.Cause(err, "exchange failed for ", formatQuestion(message.Question[0].String())))
 		}
-		metadata.Domain = fqdnToDomain(message.Question[0].Name)
-	}
-	ctx, transport, strategy := r.matchDNS(ctx)
-	ctx, cancel := context.WithTimeout(ctx, C.DNSTimeout)
-	defer cancel()
-	response, err := r.dnsClient.Exchange(ctx, transport, message, strategy)
-	if err != nil && len(message.Question) > 0 {
-		r.dnsLogger.ErrorContext(ctx, E.Cause(err, "exchange failed for ", formatQuestion(message.Question[0].String())))
 	}
 	if len(message.Question) > 0 && response != nil {
 		LogDNSAnswers(r.dnsLogger, ctx, message.Question[0].Name, response.Answer)

test/go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/docker/docker v20.10.18+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/gofrs/uuid/v5 v5.0.0
-	github.com/sagernet/sing v0.2.4
+	github.com/sagernet/sing v0.2.5-0.20230423085534-0902e6216207
 	github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507
 	github.com/spyzhov/ajson v0.7.1
 	github.com/stretchr/testify v1.8.2
@@ -71,6 +71,7 @@ require (
 	github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32 // indirect
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 // indirect
 	github.com/sagernet/sing-dns v0.1.5-0.20230415085626-111ecf799dfc // indirect
+	github.com/sagernet/sing-mux v0.0.0-20230424015424-9b0d527c3bb0 // indirect
 	github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b // indirect
 	github.com/sagernet/sing-tun v0.1.5-0.20230422121432-209ec123ca7b // indirect
 	github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3 // indirect

test/go.sum

@@ -126,10 +126,12 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing v0.2.4 h1:gC8BR5sglbJZX23RtMyFa8EETP9YEUADhfbEzU1yVbo=
-github.com/sagernet/sing v0.2.4/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
+github.com/sagernet/sing v0.2.5-0.20230423085534-0902e6216207 h1:+dDVjW20IT+e8maKryaDeRY2+RFmTFdrQeIzqE2WOss=
+github.com/sagernet/sing v0.2.5-0.20230423085534-0902e6216207/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
 github.com/sagernet/sing-dns v0.1.5-0.20230415085626-111ecf799dfc h1:hmbuqKv48SAjiKPoqtJGvS5pEHVPZjTHq9CPwQY2cZ4=
 github.com/sagernet/sing-dns v0.1.5-0.20230415085626-111ecf799dfc/go.mod h1:ZKuuqgsHRxDahYrzgSgy4vIAGGuKPlIf4hLcNzYzLkY=
+github.com/sagernet/sing-mux v0.0.0-20230424015424-9b0d527c3bb0 h1:87jyxzTjq01VgEiUVSMNRKjCfsSfp/QwyUVT37eXY50=
+github.com/sagernet/sing-mux v0.0.0-20230424015424-9b0d527c3bb0/go.mod h1:pF+RnLvCAOhECrvauy6LYOpBakJ/vuaF1Wm4lPsWryI=
 github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507 h1:bAHZCdWqJkb8LEW98+YsMVDXGRMUVjka8IC+St6ot88=
 github.com/sagernet/sing-shadowsocks v0.2.2-0.20230417102954-f77257340507/go.mod h1:UJjvQGw0lyYaDGIDvUraL16fwaAEH1WFw1Y6sUcMPog=
 github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b h1:ouW/6IDCrxkBe19YSbdCd7buHix7b+UZ6BM4Zz74XF4=

test/mux_test.go

@@ -4,7 +4,6 @@ import (
 	"net/netip"
 	"testing"
 
-	"github.com/sagernet/sing-box/common/mux"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-shadowsocks/shadowaead_2022"
@@ -12,45 +11,32 @@ import (
 	"github.com/gofrs/uuid/v5"
 )
 
-var muxProtocols = []mux.Protocol{
-	mux.ProtocolYAMux,
-	mux.ProtocolSMux,
+var muxProtocols = []string{
+	"smux",
+	"yamux",
+	"h2mux",
 }
 
-func TestVMessSMux(t *testing.T) {
-	testVMessMux(t, option.MultiplexOptions{
-		Enabled:  true,
-		Protocol: mux.ProtocolSMux.String(),
-	})
-}
-
-func TestShadowsocksMux(t *testing.T) {
+func TestMux(t *testing.T) {
 	for _, protocol := range muxProtocols {
-		t.Run(protocol.String(), func(t *testing.T) {
-			testShadowsocksMux(t, option.MultiplexOptions{
+		t.Run(protocol, func(t *testing.T) {
+			options := option.MultiplexOptions{
 				Enabled:  true,
-				Protocol: protocol.String(),
+				Protocol: protocol,
+			}
+			t.Run("shadowsocks", func(t *testing.T) {
+				testShadowsocksMux(t, options)
+			})
+			t.Run("vmess", func(t *testing.T) {
+				testVMessMux(t, options)
+			})
+			t.Run("vless", func(t *testing.T) {
+				testVLESSMux(t, options)
 			})
 		})
 	}
 }
 
-func TestShadowsockH2Mux(t *testing.T) {
-	testShadowsocksMux(t, option.MultiplexOptions{
-		Enabled:  true,
-		Protocol: mux.ProtocolH2Mux.String(),
-		Padding:  true,
-	})
-}
-
-func TestShadowsockSMuxPadding(t *testing.T) {
-	testShadowsocksMux(t, option.MultiplexOptions{
-		Enabled:  true,
-		Protocol: mux.ProtocolSMux.String(),
-		Padding:  true,
-	})
-}
-
 func testShadowsocksMux(t *testing.T, options option.MultiplexOptions) {
 	method := shadowaead_2022.List[0]
 	password := mkBase64(t, 16)
@@ -170,3 +156,63 @@ func testVMessMux(t *testing.T, options option.MultiplexOptions) {
 	})
 	testSuit(t, clientPort, testPort)
 }
+
+func testVLESSMux(t *testing.T, options option.MultiplexOptions) {
+	user, _ := uuid.NewV4()
+	startInstance(t, option.Options{
+		Inbounds: []option.Inbound{
+			{
+				Type: C.TypeMixed,
+				Tag:  "mixed-in",
+				MixedOptions: option.HTTPMixedInboundOptions{
+					ListenOptions: option.ListenOptions{
+						Listen:     option.NewListenAddress(netip.IPv4Unspecified()),
+						ListenPort: clientPort,
+					},
+				},
+			},
+			{
+				Type: C.TypeVLESS,
+				VLESSOptions: option.VLESSInboundOptions{
+					ListenOptions: option.ListenOptions{
+						Listen:     option.NewListenAddress(netip.IPv4Unspecified()),
+						ListenPort: serverPort,
+					},
+					Users: []option.VLESSUser{
+						{
+							UUID: user.String(),
+						},
+					},
+				},
+			},
+		},
+		Outbounds: []option.Outbound{
+			{
+				Type: C.TypeDirect,
+			},
+			{
+				Type: C.TypeVLESS,
+				Tag:  "vless-out",
+				VLESSOptions: option.VLESSOutboundOptions{
+					ServerOptions: option.ServerOptions{
+						Server:     "127.0.0.1",
+						ServerPort: serverPort,
+					},
+					UUID:      user.String(),
+					Multiplex: &options,
+				},
+			},
+		},
+		Route: &option.RouteOptions{
+			Rules: []option.Rule{
+				{
+					DefaultOptions: option.DefaultRule{
+						Inbound:  []string{"mixed-in"},
+						Outbound: "vless-out",
+					},
+				},
+			},
+		},
+	})
+	testSuit(t, clientPort, testPort)
+}

test/shadowsocks_legacy_test.go

@@ -0,0 +1,53 @@
+package main
+
+import (
+	"net/netip"
+	"testing"
+
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing-shadowsocks2/shadowstream"
+	F "github.com/sagernet/sing/common/format"
+)
+
+func TestShadowsocksLegacy(t *testing.T) {
+	testShadowsocksLegacy(t, shadowstream.MethodList[0])
+}
+
+func testShadowsocksLegacy(t *testing.T, method string) {
+	startDockerContainer(t, DockerOptions{
+		Image: ImageShadowsocksLegacy,
+		Ports: []uint16{serverPort},
+		Env: []string{
+			"SS_MODULE=ss-server",
+			F.ToString("SS_CONFIG=-s 0.0.0.0 -u -p 10000 -m ", method, " -k FzcLbKs2dY9mhL"),
+		},
+	})
+	startInstance(t, option.Options{
+		Inbounds: []option.Inbound{
+			{
+				Type: C.TypeMixed,
+				MixedOptions: option.HTTPMixedInboundOptions{
+					ListenOptions: option.ListenOptions{
+						Listen:     option.NewListenAddress(netip.IPv4Unspecified()),
+						ListenPort: clientPort,
+					},
+				},
+			},
+		},
+		Outbounds: []option.Outbound{
+			{
+				Type: C.TypeShadowsocks,
+				ShadowsocksOptions: option.ShadowsocksOutboundOptions{
+					ServerOptions: option.ServerOptions{
+						Server:     "127.0.0.1",
+						ServerPort: serverPort,
+					},
+					Method:   method,
+					Password: "FzcLbKs2dY9mhL",
+				},
+			},
+		},
+	})
+	testSuitSimple(t, clientPort, testPort)
+}

test/shadowsocks_test.go

@@ -40,6 +40,10 @@ func TestShadowsocks(t *testing.T) {
 	}
 }
 
+func TestShadowsocksNone(t *testing.T) {
+	testShadowsocksSelf(t, "none", "")
+}
+
 func TestShadowsocks2022(t *testing.T) {
 	for _, method16 := range []string{
 		"2022-blake3-aes-128-gcm",

transport/fakeip/packet_wait.go

@@ -0,0 +1,37 @@
+package fakeip
+
+import (
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+func (c *NATPacketConn) CreatePacketReadWaiter() (N.PacketReadWaiter, bool) {
+	waiter, created := bufio.CreatePacketReadWaiter(c.PacketConn)
+	if !created {
+		return nil, false
+	}
+	return &waitNATPacketConn{c, waiter}, true
+}
+
+type waitNATPacketConn struct {
+	*NATPacketConn
+	waiter N.PacketReadWaiter
+}
+
+func (c *waitNATPacketConn) InitializeReadWaiter(newBuffer func() *buf.Buffer) {
+	c.waiter.InitializeReadWaiter(newBuffer)
+}
+
+func (c *waitNATPacketConn) WaitReadPacket() (destination M.Socksaddr, err error) {
+	destination, err = c.waiter.WaitReadPacket()
+	if socksaddrWithoutPort(destination) == c.origin {
+		destination = M.Socksaddr{
+			Addr: c.destination.Addr,
+			Fqdn: c.destination.Fqdn,
+			Port: destination.Port,
+		}
+	}
+	return
+}

transport/v2raywebsocket/client.go

@@ -42,11 +42,19 @@ func NewClient(ctx context.Context, dialer N.Dialer, serverAddr M.Socksaddr, opt
 			if err != nil {
 				return nil, err
 			}
-			return tls.ClientHandshake(ctx, conn, tlsConfig)
+			tlsConn, err := tls.ClientHandshake(ctx, conn, tlsConfig)
+			if err != nil {
+				return nil, err
+			}
+			return &deadConn{tlsConn}, nil
 		}
 	} else {
 		wsDialer.NetDialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
-			return dialer.DialContext(ctx, network, M.ParseSocksaddr(addr))
+			conn, err := dialer.DialContext(ctx, network, M.ParseSocksaddr(addr))
+			if err != nil {
+				return nil, err
+			}
+			return &deadConn{conn}, nil
 		}
 	}
 	var uri url.URL

transport/v2raywebsocket/deadline.go

@@ -0,0 +1,22 @@
+package v2raywebsocket
+
+import (
+	"net"
+	"time"
+)
+
+type deadConn struct {
+	net.Conn
+}
+
+func (c *deadConn) SetDeadline(t time.Time) error {
+	return nil
+}
+
+func (c *deadConn) SetReadDeadline(t time.Time) error {
+	return nil
+}
+
+func (c *deadConn) SetWriteDeadline(t time.Time) error {
+	return nil
+}

transport/vless/protocol.go

@@ -130,7 +130,7 @@ func WriteRequest(writer io.Writer, request Request, payload []byte) error {
 	var addonsLen int
 	if request.Flow != "" {
 		addonsLen += 1 // protobuf header
-		addonsLen += UvarintLen(uint64(len(request.Flow)))
+		addonsLen += rw.UVariantLen(uint64(len(request.Flow)))
 		addonsLen += len(request.Flow)
 		requestLen += addonsLen
 	}
@@ -150,8 +150,8 @@ func WriteRequest(writer io.Writer, request Request, payload []byte) error {
 	)
 	if addonsLen > 0 {
 		common.Must(buffer.WriteByte(10))
-		binary.PutUvarint(buffer.Extend(UvarintLen(uint64(len(request.Flow)))), uint64(len(request.Flow)))
-		common.Must(common.Error(buffer.Write([]byte(request.Flow))))
+		binary.PutUvarint(buffer.Extend(rw.UVariantLen(uint64(len(request.Flow)))), uint64(len(request.Flow)))
+		common.Must(common.Error(buffer.WriteString(request.Flow)))
 	}
 	common.Must(
 		buffer.WriteByte(request.Command),
@@ -174,7 +174,7 @@ func EncodeRequest(request Request, buffer *buf.Buffer) {
 	var addonsLen int
 	if request.Flow != "" {
 		addonsLen += 1 // protobuf header
-		addonsLen += UvarintLen(uint64(len(request.Flow)))
+		addonsLen += rw.UVariantLen(uint64(len(request.Flow)))
 		addonsLen += len(request.Flow)
 		requestLen += addonsLen
 	}
@@ -189,8 +189,8 @@ func EncodeRequest(request Request, buffer *buf.Buffer) {
 	)
 	if addonsLen > 0 {
 		common.Must(buffer.WriteByte(10))
-		binary.PutUvarint(buffer.Extend(UvarintLen(uint64(len(request.Flow)))), uint64(len(request.Flow)))
-		common.Must(common.Error(buffer.Write([]byte(request.Flow))))
+		binary.PutUvarint(buffer.Extend(rw.UVariantLen(uint64(len(request.Flow)))), uint64(len(request.Flow)))
+		common.Must(common.Error(buffer.WriteString(request.Flow)))
 	}
 	common.Must(
 		buffer.WriteByte(request.Command),
@@ -210,7 +210,7 @@ func RequestLen(request Request) int {
 	var addonsLen int
 	if request.Flow != "" {
 		addonsLen += 1 // protobuf header
-		addonsLen += UvarintLen(uint64(len(request.Flow)))
+		addonsLen += rw.UVariantLen(uint64(len(request.Flow)))
 		addonsLen += len(request.Flow)
 		requestLen += addonsLen
 	}
@@ -229,7 +229,7 @@ func WritePacketRequest(writer io.Writer, request Request, payload []byte) error
 	var addonsLen int
 	/*if request.Flow != "" {
 		addonsLen += 1 // protobuf header
-		addonsLen += UvarintLen(uint64(len(request.Flow)))
+		addonsLen += rw.UVariantLen(uint64(len(request.Flow)))
 		addonsLen += len(request.Flow)
 		requestLen += addonsLen
 	}*/
@@ -251,8 +251,8 @@ func WritePacketRequest(writer io.Writer, request Request, payload []byte) error
 
 	if addonsLen > 0 {
 		common.Must(buffer.WriteByte(10))
-		binary.PutUvarint(buffer.Extend(UvarintLen(uint64(len(request.Flow)))), uint64(len(request.Flow)))
-		common.Must(common.Error(buffer.Write([]byte(request.Flow))))
+		binary.PutUvarint(buffer.Extend(rw.UVariantLen(uint64(len(request.Flow)))), uint64(len(request.Flow)))
+		common.Must(common.Error(buffer.WriteString(request.Flow)))
 	}
 
 	common.Must(
@@ -290,8 +290,3 @@ func ReadResponse(reader io.Reader) error {
 	}
 	return nil
 }
-
-func UvarintLen(value uint64) int {
-	var buffer [binary.MaxVarintLen64]byte
-	return binary.PutUvarint(buffer[:], value)
-}

transport/wireguard/device_stack.go

@@ -119,7 +119,7 @@ func (w *StackDevice) DialContext(ctx context.Context, network string, destinati
 	}
 	switch N.NetworkName(network) {
 	case N.NetworkTCP:
-		tcpConn, err := gonet.DialTCPWithBind(ctx, w.stack, bind, addr, networkProtocol)
+		tcpConn, err := DialTCPWithBind(ctx, w.stack, bind, addr, networkProtocol)
 		if err != nil {
 			return nil, err
 		}

transport/wireguard/gonet.go

@@ -0,0 +1,78 @@
+//go:build with_gvisor
+
+package wireguard
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"time"
+
+	M "github.com/sagernet/sing/common/metadata"
+
+	"gvisor.dev/gvisor/pkg/tcpip"
+	"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
+	"gvisor.dev/gvisor/pkg/tcpip/stack"
+	"gvisor.dev/gvisor/pkg/tcpip/transport/tcp"
+	"gvisor.dev/gvisor/pkg/waiter"
+)
+
+func DialTCPWithBind(ctx context.Context, s *stack.Stack, localAddr, remoteAddr tcpip.FullAddress, network tcpip.NetworkProtocolNumber) (*gonet.TCPConn, error) {
+	// Create TCP endpoint, then connect.
+	var wq waiter.Queue
+	ep, err := s.NewEndpoint(tcp.ProtocolNumber, network, &wq)
+	if err != nil {
+		return nil, errors.New(err.String())
+	}
+
+	// Create wait queue entry that notifies a channel.
+	//
+	// We do this unconditionally as Connect will always return an error.
+	waitEntry, notifyCh := waiter.NewChannelEntry(waiter.WritableEvents)
+	wq.EventRegister(&waitEntry)
+	defer wq.EventUnregister(&waitEntry)
+
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	default:
+	}
+
+	// Bind before connect if requested.
+	if localAddr != (tcpip.FullAddress{}) {
+		if err = ep.Bind(localAddr); err != nil {
+			return nil, fmt.Errorf("ep.Bind(%+v) = %s", localAddr, err)
+		}
+	}
+
+	err = ep.Connect(remoteAddr)
+	if _, ok := err.(*tcpip.ErrConnectStarted); ok {
+		select {
+		case <-ctx.Done():
+			ep.Close()
+			return nil, ctx.Err()
+		case <-notifyCh:
+		}
+
+		err = ep.LastError()
+	}
+	if err != nil {
+		ep.Close()
+		return nil, &net.OpError{
+			Op:   "connect",
+			Net:  "tcp",
+			Addr: M.SocksaddrFrom(M.AddrFromIP(net.IP(remoteAddr.Addr)), remoteAddr.Port).TCPAddr(),
+			Err:  errors.New(err.String()),
+		}
+	}
+
+	// sing-box added: set keepalive
+	ep.SocketOptions().SetKeepAlive(true)
+	keepAliveIdle := tcpip.KeepaliveIdleOption(15 * time.Second)
+	ep.SetSockOpt(&keepAliveIdle)
+	keepAliveInterval := tcpip.KeepaliveIntervalOption(15 * time.Second)
+	ep.SetSockOpt(&keepAliveInterval)
+
+	return gonet.NewTCPConn(&wq, ep), nil
+}