documentation: Update changelog

Signed-off-by: wwqgtxx <wwqgtxx@gmail.com>

.goreleaser.yaml

@@ -14,7 +14,6 @@ builds:
     tags:
       - with_gvisor
       - with_quic
-      - with_dhcp
       - with_wireguard
       - with_utls
       - with_reality_server
@@ -49,7 +48,6 @@ builds:
     tags:
       - with_gvisor
       - with_quic
-      - with_dhcp
       - with_wireguard
       - with_utls
       - with_clash_api

Dockerfile

@@ -9,7 +9,7 @@ RUN set -ex \
     && apk add git build-base \
     && export COMMIT=$(git rev-parse --short HEAD) \
     && export VERSION=$(go run ./cmd/internal/read_tag) \
-    && go build -v -trimpath -tags with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_reality_server,with_clash_api,with_acme \
+    && go build -v -trimpath -tags with_gvisor,with_quic,with_wireguard,with_utls,with_reality_server,with_clash_api,with_acme \
         -o /go/bin/sing-box \
         -ldflags "-X \"github.com/sagernet/sing-box/constant.Version=$VERSION\" -s -w -buildid=" \
         ./cmd/sing-box

Makefile

@@ -1,6 +1,6 @@
 NAME = sing-box
 COMMIT = $(shell git rev-parse --short HEAD)
-TAGS ?= with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_reality_server,with_clash_api
+TAGS ?= with_gvisor,with_quic,with_wireguard,with_utls,with_reality_server,with_clash_api
 TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server,with_shadowsocksr
 
 GOHOSTOS = $(shell go env GOHOSTOS)
@@ -22,7 +22,7 @@ install:
 fmt:
 	@gofumpt -l -w .
 	@gofmt -s -w .
-	@gci write --custom-order -s standard -s "prefix(github.com/sagernet/)" -s "default" .
+	@gci write --custom-order -s "standard,prefix(github.com/sagernet/),default" .
 
 fmt_install:
 	go install -v mvdan.cc/gofumpt@latest
@@ -48,14 +48,14 @@ proto_install:
 	go install -v google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
 
 snapshot:
-	go run ./cmd/internal/build goreleaser release --clean --snapshot || exit 1
+	go run ./cmd/internal/build goreleaser release --rm-dist --snapshot || exit 1
 	mkdir dist/release
 	mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/release
 	ghr --delete --draft --prerelease -p 1 nightly dist/release
 	rm -r dist
 
 release:
-	go run ./cmd/internal/build goreleaser release --clean --skip-publish || exit 1
+	go run ./cmd/internal/build goreleaser release --rm-dist --skip-publish || exit 1
 	mkdir dist/release
 	mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/release
 	ghr --delete --draft --prerelease -p 3 $(shell git describe --tags) dist/release
@@ -89,8 +89,8 @@ lib:
 
 lib_install:
 	go get -v -d
-	go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.0.0-20230701084532-493ee2e45182
-	go install -v github.com/sagernet/gomobile/cmd/gobind@v0.0.0-20230701084532-493ee2e45182
+	go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.0.0-20230413023804-244d7ff07035
+	go install -v github.com/sagernet/gomobile/cmd/gobind@v0.0.0-20230413023804-244d7ff07035
 
 clean:
 	rm -rf bin dist sing-box

adapter/experimental.go

@@ -31,7 +31,6 @@ type Tracker interface {
 }
 
 type OutboundGroup interface {
-	Outbound
 	Now() string
 	All() []string
 }

adapter/fakeip.go

@@ -4,13 +4,12 @@ import (
 	"net/netip"
 
 	"github.com/sagernet/sing-dns"
-	"github.com/sagernet/sing/common/logger"
 )
 
 type FakeIPStore interface {
 	Service
 	Contains(address netip.Addr) bool
-	Create(domain string, isIPv6 bool) (netip.Addr, error)
+	Create(domain string, strategy dns.DomainStrategy) (netip.Addr, error)
 	Lookup(address netip.Addr) (string, bool)
 	Reset() error
 }
@@ -19,13 +18,6 @@ type FakeIPStorage interface {
 	FakeIPMetadata() *FakeIPMetadata
 	FakeIPSaveMetadata(metadata *FakeIPMetadata) error
 	FakeIPStore(address netip.Addr, domain string) error
-	FakeIPStoreAsync(address netip.Addr, domain string, logger logger.Logger)
 	FakeIPLoad(address netip.Addr) (string, bool)
-	FakeIPLoadDomain(domain string, isIPv6 bool) (netip.Addr, bool)
 	FakeIPReset() error
 }
-
-type FakeIPTransport interface {
-	dns.Transport
-	Store() FakeIPStore
-}

adapter/inbound.go

@@ -46,7 +46,6 @@ type InboundContext struct {
 	SourceGeoIPCode      string
 	GeoIPCode            string
 	ProcessInfo          *process.Info
-	FakeIP               bool
 
 	// dns cache
 

adapter/outbound.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"net"
 
+	"github.com/sagernet/sing-tun"
 	N "github.com/sagernet/sing/common/network"
 )
 
@@ -13,8 +14,12 @@ type Outbound interface {
 	Type() string
 	Tag() string
 	Network() []string
-	Dependencies() []string
 	N.Dialer
 	NewConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
 	NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
 }
+
+type IPOutbound interface {
+	Outbound
+	NewIPConnection(ctx context.Context, conn tun.RouteContext, metadata InboundContext) (tun.DirectDestination, error)
+}

adapter/prestart.go

@@ -4,6 +4,12 @@ type PreStarter interface {
 	PreStart() error
 }
 
-type PostStarter interface {
-	PostStart() error
+func PreStart(starter any) error {
+	if preService, ok := starter.(PreStarter); ok {
+		err := preService.PreStart()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
 }

adapter/router.go

@@ -25,6 +25,9 @@ type Router interface {
 
 	RouteConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
 	RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
+	RouteIPConnection(ctx context.Context, conn tun.RouteContext, metadata InboundContext) tun.RouteAction
+
+	NatRequired(outbound string) bool
 
 	GeoIPReader() *geoip.Reader
 	LoadGeosite(code string) (Rule, error)
@@ -34,7 +37,6 @@ type Router interface {
 	LookupDefault(ctx context.Context, domain string) ([]netip.Addr, error)
 
 	InterfaceFinder() control.InterfaceFinder
-	UpdateInterfaces() error
 	DefaultInterface() string
 	AutoDetectInterface() bool
 	AutoDetectInterfaceFunc() control.Func
@@ -42,7 +44,9 @@ type Router interface {
 	NetworkMonitor() tun.NetworkUpdateMonitor
 	InterfaceMonitor() tun.DefaultInterfaceMonitor
 	PackageManager() tun.PackageManager
+
 	Rules() []Rule
+	IPRules() []IPRule
 
 	TimeService
 
@@ -51,8 +55,6 @@ type Router interface {
 
 	V2RayServer() V2RayServer
 	SetV2RayServer(server V2RayServer)
-
-	ResetNetwork() error
 }
 
 type routerContextKey struct{}
@@ -84,6 +86,11 @@ type DNSRule interface {
 	RewriteTTL() *uint32
 }
 
+type IPRule interface {
+	Rule
+	Action() tun.ActionType
+}
+
 type InterfaceUpdateListener interface {
 	InterfaceUpdated() error
 }

box.go

@@ -62,7 +62,6 @@ func New(options Options) (*Box, error) {
 		defaultLogWriter = io.Discard
 	}
 	logFactory, err := log.New(log.Options{
-		Context:        ctx,
 		Options:        common.PtrValueOrDefault(options.Log),
 		Observable:     needClashAPI,
 		DefaultWriter:  defaultLogWriter,
@@ -134,16 +133,10 @@ func New(options Options) (*Box, error) {
 	if err != nil {
 		return nil, err
 	}
-	if options.PlatformInterface != nil {
-		err = options.PlatformInterface.Initialize(ctx, router)
-		if err != nil {
-			return nil, E.Cause(err, "initialize platform interface")
-		}
-	}
 	preServices := make(map[string]adapter.Service)
 	postServices := make(map[string]adapter.Service)
 	if needClashAPI {
-		clashServer, err := experimental.NewClashServer(ctx, router, logFactory.(log.ObservableFactory), common.PtrValueOrDefault(options.Experimental.ClashAPI))
+		clashServer, err := experimental.NewClashServer(router, logFactory.(log.ObservableFactory), common.PtrValueOrDefault(options.Experimental.ClashAPI))
 		if err != nil {
 			return nil, E.Cause(err, "create clash api server")
 		}
@@ -211,17 +204,26 @@ func (s *Box) Start() error {
 
 func (s *Box) preStart() error {
 	for serviceName, service := range s.preServices {
-		if preService, isPreService := service.(adapter.PreStarter); isPreService {
-			s.logger.Trace("pre-start ", serviceName)
-			err := preService.PreStart()
-			if err != nil {
-				return E.Cause(err, "pre-starting ", serviceName)
-			}
+		s.logger.Trace("pre-start ", serviceName)
+		err := adapter.PreStart(service)
+		if err != nil {
+			return E.Cause(err, "pre-starting ", serviceName)
 		}
 	}
-	err := s.startOutbounds()
-	if err != nil {
-		return err
+	for i, out := range s.outbounds {
+		var tag string
+		if out.Tag() == "" {
+			tag = F.ToString(i)
+		} else {
+			tag = out.Tag()
+		}
+		if starter, isStarter := out.(common.Starter); isStarter {
+			s.logger.Trace("initializing outbound/", out.Type(), "[", tag, "]")
+			err := starter.Start()
+			if err != nil {
+				return E.Cause(err, "initialize outbound/", out.Type(), "[", tag, "]")
+			}
+		}
 	}
 	return s.router.Start()
 }
@@ -251,26 +253,13 @@ func (s *Box) start() error {
 			return E.Cause(err, "initialize inbound/", in.Type(), "[", tag, "]")
 		}
 	}
-	return nil
-}
-
-func (s *Box) postStart() error {
 	for serviceName, service := range s.postServices {
 		s.logger.Trace("starting ", service)
-		err := service.Start()
+		err = service.Start()
 		if err != nil {
 			return E.Cause(err, "start ", serviceName)
 		}
 	}
-	for serviceName, service := range s.outbounds {
-		if lateService, isLateService := service.(adapter.PostStarter); isLateService {
-			s.logger.Trace("post-starting ", service)
-			err := lateService.PostStart()
-			if err != nil {
-				return E.Cause(err, "post-start ", serviceName)
-			}
-		}
-	}
 	return nil
 }
 

box_outbound.go

@@ -1,79 +0,0 @@
-package box
-
-import (
-	"strings"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing/common"
-	E "github.com/sagernet/sing/common/exceptions"
-	F "github.com/sagernet/sing/common/format"
-)
-
-func (s *Box) startOutbounds() error {
-	outboundTags := make(map[adapter.Outbound]string)
-	outbounds := make(map[string]adapter.Outbound)
-	for i, outboundToStart := range s.outbounds {
-		var outboundTag string
-		if outboundToStart.Tag() == "" {
-			outboundTag = F.ToString(i)
-		} else {
-			outboundTag = outboundToStart.Tag()
-		}
-		if _, exists := outbounds[outboundTag]; exists {
-			return E.New("outbound tag ", outboundTag, " duplicated")
-		}
-		outboundTags[outboundToStart] = outboundTag
-		outbounds[outboundTag] = outboundToStart
-	}
-	started := make(map[string]bool)
-	for {
-		canContinue := false
-	startOne:
-		for _, outboundToStart := range s.outbounds {
-			outboundTag := outboundTags[outboundToStart]
-			if started[outboundTag] {
-				continue
-			}
-			dependencies := outboundToStart.Dependencies()
-			for _, dependency := range dependencies {
-				if !started[dependency] {
-					continue startOne
-				}
-			}
-			started[outboundTag] = true
-			canContinue = true
-			if starter, isStarter := outboundToStart.(common.Starter); isStarter {
-				s.logger.Trace("initializing outbound/", outboundToStart.Type(), "[", outboundTag, "]")
-				err := starter.Start()
-				if err != nil {
-					return E.Cause(err, "initialize outbound/", outboundToStart.Type(), "[", outboundTag, "]")
-				}
-			}
-		}
-		if len(started) == len(s.outbounds) {
-			break
-		}
-		if canContinue {
-			continue
-		}
-		currentOutbound := common.Find(s.outbounds, func(it adapter.Outbound) bool {
-			return !started[outboundTags[it]]
-		})
-		var lintOutbound func(oTree []string, oCurrent adapter.Outbound) error
-		lintOutbound = func(oTree []string, oCurrent adapter.Outbound) error {
-			problemOutboundTag := common.Find(oCurrent.Dependencies(), func(it string) bool {
-				return !started[it]
-			})
-			if common.Contains(oTree, problemOutboundTag) {
-				return E.New("circular outbound dependency: ", strings.Join(oTree, " -> "), " -> ", problemOutboundTag)
-			}
-			problemOutbound := outbounds[problemOutboundTag]
-			if problemOutbound == nil {
-				return E.New("dependency[", problemOutbound, "] not found for outbound[", outboundTags[oCurrent], "]")
-			}
-			return lintOutbound(append(oTree, problemOutboundTag), problemOutbound)
-		}
-		return lintOutbound([]string{outboundTags[currentOutbound]}, currentOutbound)
-	}
-	return nil
-}

cmd/internal/build/main.go

@@ -1,7 +1,6 @@
 package main
 
 import (
-	"go/build"
 	"os"
 	"os/exec"
 
@@ -12,10 +11,6 @@ import (
 func main() {
 	build_shared.FindSDK()
 
-	if os.Getenv("build.Default.GOPATH") == "" {
-		os.Setenv("GOPATH", build.Default.GOPATH)
-	}
-
 	command := exec.Command(os.Args[1], os.Args[2:]...)
 	command.Stdout = os.Stdout
 	command.Stderr = os.Stderr

cmd/internal/build_libbox/main.go

@@ -5,7 +5,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"strings"
 
 	_ "github.com/sagernet/gomobile/event/key"
 	"github.com/sagernet/sing-box/cmd/internal/build_shared"
@@ -39,24 +38,18 @@ func main() {
 var (
 	sharedFlags []string
 	debugFlags  []string
-	sharedTags  []string
-	iosTags     []string
-	debugTags   []string
 )
 
 func init() {
 	sharedFlags = append(sharedFlags, "-trimpath")
 	sharedFlags = append(sharedFlags, "-ldflags")
+
 	currentTag, err := build_shared.ReadTag()
 	if err != nil {
 		currentTag = "unknown"
 	}
 	sharedFlags = append(sharedFlags, "-X github.com/sagernet/sing-box/constant.Version="+currentTag+" -s -w -buildid=")
 	debugFlags = append(debugFlags, "-X github.com/sagernet/sing-box/constant.Version="+currentTag)
-
-	sharedTags = append(sharedTags, "with_gvisor", "with_quic", "with_wireguard", "with_utls", "with_clash_api")
-	iosTags = append(iosTags, "with_dhcp", "with_low_memory", "with_conntrack")
-	debugTags = append(debugTags, "debug")
 }
 
 func buildAndroid() {
@@ -77,9 +70,9 @@ func buildAndroid() {
 
 	args = append(args, "-tags")
 	if !debugEnabled {
-		args = append(args, strings.Join(sharedTags, ","))
+		args = append(args, "with_gvisor,with_quic,with_wireguard,with_utls,with_clash_api")
 	} else {
-		args = append(args, strings.Join(append(sharedTags, debugTags...), ","))
+		args = append(args, "with_gvisor,with_quic,with_wireguard,with_utls,with_clash_api,debug")
 	}
 	args = append(args, "./experimental/libbox")
 
@@ -116,12 +109,11 @@ func buildiOS() {
 		args = append(args, debugFlags...)
 	}
 
-	tags := append(sharedTags, iosTags...)
 	args = append(args, "-tags")
 	if !debugEnabled {
-		args = append(args, strings.Join(tags, ","))
+		args = append(args, "with_gvisor,with_quic,with_utls,with_clash_api,with_low_memory,with_conntrack")
 	} else {
-		args = append(args, strings.Join(append(tags, debugTags...), ","))
+		args = append(args, "with_gvisor,with_quic,with_utls,with_clash_api,with_low_memory,with_conntrack,debug")
 	}
 	args = append(args, "./experimental/libbox")
 
@@ -133,7 +125,7 @@ func buildiOS() {
 		log.Fatal(err)
 	}
 
-	copyPath := filepath.Join("..", "sing-box-for-apple")
+	copyPath := filepath.Join("..", "sing-box-for-ios")
 	if rw.FileExists(copyPath) {
 		targetDir := filepath.Join(copyPath, "Libbox.xcframework")
 		targetDir, _ = filepath.Abs(targetDir)

cmd/sing-box/debug.go

@@ -0,0 +1,44 @@
+//go:build debug
+
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	_ "net/http/pprof"
+	"runtime"
+	"runtime/debug"
+
+	"github.com/sagernet/sing-box/common/badjson"
+	"github.com/sagernet/sing-box/log"
+
+	"github.com/dustin/go-humanize"
+)
+
+func init() {
+	http.HandleFunc("/debug/gc", func(writer http.ResponseWriter, request *http.Request) {
+		writer.WriteHeader(http.StatusNoContent)
+		go debug.FreeOSMemory()
+	})
+	http.HandleFunc("/debug/memory", func(writer http.ResponseWriter, request *http.Request) {
+		var memStats runtime.MemStats
+		runtime.ReadMemStats(&memStats)
+
+		var memObject badjson.JSONObject
+		memObject.Put("heap", humanize.IBytes(memStats.HeapInuse))
+		memObject.Put("stack", humanize.IBytes(memStats.StackInuse))
+		memObject.Put("idle", humanize.IBytes(memStats.HeapIdle-memStats.HeapReleased))
+		memObject.Put("goroutines", runtime.NumGoroutine())
+		memObject.Put("rss", rusageMaxRSS())
+
+		encoder := json.NewEncoder(writer)
+		encoder.SetIndent("", "  ")
+		encoder.Encode(memObject)
+	})
+	go func() {
+		err := http.ListenAndServe("0.0.0.0:8964", nil)
+		if err != nil {
+			log.Debug(err)
+		}
+	}()
+}

cmd/sing-box/debug_linux.go

@@ -1,4 +1,6 @@
-package box
+//go:build debug
+
+package main
 
 import (
 	"runtime"

cmd/sing-box/debug_stub.go

@@ -1,6 +1,6 @@
-//go:build !linux
+//go:build debug && !linux
 
-package box
+package main
 
 func rusageMaxRSS() float64 {
 	return -1

common/baderror/baderror.go

@@ -55,7 +55,7 @@ func WrapQUIC(err error) error {
 	if err == nil {
 		return nil
 	}
-	if Contains(err, "canceled by local with error code 0") {
+	if Contains(err, "canceled with error code 0") {
 		return net.ErrClosed
 	}
 	return err

common/badtls/badtls.go

@@ -1,4 +1,4 @@
-//go:build go1.20 && !go1.21
+//go:build go1.19 && !go1.20
 
 package badtls
 
@@ -14,60 +14,39 @@ import (
 	"sync/atomic"
 	"unsafe"
 
-	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
 	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
-	aTLS "github.com/sagernet/sing/common/tls"
 )
 
 type Conn struct {
 	*tls.Conn
-	writer              N.ExtendedWriter
-	isHandshakeComplete *atomic.Bool
-	activeCall          *atomic.Int32
-	closeNotifySent     *bool
-	version             *uint16
-	rand                io.Reader
-	halfAccess          *sync.Mutex
-	halfError           *error
-	cipher              cipher.AEAD
-	explicitNonceLen    int
-	halfPtr             uintptr
-	halfSeq             []byte
-	halfScratchBuf      []byte
+	writer           N.ExtendedWriter
+	activeCall       *int32
+	closeNotifySent  *bool
+	version          *uint16
+	rand             io.Reader
+	halfAccess       *sync.Mutex
+	halfError        *error
+	cipher           cipher.AEAD
+	explicitNonceLen int
+	halfPtr          uintptr
+	halfSeq          []byte
+	halfScratchBuf   []byte
 }
 
-func TryCreate(conn aTLS.Conn) aTLS.Conn {
-	tlsConn, ok := conn.(*tls.Conn)
-	if !ok {
-		return conn
-	}
-	badConn, err := Create(tlsConn)
-	if err != nil {
-		log.Warn("initialize badtls: ", err)
-		return conn
-	}
-	return badConn
-}
-
-func Create(conn *tls.Conn) (aTLS.Conn, error) {
-	rawConn := reflect.Indirect(reflect.ValueOf(conn))
-	rawIsHandshakeComplete := rawConn.FieldByName("isHandshakeComplete")
-	if !rawIsHandshakeComplete.IsValid() || rawIsHandshakeComplete.Kind() != reflect.Struct {
-		return nil, E.New("badtls: invalid isHandshakeComplete")
-	}
-	isHandshakeComplete := (*atomic.Bool)(unsafe.Pointer(rawIsHandshakeComplete.UnsafeAddr()))
-	if !isHandshakeComplete.Load() {
+func Create(conn *tls.Conn) (TLSConn, error) {
+	if !handshakeComplete(conn) {
 		return nil, E.New("handshake not finished")
 	}
+	rawConn := reflect.Indirect(reflect.ValueOf(conn))
 	rawActiveCall := rawConn.FieldByName("activeCall")
-	if !rawActiveCall.IsValid() || rawActiveCall.Kind() != reflect.Struct {
+	if !rawActiveCall.IsValid() || rawActiveCall.Kind() != reflect.Int32 {
 		return nil, E.New("badtls: invalid active call")
 	}
-	activeCall := (*atomic.Int32)(unsafe.Pointer(rawActiveCall.UnsafeAddr()))
+	activeCall := (*int32)(unsafe.Pointer(rawActiveCall.UnsafeAddr()))
 	rawHalfConn := rawConn.FieldByName("out")
 	if !rawHalfConn.IsValid() || rawHalfConn.Kind() != reflect.Struct {
 		return nil, E.New("badtls: invalid half conn")
@@ -129,20 +108,19 @@ func Create(conn *tls.Conn) (aTLS.Conn, error) {
 	}
 	halfScratchBuf := rawHalfScratchBuf.Bytes()
 	return &Conn{
-		Conn:                conn,
-		writer:              bufio.NewExtendedWriter(conn.NetConn()),
-		isHandshakeComplete: isHandshakeComplete,
-		activeCall:          activeCall,
-		closeNotifySent:     closeNotifySent,
-		version:             version,
-		halfAccess:          halfAccess,
-		halfError:           halfError,
-		cipher:              aeadCipher,
-		explicitNonceLen:    explicitNonceLen,
-		rand:                randReader,
-		halfPtr:             rawHalfConn.UnsafeAddr(),
-		halfSeq:             halfSeq,
-		halfScratchBuf:      halfScratchBuf,
+		Conn:             conn,
+		writer:           bufio.NewExtendedWriter(conn.NetConn()),
+		activeCall:       activeCall,
+		closeNotifySent:  closeNotifySent,
+		version:          version,
+		halfAccess:       halfAccess,
+		halfError:        halfError,
+		cipher:           aeadCipher,
+		explicitNonceLen: explicitNonceLen,
+		rand:             randReader,
+		halfPtr:          rawHalfConn.UnsafeAddr(),
+		halfSeq:          halfSeq,
+		halfScratchBuf:   halfScratchBuf,
 	}, nil
 }
 
@@ -152,15 +130,15 @@ func (c *Conn) WriteBuffer(buffer *buf.Buffer) error {
 		return common.Error(c.Write(buffer.Bytes()))
 	}
 	for {
-		x := c.activeCall.Load()
+		x := atomic.LoadInt32(c.activeCall)
 		if x&1 != 0 {
 			return net.ErrClosed
 		}
-		if c.activeCall.CompareAndSwap(x, x+2) {
+		if atomic.CompareAndSwapInt32(c.activeCall, x, x+2) {
 			break
 		}
 	}
-	defer c.activeCall.Add(-2)
+	defer atomic.AddInt32(c.activeCall, -2)
 	c.halfAccess.Lock()
 	defer c.halfAccess.Unlock()
 	if err := *c.halfError; err != nil {
@@ -208,7 +186,6 @@ func (c *Conn) WriteBuffer(buffer *buf.Buffer) error {
 		binary.BigEndian.PutUint16(outBuf[3:], uint16(dataLen+c.explicitNonceLen+c.cipher.Overhead()))
 	}
 	incSeq(c.halfPtr)
-	log.Trace("badtls write ", buffer.Len())
 	return c.writer.WriteBuffer(buffer)
 }
 

common/badtls/badtls_stub.go

@@ -1,4 +1,4 @@
-//go:build !go1.19 || go1.21
+//go:build !go1.19 || go1.20
 
 package badtls
 

common/badtls/conn.go

@@ -0,0 +1,13 @@
+package badtls
+
+import (
+	"context"
+	"crypto/tls"
+	"net"
+)
+
+type TLSConn interface {
+	net.Conn
+	HandshakeContext(ctx context.Context) error
+	ConnectionState() tls.ConnectionState
+}

common/badtls/link.go

@@ -1,8 +1,9 @@
-//go:build go1.20 && !go.1.21
+//go:build go1.19 && !go.1.20
 
 package badtls
 
 import (
+	"crypto/tls"
 	"reflect"
 	_ "unsafe"
 )
@@ -15,6 +16,9 @@ const (
 //go:linkname errShutdown crypto/tls.errShutdown
 var errShutdown error
 
+//go:linkname handshakeComplete crypto/tls.(*Conn).handshakeComplete
+func handshakeComplete(conn *tls.Conn) bool
+
 //go:linkname incSeq crypto/tls.(*halfConn).incSeq
 func incSeq(conn uintptr)
 

common/debugio/log.go

@@ -0,0 +1,87 @@
+package debugio
+
+import (
+	"net"
+
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type LogConn struct {
+	N.ExtendedConn
+	logger log.Logger
+	prefix string
+}
+
+func NewLogConn(conn net.Conn, logger log.Logger, prefix string) N.ExtendedConn {
+	return &LogConn{bufio.NewExtendedConn(conn), logger, prefix}
+}
+
+func (c *LogConn) Read(p []byte) (n int, err error) {
+	n, err = c.ExtendedConn.Read(p)
+	if n > 0 {
+		c.logger.Debug(c.prefix, " read ", buf.EncodeHexString(p[:n]))
+	}
+	return
+}
+
+func (c *LogConn) Write(p []byte) (n int, err error) {
+	c.logger.Debug(c.prefix, " write ", buf.EncodeHexString(p))
+	return c.ExtendedConn.Write(p)
+}
+
+func (c *LogConn) ReadBuffer(buffer *buf.Buffer) error {
+	err := c.ExtendedConn.ReadBuffer(buffer)
+	if err == nil {
+		c.logger.Debug(c.prefix, " read buffer ", buf.EncodeHexString(buffer.Bytes()))
+	}
+	return err
+}
+
+func (c *LogConn) WriteBuffer(buffer *buf.Buffer) error {
+	c.logger.Debug(c.prefix, " write buffer ", buf.EncodeHexString(buffer.Bytes()))
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *LogConn) Upstream() any {
+	return c.ExtendedConn
+}
+
+type LogPacketConn struct {
+	N.NetPacketConn
+	logger log.Logger
+	prefix string
+}
+
+func NewLogPacketConn(conn net.PacketConn, logger log.Logger, prefix string) N.NetPacketConn {
+	return &LogPacketConn{bufio.NewPacketConn(conn), logger, prefix}
+}
+
+func (c *LogPacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	n, addr, err = c.NetPacketConn.ReadFrom(p)
+	if n > 0 {
+		c.logger.Debug(c.prefix, " read from ", addr, " ", buf.EncodeHexString(p[:n]))
+	}
+	return
+}
+
+func (c *LogPacketConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	c.logger.Debug(c.prefix, " write to ", addr, " ", buf.EncodeHexString(p))
+	return c.NetPacketConn.WriteTo(p, addr)
+}
+
+func (c *LogPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	destination, err = c.NetPacketConn.ReadPacket(buffer)
+	if err == nil {
+		c.logger.Debug(c.prefix, " read packet from ", destination, " ", buf.EncodeHexString(buffer.Bytes()))
+	}
+	return
+}
+
+func (c *LogPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	c.logger.Debug(c.prefix, " write packet to ", destination, " ", buf.EncodeHexString(buffer.Bytes()))
+	return c.NetPacketConn.WritePacket(buffer, destination)
+}

common/debugio/print.go

@@ -0,0 +1,19 @@
+package debugio
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/sagernet/sing/common"
+)
+
+func PrintUpstream(obj any) {
+	for obj != nil {
+		fmt.Println(reflect.TypeOf(obj))
+		if u, ok := obj.(common.WithUpstream); !ok {
+			break
+		} else {
+			obj = u.Upstream()
+		}
+	}
+}

common/debugio/race.go

@@ -0,0 +1,48 @@
+package debugio
+
+import (
+	"net"
+	"sync"
+
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type RaceConn struct {
+	N.ExtendedConn
+	readAccess  sync.Mutex
+	writeAccess sync.Mutex
+}
+
+func NewRaceConn(conn net.Conn) N.ExtendedConn {
+	return &RaceConn{ExtendedConn: bufio.NewExtendedConn(conn)}
+}
+
+func (c *RaceConn) Read(p []byte) (n int, err error) {
+	c.readAccess.Lock()
+	defer c.readAccess.Unlock()
+	return c.ExtendedConn.Read(p)
+}
+
+func (c *RaceConn) Write(p []byte) (n int, err error) {
+	c.writeAccess.Lock()
+	defer c.writeAccess.Unlock()
+	return c.ExtendedConn.Write(p)
+}
+
+func (c *RaceConn) ReadBuffer(buffer *buf.Buffer) error {
+	c.readAccess.Lock()
+	defer c.readAccess.Unlock()
+	return c.ExtendedConn.ReadBuffer(buffer)
+}
+
+func (c *RaceConn) WriteBuffer(buffer *buf.Buffer) error {
+	c.writeAccess.Lock()
+	defer c.writeAccess.Unlock()
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *RaceConn) Upstream() any {
+	return c.ExtendedConn
+}

common/dialer/conntrack/packet_conn.go

@@ -4,7 +4,6 @@ import (
 	"io"
 	"net"
 
-	"github.com/sagernet/sing/common/bufio"
 	"github.com/sagernet/sing/common/x/list"
 )
 
@@ -43,7 +42,7 @@ func (c *PacketConn) Close() error {
 }
 
 func (c *PacketConn) Upstream() any {
-	return bufio.NewPacketConn(c.PacketConn)
+	return c.PacketConn
 }
 
 func (c *PacketConn) ReaderReplaceable() bool {

common/dialer/default.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/dialer/conntrack"
+	"github.com/sagernet/sing-box/common/warning"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing/common/control"
@@ -16,6 +17,41 @@ import (
 	"github.com/sagernet/tfo-go"
 )
 
+var warnBindInterfaceOnUnsupportedPlatform = warning.New(
+	func() bool {
+		return !(C.IsLinux || C.IsWindows || C.IsDarwin)
+	},
+	"outbound option `bind_interface` is only supported on Linux and Windows",
+)
+
+var warnRoutingMarkOnUnsupportedPlatform = warning.New(
+	func() bool {
+		return !C.IsLinux
+	},
+	"outbound option `routing_mark` is only supported on Linux",
+)
+
+var warnReuseAdderOnUnsupportedPlatform = warning.New(
+	func() bool {
+		return !(C.IsDarwin || C.IsDragonfly || C.IsFreebsd || C.IsLinux || C.IsNetbsd || C.IsOpenbsd || C.IsSolaris || C.IsWindows)
+	},
+	"outbound option `reuse_addr` is unsupported on current platform",
+)
+
+var warnProtectPathOnNonAndroid = warning.New(
+	func() bool {
+		return !C.IsAndroid
+	},
+	"outbound option `protect_path` is only supported on Android",
+)
+
+var warnTFOOnUnsupportedPlatform = warning.New(
+	func() bool {
+		return !(C.IsDarwin || C.IsFreebsd || C.IsLinux || C.IsWindows)
+	},
+	"outbound option `tcp_fast_open` is unsupported on current platform",
+)
+
 type DefaultDialer struct {
 	dialer4     tfo.Dialer
 	dialer6     tfo.Dialer
@@ -30,6 +66,7 @@ func NewDefault(router adapter.Router, options option.DialerOptions) *DefaultDia
 	var dialer net.Dialer
 	var listener net.ListenConfig
 	if options.BindInterface != "" {
+		warnBindInterfaceOnUnsupportedPlatform.Check()
 		bindFunc := control.BindToInterface(router.InterfaceFinder(), options.BindInterface, -1)
 		dialer.Control = control.Append(dialer.Control, bindFunc)
 		listener.Control = control.Append(listener.Control, bindFunc)
@@ -43,6 +80,7 @@ func NewDefault(router adapter.Router, options option.DialerOptions) *DefaultDia
 		listener.Control = control.Append(listener.Control, bindFunc)
 	}
 	if options.RoutingMark != 0 {
+		warnRoutingMarkOnUnsupportedPlatform.Check()
 		dialer.Control = control.Append(dialer.Control, control.RoutingMark(options.RoutingMark))
 		listener.Control = control.Append(listener.Control, control.RoutingMark(options.RoutingMark))
 	} else if router.DefaultMark() != 0 {
@@ -50,9 +88,11 @@ func NewDefault(router adapter.Router, options option.DialerOptions) *DefaultDia
 		listener.Control = control.Append(listener.Control, control.RoutingMark(router.DefaultMark()))
 	}
 	if options.ReuseAddr {
+		warnReuseAdderOnUnsupportedPlatform.Check()
 		listener.Control = control.Append(listener.Control, control.ReuseAddr())
 	}
 	if options.ProtectPath != "" {
+		warnProtectPathOnNonAndroid.Check()
 		dialer.Control = control.Append(dialer.Control, control.ProtectPath(options.ProtectPath))
 		listener.Control = control.Append(listener.Control, control.ProtectPath(options.ProtectPath))
 	}
@@ -61,6 +101,9 @@ func NewDefault(router adapter.Router, options option.DialerOptions) *DefaultDia
 	} else {
 		dialer.Timeout = C.TCPTimeout
 	}
+	if options.TCPFastOpen {
+		warnTFOOnUnsupportedPlatform.Check()
+	}
 	var udpFragment bool
 	if options.UDPFragment != nil {
 		udpFragment = *options.UDPFragment

common/dialer/tfo.go

@@ -128,6 +128,13 @@ func (c *slowOpenConn) NeedHandshake() bool {
 	return c.conn == nil
 }
 
+func (c *slowOpenConn) ReadFrom(r io.Reader) (n int64, err error) {
+	if c.conn != nil {
+		return bufio.Copy(c.conn, r)
+	}
+	return bufio.ReadFrom0(c, r)
+}
+
 func (c *slowOpenConn) WriteTo(w io.Writer) (n int64, err error) {
 	if c.conn == nil {
 		select {

common/mux/client.go

@@ -1,21 +1,524 @@
 package mux
 
 import (
+	"context"
+	"encoding/binary"
+	"io"
+	"net"
+	"sync"
+
 	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-mux"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	"github.com/sagernet/sing/common/bufio/deadline"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/x/list"
 )
 
-func NewClientWithOptions(dialer N.Dialer, options option.MultiplexOptions) (*Client, error) {
+var _ N.Dialer = (*Client)(nil)
+
+type Client struct {
+	access         sync.Mutex
+	connections    list.List[abstractSession]
+	ctx            context.Context
+	dialer         N.Dialer
+	protocol       Protocol
+	maxConnections int
+	minStreams     int
+	maxStreams     int
+}
+
+func NewClient(ctx context.Context, dialer N.Dialer, protocol Protocol, maxConnections int, minStreams int, maxStreams int) *Client {
+	return &Client{
+		ctx:            ctx,
+		dialer:         dialer,
+		protocol:       protocol,
+		maxConnections: maxConnections,
+		minStreams:     minStreams,
+		maxStreams:     maxStreams,
+	}
+}
+
+func NewClientWithOptions(ctx context.Context, dialer N.Dialer, options option.MultiplexOptions) (N.Dialer, error) {
 	if !options.Enabled {
 		return nil, nil
 	}
-	return mux.NewClient(mux.Options{
-		Dialer:         dialer,
-		Protocol:       options.Protocol,
-		MaxConnections: options.MaxConnections,
-		MinStreams:     options.MinStreams,
-		MaxStreams:     options.MaxStreams,
-		Padding:        options.Padding,
-	})
+	if options.MaxConnections == 0 && options.MaxStreams == 0 {
+		options.MinStreams = 8
+	}
+	protocol, err := ParseProtocol(options.Protocol)
+	if err != nil {
+		return nil, err
+	}
+	return NewClient(ctx, dialer, protocol, options.MaxConnections, options.MinStreams, options.MaxStreams), nil
+}
+
+func (c *Client) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	switch N.NetworkName(network) {
+	case N.NetworkTCP:
+		stream, err := c.openStream()
+		if err != nil {
+			return nil, err
+		}
+		return &ClientConn{Conn: stream, destination: destination}, nil
+	case N.NetworkUDP:
+		stream, err := c.openStream()
+		if err != nil {
+			return nil, err
+		}
+		return bufio.NewBindPacketConn(deadline.NewPacketConn(bufio.NewNetPacketConn(&ClientPacketConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: destination})), destination), nil
+	default:
+		return nil, E.Extend(N.ErrUnknownNetwork, network)
+	}
+}
+
+func (c *Client) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	stream, err := c.openStream()
+	if err != nil {
+		return nil, err
+	}
+	return deadline.NewPacketConn(&ClientPacketAddrConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: destination}), nil
+}
+
+func (c *Client) openStream() (net.Conn, error) {
+	var (
+		session abstractSession
+		stream  net.Conn
+		err     error
+	)
+	for attempts := 0; attempts < 2; attempts++ {
+		session, err = c.offer()
+		if err != nil {
+			continue
+		}
+		stream, err = session.Open()
+		if err != nil {
+			continue
+		}
+		break
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &wrapStream{stream}, nil
+}
+
+func (c *Client) offer() (abstractSession, error) {
+	c.access.Lock()
+	defer c.access.Unlock()
+
+	sessions := make([]abstractSession, 0, c.maxConnections)
+	for element := c.connections.Front(); element != nil; {
+		if element.Value.IsClosed() {
+			nextElement := element.Next()
+			c.connections.Remove(element)
+			element = nextElement
+			continue
+		}
+		sessions = append(sessions, element.Value)
+		element = element.Next()
+	}
+	sLen := len(sessions)
+	if sLen == 0 {
+		return c.offerNew()
+	}
+	session := common.MinBy(sessions, abstractSession.NumStreams)
+	numStreams := session.NumStreams()
+	if numStreams == 0 {
+		return session, nil
+	}
+	if c.maxConnections > 0 {
+		if sLen >= c.maxConnections || numStreams < c.minStreams {
+			return session, nil
+		}
+	} else {
+		if c.maxStreams > 0 && numStreams < c.maxStreams {
+			return session, nil
+		}
+	}
+	return c.offerNew()
+}
+
+func (c *Client) offerNew() (abstractSession, error) {
+	conn, err := c.dialer.DialContext(c.ctx, N.NetworkTCP, Destination)
+	if err != nil {
+		return nil, err
+	}
+	if vectorisedWriter, isVectorised := bufio.CreateVectorisedWriter(conn); isVectorised {
+		conn = &vectorisedProtocolConn{protocolConn{Conn: conn, protocol: c.protocol}, vectorisedWriter}
+	} else {
+		conn = &protocolConn{Conn: conn, protocol: c.protocol}
+	}
+	session, err := c.protocol.newClient(conn)
+	if err != nil {
+		return nil, err
+	}
+	c.connections.PushBack(session)
+	return session, nil
+}
+
+func (c *Client) Close() error {
+	c.access.Lock()
+	defer c.access.Unlock()
+	for _, session := range c.connections.Array() {
+		session.Close()
+	}
+	return nil
+}
+
+type ClientConn struct {
+	net.Conn
+	destination  M.Socksaddr
+	requestWrite bool
+	responseRead bool
+}
+
+func (c *ClientConn) readResponse() error {
+	response, err := ReadStreamResponse(c.Conn)
+	if err != nil {
+		return err
+	}
+	if response.Status == statusError {
+		return E.New("remote error: ", response.Message)
+	}
+	return nil
+}
+
+func (c *ClientConn) Read(b []byte) (n int, err error) {
+	if !c.responseRead {
+		err = c.readResponse()
+		if err != nil {
+			return
+		}
+		c.responseRead = true
+	}
+	return c.Conn.Read(b)
+}
+
+func (c *ClientConn) Write(b []byte) (n int, err error) {
+	if c.requestWrite {
+		return c.Conn.Write(b)
+	}
+	request := StreamRequest{
+		Network:     N.NetworkTCP,
+		Destination: c.destination,
+	}
+	_buffer := buf.StackNewSize(requestLen(request) + len(b))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	EncodeStreamRequest(request, buffer)
+	buffer.Write(b)
+	_, err = c.Conn.Write(buffer.Bytes())
+	if err != nil {
+		return
+	}
+	c.requestWrite = true
+	return len(b), nil
+}
+
+func (c *ClientConn) ReadFrom(r io.Reader) (n int64, err error) {
+	if !c.requestWrite {
+		return bufio.ReadFrom0(c, r)
+	}
+	return bufio.Copy(c.Conn, r)
+}
+
+func (c *ClientConn) WriteTo(w io.Writer) (n int64, err error) {
+	if !c.responseRead {
+		return bufio.WriteTo0(c, w)
+	}
+	return bufio.Copy(w, c.Conn)
+}
+
+func (c *ClientConn) LocalAddr() net.Addr {
+	return c.Conn.LocalAddr()
+}
+
+func (c *ClientConn) RemoteAddr() net.Addr {
+	return c.destination.TCPAddr()
+}
+
+func (c *ClientConn) ReaderReplaceable() bool {
+	return c.responseRead
+}
+
+func (c *ClientConn) WriterReplaceable() bool {
+	return c.requestWrite
+}
+
+func (c *ClientConn) Upstream() any {
+	return c.Conn
+}
+
+type ClientPacketConn struct {
+	N.ExtendedConn
+	destination  M.Socksaddr
+	requestWrite bool
+	responseRead bool
+}
+
+func (c *ClientPacketConn) readResponse() error {
+	response, err := ReadStreamResponse(c.ExtendedConn)
+	if err != nil {
+		return err
+	}
+	if response.Status == statusError {
+		return E.New("remote error: ", response.Message)
+	}
+	return nil
+}
+
+func (c *ClientPacketConn) Read(b []byte) (n int, err error) {
+	if !c.responseRead {
+		err = c.readResponse()
+		if err != nil {
+			return
+		}
+		c.responseRead = true
+	}
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	if cap(b) < int(length) {
+		return 0, io.ErrShortBuffer
+	}
+	return io.ReadFull(c.ExtendedConn, b[:length])
+}
+
+func (c *ClientPacketConn) writeRequest(payload []byte) (n int, err error) {
+	request := StreamRequest{
+		Network:     N.NetworkUDP,
+		Destination: c.destination,
+	}
+	rLen := requestLen(request)
+	if len(payload) > 0 {
+		rLen += 2 + len(payload)
+	}
+	_buffer := buf.StackNewSize(rLen)
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	EncodeStreamRequest(request, buffer)
+	if len(payload) > 0 {
+		common.Must(
+			binary.Write(buffer, binary.BigEndian, uint16(len(payload))),
+			common.Error(buffer.Write(payload)),
+		)
+	}
+	_, err = c.ExtendedConn.Write(buffer.Bytes())
+	if err != nil {
+		return
+	}
+	c.requestWrite = true
+	return len(payload), nil
+}
+
+func (c *ClientPacketConn) Write(b []byte) (n int, err error) {
+	if !c.requestWrite {
+		return c.writeRequest(b)
+	}
+	err = binary.Write(c.ExtendedConn, binary.BigEndian, uint16(len(b)))
+	if err != nil {
+		return
+	}
+	return c.ExtendedConn.Write(b)
+}
+
+func (c *ClientPacketConn) ReadBuffer(buffer *buf.Buffer) (err error) {
+	if !c.responseRead {
+		err = c.readResponse()
+		if err != nil {
+			return
+		}
+		c.responseRead = true
+	}
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
+	return
+}
+
+func (c *ClientPacketConn) WriteBuffer(buffer *buf.Buffer) error {
+	if !c.requestWrite {
+		defer buffer.Release()
+		return common.Error(c.writeRequest(buffer.Bytes()))
+	}
+	bLen := buffer.Len()
+	binary.BigEndian.PutUint16(buffer.ExtendHeader(2), uint16(bLen))
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ClientPacketConn) FrontHeadroom() int {
+	return 2
+}
+
+func (c *ClientPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	err = c.ReadBuffer(buffer)
+	return
+}
+
+func (c *ClientPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	return c.WriteBuffer(buffer)
+}
+
+func (c *ClientPacketConn) LocalAddr() net.Addr {
+	return c.ExtendedConn.LocalAddr()
+}
+
+func (c *ClientPacketConn) RemoteAddr() net.Addr {
+	return c.destination.UDPAddr()
+}
+
+func (c *ClientPacketConn) Upstream() any {
+	return c.ExtendedConn
+}
+
+var _ N.NetPacketConn = (*ClientPacketAddrConn)(nil)
+
+type ClientPacketAddrConn struct {
+	N.ExtendedConn
+	destination  M.Socksaddr
+	requestWrite bool
+	responseRead bool
+}
+
+func (c *ClientPacketAddrConn) readResponse() error {
+	response, err := ReadStreamResponse(c.ExtendedConn)
+	if err != nil {
+		return err
+	}
+	if response.Status == statusError {
+		return E.New("remote error: ", response.Message)
+	}
+	return nil
+}
+
+func (c *ClientPacketAddrConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	if !c.responseRead {
+		err = c.readResponse()
+		if err != nil {
+			return
+		}
+		c.responseRead = true
+	}
+	destination, err := M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
+	if err != nil {
+		return
+	}
+	if destination.IsFqdn() {
+		addr = destination
+	} else {
+		addr = destination.UDPAddr()
+	}
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	if cap(p) < int(length) {
+		return 0, nil, io.ErrShortBuffer
+	}
+	n, err = io.ReadFull(c.ExtendedConn, p[:length])
+	return
+}
+
+func (c *ClientPacketAddrConn) writeRequest(payload []byte, destination M.Socksaddr) (n int, err error) {
+	request := StreamRequest{
+		Network:     N.NetworkUDP,
+		Destination: c.destination,
+		PacketAddr:  true,
+	}
+	rLen := requestLen(request)
+	if len(payload) > 0 {
+		rLen += M.SocksaddrSerializer.AddrPortLen(destination) + 2 + len(payload)
+	}
+	_buffer := buf.StackNewSize(rLen)
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	EncodeStreamRequest(request, buffer)
+	if len(payload) > 0 {
+		common.Must(
+			M.SocksaddrSerializer.WriteAddrPort(buffer, destination),
+			binary.Write(buffer, binary.BigEndian, uint16(len(payload))),
+			common.Error(buffer.Write(payload)),
+		)
+	}
+	_, err = c.ExtendedConn.Write(buffer.Bytes())
+	if err != nil {
+		return
+	}
+	c.requestWrite = true
+	return len(payload), nil
+}
+
+func (c *ClientPacketAddrConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	if !c.requestWrite {
+		return c.writeRequest(p, M.SocksaddrFromNet(addr))
+	}
+	err = M.SocksaddrSerializer.WriteAddrPort(c.ExtendedConn, M.SocksaddrFromNet(addr))
+	if err != nil {
+		return
+	}
+	err = binary.Write(c.ExtendedConn, binary.BigEndian, uint16(len(p)))
+	if err != nil {
+		return
+	}
+	return c.ExtendedConn.Write(p)
+}
+
+func (c *ClientPacketAddrConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	if !c.responseRead {
+		err = c.readResponse()
+		if err != nil {
+			return
+		}
+		c.responseRead = true
+	}
+	destination, err = M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
+	if err != nil {
+		return
+	}
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
+	return
+}
+
+func (c *ClientPacketAddrConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	if !c.requestWrite {
+		defer buffer.Release()
+		return common.Error(c.writeRequest(buffer.Bytes(), destination))
+	}
+	bLen := buffer.Len()
+	header := buf.With(buffer.ExtendHeader(M.SocksaddrSerializer.AddrPortLen(destination) + 2))
+	common.Must(
+		M.SocksaddrSerializer.WriteAddrPort(header, destination),
+		binary.Write(header, binary.BigEndian, uint16(bLen)),
+	)
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ClientPacketAddrConn) LocalAddr() net.Addr {
+	return c.ExtendedConn.LocalAddr()
+}
+
+func (c *ClientPacketAddrConn) FrontHeadroom() int {
+	return 2 + M.MaxSocksaddrLength
+}
+
+func (c *ClientPacketAddrConn) Upstream() any {
+	return c.ExtendedConn
 }

common/mux/protocol.go

@@ -1,14 +1,240 @@
 package mux
 
 import (
-	"github.com/sagernet/sing-mux"
+	"encoding/binary"
+	"io"
+	"net"
+
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/rw"
+	"github.com/sagernet/smux"
+
+	"github.com/hashicorp/yamux"
 )
 
-type (
-	Client = mux.Client
+var Destination = M.Socksaddr{
+	Fqdn: "sp.mux.sing-box.arpa",
+	Port: 444,
+}
+
+const (
+	ProtocolSMux Protocol = iota
+	ProtocolYAMux
 )
 
-var (
-	Destination      = mux.Destination
-	HandleConnection = mux.HandleConnection
+type Protocol byte
+
+func ParseProtocol(name string) (Protocol, error) {
+	switch name {
+	case "", "smux":
+		return ProtocolSMux, nil
+	case "yamux":
+		return ProtocolYAMux, nil
+	default:
+		return ProtocolYAMux, E.New("unknown multiplex protocol: ", name)
+	}
+}
+
+func (p Protocol) newServer(conn net.Conn) (abstractSession, error) {
+	switch p {
+	case ProtocolSMux:
+		session, err := smux.Server(conn, smuxConfig())
+		if err != nil {
+			return nil, err
+		}
+		return &smuxSession{session}, nil
+	case ProtocolYAMux:
+		return yamux.Server(conn, yaMuxConfig())
+	default:
+		panic("unknown protocol")
+	}
+}
+
+func (p Protocol) newClient(conn net.Conn) (abstractSession, error) {
+	switch p {
+	case ProtocolSMux:
+		session, err := smux.Client(conn, smuxConfig())
+		if err != nil {
+			return nil, err
+		}
+		return &smuxSession{session}, nil
+	case ProtocolYAMux:
+		return yamux.Client(conn, yaMuxConfig())
+	default:
+		panic("unknown protocol")
+	}
+}
+
+func smuxConfig() *smux.Config {
+	config := smux.DefaultConfig()
+	config.KeepAliveDisabled = true
+	return config
+}
+
+func yaMuxConfig() *yamux.Config {
+	config := yamux.DefaultConfig()
+	config.LogOutput = io.Discard
+	config.StreamCloseTimeout = C.TCPTimeout
+	config.StreamOpenTimeout = C.TCPTimeout
+	return config
+}
+
+func (p Protocol) String() string {
+	switch p {
+	case ProtocolSMux:
+		return "smux"
+	case ProtocolYAMux:
+		return "yamux"
+	default:
+		return "unknown"
+	}
+}
+
+const (
+	version0 = 0
 )
+
+type Request struct {
+	Protocol Protocol
+}
+
+func ReadRequest(reader io.Reader) (*Request, error) {
+	version, err := rw.ReadByte(reader)
+	if err != nil {
+		return nil, err
+	}
+	if version != version0 {
+		return nil, E.New("unsupported version: ", version)
+	}
+	protocol, err := rw.ReadByte(reader)
+	if err != nil {
+		return nil, err
+	}
+	if protocol > byte(ProtocolYAMux) {
+		return nil, E.New("unsupported protocol: ", protocol)
+	}
+	return &Request{Protocol: Protocol(protocol)}, nil
+}
+
+func EncodeRequest(buffer *buf.Buffer, request Request) {
+	buffer.WriteByte(version0)
+	buffer.WriteByte(byte(request.Protocol))
+}
+
+const (
+	flagUDP       = 1
+	flagAddr      = 2
+	statusSuccess = 0
+	statusError   = 1
+)
+
+type StreamRequest struct {
+	Network     string
+	Destination M.Socksaddr
+	PacketAddr  bool
+}
+
+func ReadStreamRequest(reader io.Reader) (*StreamRequest, error) {
+	var flags uint16
+	err := binary.Read(reader, binary.BigEndian, &flags)
+	if err != nil {
+		return nil, err
+	}
+	destination, err := M.SocksaddrSerializer.ReadAddrPort(reader)
+	if err != nil {
+		return nil, err
+	}
+	var network string
+	var udpAddr bool
+	if flags&flagUDP == 0 {
+		network = N.NetworkTCP
+	} else {
+		network = N.NetworkUDP
+		udpAddr = flags&flagAddr != 0
+	}
+	return &StreamRequest{network, destination, udpAddr}, nil
+}
+
+func requestLen(request StreamRequest) int {
+	var rLen int
+	rLen += 1 // version
+	rLen += 2 // flags
+	rLen += M.SocksaddrSerializer.AddrPortLen(request.Destination)
+	return rLen
+}
+
+func EncodeStreamRequest(request StreamRequest, buffer *buf.Buffer) {
+	destination := request.Destination
+	var flags uint16
+	if request.Network == N.NetworkUDP {
+		flags |= flagUDP
+	}
+	if request.PacketAddr {
+		flags |= flagAddr
+		if !destination.IsValid() {
+			destination = Destination
+		}
+	}
+	common.Must(
+		binary.Write(buffer, binary.BigEndian, flags),
+		M.SocksaddrSerializer.WriteAddrPort(buffer, destination),
+	)
+}
+
+type StreamResponse struct {
+	Status  uint8
+	Message string
+}
+
+func ReadStreamResponse(reader io.Reader) (*StreamResponse, error) {
+	var response StreamResponse
+	status, err := rw.ReadByte(reader)
+	if err != nil {
+		return nil, err
+	}
+	response.Status = status
+	if status == statusError {
+		response.Message, err = rw.ReadVString(reader)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return &response, nil
+}
+
+type wrapStream struct {
+	net.Conn
+}
+
+func (w *wrapStream) Read(p []byte) (n int, err error) {
+	n, err = w.Conn.Read(p)
+	err = wrapError(err)
+	return
+}
+
+func (w *wrapStream) Write(p []byte) (n int, err error) {
+	n, err = w.Conn.Write(p)
+	err = wrapError(err)
+	return
+}
+
+func (w *wrapStream) WriteIsThreadUnsafe() {
+}
+
+func (w *wrapStream) Upstream() any {
+	return w.Conn
+}
+
+func wrapError(err error) error {
+	switch err {
+	case yamux.ErrStreamClosed:
+		return io.EOF
+	default:
+		return err
+	}
+}

common/mux/service.go

@@ -0,0 +1,258 @@
+package mux
+
+import (
+	"context"
+	"encoding/binary"
+	"net"
+
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	"github.com/sagernet/sing/common/bufio/deadline"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/rw"
+	"github.com/sagernet/sing/common/task"
+)
+
+func NewConnection(ctx context.Context, router adapter.Router, errorHandler E.Handler, logger log.ContextLogger, conn net.Conn, metadata adapter.InboundContext) error {
+	request, err := ReadRequest(conn)
+	if err != nil {
+		return err
+	}
+	session, err := request.Protocol.newServer(conn)
+	if err != nil {
+		return err
+	}
+	var group task.Group
+	group.Append0(func(ctx context.Context) error {
+		var stream net.Conn
+		for {
+			stream, err = session.Accept()
+			if err != nil {
+				return err
+			}
+			go newConnection(ctx, router, errorHandler, logger, stream, metadata)
+		}
+	})
+	group.Cleanup(func() {
+		session.Close()
+	})
+	return group.Run(ctx)
+}
+
+func newConnection(ctx context.Context, router adapter.Router, errorHandler E.Handler, logger log.ContextLogger, stream net.Conn, metadata adapter.InboundContext) {
+	stream = &wrapStream{stream}
+	request, err := ReadStreamRequest(stream)
+	if err != nil {
+		logger.ErrorContext(ctx, err)
+		return
+	}
+	metadata.Destination = request.Destination
+	if request.Network == N.NetworkTCP {
+		logger.InfoContext(ctx, "inbound multiplex connection to ", metadata.Destination)
+		hErr := router.RouteConnection(ctx, &ServerConn{ExtendedConn: bufio.NewExtendedConn(stream)}, metadata)
+		stream.Close()
+		if hErr != nil {
+			errorHandler.NewError(ctx, hErr)
+		}
+	} else {
+		var packetConn N.PacketConn
+		if !request.PacketAddr {
+			logger.InfoContext(ctx, "inbound multiplex packet connection to ", metadata.Destination)
+			packetConn = &ServerPacketConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: request.Destination}
+		} else {
+			logger.InfoContext(ctx, "inbound multiplex packet connection")
+			packetConn = &ServerPacketAddrConn{ExtendedConn: bufio.NewExtendedConn(stream)}
+		}
+		hErr := router.RoutePacketConnection(ctx, deadline.NewPacketConn(bufio.NewNetPacketConn(packetConn)), metadata)
+		stream.Close()
+		if hErr != nil {
+			errorHandler.NewError(ctx, hErr)
+		}
+	}
+}
+
+var _ N.HandshakeConn = (*ServerConn)(nil)
+
+type ServerConn struct {
+	N.ExtendedConn
+	responseWrite bool
+}
+
+func (c *ServerConn) HandshakeFailure(err error) error {
+	errMessage := err.Error()
+	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	common.Must(
+		buffer.WriteByte(statusError),
+		rw.WriteVString(_buffer, errMessage),
+	)
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerConn) Write(b []byte) (n int, err error) {
+	if c.responseWrite {
+		return c.ExtendedConn.Write(b)
+	}
+	_buffer := buf.StackNewSize(1 + len(b))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	common.Must(
+		buffer.WriteByte(statusSuccess),
+		common.Error(buffer.Write(b)),
+	)
+	_, err = c.ExtendedConn.Write(buffer.Bytes())
+	if err != nil {
+		return
+	}
+	c.responseWrite = true
+	return len(b), nil
+}
+
+func (c *ServerConn) WriteBuffer(buffer *buf.Buffer) error {
+	if c.responseWrite {
+		return c.ExtendedConn.WriteBuffer(buffer)
+	}
+	buffer.ExtendHeader(1)[0] = statusSuccess
+	c.responseWrite = true
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerConn) FrontHeadroom() int {
+	if !c.responseWrite {
+		return 1
+	}
+	return 0
+}
+
+func (c *ServerConn) Upstream() any {
+	return c.ExtendedConn
+}
+
+var (
+	_ N.HandshakeConn = (*ServerPacketConn)(nil)
+	_ N.PacketConn    = (*ServerPacketConn)(nil)
+)
+
+type ServerPacketConn struct {
+	N.ExtendedConn
+	destination   M.Socksaddr
+	responseWrite bool
+}
+
+func (c *ServerPacketConn) HandshakeFailure(err error) error {
+	errMessage := err.Error()
+	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	common.Must(
+		buffer.WriteByte(statusError),
+		rw.WriteVString(_buffer, errMessage),
+	)
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
+	if err != nil {
+		return
+	}
+	destination = c.destination
+	return
+}
+
+func (c *ServerPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	pLen := buffer.Len()
+	common.Must(binary.Write(buf.With(buffer.ExtendHeader(2)), binary.BigEndian, uint16(pLen)))
+	if !c.responseWrite {
+		buffer.ExtendHeader(1)[0] = statusSuccess
+		c.responseWrite = true
+	}
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerPacketConn) Upstream() any {
+	return c.ExtendedConn
+}
+
+func (c *ServerPacketConn) FrontHeadroom() int {
+	if !c.responseWrite {
+		return 3
+	}
+	return 2
+}
+
+var (
+	_ N.HandshakeConn = (*ServerPacketAddrConn)(nil)
+	_ N.PacketConn    = (*ServerPacketAddrConn)(nil)
+)
+
+type ServerPacketAddrConn struct {
+	N.ExtendedConn
+	responseWrite bool
+}
+
+func (c *ServerPacketAddrConn) HandshakeFailure(err error) error {
+	errMessage := err.Error()
+	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	common.Must(
+		buffer.WriteByte(statusError),
+		rw.WriteVString(_buffer, errMessage),
+	)
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerPacketAddrConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	destination, err = M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
+	if err != nil {
+		return
+	}
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
+	if err != nil {
+		return
+	}
+	return
+}
+
+func (c *ServerPacketAddrConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	pLen := buffer.Len()
+	common.Must(binary.Write(buf.With(buffer.ExtendHeader(2)), binary.BigEndian, uint16(pLen)))
+	common.Must(M.SocksaddrSerializer.WriteAddrPort(buf.With(buffer.ExtendHeader(M.SocksaddrSerializer.AddrPortLen(destination))), destination))
+	if !c.responseWrite {
+		buffer.ExtendHeader(1)[0] = statusSuccess
+		c.responseWrite = true
+	}
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerPacketAddrConn) Upstream() any {
+	return c.ExtendedConn
+}
+
+func (c *ServerPacketAddrConn) FrontHeadroom() int {
+	if !c.responseWrite {
+		return 3 + M.MaxSocksaddrLength
+	}
+	return 2 + M.MaxSocksaddrLength
+}

common/mux/session.go

@@ -0,0 +1,91 @@
+package mux
+
+import (
+	"io"
+	"net"
+
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/smux"
+)
+
+type abstractSession interface {
+	Open() (net.Conn, error)
+	Accept() (net.Conn, error)
+	NumStreams() int
+	Close() error
+	IsClosed() bool
+}
+
+var _ abstractSession = (*smuxSession)(nil)
+
+type smuxSession struct {
+	*smux.Session
+}
+
+func (s *smuxSession) Open() (net.Conn, error) {
+	return s.OpenStream()
+}
+
+func (s *smuxSession) Accept() (net.Conn, error) {
+	return s.AcceptStream()
+}
+
+type protocolConn struct {
+	net.Conn
+	protocol        Protocol
+	protocolWritten bool
+}
+
+func (c *protocolConn) Write(p []byte) (n int, err error) {
+	if c.protocolWritten {
+		return c.Conn.Write(p)
+	}
+	_buffer := buf.StackNewSize(2 + len(p))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	EncodeRequest(buffer, Request{
+		Protocol: c.protocol,
+	})
+	common.Must(common.Error(buffer.Write(p)))
+	n, err = c.Conn.Write(buffer.Bytes())
+	if err == nil {
+		n--
+	}
+	c.protocolWritten = true
+	return n, err
+}
+
+func (c *protocolConn) ReadFrom(r io.Reader) (n int64, err error) {
+	if !c.protocolWritten {
+		return bufio.ReadFrom0(c, r)
+	}
+	return bufio.Copy(c.Conn, r)
+}
+
+func (c *protocolConn) Upstream() any {
+	return c.Conn
+}
+
+type vectorisedProtocolConn struct {
+	protocolConn
+	N.VectorisedWriter
+}
+
+func (c *vectorisedProtocolConn) WriteVectorised(buffers []*buf.Buffer) error {
+	if c.protocolWritten {
+		return c.VectorisedWriter.WriteVectorised(buffers)
+	}
+	c.protocolWritten = true
+	_buffer := buf.StackNewSize(2)
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	EncodeRequest(buffer, Request{
+		Protocol: c.protocol,
+	})
+	return c.VectorisedWriter.WriteVectorised(append([]*buf.Buffer{buffer}, buffers...))
+}

common/process/searcher_linux_shared.go

@@ -15,6 +15,7 @@ import (
 	"unicode"
 	"unsafe"
 
+	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
@@ -81,7 +82,9 @@ func resolveSocketByNetlink(network string, source netip.AddrPort, destination n
 		return 0, 0, E.Cause(err, "write netlink request")
 	}
 
-	buffer := buf.New()
+	_buffer := buf.StackNew()
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
 	defer buffer.Release()
 
 	n, err := syscall.Read(socket, buffer.FreeBytes())

common/sniff/dns.go

@@ -26,7 +26,9 @@ func StreamDomainNameQuery(readCtx context.Context, reader io.Reader) (*adapter.
 	if length == 0 {
 		return nil, os.ErrInvalid
 	}
-	buffer := buf.NewSize(int(length))
+	_buffer := buf.StackNewSize(int(length))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
 	defer buffer.Release()
 
 	readCtx, cancel := context.WithTimeout(readCtx, time.Millisecond*100)

common/sniff/http.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/sagernet/sing-box/adapter"
 	C "github.com/sagernet/sing-box/constant"
-	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/protocol/http"
 )
 
@@ -16,5 +15,5 @@ func HTTPHost(ctx context.Context, reader io.Reader) (*adapter.InboundContext, e
 	if err != nil {
 		return nil, err
 	}
-	return &adapter.InboundContext{Protocol: C.ProtocolHTTP, Domain: M.ParseSocksaddr(request.Host).AddrString()}, nil
+	return &adapter.InboundContext{Protocol: C.ProtocolHTTP, Domain: request.Host}, nil
 }

common/sniff/http_test.go

@@ -1,27 +0,0 @@
-package sniff_test
-
-import (
-	"context"
-	"strings"
-	"testing"
-
-	"github.com/sagernet/sing-box/common/sniff"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestSniffHTTP1(t *testing.T) {
-	t.Parallel()
-	pkt := "GET / HTTP/1.1\r\nHost: www.google.com\r\nAccept: */*\r\n\r\n"
-	metadata, err := sniff.HTTPHost(context.Background(), strings.NewReader(pkt))
-	require.NoError(t, err)
-	require.Equal(t, metadata.Domain, "www.google.com")
-}
-
-func TestSniffHTTP1WithPort(t *testing.T) {
-	t.Parallel()
-	pkt := "GET / HTTP/1.1\r\nHost: www.gov.cn:8080\r\nAccept: */*\r\n\r\n"
-	metadata, err := sniff.HTTPHost(context.Background(), strings.NewReader(pkt))
-	require.NoError(t, err)
-	require.Equal(t, metadata.Domain, "www.gov.cn")
-}

common/tls/acme.go

@@ -21,7 +21,6 @@ import (
 type acmeWrapper struct {
 	ctx    context.Context
 	cfg    *certmagic.Config
-	cache  *certmagic.Cache
 	domain []string
 }
 
@@ -30,7 +29,7 @@ func (w *acmeWrapper) Start() error {
 }
 
 func (w *acmeWrapper) Close() error {
-	w.cache.Stop()
+	w.cfg.Unmanage(w.domain)
 	return nil
 }
 
@@ -78,11 +77,10 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
 		acmeConfig.ExternalAccount = (*acme.EAB)(options.ExternalAccount)
 	}
 	config.Issuers = []certmagic.Issuer{certmagic.NewACMEIssuer(config, acmeConfig)}
-	cache := certmagic.NewCache(certmagic.CacheOptions{
+	config = certmagic.New(certmagic.NewCache(certmagic.CacheOptions{
 		GetConfigForCert: func(certificate certmagic.Certificate) (*certmagic.Config, error) {
 			return config, nil
 		},
-	})
-	config = certmagic.New(cache, *config)
-	return config.TLSConfig(), &acmeWrapper{ctx: ctx, cfg: config, cache: cache, domain: options.Domain}, nil
+	}), *config)
+	return config.TLSConfig(), &acmeWrapper{ctx, config, options.Domain}, nil
 }

common/tls/reality_client.go

@@ -111,16 +111,6 @@ func (e *RealityClientConfig) ClientHandshake(ctx context.Context, conn net.Conn
 	if err != nil {
 		return nil, err
 	}
-
-	if len(uConfig.NextProtos) > 0 {
-		for _, extension := range uConn.Extensions {
-			if alpnExtension, isALPN := extension.(*utls.ALPNExtension); isALPN {
-				alpnExtension.AlpnProtocols = uConfig.NextProtos
-				break
-			}
-		}
-	}
-
 	hello := uConn.HandshakeState.Hello
 	hello.SessionId = make([]byte, 32)
 	copy(hello.Raw[39:], hello.SessionId)
@@ -135,7 +125,7 @@ func (e *RealityClientConfig) ClientHandshake(ctx context.Context, conn net.Conn
 
 	hello.SessionId[0] = 1
 	hello.SessionId[1] = 8
-	hello.SessionId[2] = 1
+	hello.SessionId[2] = 0
 	binary.BigEndian.PutUint32(hello.SessionId[4:], uint32(time.Now().Unix()))
 	copy(hello.SessionId[8:], e.shortID[:])
 

common/tls/utls_client.go

@@ -3,7 +3,6 @@
 package tls
 
 import (
-	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"math/rand"
@@ -48,7 +47,7 @@ func (e *UTLSClientConfig) Config() (*STDConfig, error) {
 }
 
 func (e *UTLSClientConfig) Client(conn net.Conn) (Conn, error) {
-	return &utlsALPNWrapper{utlsConnWrapper{utls.UClient(conn, e.config.Clone(), e.id)}, e.config.NextProtos}, nil
+	return &utlsConnWrapper{utls.UClient(conn, e.config.Clone(), e.id)}, nil
 }
 
 func (e *UTLSClientConfig) SetSessionIDGenerator(generator func(clientHello []byte, sessionID []byte) error) {
@@ -88,31 +87,6 @@ func (c *utlsConnWrapper) Upstream() any {
 	return c.UConn
 }
 
-type utlsALPNWrapper struct {
-	utlsConnWrapper
-	nextProtocols []string
-}
-
-func (c *utlsALPNWrapper) HandshakeContext(ctx context.Context) error {
-	if len(c.nextProtocols) > 0 {
-		err := c.BuildHandshakeState()
-		if err != nil {
-			return err
-		}
-		for _, extension := range c.Extensions {
-			if alpnExtension, isALPN := extension.(*utls.ALPNExtension); isALPN {
-				alpnExtension.AlpnProtocols = c.nextProtocols
-				err = c.BuildHandshakeState()
-				if err != nil {
-					return err
-				}
-				break
-			}
-		}
-	}
-	return c.UConn.HandshakeContext(ctx)
-}
-
 func NewUTLSClient(router adapter.Router, serverAddress string, options option.OutboundTLSOptions) (*UTLSClientConfig, error) {
 	var serverName string
 	if options.ServerName != "" {

common/urltest/urltest.go

@@ -10,7 +10,6 @@ import (
 
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/x/list"
 )
 
 type History struct {
@@ -21,7 +20,6 @@ type History struct {
 type HistoryStorage struct {
 	access       sync.RWMutex
 	delayHistory map[string]*History
-	callbacks    list.List[func()]
 }
 
 func NewHistoryStorage() *HistoryStorage {
@@ -30,18 +28,6 @@ func NewHistoryStorage() *HistoryStorage {
 	}
 }
 
-func (s *HistoryStorage) AddListener(listener func()) *list.Element[func()] {
-	s.access.Lock()
-	defer s.access.Unlock()
-	return s.callbacks.PushBack(listener)
-}
-
-func (s *HistoryStorage) RemoveListener(element *list.Element[func()]) {
-	s.access.Lock()
-	defer s.access.Unlock()
-	s.callbacks.Remove(element)
-}
-
 func (s *HistoryStorage) LoadURLTestHistory(tag string) *History {
 	if s == nil {
 		return nil
@@ -53,24 +39,14 @@ func (s *HistoryStorage) LoadURLTestHistory(tag string) *History {
 
 func (s *HistoryStorage) DeleteURLTestHistory(tag string) {
 	s.access.Lock()
+	defer s.access.Unlock()
 	delete(s.delayHistory, tag)
-	s.access.Unlock()
-	s.notifyUpdated()
 }
 
 func (s *HistoryStorage) StoreURLTestHistory(tag string, history *History) {
 	s.access.Lock()
+	defer s.access.Unlock()
 	s.delayHistory[tag] = history
-	s.access.Unlock()
-	s.notifyUpdated()
-}
-
-func (s *HistoryStorage) notifyUpdated() {
-	s.access.RLock()
-	defer s.access.RUnlock()
-	for element := s.callbacks.Front(); element != nil; element = element.Next() {
-		element.Value()
-	}
 }
 
 func URLTest(ctx context.Context, link string, detour N.Dialer) (t uint16, err error) {

common/warning/warning.go

@@ -0,0 +1,31 @@
+package warning
+
+import (
+	"sync"
+
+	"github.com/sagernet/sing-box/log"
+)
+
+type Warning struct {
+	logger    log.Logger
+	check     CheckFunc
+	message   string
+	checkOnce sync.Once
+}
+
+type CheckFunc = func() bool
+
+func New(checkFunc CheckFunc, message string) Warning {
+	return Warning{
+		check:   checkFunc,
+		message: message,
+	}
+}
+
+func (w *Warning) Check() {
+	w.checkOnce.Do(func() {
+		if w.check() {
+			log.Warn(w.message)
+		}
+	})
+}

constant/path.go

@@ -3,13 +3,40 @@ package constant
 import (
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/sagernet/sing/common/rw"
 )
 
 const dirName = "sing-box"
 
-var resourcePaths []string
+var (
+	basePath      string
+	tempPath      string
+	resourcePaths []string
+)
+
+func BasePath(name string) string {
+	if basePath == "" || strings.HasPrefix(name, "/") {
+		return name
+	}
+	return filepath.Join(basePath, name)
+}
+
+func CreateTemp(pattern string) (*os.File, error) {
+	if tempPath == "" {
+		tempPath = os.TempDir()
+	}
+	return os.CreateTemp(tempPath, pattern)
+}
+
+func SetBasePath(path string) {
+	basePath = path
+}
+
+func SetTempPath(path string) {
+	tempPath = path
+}
 
 func FindPath(name string) (string, bool) {
 	name = os.ExpandEnv(name)

debug.go

@@ -10,7 +10,6 @@ import (
 )
 
 func applyDebugOptions(options option.DebugOptions) {
-	applyDebugListenOption(options)
 	if options.GCPercent != nil {
 		debug.SetGCPercent(*options.GCPercent)
 	}

debug_go118.go

@@ -10,7 +10,6 @@ import (
 )
 
 func applyDebugOptions(options option.DebugOptions) {
-	applyDebugListenOption(options)
 	if options.GCPercent != nil {
 		debug.SetGCPercent(*options.GCPercent)
 	}

debug_http.go

@@ -1,67 +0,0 @@
-package box
-
-import (
-	"net/http"
-	"net/http/pprof"
-	"runtime"
-	"runtime/debug"
-
-	"github.com/sagernet/sing-box/common/badjson"
-	"github.com/sagernet/sing-box/common/json"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	E "github.com/sagernet/sing/common/exceptions"
-
-	"github.com/dustin/go-humanize"
-	"github.com/go-chi/chi/v5"
-)
-
-var debugHTTPServer *http.Server
-
-func applyDebugListenOption(options option.DebugOptions) {
-	if debugHTTPServer != nil {
-		debugHTTPServer.Close()
-		debugHTTPServer = nil
-	}
-	if options.Listen == "" {
-		return
-	}
-	r := chi.NewMux()
-	r.Route("/debug", func(r chi.Router) {
-		r.Get("/gc", func(writer http.ResponseWriter, request *http.Request) {
-			writer.WriteHeader(http.StatusNoContent)
-			go debug.FreeOSMemory()
-		})
-		r.Get("/memory", func(writer http.ResponseWriter, request *http.Request) {
-			var memStats runtime.MemStats
-			runtime.ReadMemStats(&memStats)
-
-			var memObject badjson.JSONObject
-			memObject.Put("heap", humanize.IBytes(memStats.HeapInuse))
-			memObject.Put("stack", humanize.IBytes(memStats.StackInuse))
-			memObject.Put("idle", humanize.IBytes(memStats.HeapIdle-memStats.HeapReleased))
-			memObject.Put("goroutines", runtime.NumGoroutine())
-			memObject.Put("rss", rusageMaxRSS())
-
-			encoder := json.NewEncoder(writer)
-			encoder.SetIndent("", "  ")
-			encoder.Encode(memObject)
-		})
-		r.HandleFunc("/pprof", pprof.Index)
-		r.HandleFunc("/pprof/*", pprof.Index)
-		r.HandleFunc("/pprof/cmdline", pprof.Cmdline)
-		r.HandleFunc("/pprof/profile", pprof.Profile)
-		r.HandleFunc("/pprof/symbol", pprof.Symbol)
-		r.HandleFunc("/pprof/trace", pprof.Trace)
-	})
-	debugHTTPServer = &http.Server{
-		Addr:    options.Listen,
-		Handler: r,
-	}
-	go func() {
-		err := debugHTTPServer.ListenAndServe()
-		if err != nil && !E.IsClosed(err) {
-			log.Error(E.Cause(err, "serve debug HTTP server"))
-		}
-	}()
-}

docs/changelog.md

@@ -1,144 +1,3 @@
-#### 1.3.3
-
-* Fixes and improvements
-
-#### 1.3.1-rc.1
-
-* Fix bugs and update dependencies
-
-#### 1.3.1-beta.3
-
-* Introducing our [new iOS](/installation/clients/sfi) and [macOS](/installation/clients/sfm) client applications **1**
-* Fixes and improvements
-
-**1**:
-
-The old testflight link and app are no longer valid.
-
-#### 1.3.1-beta.2
-
-* Fix bugs and update dependencies
-
-#### 1.3.1-beta.1
-
-* Fixes and improvements
-
-#### 1.3.0
-
-* Fix bugs and update dependencies
-
-Important changes since 1.2:
-
-* Add [FakeIP](/configuration/dns/fakeip) support **1**
-* Improve multiplex **2**
-* Add [DNS reverse mapping](/configuration/dns#reverse_mapping) support
-* Add `rewrite_ttl` DNS rule action
-* Add `store_fakeip` Clash API option
-* Add multi-peer support for [WireGuard](/configuration/outbound/wireguard#peers) outbound
-* Add loopback detect
-* Add Clash.Meta API compatibility for Clash API
-* Download Yacd-meta by default if the specified Clash `external_ui` directory is empty
-* Add path and headers option for HTTP outbound
-* Perform URLTest recheck after network changes
-* Fix `system` tun stack for ios
-* Fix network monitor for android/ios
-* Update VLESS and XUDP protocol
-* Make splice work with traffic statistics systems like Clash API
-* Significantly reduces memory usage of idle connections
-* Improve DNS caching
-* Add `independent_cache` [option](/configuration/dns#independent_cache) for DNS
-* Reimplemented shadowsocks client
-* Add multiplex support for VLESS outbound
-* Automatically add Windows firewall rules in order for the system tun stack to work
-* Fix TLS 1.2 support for shadow-tls client
-* Add `cache_id` [option](/configuration/experimental#cache_id) for Clash cache file
-* Fix `local` DNS transport for Android
-
-*1*:
-
-See [FAQ](/faq/fakeip) for more information.
-
-*2*:
-
-Added new `h2mux` multiplex protocol and `padding` multiplex option, see [Multiplex](/configuration/shared/multiplex).
-
-#### 1.3-rc2
-
-* Fix `local` DNS transport for Android
-* Fix bugs and update dependencies
-
-#### 1.3-rc1
-
-* Fix bugs and update dependencies
-
-#### 1.3-beta14
-
-* Fixes and improvements
-
-#### 1.3-beta13
-
-* Fix resolving fakeip domains  **1**
-* Deprecate L3 routing
-* Fix bugs and update dependencies
-
-**1**:
-
-If the destination address of the connection is obtained from fakeip, dns rules with server type fakeip will be skipped.
-
-#### 1.3-beta12
-
-* Automatically add Windows firewall rules in order for the system tun stack to work
-* Fix TLS 1.2 support for shadow-tls client
-* Add `cache_id` [option](/configuration/experimental#cache_id) for Clash cache file
-* Fixes and improvements
-
-#### 1.3-beta11
-
-* Fix bugs and update dependencies
-
-#### 1.3-beta10
-
-* Improve direct copy **1**
-* Improve DNS caching
-* Add `independent_cache` [option](/configuration/dns#independent_cache) for DNS
-* Reimplemented shadowsocks client **2**
-* Add multiplex support for VLESS outbound
-* Set TCP keepalive for WireGuard gVisor TCP connections
-* Fixes and improvements
-
-**1**:
-
-* Make splice work with traffic statistics systems like Clash API
-* Significantly reduces memory usage of idle connections
-
-**2**:
-
-Improved performance and reduced memory usage.
-
-#### 1.3-beta9
-
-* Improve multiplex **1**
-* Fixes and improvements
-
-*1*:
-
-Added new `h2mux` multiplex protocol and `padding` multiplex option, see [Multiplex](/configuration/shared/multiplex).
-
-#### 1.2.6
-
-* Fix bugs and update dependencies
-
-#### 1.3-beta8
-
-* Fix `system` tun stack for ios
-* Fix network monitor for android/ios
-* Update VLESS and XUDP protocol **1**
-* Fixes and improvements
-
-*1:
-
-This is an incompatible update for XUDP in VLESS if vision flow is enabled.
-
 #### 1.3-beta7
 
 * Add `path` and `headers` options for HTTP outbound

docs/configuration/dns/index.md

@@ -11,7 +11,6 @@
     "strategy": "",
     "disable_cache": false,
     "disable_expire": false,
-    "independent_cache": false,
     "reverse_mapping": false,
     "fakeip": {}
   }
@@ -49,10 +48,6 @@ Disable dns cache.
 
 Disable dns cache expire.
 
-#### independent_cache
-
-Make each DNS server's cache independent for special purposes. If enabled, will slightly degrade performance.
-
 #### reverse_mapping
 
 Stores a reverse mapping of IP addresses after responding to a DNS query in order to provide domain names when routing.

docs/configuration/dns/index.zh.md

@@ -11,7 +11,6 @@
     "strategy": "",
     "disable_cache": false,
     "disable_expire": false,
-    "independent_cache": false,
     "reverse_mapping": false,
     "fakeip": {}
   }
@@ -48,10 +47,6 @@
 
 禁用 DNS 缓存过期。
 
-#### independent_cache
-
-使每个 DNS 服务器的缓存独立，以满足特殊目的。如果启用，将轻微降低性能。
-
 #### reverse_mapping
 
 在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。

docs/configuration/dns/server.md

@@ -30,18 +30,18 @@ The tag of the dns server.
 
 The address of the dns server.
 
-| Protocol                            | Format                        |
-|-------------------------------------|-------------------------------|
-| `System`                            | `local`                       |
-| `TCP`                               | `tcp://1.0.0.1`               |
-| `UDP`                               | `8.8.8.8` `udp://8.8.4.4`     |
-| `TLS`                               | `tls://dns.google`            |
-| `HTTPS`                             | `https://1.1.1.1/dns-query`   |
-| `QUIC`                              | `quic://dns.adguard.com`      |
-| `HTTP3`                             | `h3://8.8.8.8/dns-query`      |
-| `RCode`                             | `rcode://refused`             |
-| `DHCP`                              | `dhcp://auto` or `dhcp://en0` |
-| [FakeIP](/configuration/dns/fakeip) | `fakeip`                      |
+| Protocol            | Format                        |
+|---------------------|-------------------------------|
+| `System`            | `local`                       |
+| `TCP`               | `tcp://1.0.0.1`               |
+| `UDP`               | `8.8.8.8` `udp://8.8.4.4`     |
+| `TLS`               | `tls://dns.google`            |
+| `HTTPS`             | `https://1.1.1.1/dns-query`   |
+| `QUIC`              | `quic://dns.adguard.com`      |
+| `HTTP3`             | `h3://8.8.8.8/dns-query`      |
+| `RCode`             | `rcode://refused`             |
+| `DHCP`              | `dhcp://auto` or `dhcp://en0` |
+|  [FakeIP](./fakeip) | `fakeip`                      |
 
 !!! warning ""
 
@@ -94,4 +94,4 @@ Take no effect if override by other settings.
 
 Tag of an outbound for connecting to the dns server.
 
-Default outbound will be used if empty.
+Default outbound will be used if empty.

docs/configuration/dns/server.zh.md

@@ -30,18 +30,18 @@ DNS 服务器的标签。
 
 DNS 服务器的地址。
 
-| 协议                                  | 格式                           |
-|-------------------------------------|------------------------------|
-| `System`                            | `local`                      |
-| `TCP`                               | `tcp://1.0.0.1`              |
-| `UDP`                               | `8.8.8.8` `udp://8.8.4.4`    |
-| `TLS`                               | `tls://dns.google`           |
-| `HTTPS`                             | `https://1.1.1.1/dns-query`  |
-| `QUIC`                              | `quic://dns.adguard.com`     |
-| `HTTP3`                             | `h3://8.8.8.8/dns-query`     |
-| `RCode`                             | `rcode://refused`            |
-| `DHCP`                              | `dhcp://auto` 或 `dhcp://en0` |
-| [FakeIP](/configuration/dns/fakeip) | `fakeip`                     |
+| 协议                 | 格式                           |
+|--------------------|------------------------------|
+| `System`           | `local`                      |
+| `TCP`              | `tcp://1.0.0.1`              |
+| `UDP`              | `8.8.8.8` `udp://8.8.4.4`    |
+| `TLS`              | `tls://dns.google`           |
+| `HTTPS`            | `https://1.1.1.1/dns-query`  |
+| `QUIC`             | `quic://dns.adguard.com`     |
+| `HTTP3`            | `h3://8.8.8.8/dns-query`     |
+| `RCode`            | `rcode://refused`            |
+| `DHCP`             | `dhcp://auto` 或 `dhcp://en0` |
+| [FakeIP](./fakeip) | `fakeip`                     |
 
 !!! warning ""
 

docs/configuration/experimental/index.md

@@ -7,14 +7,13 @@
   "experimental": {
     "clash_api": {
       "external_controller": "127.0.0.1:9090",
-      "external_ui": "",
+      "external_ui": "folder",
       "external_ui_download_url": "",
       "external_ui_download_detour": "",
       "secret": "",
-      "default_mode": "",
+      "default_mode": "rule",
       "store_selected": false,
-      "cache_file": "",
-      "cache_id": ""
+      "cache_file": "cache.db"
     },
     "v2ray_api": {
       "listen": "127.0.0.1:8080",
@@ -92,12 +91,6 @@ Store selected outbound for the `Selector` outbound in cache file.
 
 Cache file path, `cache.db` will be used if empty.
 
-#### cache_id
-
-Cache ID.
-
-If not empty, `store_selected` will use a separate store keyed by it.
-
 ### V2Ray API Fields
 
 !!! error ""

docs/configuration/experimental/index.zh.md

@@ -7,14 +7,13 @@
   "experimental": {
     "clash_api": {
       "external_controller": "127.0.0.1:9090",
-      "external_ui": "",
+      "external_ui": "folder",
       "external_ui_download_url": "",
       "external_ui_download_detour": "",
       "secret": "",
-      "default_mode": "",
+      "default_mode": "rule",
       "store_selected": false,
-      "cache_file": "",
-      "cache_id": ""
+      "cache_file": "cache.db"
     },
     "v2ray_api": {
       "listen": "127.0.0.1:8080",
@@ -90,12 +89,6 @@ Clash 中的默认模式，默认使用 `rule`。
 
 缓存文件路径，默认使用`cache.db`。
 
-#### cache_id
-
-缓存 ID。
-
-如果不为空，`store_selected` 将会使用以此为键的独立存储。
-
 ### V2Ray API 字段
 
 !!! error ""

docs/configuration/route/index.md

@@ -7,6 +7,7 @@
   "route": {
     "geoip": {},
     "geosite": {},
+    "ip_rules": [],
     "rules": [],
     "final": "",
     "auto_detect_interface": false,
@@ -23,6 +24,7 @@
 |------------|------------------------------------|
 | `geoip`    | [GeoIP](./geoip)                   |
 | `geosite`  | [Geosite](./geosite)               |
+| `ip_rules` | List of [IP Route Rule](./ip-rule) |
 | `rules`    | List of [Route Rule](./rule)       |
 
 #### final

docs/configuration/shared/multiplex.md

@@ -10,8 +10,7 @@
   "protocol": "smux",
   "max_connections": 4,
   "min_streams": 4,
-  "max_streams": 0,
-  "padding": false
+  "max_streams": 0
 }
 ```
 
@@ -29,9 +28,8 @@ Multiplex protocol.
 |----------|------------------------------------|
 | smux     | https://github.com/xtaci/smux      |
 | yamux    | https://github.com/hashicorp/yamux |
-| h2mux    | https://golang.org/x/net/http2     |
 
-h2mux is used by default.
+SMux is used by default.
 
 #### max_connections
 
@@ -50,12 +48,3 @@ Conflict with `max_streams`.
 Maximum multiplexed streams in a connection before opening a new connection.
 
 Conflict with `max_connections` and `min_streams`.
-
-#### padding
-
-!!! info
-
-    Requires sing-box server version 1.3-beta9 or later.
-
-Enable padding.
-

docs/configuration/shared/multiplex.zh.md

@@ -28,9 +28,8 @@
 |-------|------------------------------------|
 | smux  | https://github.com/xtaci/smux      |
 | yamux | https://github.com/hashicorp/yamux |
-| h2mux | https://golang.org/x/net/http2     |
 
-默认使用 h2mux。
+默认使用 SMux。
 
 #### max_connections
 
@@ -48,13 +47,4 @@
 
 在打开新连接之前，连接中的最大多路复用流数量。
 
-与 `max_connections` 和 `min_streams` 冲突。
-
-#### padding
-
-!!! info
-
-    需要 sing-box 服务器版本 1.3-beta9 或更高。
-
-启用填充。
-
+与 `max_connections` 和 `min_streams` 冲突。

docs/examples/fakeip.md

@@ -1,106 +0,0 @@
-```json
-{
-  "dns": {
-    "servers": [
-      {
-        "tag": "google",
-        "address": "tls://8.8.8.8"
-      },
-      {
-        "tag": "local",
-        "address": "223.5.5.5",
-        "detour": "direct"
-      },
-      {
-        "tag": "remote",
-        "address": "fakeip"
-      },
-      {
-        "tag": "block",
-        "address": "rcode://success"
-      }
-    ],
-    "rules": [
-      {
-        "geosite": "category-ads-all",
-        "server": "block",
-        "disable_cache": true
-      },
-      {
-        "outbound": "any",
-        "server": "local"
-      },
-      {
-        "geosite": "cn",
-        "server": "local"
-      },
-      {
-        "query_type": [
-          "A",
-          "AAAA"
-        ],
-        "server": "remote"
-      }
-    ],
-    "fakeip": {
-      "enabled": true,
-      "inet4_range": "198.18.0.0/15",
-      "inet6_range": "fc00::/18"
-    },
-    "independent_cache": true,
-    "strategy": "ipv4_only"
-  },
-  "inbounds": [
-    {
-      "type": "tun",
-      "inet4_address": "172.19.0.1/30",
-      "auto_route": true,
-      "sniff": true,
-      "domain_strategy": "ipv4_only" // remove this line if you want to resolve the domain remotely (if the server is not sing-box, UDP may not work due to wrong behavior).
-    }
-  ],
-  "outbounds": [
-    {
-      "type": "shadowsocks",
-      "tag": "proxy",
-      "server": "mydomain.com",
-      "server_port": 8080,
-      "method": "2022-blake3-aes-128-gcm",
-      "password": "8JCsPssfgS8tiRwiMlhARg=="
-    },
-    {
-      "type": "direct",
-      "tag": "direct"
-    },
-    {
-      "type": "block",
-      "tag": "block"
-    },
-    {
-      "type": "dns",
-      "tag": "dns-out"
-    }
-  ],
-  "route": {
-    "rules": [
-      {
-        "protocol": "dns",
-        "outbound": "dns-out"
-      },
-      {
-        "geosite": "cn",
-        "geoip": [
-          "private",
-          "cn"
-        ],
-        "outbound": "direct"
-      },
-      {
-        "geosite": "category-ads-all",
-        "outbound": "block"
-      }
-    ],
-    "auto_detect_interface": true
-  }
-}
-```

docs/examples/fakeip.zh.md

@@ -1,106 +0,0 @@
-```json
-{
-  "dns": {
-    "servers": [
-      {
-        "tag": "google",
-        "address": "tls://8.8.8.8"
-      },
-      {
-        "tag": "local",
-        "address": "223.5.5.5",
-        "detour": "direct"
-      },
-      {
-        "tag": "remote",
-        "address": "fakeip"
-      },
-      {
-        "tag": "block",
-        "address": "rcode://success"
-      }
-    ],
-    "rules": [
-      {
-        "geosite": "category-ads-all",
-        "server": "block",
-        "disable_cache": true
-      },
-      {
-        "outbound": "any",
-        "server": "local"
-      },
-      {
-        "geosite": "cn",
-        "server": "local"
-      },
-      {
-        "query_type": [
-          "A",
-          "AAAA"
-        ],
-        "server": "remote"
-      }
-    ],
-    "fakeip": {
-      "enabled": true,
-      "inet4_range": "198.18.0.0/15",
-      "inet6_range": "fc00::/18"
-    },
-    "independent_cache": true,
-    "strategy": "ipv4_only"
-  },
-  "inbounds": [
-    {
-      "type": "tun",
-      "inet4_address": "172.19.0.1/30",
-      "auto_route": true,
-      "sniff": true,
-      "domain_strategy": "ipv4_only" // 如果您想在远程解析域，删除此行 (如果服务器程序不为 sing-box，可能由于错误的行为导致 UDP 无法使用)。
-    }
-  ],
-  "outbounds": [
-    {
-      "type": "shadowsocks",
-      "tag": "proxy",
-      "server": "mydomain.com",
-      "server_port": 8080,
-      "method": "2022-blake3-aes-128-gcm",
-      "password": "8JCsPssfgS8tiRwiMlhARg=="
-    },
-    {
-      "type": "direct",
-      "tag": "direct"
-    },
-    {
-      "type": "block",
-      "tag": "block"
-    },
-    {
-      "type": "dns",
-      "tag": "dns-out"
-    }
-  ],
-  "route": {
-    "rules": [
-      {
-        "protocol": "dns",
-        "outbound": "dns-out"
-      },
-      {
-        "geosite": "cn",
-        "geoip": [
-          "private",
-          "cn"
-        ],
-        "outbound": "direct"
-      },
-      {
-        "geosite": "category-ads-all",
-        "outbound": "block"
-      }
-    ],
-    "auto_detect_interface": true
-  }
-}
-```

docs/examples/index.md

@@ -9,4 +9,3 @@ Configuration examples for sing-box.
 * [ShadowTLS](./shadowtls)
 * [Clash API](./clash-api)
 * [WireGuard Direct](./wireguard-direct)
-* [FakeIP](./fakeip)

docs/examples/index.zh.md

@@ -9,4 +9,3 @@ sing-box 的配置示例。
 * [ShadowTLS](./shadowtls)
 * [Clash API](./clash-api)
 * [WireGuard Direct](./wireguard-direct)
-* [FakeIP](./fakeip)

docs/faq/fakeip.md

@@ -5,7 +5,8 @@ responds to DNS requests with virtual results and restores mapping when acceptin
 
 #### Advantage
 
-*
+* Retrieve the requested domain in places like IP routing (L3) where traffic detection is not possible to assist with routing.
+* Decrease an RTT on the first TCP request to a domain (the most common reason).
 
 #### Limitation
 
@@ -14,6 +15,6 @@ responds to DNS requests with virtual results and restores mapping when acceptin
 
 #### Recommendation
 
-* Enable `dns.independent_cache` unless you always resolve FakeIP domains remotely.
+* Do not use if you do not need L3 routing.
 * If using tun, make sure FakeIP ranges is included in the tun's routes.
 * Enable `experimental.clash_api.store_fakeip` to persist FakeIP records, or use `dns.rules.rewrite_ttl` to avoid losing records after program restart in DNS cached environments.

docs/faq/fakeip.zh.md

@@ -4,7 +4,8 @@ FakeIP 是指同时劫持 DNS 和连接请求的程序中的一种行为。它
 
 #### 优点
 
-*
+* 在像 L3 路由这样无法进行流量探测的地方检索所请求的域名，以协助路由。
+* 减少对一个域的第一个 TCP 请求的 RTT（这是最常见的原因）。
 
 #### 限制
 
@@ -13,6 +14,6 @@ FakeIP 是指同时劫持 DNS 和连接请求的程序中的一种行为。它
 
 #### 建议
 
-* 启用 `dns.independent_cache` 除非您始终远程解析 FakeIP 域。
+* 如果不需要 L3 路由，请勿使用。
 * 如果使用 tun，请确保 tun 路由中包含 FakeIP 地址范围。
 * 启用 `experimental.clash_api.store_fakeip` 以持久化 FakeIP 记录，或者使用 `dns.rules.rewrite_ttl` 避免程序重启后在 DNS 被缓存的环境中丢失记录。

docs/installation/clients/sfa.md

@@ -12,6 +12,5 @@ Experimental Android client for sing-box.
 
 #### Note
 
-* User Agent in remote profile request is `SFA/$version ($version_code; sing-box $sing_box_version)`
-* The working directory is located at `/sdcard/Android/data/io.nekohasekai.sfa/files` (External files directory)
-* Crash logs is located in `$working_directory/stderr.log`
+* Working directory is at `/sdcard/Android/data/io.nekohasekai.sfa/files` (External files directory)
+* User Agent is `SFA/$version ($version_code; sing-box $sing_box_version)` in the remote profile request

docs/installation/clients/sfa.zh.md

@@ -12,6 +12,5 @@
 
 #### 注意事项
 
-* 远程配置文件请求中的 User Agent 为 `SFA/$version ($version_code; sing-box $sing_box_version)`
 * 工作目录位于 `/sdcard/Android/data/io.nekohasekai.sfa/files` (外部文件目录)
-* 崩溃日志位于 `$working_directory/stderr.log`
+* 远程配置文件请求中的 User Agent 为 `SFA/$version ($version_code; sing-box $sing_box_version)`

docs/installation/clients/sfi.md

@@ -9,12 +9,12 @@ Experimental iOS client for sing-box.
 
 #### Download
 
-* [TestFlight](https://testflight.apple.com/join/AcqO44FH)
+* [TestFlight](https://testflight.apple.com/join/c6ylui2j)
 
 #### Note
 
-* User Agent in remote profile request is `SFI/$version ($version_code; sing-box $sing_box_version)`
-* Crash logs is located in `Settings` -> `View Service Log`
+* `system` tun stack not working on iOS
+* User Agent is `SFI/$version ($version_code; sing-box $sing_box_version)` in the remote profile request
 
 #### Privacy policy
 

docs/installation/clients/sfi.zh.md

@@ -9,12 +9,12 @@
 
 #### 下载
 
-* [TestFlight](https://testflight.apple.com/join/AcqO44FH)
+* [TestFlight](https://testflight.apple.com/join/c6ylui2j)
 
 #### 注意事项
 
+* `system` tun stack 在 iOS 不工作
 * 远程配置文件请求中的 User Agent 为 `SFI/$version ($version_code; sing-box $sing_box_version)`
-* 崩溃日志位于 `设置` -> `查看服务日志`
 
 #### 隐私政策
 

docs/installation/clients/sfm.md

@@ -1,21 +0,0 @@
-# SFM
-
-Experimental macOS client for sing-box.
-
-#### Requirements
-
-* macOS 13.0+
-
-#### Download
-
-* [TestFlight](https://testflight.apple.com/join/AcqO44FH)
-
-#### Note
-
-* User Agent in remote profile request is `SFM/$version ($version_code; sing-box $sing_box_version)`
-* Crash logs is located in `Settings` -> `View Service Log`
-
-#### Privacy policy
-
-* SFI did not collect or share personal data.
-* The data generated by the software is always on your device.

docs/installation/clients/sfm.zh.md

@@ -1,21 +0,0 @@
-# SFM
-
-实验性的 macOS sing-box 客户端。
-
-#### 要求
-
-* macOS 13.0+
-
-#### 下载
-
-* [TestFlight](https://testflight.apple.com/join/AcqO44FH)
-
-#### 注意事项
-
-* 远程配置文件请求中的 User Agent 为 `SFM/$version ($version_code; sing-box $sing_box_version)`
-* 崩溃日志位于 `设置` -> `查看服务日志`
-
-#### 隐私政策
-
-* SFM 不收集或共享个人数据。
-* 软件生成的数据始终在您的设备上。

docs/support.md

@@ -1,4 +1,8 @@
-Github Issue: [Issues · SagerNet/sing-box](https://github.com/SagerNet/sing-box/issues)  
-Telegram Notification channel: [@yapnc](https://t.me/yapnc)  
-Telegram User group: [@yapug](https://t.me/yapug)  
-Email: [contact@sagernet.org](mailto:contact@sagernet.org)
+#### Github
+
+Issue: [Issues · SagerNet/sing-box](https://github.com/SagerNet/sing-box/issues)
+
+#### Telegram
+
+Notification channel: [@yapnc](https://t.me/yapnc)  
+User group: [@yapug](https://t.me/yapug)

docs/support.zh.md

@@ -1,4 +1,8 @@
-Github 工单: [Issues · SagerNet/sing-box](https://github.com/SagerNet/sing-box/issues)  
-Telegram 通知频道: [@yapnc](https://t.me/yapnc)  
-Telegram 用户组: [@yapug](https://t.me/yapug)  
-Email: [contact@sagernet.org](mailto:contact@sagernet.org)
+#### Github
+
+工单: [Issues · SagerNet/sing-box](https://github.com/SagerNet/sing-box/issues)
+
+#### Telegram
+
+通知频道: [@yapnc](https://t.me/yapnc)  
+用户组: [@yapug](https://t.me/yapug)

experimental/clashapi.go

@@ -1,7 +1,6 @@
 package experimental
 
 import (
-	"context"
 	"os"
 
 	"github.com/sagernet/sing-box/adapter"
@@ -9,7 +8,7 @@ import (
 	"github.com/sagernet/sing-box/option"
 )
 
-type ClashServerConstructor = func(ctx context.Context, router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error)
+type ClashServerConstructor = func(router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error)
 
 var clashServerConstructor ClashServerConstructor
 
@@ -17,9 +16,9 @@ func RegisterClashServerConstructor(constructor ClashServerConstructor) {
 	clashServerConstructor = constructor
 }
 
-func NewClashServer(ctx context.Context, router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error) {
+func NewClashServer(router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error) {
 	if clashServerConstructor == nil {
 		return nil, os.ErrInvalid
 	}
-	return clashServerConstructor(ctx, router, logFactory, options)
+	return clashServerConstructor(router, logFactory, options)
 }

experimental/clashapi/cachefile/cache.go

@@ -1,10 +1,7 @@
 package cachefile
 
 import (
-	"net/netip"
 	"os"
-	"strings"
-	"sync"
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
@@ -17,15 +14,10 @@ var bucketSelected = []byte("selected")
 var _ adapter.ClashCacheFile = (*CacheFile)(nil)
 
 type CacheFile struct {
-	DB           *bbolt.DB
-	cacheID      []byte
-	saveAccess   sync.RWMutex
-	saveDomain   map[netip.Addr]string
-	saveAddress4 map[string]netip.Addr
-	saveAddress6 map[string]netip.Addr
+	DB *bbolt.DB
 }
 
-func Open(path string, cacheID string) (*CacheFile, error) {
+func Open(path string) (*CacheFile, error) {
 	const fileMode = 0o666
 	options := bbolt.Options{Timeout: time.Second}
 	db, err := bbolt.Open(path, fileMode, &options)
@@ -39,73 +31,13 @@ func Open(path string, cacheID string) (*CacheFile, error) {
 	if err != nil {
 		return nil, err
 	}
-	var cacheIDBytes []byte
-	if cacheID != "" {
-		cacheIDBytes = append([]byte{0}, []byte(cacheID)...)
-	}
-	err = db.Batch(func(tx *bbolt.Tx) error {
-		return tx.ForEach(func(name []byte, b *bbolt.Bucket) error {
-			if name[0] == 0 {
-				return b.ForEachBucket(func(k []byte) error {
-					bucketName := string(k)
-					if !(bucketName == string(bucketSelected)) {
-						delErr := b.DeleteBucket(name)
-						if delErr != nil {
-							return delErr
-						}
-					}
-					return nil
-				})
-			} else {
-				bucketName := string(name)
-				if !(bucketName == string(bucketSelected) || strings.HasPrefix(bucketName, fakeipBucketPrefix)) {
-					delErr := tx.DeleteBucket(name)
-					if delErr != nil {
-						return delErr
-					}
-				}
-			}
-			return nil
-		})
-	})
-	if err != nil {
-		return nil, err
-	}
-	return &CacheFile{
-		DB:           db,
-		cacheID:      cacheIDBytes,
-		saveDomain:   make(map[netip.Addr]string),
-		saveAddress4: make(map[string]netip.Addr),
-		saveAddress6: make(map[string]netip.Addr),
-	}, nil
-}
-
-func (c *CacheFile) bucket(t *bbolt.Tx, key []byte) *bbolt.Bucket {
-	if c.cacheID == nil {
-		return t.Bucket(key)
-	}
-	bucket := t.Bucket(c.cacheID)
-	if bucket == nil {
-		return nil
-	}
-	return bucket.Bucket(key)
-}
-
-func (c *CacheFile) createBucket(t *bbolt.Tx, key []byte) (*bbolt.Bucket, error) {
-	if c.cacheID == nil {
-		return t.CreateBucketIfNotExists(key)
-	}
-	bucket, err := t.CreateBucketIfNotExists(c.cacheID)
-	if bucket == nil {
-		return nil, err
-	}
-	return bucket.CreateBucketIfNotExists(key)
+	return &CacheFile{db}, nil
 }
 
 func (c *CacheFile) LoadSelected(group string) string {
 	var selected string
 	c.DB.View(func(t *bbolt.Tx) error {
-		bucket := c.bucket(t, bucketSelected)
+		bucket := t.Bucket(bucketSelected)
 		if bucket == nil {
 			return nil
 		}
@@ -120,7 +52,7 @@ func (c *CacheFile) LoadSelected(group string) string {
 
 func (c *CacheFile) StoreSelected(group, selected string) error {
 	return c.DB.Batch(func(t *bbolt.Tx) error {
-		bucket, err := c.createBucket(t, bucketSelected)
+		bucket, err := t.CreateBucketIfNotExists(bucketSelected)
 		if err != nil {
 			return err
 		}

experimental/clashapi/cachefile/fakeip.go

@@ -5,24 +5,18 @@ import (
 	"os"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing/common/logger"
-	M "github.com/sagernet/sing/common/metadata"
 
 	"go.etcd.io/bbolt"
 )
 
-const fakeipBucketPrefix = "fakeip_"
-
 var (
-	bucketFakeIP        = []byte(fakeipBucketPrefix + "address")
-	bucketFakeIPDomain4 = []byte(fakeipBucketPrefix + "domain4")
-	bucketFakeIPDomain6 = []byte(fakeipBucketPrefix + "domain6")
-	keyMetadata         = []byte(fakeipBucketPrefix + "metadata")
+	bucketFakeIP = []byte("fakeip")
+	keyMetadata  = []byte("metadata")
 )
 
 func (c *CacheFile) FakeIPMetadata() *adapter.FakeIPMetadata {
 	var metadata adapter.FakeIPMetadata
-	err := c.DB.Batch(func(tx *bbolt.Tx) error {
+	err := c.DB.View(func(tx *bbolt.Tx) error {
 		bucket := tx.Bucket(bucketFakeIP)
 		if bucket == nil {
 			return nil
@@ -31,10 +25,6 @@ func (c *CacheFile) FakeIPMetadata() *adapter.FakeIPMetadata {
 		if len(metadataBinary) == 0 {
 			return os.ErrInvalid
 		}
-		err := bucket.Delete(keyMetadata)
-		if err != nil {
-			return err
-		}
 		return metadata.UnmarshalBinary(metadataBinary)
 	})
 	if err != nil {
@@ -63,54 +53,11 @@ func (c *CacheFile) FakeIPStore(address netip.Addr, domain string) error {
 		if err != nil {
 			return err
 		}
-		err = bucket.Put(address.AsSlice(), []byte(domain))
-		if err != nil {
-			return err
-		}
-		if address.Is4() {
-			bucket, err = tx.CreateBucketIfNotExists(bucketFakeIPDomain4)
-		} else {
-			bucket, err = tx.CreateBucketIfNotExists(bucketFakeIPDomain6)
-		}
-		if err != nil {
-			return err
-		}
-		return bucket.Put([]byte(domain), address.AsSlice())
+		return bucket.Put(address.AsSlice(), []byte(domain))
 	})
 }
 
-func (c *CacheFile) FakeIPStoreAsync(address netip.Addr, domain string, logger logger.Logger) {
-	c.saveAccess.Lock()
-	c.saveDomain[address] = domain
-	if address.Is4() {
-		c.saveAddress4[domain] = address
-	} else {
-		c.saveAddress6[domain] = address
-	}
-	c.saveAccess.Unlock()
-	go func() {
-		err := c.FakeIPStore(address, domain)
-		if err != nil {
-			logger.Warn("save FakeIP address pair: ", err)
-		}
-		c.saveAccess.Lock()
-		delete(c.saveDomain, address)
-		if address.Is4() {
-			delete(c.saveAddress4, domain)
-		} else {
-			delete(c.saveAddress6, domain)
-		}
-		c.saveAccess.Unlock()
-	}()
-}
-
 func (c *CacheFile) FakeIPLoad(address netip.Addr) (string, bool) {
-	c.saveAccess.RLock()
-	cachedDomain, cached := c.saveDomain[address]
-	c.saveAccess.RUnlock()
-	if cached {
-		return cachedDomain, true
-	}
 	var domain string
 	_ = c.DB.View(func(tx *bbolt.Tx) error {
 		bucket := tx.Bucket(bucketFakeIP)
@@ -123,48 +70,8 @@ func (c *CacheFile) FakeIPLoad(address netip.Addr) (string, bool) {
 	return domain, domain != ""
 }
 
-func (c *CacheFile) FakeIPLoadDomain(domain string, isIPv6 bool) (netip.Addr, bool) {
-	var (
-		cachedAddress netip.Addr
-		cached        bool
-	)
-	c.saveAccess.RLock()
-	if !isIPv6 {
-		cachedAddress, cached = c.saveAddress4[domain]
-	} else {
-		cachedAddress, cached = c.saveAddress6[domain]
-	}
-	c.saveAccess.RUnlock()
-	if cached {
-		return cachedAddress, true
-	}
-	var address netip.Addr
-	_ = c.DB.View(func(tx *bbolt.Tx) error {
-		var bucket *bbolt.Bucket
-		if isIPv6 {
-			bucket = tx.Bucket(bucketFakeIPDomain6)
-		} else {
-			bucket = tx.Bucket(bucketFakeIPDomain4)
-		}
-		if bucket == nil {
-			return nil
-		}
-		address = M.AddrFromIP(bucket.Get([]byte(domain)))
-		return nil
-	})
-	return address, address.IsValid()
-}
-
 func (c *CacheFile) FakeIPReset() error {
 	return c.DB.Batch(func(tx *bbolt.Tx) error {
-		err := tx.DeleteBucket(bucketFakeIP)
-		if err != nil {
-			return err
-		}
-		err = tx.DeleteBucket(bucketFakeIPDomain4)
-		if err != nil {
-			return err
-		}
-		return tx.DeleteBucket(bucketFakeIPDomain6)
+		return tx.DeleteBucket(bucketFakeIP)
 	})
 }

experimental/clashapi/compatible/map.go

@@ -7,15 +7,6 @@ type Map[K comparable, V any] struct {
 	m sync.Map
 }
 
-func (m *Map[K, V]) Len() int {
-	var count int
-	m.m.Range(func(key, value any) bool {
-		count++
-		return true
-	})
-	return count
-}
-
 func (m *Map[K, V]) Load(key K) (V, bool) {
 	v, ok := m.m.Load(key)
 	if !ok {

experimental/clashapi/connections.go

@@ -6,7 +6,6 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/json"
 	"github.com/sagernet/sing-box/experimental/clashapi/trafficontrol"
 	"github.com/sagernet/websocket"
@@ -15,10 +14,10 @@ import (
 	"github.com/go-chi/render"
 )
 
-func connectionRouter(router adapter.Router, trafficManager *trafficontrol.Manager) http.Handler {
+func connectionRouter(trafficManager *trafficontrol.Manager) http.Handler {
 	r := chi.NewRouter()
 	r.Get("/", getConnections(trafficManager))
-	r.Delete("/", closeAllConnections(router, trafficManager))
+	r.Delete("/", closeAllConnections(trafficManager))
 	r.Delete("/{id}", closeConnection(trafficManager))
 	return r
 }
@@ -87,13 +86,12 @@ func closeConnection(trafficManager *trafficontrol.Manager) func(w http.Response
 	}
 }
 
-func closeAllConnections(router adapter.Router, trafficManager *trafficontrol.Manager) func(w http.ResponseWriter, r *http.Request) {
+func closeAllConnections(trafficManager *trafficontrol.Manager) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		snapshot := trafficManager.Snapshot()
 		for _, c := range snapshot.Connections {
 			c.Close()
 		}
-		router.ResetNetwork()
 		render.NoContent(w, r)
 	}
 }

experimental/clashapi/proxies.go

@@ -134,7 +134,7 @@ func getProxies(server *Server, router adapter.Router) func(w http.ResponseWrite
 			defaultTag = allProxies[0]
 		}
 
-		sort.SliceStable(allProxies, func(i, j int) bool {
+		sort.Slice(allProxies, func(i, j int) bool {
 			return allProxies[i] == defaultTag
 		})
 

experimental/clashapi/server.go

@@ -23,8 +23,6 @@ import (
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/service"
-	"github.com/sagernet/sing/service/filemanager"
 	"github.com/sagernet/websocket"
 
 	"github.com/go-chi/chi/v5"
@@ -39,7 +37,6 @@ func init() {
 var _ adapter.ClashServer = (*Server)(nil)
 
 type Server struct {
-	ctx            context.Context
 	router         adapter.Router
 	logger         log.Logger
 	httpServer     *http.Server
@@ -49,7 +46,6 @@ type Server struct {
 	storeSelected  bool
 	storeFakeIP    bool
 	cacheFilePath  string
-	cacheID        string
 	cacheFile      adapter.ClashCacheFile
 
 	externalUI               string
@@ -57,11 +53,10 @@ type Server struct {
 	externalUIDownloadDetour string
 }
 
-func NewServer(ctx context.Context, router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error) {
+func NewServer(router adapter.Router, logFactory log.ObservableFactory, options option.ClashAPIOptions) (adapter.ClashServer, error) {
 	trafficManager := trafficontrol.NewManager()
 	chiRouter := chi.NewRouter()
 	server := &Server{
-		ctx:    ctx,
 		router: router,
 		logger: logFactory.NewLogger("clash-api"),
 		httpServer: &http.Server{
@@ -69,16 +64,13 @@ func NewServer(ctx context.Context, router adapter.Router, logFactory log.Observ
 			Handler: chiRouter,
 		},
 		trafficManager:           trafficManager,
+		urlTestHistory:           urltest.NewHistoryStorage(),
 		mode:                     strings.ToLower(options.DefaultMode),
 		storeSelected:            options.StoreSelected,
 		storeFakeIP:              options.StoreFakeIP,
 		externalUIDownloadURL:    options.ExternalUIDownloadURL,
 		externalUIDownloadDetour: options.ExternalUIDownloadDetour,
 	}
-	server.urlTestHistory = service.PtrFromContext[urltest.HistoryStorage](ctx)
-	if server.urlTestHistory == nil {
-		server.urlTestHistory = urltest.NewHistoryStorage()
-	}
 	if server.mode == "" {
 		server.mode = "rule"
 	}
@@ -90,10 +82,9 @@ func NewServer(ctx context.Context, router adapter.Router, logFactory log.Observ
 		if foundPath, loaded := C.FindPath(cachePath); loaded {
 			cachePath = foundPath
 		} else {
-			cachePath = filemanager.BasePath(ctx, cachePath)
+			cachePath = C.BasePath(cachePath)
 		}
 		server.cacheFilePath = cachePath
-		server.cacheID = options.CacheID
 	}
 	cors := cors.New(cors.Options{
 		AllowedOrigins: []string{"*"},
@@ -111,7 +102,7 @@ func NewServer(ctx context.Context, router adapter.Router, logFactory log.Observ
 		r.Mount("/configs", configRouter(server, logFactory, server.logger))
 		r.Mount("/proxies", proxyRouter(server, router))
 		r.Mount("/rules", ruleRouter(router))
-		r.Mount("/connections", connectionRouter(router, trafficManager))
+		r.Mount("/connections", connectionRouter(trafficManager))
 		r.Mount("/providers/proxies", proxyProviderRouter())
 		r.Mount("/providers/rules", ruleProviderRouter())
 		r.Mount("/script", scriptRouter())
@@ -122,7 +113,7 @@ func NewServer(ctx context.Context, router adapter.Router, logFactory log.Observ
 		server.setupMetaAPI(r)
 	})
 	if options.ExternalUI != "" {
-		server.externalUI = filemanager.BasePath(ctx, os.ExpandEnv(options.ExternalUI))
+		server.externalUI = C.BasePath(os.ExpandEnv(options.ExternalUI))
 		chiRouter.Group(func(r chi.Router) {
 			fs := http.StripPrefix("/ui", http.FileServer(http.Dir(server.externalUI)))
 			r.Get("/ui", http.RedirectHandler("/ui/", http.StatusTemporaryRedirect).ServeHTTP)
@@ -136,7 +127,7 @@ func NewServer(ctx context.Context, router adapter.Router, logFactory log.Observ
 
 func (s *Server) PreStart() error {
 	if s.cacheFilePath != "" {
-		cacheFile, err := cachefile.Open(s.cacheFilePath, s.cacheID)
+		cacheFile, err := cachefile.Open(s.cacheFilePath)
 		if err != nil {
 			return E.Cause(err, "open cache file")
 		}
@@ -189,10 +180,6 @@ func (s *Server) HistoryStorage() *urltest.HistoryStorage {
 	return s.urlTestHistory
 }
 
-func (s *Server) TrafficManager() *trafficontrol.Manager {
-	return s.trafficManager
-}
-
 func (s *Server) RoutedConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, matchedRule adapter.Rule) (net.Conn, adapter.Tracker) {
 	tracker := trafficontrol.NewTCPTracker(conn, s.trafficManager, castMetadata(metadata), s.router, matchedRule)
 	return tracker, tracker

experimental/clashapi/server_resources.go

@@ -12,11 +12,11 @@ import (
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
+	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/service/filemanager"
 )
 
 func (s *Server) checkAndDownloadExternalUI() {
@@ -79,7 +79,7 @@ func (s *Server) downloadExternalUI() error {
 }
 
 func (s *Server) downloadZIP(name string, body io.Reader, output string) error {
-	tempFile, err := filemanager.CreateTemp(s.ctx, name)
+	tempFile, err := C.CreateTemp(name)
 	if err != nil {
 		return err
 	}
@@ -112,7 +112,7 @@ func (s *Server) downloadZIP(name string, body io.Reader, output string) error {
 			return err
 		}
 		savePath := filepath.Join(saveDirectory, pathElements[len(pathElements)-1])
-		err = downloadZIPEntry(s.ctx, file, savePath)
+		err = downloadZIPEntry(file, savePath)
 		if err != nil {
 			return err
 		}
@@ -120,8 +120,8 @@ func (s *Server) downloadZIP(name string, body io.Reader, output string) error {
 	return nil
 }
 
-func downloadZIPEntry(ctx context.Context, zipFile *zip.File, savePath string) error {
-	saveFile, err := filemanager.Create(ctx, savePath)
+func downloadZIPEntry(zipFile *zip.File, savePath string) error {
+	saveFile, err := os.Create(savePath)
 	if err != nil {
 		return err
 	}

experimental/clashapi/trafficontrol/manager.go

@@ -55,14 +55,6 @@ func (m *Manager) Now() (up int64, down int64) {
 	return m.uploadBlip.Load(), m.downloadBlip.Load()
 }
 
-func (m *Manager) Total() (up int64, down int64) {
-	return m.uploadTotal.Load(), m.downloadTotal.Load()
-}
-
-func (m *Manager) Connections() int {
-	return m.connections.Len()
-}
-
 func (m *Manager) Snapshot() *Snapshot {
 	var connections []tracker
 	m.connections.Range(func(_ string, value tracker) bool {

experimental/clashapi/trafficontrol/tracker.go

@@ -7,9 +7,9 @@ import (
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/experimental/trackerconn"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/atomic"
-	"github.com/sagernet/sing/common/bufio"
 	N "github.com/sagernet/sing/common/network"
 
 	"github.com/gofrs/uuid/v5"
@@ -115,13 +115,13 @@ func NewTCPTracker(conn net.Conn, manager *Manager, metadata Metadata, router ad
 	download := new(atomic.Int64)
 
 	t := &tcpTracker{
-		ExtendedConn: bufio.NewCounterConn(conn, []N.CountFunc{func(n int64) {
+		ExtendedConn: trackerconn.NewHook(conn, func(n int64) {
 			upload.Add(n)
 			manager.PushUploaded(n)
-		}}, []N.CountFunc{func(n int64) {
+		}, func(n int64) {
 			download.Add(n)
 			manager.PushDownloaded(n)
-		}}),
+		}),
 		manager: manager,
 		trackerInfo: &trackerInfo{
 			UUID:          uuid,
@@ -202,13 +202,13 @@ func NewUDPTracker(conn N.PacketConn, manager *Manager, metadata Metadata, route
 	download := new(atomic.Int64)
 
 	ut := &udpTracker{
-		PacketConn: bufio.NewCounterPacketConn(conn, []N.CountFunc{func(n int64) {
+		PacketConn: trackerconn.NewHookPacket(conn, func(n int64) {
 			upload.Add(n)
 			manager.PushUploaded(n)
-		}}, []N.CountFunc{func(n int64) {
+		}, func(n int64) {
 			download.Add(n)
 			manager.PushDownloaded(n)
-		}}),
+		}),
 		manager: manager,
 		trackerInfo: &trackerInfo{
 			UUID:          uuid,

experimental/libbox/command.go

@@ -3,9 +3,7 @@ package libbox
 const (
 	CommandLog int32 = iota
 	CommandStatus
+	CommandServiceStop
 	CommandServiceReload
 	CommandCloseConnections
-	CommandGroup
-	CommandSelectOutbound
-	CommandURLTest
 )

experimental/libbox/command_client.go

@@ -26,13 +26,6 @@ type CommandClientHandler interface {
 	Disconnected(message string)
 	WriteLog(message string)
 	WriteStatus(message *StatusMessage)
-	WriteGroups(message OutboundGroupIterator)
-}
-
-func NewStandaloneCommandClient(sharedDirectory string) *CommandClient {
-	return &CommandClient{
-		sharedDirectory: sharedDirectory,
-	}
 }
 
 func NewCommandClient(sharedDirectory string, handler CommandClientHandler, options *CommandClientOptions) *CommandClient {
@@ -43,16 +36,16 @@ func NewCommandClient(sharedDirectory string, handler CommandClientHandler, opti
 	}
 }
 
-func (c *CommandClient) directConnect() (net.Conn, error) {
+func clientConnect(sharedDirectory string) (net.Conn, error) {
 	return net.DialUnix("unix", nil, &net.UnixAddr{
-		Name: filepath.Join(c.sharedDirectory, "command.sock"),
+		Name: filepath.Join(sharedDirectory, "command.sock"),
 		Net:  "unix",
 	})
 }
 
 func (c *CommandClient) Connect() error {
 	common.Close(c.conn)
-	conn, err := c.directConnect()
+	conn, err := clientConnect(c.sharedDirectory)
 	if err != nil {
 		return err
 	}
@@ -72,13 +65,6 @@ func (c *CommandClient) Connect() error {
 		}
 		c.handler.Connected()
 		go c.handleStatusConn(conn)
-	case CommandGroup:
-		err = binary.Write(conn, binary.BigEndian, c.options.StatusInterval)
-		if err != nil {
-			return E.Cause(err, "write interval")
-		}
-		c.handler.Connected()
-		go c.handleGroupConn(conn)
 	}
 	return nil
 }

experimental/libbox/command_conntrack.go

@@ -9,8 +9,8 @@ import (
 	"github.com/sagernet/sing-box/common/dialer/conntrack"
 )
 
-func (c *CommandClient) CloseConnections() error {
-	conn, err := c.directConnect()
+func ClientCloseConnections(sharedDirectory string) error {
+	conn, err := clientConnect(sharedDirectory)
 	if err != nil {
 		return err
 	}

experimental/libbox/command_group.go

@@ -1,228 +0,0 @@
-package libbox
-
-import (
-	"encoding/binary"
-	"io"
-	"net"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/urltest"
-	"github.com/sagernet/sing-box/outbound"
-	"github.com/sagernet/sing/common/rw"
-	"github.com/sagernet/sing/service"
-)
-
-type OutboundGroup struct {
-	Tag        string
-	Type       string
-	Selectable bool
-	Selected   string
-	items      []*OutboundGroupItem
-}
-
-func (g *OutboundGroup) GetItems() OutboundGroupItemIterator {
-	return newIterator(g.items)
-}
-
-type OutboundGroupIterator interface {
-	Next() *OutboundGroup
-	HasNext() bool
-}
-
-type OutboundGroupItem struct {
-	Tag          string
-	Type         string
-	URLTestTime  int64
-	URLTestDelay int32
-}
-
-type OutboundGroupItemIterator interface {
-	Next() *OutboundGroupItem
-	HasNext() bool
-}
-
-func (c *CommandClient) handleGroupConn(conn net.Conn) {
-	defer conn.Close()
-
-	for {
-		groups, err := readGroups(conn)
-		if err != nil {
-			c.handler.Disconnected(err.Error())
-			return
-		}
-		c.handler.WriteGroups(groups)
-	}
-}
-
-func (s *CommandServer) handleGroupConn(conn net.Conn) error {
-	defer conn.Close()
-	ctx := connKeepAlive(conn)
-	for {
-		service := s.service
-		if service != nil {
-			err := writeGroups(conn, service)
-			if err != nil {
-				return err
-			}
-		} else {
-			err := binary.Write(conn, binary.BigEndian, uint16(0))
-			if err != nil {
-				return err
-			}
-		}
-		select {
-		case <-ctx.Done():
-			return ctx.Err()
-		case <-s.urlTestUpdate:
-		}
-	}
-}
-
-func readGroups(reader io.Reader) (OutboundGroupIterator, error) {
-	var groupLength uint16
-	err := binary.Read(reader, binary.BigEndian, &groupLength)
-	if err != nil {
-		return nil, err
-	}
-
-	groups := make([]*OutboundGroup, 0, groupLength)
-	for i := 0; i < int(groupLength); i++ {
-		var group OutboundGroup
-		group.Tag, err = rw.ReadVString(reader)
-		if err != nil {
-			return nil, err
-		}
-
-		group.Type, err = rw.ReadVString(reader)
-		if err != nil {
-			return nil, err
-		}
-
-		err = binary.Read(reader, binary.BigEndian, &group.Selectable)
-		if err != nil {
-			return nil, err
-		}
-
-		group.Selected, err = rw.ReadVString(reader)
-		if err != nil {
-			return nil, err
-		}
-
-		var itemLength uint16
-		err = binary.Read(reader, binary.BigEndian, &itemLength)
-		if err != nil {
-			return nil, err
-		}
-
-		group.items = make([]*OutboundGroupItem, itemLength)
-		for j := 0; j < int(itemLength); j++ {
-			var item OutboundGroupItem
-			item.Tag, err = rw.ReadVString(reader)
-			if err != nil {
-				return nil, err
-			}
-
-			item.Type, err = rw.ReadVString(reader)
-			if err != nil {
-				return nil, err
-			}
-
-			err = binary.Read(reader, binary.BigEndian, &item.URLTestTime)
-			if err != nil {
-				return nil, err
-			}
-
-			err = binary.Read(reader, binary.BigEndian, &item.URLTestDelay)
-			if err != nil {
-				return nil, err
-			}
-
-			group.items[j] = &item
-		}
-		groups = append(groups, &group)
-	}
-	return newIterator(groups), nil
-}
-
-func writeGroups(writer io.Writer, boxService *BoxService) error {
-	historyStorage := service.PtrFromContext[urltest.HistoryStorage](boxService.ctx)
-
-	outbounds := boxService.instance.Router().Outbounds()
-	var iGroups []adapter.OutboundGroup
-	for _, it := range outbounds {
-		if group, isGroup := it.(adapter.OutboundGroup); isGroup {
-			iGroups = append(iGroups, group)
-		}
-	}
-	var groups []OutboundGroup
-	for _, iGroup := range iGroups {
-		var group OutboundGroup
-		group.Tag = iGroup.Tag()
-		group.Type = iGroup.Type()
-		_, group.Selectable = iGroup.(*outbound.Selector)
-		group.Selected = iGroup.Now()
-
-		for _, itemTag := range iGroup.All() {
-			itemOutbound, isLoaded := boxService.instance.Router().Outbound(itemTag)
-			if !isLoaded {
-				continue
-			}
-
-			var item OutboundGroupItem
-			item.Tag = itemTag
-			item.Type = itemOutbound.Type()
-			if history := historyStorage.LoadURLTestHistory(adapter.OutboundTag(itemOutbound)); history != nil {
-				item.URLTestTime = history.Time.Unix()
-				item.URLTestDelay = int32(history.Delay)
-			}
-			group.items = append(group.items, &item)
-		}
-		groups = append(groups, group)
-	}
-
-	err := binary.Write(writer, binary.BigEndian, uint16(len(groups)))
-	if err != nil {
-		return err
-	}
-	for _, group := range groups {
-		err = rw.WriteVString(writer, group.Tag)
-		if err != nil {
-			return err
-		}
-		err = rw.WriteVString(writer, group.Type)
-		if err != nil {
-			return err
-		}
-		err = binary.Write(writer, binary.BigEndian, group.Selectable)
-		if err != nil {
-			return err
-		}
-		err = rw.WriteVString(writer, group.Selected)
-		if err != nil {
-			return err
-		}
-		err = binary.Write(writer, binary.BigEndian, uint16(len(group.items)))
-		if err != nil {
-			return err
-		}
-		for _, item := range group.items {
-			err = rw.WriteVString(writer, item.Tag)
-			if err != nil {
-				return err
-			}
-			err = rw.WriteVString(writer, item.Type)
-			if err != nil {
-				return err
-			}
-			err = binary.Write(writer, binary.BigEndian, item.URLTestTime)
-			if err != nil {
-				return err
-			}
-			err = binary.Write(writer, binary.BigEndian, item.URLTestDelay)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}

experimental/libbox/command_log.go

@@ -11,7 +11,7 @@ func (s *CommandServer) WriteMessage(message string) {
 	s.subscriber.Emit(message)
 	s.access.Lock()
 	s.savedLines.PushBack(message)
-	if s.savedLines.Len() > s.maxLines {
+	if s.savedLines.Len() > 100 {
 		s.savedLines.Remove(s.savedLines.Front())
 	}
 	s.access.Unlock()

experimental/libbox/command_reload.go

@@ -8,8 +8,8 @@ import (
 	"github.com/sagernet/sing/common/rw"
 )
 
-func (c *CommandClient) ServiceReload() error {
-	conn, err := c.directConnect()
+func ClientServiceReload(sharedDirectory string) error {
+	conn, err := clientConnect(sharedDirectory)
 	if err != nil {
 		return err
 	}

experimental/libbox/command_select.go

@@ -1,59 +0,0 @@
-package libbox
-
-import (
-	"encoding/binary"
-	"net"
-
-	"github.com/sagernet/sing-box/outbound"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/rw"
-)
-
-func (c *CommandClient) SelectOutbound(groupTag string, outboundTag string) error {
-	conn, err := c.directConnect()
-	if err != nil {
-		return err
-	}
-	defer conn.Close()
-	err = binary.Write(conn, binary.BigEndian, uint8(CommandSelectOutbound))
-	if err != nil {
-		return err
-	}
-	err = rw.WriteVString(conn, groupTag)
-	if err != nil {
-		return err
-	}
-	err = rw.WriteVString(conn, outboundTag)
-	if err != nil {
-		return err
-	}
-	return readError(conn)
-}
-
-func (s *CommandServer) handleSelectOutbound(conn net.Conn) error {
-	defer conn.Close()
-	groupTag, err := rw.ReadVString(conn)
-	if err != nil {
-		return err
-	}
-	outboundTag, err := rw.ReadVString(conn)
-	if err != nil {
-		return err
-	}
-	service := s.service
-	if service == nil {
-		return writeError(conn, E.New("service not ready"))
-	}
-	outboundGroup, isLoaded := service.instance.Router().Outbound(groupTag)
-	if !isLoaded {
-		return writeError(conn, E.New("selector not found: ", groupTag))
-	}
-	selector, isSelector := outboundGroup.(*outbound.Selector)
-	if !isSelector {
-		return writeError(conn, E.New("outbound is not a selector: ", groupTag))
-	}
-	if !selector.SelectOutbound(outboundTag) {
-		return writeError(conn, E.New("outbound not found in selector: ", outboundTag))
-	}
-	return writeError(conn, nil)
-}

experimental/libbox/command_server.go

@@ -7,14 +7,12 @@ import (
 	"path/filepath"
 	"sync"
 
-	"github.com/sagernet/sing-box/common/urltest"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/debug"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/observable"
 	"github.com/sagernet/sing/common/x/list"
-	"github.com/sagernet/sing/service"
 )
 
 type CommandServer struct {
@@ -24,51 +22,26 @@ type CommandServer struct {
 
 	access     sync.Mutex
 	savedLines *list.List[string]
-	maxLines   int
 	subscriber *observable.Subscriber[string]
 	observer   *observable.Observer[string]
-	service    *BoxService
-
-	urlTestListener *list.Element[func()]
-	urlTestUpdate   chan struct{}
 }
 
 type CommandServerHandler interface {
+	ServiceStop() error
 	ServiceReload() error
 }
 
-func NewCommandServer(sharedDirectory string, handler CommandServerHandler, maxLines int32) *CommandServer {
+func NewCommandServer(sharedDirectory string, handler CommandServerHandler) *CommandServer {
 	server := &CommandServer{
-		sockPath:      filepath.Join(sharedDirectory, "command.sock"),
-		handler:       handler,
-		savedLines:    new(list.List[string]),
-		maxLines:      int(maxLines),
-		subscriber:    observable.NewSubscriber[string](128),
-		urlTestUpdate: make(chan struct{}, 1),
+		sockPath:   filepath.Join(sharedDirectory, "command.sock"),
+		handler:    handler,
+		savedLines: new(list.List[string]),
+		subscriber: observable.NewSubscriber[string](128),
 	}
 	server.observer = observable.NewObserver[string](server.subscriber, 64)
 	return server
 }
 
-func (s *CommandServer) SetService(newService *BoxService) {
-	if s.service != nil && s.listener != nil {
-		service.PtrFromContext[urltest.HistoryStorage](s.service.ctx).RemoveListener(s.urlTestListener)
-		s.urlTestListener = nil
-	}
-	s.service = newService
-	if newService != nil {
-		s.urlTestListener = service.PtrFromContext[urltest.HistoryStorage](newService.ctx).AddListener(s.notifyURLTestUpdate)
-	}
-	s.notifyURLTestUpdate()
-}
-
-func (s *CommandServer) notifyURLTestUpdate() {
-	select {
-	case s.urlTestUpdate <- struct{}{}:
-	default:
-	}
-}
-
 func (s *CommandServer) Start() error {
 	os.Remove(s.sockPath)
 	listener, err := net.ListenUnix("unix", &net.UnixAddr{
@@ -78,14 +51,6 @@ func (s *CommandServer) Start() error {
 	if err != nil {
 		return err
 	}
-	if sUserID > 0 {
-		err = os.Chown(s.sockPath, sUserID, sGroupID)
-		if err != nil {
-			listener.Close()
-			os.Remove(s.sockPath)
-			return err
-		}
-	}
 	s.listener = listener
 	go s.loopConnection(listener)
 	return nil
@@ -127,16 +92,12 @@ func (s *CommandServer) handleConnection(conn net.Conn) error {
 		return s.handleLogConn(conn)
 	case CommandStatus:
 		return s.handleStatusConn(conn)
+	case CommandServiceStop:
+		return s.handleServiceStop(conn)
 	case CommandServiceReload:
 		return s.handleServiceReload(conn)
 	case CommandCloseConnections:
 		return s.handleCloseConnections(conn)
-	case CommandGroup:
-		return s.handleGroupConn(conn)
-	case CommandSelectOutbound:
-		return s.handleSelectOutbound(conn)
-	case CommandURLTest:
-		return s.handleURLTest(conn)
 	default:
 		return E.New("unknown command: ", command)
 	}

experimental/libbox/command_shared.go

@@ -1,39 +0,0 @@
-package libbox
-
-import (
-	"encoding/binary"
-	"io"
-
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/rw"
-)
-
-func readError(reader io.Reader) error {
-	var hasError bool
-	err := binary.Read(reader, binary.BigEndian, &hasError)
-	if err != nil {
-		return err
-	}
-	if hasError {
-		errorMessage, err := rw.ReadVString(reader)
-		if err != nil {
-			return err
-		}
-		return E.New(errorMessage)
-	}
-	return nil
-}
-
-func writeError(writer io.Writer, wErr error) error {
-	err := binary.Write(writer, binary.BigEndian, wErr != nil)
-	if err != nil {
-		return err
-	}
-	if wErr != nil {
-		err = rw.WriteVString(writer, wErr.Error())
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}

experimental/libbox/command_status.go

@@ -7,40 +7,22 @@ import (
 	"time"
 
 	"github.com/sagernet/sing-box/common/dialer/conntrack"
-	"github.com/sagernet/sing-box/experimental/clashapi"
 	E "github.com/sagernet/sing/common/exceptions"
 )
 
 type StatusMessage struct {
-	Memory           int64
-	Goroutines       int32
-	ConnectionsIn    int32
-	ConnectionsOut   int32
-	TrafficAvailable bool
-	Uplink           int64
-	Downlink         int64
-	UplinkTotal      int64
-	DownlinkTotal    int64
+	Memory      int64
+	Goroutines  int32
+	Connections int32
 }
 
-func (s *CommandServer) readStatus() StatusMessage {
+func readStatus() StatusMessage {
 	var memStats runtime.MemStats
 	runtime.ReadMemStats(&memStats)
 	var message StatusMessage
 	message.Memory = int64(memStats.StackInuse + memStats.HeapInuse + memStats.HeapIdle - memStats.HeapReleased)
 	message.Goroutines = int32(runtime.NumGoroutine())
-	message.ConnectionsOut = int32(conntrack.Count())
-
-	if s.service != nil {
-		if clashServer := s.service.instance.Router().ClashServer(); clashServer != nil {
-			message.TrafficAvailable = true
-			trafficManager := clashServer.(*clashapi.Server).TrafficManager()
-			message.Uplink, message.Downlink = trafficManager.Now()
-			message.UplinkTotal, message.DownlinkTotal = trafficManager.Total()
-			message.ConnectionsIn = int32(trafficManager.Connections())
-		}
-	}
-
+	message.Connections = int32(conntrack.Count())
 	return message
 }
 
@@ -54,7 +36,7 @@ func (s *CommandServer) handleStatusConn(conn net.Conn) error {
 	defer ticker.Stop()
 	ctx := connKeepAlive(conn)
 	for {
-		err = binary.Write(conn, binary.BigEndian, s.readStatus())
+		err = binary.Write(conn, binary.BigEndian, readStatus())
 		if err != nil {
 			return err
 		}

experimental/libbox/command_stop.go

@@ -0,0 +1,48 @@
+package libbox
+
+import (
+	"encoding/binary"
+	"net"
+	"runtime/debug"
+
+	E "github.com/sagernet/sing/common/exceptions"
+	"github.com/sagernet/sing/common/rw"
+)
+
+func ClientServiceStop(sharedDirectory string) error {
+	conn, err := clientConnect(sharedDirectory)
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+	err = binary.Write(conn, binary.BigEndian, uint8(CommandServiceStop))
+	if err != nil {
+		return err
+	}
+	var hasError bool
+	err = binary.Read(conn, binary.BigEndian, &hasError)
+	if err != nil {
+		return err
+	}
+	if hasError {
+		errorMessage, err := rw.ReadVString(conn)
+		if err != nil {
+			return err
+		}
+		return E.New(errorMessage)
+	}
+	return nil
+}
+
+func (s *CommandServer) handleServiceStop(conn net.Conn) error {
+	rErr := s.handler.ServiceStop()
+	err := binary.Write(conn, binary.BigEndian, rErr != nil)
+	if err != nil {
+		return err
+	}
+	if rErr != nil {
+		return rw.WriteVString(conn, rErr.Error())
+	}
+	debug.FreeOSMemory()
+	return nil
+}

experimental/libbox/command_urltest.go

@@ -1,95 +0,0 @@
-package libbox
-
-import (
-	"encoding/binary"
-	"net"
-	"time"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/urltest"
-	"github.com/sagernet/sing-box/outbound"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/batch"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/rw"
-)
-
-func (c *CommandClient) URLTest(groupTag string) error {
-	conn, err := c.directConnect()
-	if err != nil {
-		return err
-	}
-	defer conn.Close()
-	err = binary.Write(conn, binary.BigEndian, uint8(CommandURLTest))
-	if err != nil {
-		return err
-	}
-	err = rw.WriteVString(conn, groupTag)
-	if err != nil {
-		return err
-	}
-	return readError(conn)
-}
-
-func (s *CommandServer) handleURLTest(conn net.Conn) error {
-	defer conn.Close()
-	groupTag, err := rw.ReadVString(conn)
-	if err != nil {
-		return err
-	}
-	service := s.service
-	if service == nil {
-		return nil
-	}
-	abstractOutboundGroup, isLoaded := service.instance.Router().Outbound(groupTag)
-	if !isLoaded {
-		return writeError(conn, E.New("outbound group not found: ", groupTag))
-	}
-	outboundGroup, isOutboundGroup := abstractOutboundGroup.(adapter.OutboundGroup)
-	if !isOutboundGroup {
-		return writeError(conn, E.New("outbound is not a group: ", groupTag))
-	}
-	urlTest, isURLTest := abstractOutboundGroup.(*outbound.URLTest)
-	if isURLTest {
-		go urlTest.CheckOutbounds()
-	} else {
-		var historyStorage *urltest.HistoryStorage
-		if clashServer := service.instance.Router().ClashServer(); clashServer != nil {
-			historyStorage = clashServer.HistoryStorage()
-		} else {
-			return writeError(conn, E.New("Clash API is required for URLTest on non-URLTest group"))
-		}
-
-		outbounds := common.Filter(common.Map(outboundGroup.All(), func(it string) adapter.Outbound {
-			itOutbound, _ := service.instance.Router().Outbound(it)
-			return itOutbound
-		}), func(it adapter.Outbound) bool {
-			if it == nil {
-				return false
-			}
-			_, isGroup := it.(adapter.OutboundGroup)
-			if isGroup {
-				return false
-			}
-			return true
-		})
-		b, _ := batch.New(service.ctx, batch.WithConcurrencyNum[any](10))
-		for _, detour := range outbounds {
-			outboundToTest := detour
-			outboundTag := outboundToTest.Tag()
-			b.Go(outboundTag, func() (any, error) {
-				t, err := urltest.URLTest(service.ctx, "", outboundToTest)
-				if err != nil {
-					historyStorage.DeleteURLTestHistory(outboundTag)
-				} else {
-					historyStorage.StoreURLTestHistory(outboundTag, &urltest.History{
-						Time:  time.Now(),
-						Delay: t,
-					})
-				}
-				return nil, nil
-			})
-		}
-	}
-	return writeError(conn, nil)
-}

experimental/libbox/dns.go

@@ -1,162 +0,0 @@
-package libbox
-
-import (
-	"context"
-	"net/netip"
-	"strings"
-	"syscall"
-
-	"github.com/sagernet/sing-dns"
-	"github.com/sagernet/sing/common"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/logger"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/task"
-
-	mDNS "github.com/miekg/dns"
-)
-
-type LocalDNSTransport interface {
-	Raw() bool
-	Lookup(ctx *ExchangeContext, network string, domain string) error
-	Exchange(ctx *ExchangeContext, message []byte) error
-}
-
-func RegisterLocalDNSTransport(transport LocalDNSTransport) {
-	if transport == nil {
-		dns.RegisterTransport([]string{"local"}, dns.CreateLocalTransport)
-	} else {
-		dns.RegisterTransport([]string{"local"}, func(name string, ctx context.Context, logger logger.ContextLogger, dialer N.Dialer, link string) (dns.Transport, error) {
-			return &platformLocalDNSTransport{
-				iif: transport,
-			}, nil
-		})
-	}
-}
-
-var _ dns.Transport = (*platformLocalDNSTransport)(nil)
-
-type platformLocalDNSTransport struct {
-	iif LocalDNSTransport
-}
-
-func (p *platformLocalDNSTransport) Name() string {
-	return "local"
-}
-
-func (p *platformLocalDNSTransport) Start() error {
-	return nil
-}
-
-func (p *platformLocalDNSTransport) Close() error {
-	return nil
-}
-
-func (p *platformLocalDNSTransport) Raw() bool {
-	return p.iif.Raw()
-}
-
-func (p *platformLocalDNSTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, error) {
-	messageBytes, err := message.Pack()
-	if err != nil {
-		return nil, err
-	}
-	response := &ExchangeContext{
-		context: ctx,
-	}
-	var responseMessage *mDNS.Msg
-	return responseMessage, task.Run(ctx, func() error {
-		err = p.iif.Exchange(response, messageBytes)
-		if err != nil {
-			return err
-		}
-		if response.error != nil {
-			return response.error
-		}
-		responseMessage = &response.message
-		return nil
-	})
-}
-
-func (p *platformLocalDNSTransport) Lookup(ctx context.Context, domain string, strategy dns.DomainStrategy) ([]netip.Addr, error) {
-	var network string
-	switch strategy {
-	case dns.DomainStrategyUseIPv4:
-		network = "ip4"
-	case dns.DomainStrategyPreferIPv6:
-		network = "ip6"
-	default:
-		network = "ip"
-	}
-	response := &ExchangeContext{
-		context: ctx,
-	}
-	var responseAddr []netip.Addr
-	return responseAddr, task.Run(ctx, func() error {
-		err := p.iif.Lookup(response, network, domain)
-		if err != nil {
-			return err
-		}
-		if response.error != nil {
-			return response.error
-		}
-		switch strategy {
-		case dns.DomainStrategyUseIPv4:
-			responseAddr = common.Filter(response.addresses, func(it netip.Addr) bool {
-				return it.Is4()
-			})
-		case dns.DomainStrategyPreferIPv6:
-			responseAddr = common.Filter(response.addresses, func(it netip.Addr) bool {
-				return it.Is6()
-			})
-		default:
-			responseAddr = response.addresses
-		}
-		/*if len(responseAddr) == 0 {
-			response.error = dns.RCodeSuccess
-		}*/
-		return nil
-	})
-}
-
-type Func interface {
-	Invoke() error
-}
-
-type ExchangeContext struct {
-	context   context.Context
-	message   mDNS.Msg
-	addresses []netip.Addr
-	error     error
-}
-
-func (c *ExchangeContext) OnCancel(callback Func) {
-	go func() {
-		<-c.context.Done()
-		callback.Invoke()
-	}()
-}
-
-func (c *ExchangeContext) Success(result string) {
-	c.addresses = common.Map(common.Filter(strings.Split(result, "\n"), func(it string) bool {
-		return !common.IsEmpty(it)
-	}), func(it string) netip.Addr {
-		return M.ParseSocksaddrHostPort(it, 0).Unwrap().Addr
-	})
-}
-
-func (c *ExchangeContext) RawSuccess(result []byte) {
-	err := c.message.Unpack(result)
-	if err != nil {
-		c.error = E.Cause(err, "parse response")
-	}
-}
-
-func (c *ExchangeContext) ErrorCode(code int32) {
-	c.error = dns.RCodeError(code)
-}
-
-func (c *ExchangeContext) ErrnoCode(code int32) {
-	c.error = syscall.Errno(code)
-}

experimental/libbox/iterator.go

@@ -29,19 +29,3 @@ func (i *iterator[T]) Next() T {
 func (i *iterator[T]) HasNext() bool {
 	return len(i.values) > 0
 }
-
-type abstractIterator[T any] interface {
-	Next() T
-	HasNext() bool
-}
-
-func iteratorToArray[T any](iterator abstractIterator[T]) []T {
-	if iterator == nil {
-		return nil
-	}
-	var values []T
-	for iterator.HasNext() {
-		values = append(values, iterator.Next())
-	}
-	return values
-}

experimental/libbox/log.go

@@ -18,14 +18,6 @@ func RedirectStderr(path string) error {
 	if err != nil {
 		return err
 	}
-	if sUserID > 0 {
-		err = outputFile.Chown(sUserID, sGroupID)
-		if err != nil {
-			outputFile.Close()
-			os.Remove(outputFile.Name())
-			return err
-		}
-	}
 	err = unix.Dup2(int(outputFile.Fd()), int(os.Stderr.Fd()))
 	if err != nil {
 		outputFile.Close()

experimental/libbox/memory.go

@@ -1,22 +1,18 @@
+//go:build darwin
+
 package libbox
 
 import (
-	"math"
 	runtimeDebug "runtime/debug"
 
 	"github.com/sagernet/sing-box/common/dialer/conntrack"
 )
 
-func SetMemoryLimit(enabled bool) {
-	const memoryLimit = 30 * 1024 * 1024
-	if enabled {
-		runtimeDebug.SetGCPercent(10)
-		runtimeDebug.SetMemoryLimit(memoryLimit)
-		conntrack.KillerEnabled = true
-		conntrack.MemoryLimit = memoryLimit
-	} else {
-		runtimeDebug.SetGCPercent(100)
-		runtimeDebug.SetMemoryLimit(math.MaxInt64)
-		conntrack.KillerEnabled = false
-	}
+const memoryLimit = 30 * 1024 * 1024
+
+func SetMemoryLimit() {
+	runtimeDebug.SetGCPercent(10)
+	runtimeDebug.SetMemoryLimit(memoryLimit)
+	conntrack.KillerEnabled = true
+	conntrack.MemoryLimit = memoryLimit
 }

experimental/libbox/monitor.go

@@ -1,183 +0,0 @@
-package libbox
-
-import (
-	"context"
-	"net"
-	"net/netip"
-	"sync"
-
-	"github.com/sagernet/sing-tun"
-	"github.com/sagernet/sing/common"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	"github.com/sagernet/sing/common/x/list"
-)
-
-var (
-	_ tun.DefaultInterfaceMonitor = (*platformDefaultInterfaceMonitor)(nil)
-	_ InterfaceUpdateListener     = (*platformDefaultInterfaceMonitor)(nil)
-)
-
-type platformDefaultInterfaceMonitor struct {
-	*platformInterfaceWrapper
-	errorHandler          E.Handler
-	networkAddresses      []networkAddress
-	defaultInterfaceName  string
-	defaultInterfaceIndex int
-	element               *list.Element[tun.NetworkUpdateCallback]
-	access                sync.Mutex
-	callbacks             list.List[tun.DefaultInterfaceUpdateCallback]
-}
-
-type networkAddress struct {
-	interfaceName  string
-	interfaceIndex int
-	addresses      []netip.Prefix
-}
-
-func (m *platformDefaultInterfaceMonitor) Start() error {
-	return m.iif.StartDefaultInterfaceMonitor(m)
-}
-
-func (m *platformDefaultInterfaceMonitor) Close() error {
-	return m.iif.CloseDefaultInterfaceMonitor(m)
-}
-
-func (m *platformDefaultInterfaceMonitor) DefaultInterfaceName(destination netip.Addr) string {
-	for _, address := range m.networkAddresses {
-		for _, prefix := range address.addresses {
-			if prefix.Contains(destination) {
-				return address.interfaceName
-			}
-		}
-	}
-	return m.defaultInterfaceName
-}
-
-func (m *platformDefaultInterfaceMonitor) DefaultInterfaceIndex(destination netip.Addr) int {
-	for _, address := range m.networkAddresses {
-		for _, prefix := range address.addresses {
-			if prefix.Contains(destination) {
-				return address.interfaceIndex
-			}
-		}
-	}
-	return m.defaultInterfaceIndex
-}
-
-func (m *platformDefaultInterfaceMonitor) OverrideAndroidVPN() bool {
-	return false
-}
-
-func (m *platformDefaultInterfaceMonitor) AndroidVPNEnabled() bool {
-	return false
-}
-
-func (m *platformDefaultInterfaceMonitor) RegisterCallback(callback tun.DefaultInterfaceUpdateCallback) *list.Element[tun.DefaultInterfaceUpdateCallback] {
-	m.access.Lock()
-	defer m.access.Unlock()
-	return m.callbacks.PushBack(callback)
-}
-
-func (m *platformDefaultInterfaceMonitor) UnregisterCallback(element *list.Element[tun.DefaultInterfaceUpdateCallback]) {
-	m.access.Lock()
-	defer m.access.Unlock()
-	m.callbacks.Remove(element)
-}
-
-func (m *platformDefaultInterfaceMonitor) UpdateDefaultInterface(interfaceName string, interfaceIndex32 int32) {
-	var err error
-	if m.iif.UsePlatformInterfaceGetter() {
-		err = m.updateInterfacesPlatform()
-	} else {
-		err = m.updateInterfaces()
-	}
-	if err == nil {
-		err = m.router.UpdateInterfaces()
-	}
-	if err != nil {
-		m.errorHandler.NewError(context.Background(), E.Cause(err, "update interfaces"))
-	}
-	interfaceIndex := int(interfaceIndex32)
-	if interfaceName == "" {
-		for _, netIf := range m.networkAddresses {
-			if netIf.interfaceIndex == interfaceIndex {
-				interfaceName = netIf.interfaceName
-				break
-			}
-		}
-	} else if interfaceIndex == -1 {
-		for _, netIf := range m.networkAddresses {
-			if netIf.interfaceName == interfaceName {
-				interfaceIndex = netIf.interfaceIndex
-				break
-			}
-		}
-	}
-	if interfaceName == "" {
-		m.errorHandler.NewError(context.Background(), E.New("invalid interface name for ", interfaceIndex))
-		return
-	} else if interfaceIndex == -1 {
-		m.errorHandler.NewError(context.Background(), E.New("invalid interface index for ", interfaceName))
-		return
-	}
-	if m.defaultInterfaceName == interfaceName && m.defaultInterfaceIndex == interfaceIndex {
-		return
-	}
-	m.defaultInterfaceName = interfaceName
-	m.defaultInterfaceIndex = interfaceIndex
-	m.access.Lock()
-	callbacks := m.callbacks.Array()
-	m.access.Unlock()
-	for _, callback := range callbacks {
-		err = callback(tun.EventInterfaceUpdate)
-		if err != nil {
-			m.errorHandler.NewError(context.Background(), err)
-		}
-	}
-}
-
-func (m *platformDefaultInterfaceMonitor) updateInterfaces() error {
-	interfaces, err := net.Interfaces()
-	if err != nil {
-		return err
-	}
-	var addresses []networkAddress
-	for _, iif := range interfaces {
-		var netAddresses []net.Addr
-		netAddresses, err = iif.Addrs()
-		if err != nil {
-			return err
-		}
-		var address networkAddress
-		address.interfaceName = iif.Name
-		address.interfaceIndex = iif.Index
-		address.addresses = common.Map(common.FilterIsInstance(netAddresses, func(it net.Addr) (*net.IPNet, bool) {
-			value, loaded := it.(*net.IPNet)
-			return value, loaded
-		}), func(it *net.IPNet) netip.Prefix {
-			bits, _ := it.Mask.Size()
-			return netip.PrefixFrom(M.AddrFromIP(it.IP), bits)
-		})
-		addresses = append(addresses, address)
-	}
-	m.networkAddresses = addresses
-	return nil
-}
-
-func (m *platformDefaultInterfaceMonitor) updateInterfacesPlatform() error {
-	interfaces, err := m.Interfaces()
-	if err != nil {
-		return err
-	}
-	var addresses []networkAddress
-	for _, iif := range interfaces {
-		var address networkAddress
-		address.interfaceName = iif.Name
-		address.interfaceIndex = iif.Index
-		// address.addresses = common.Map(iif.Addresses, netip.MustParsePrefix)
-		addresses = append(addresses, address)
-	}
-	m.networkAddresses = addresses
-	return nil
-}

experimental/libbox/platform.go

@@ -1,11 +1,8 @@
 package libbox
 
-import (
-	"github.com/sagernet/sing-box/option"
-)
+import "github.com/sagernet/sing-box/option"
 
 type PlatformInterface interface {
-	UsePlatformAutoDetectInterfaceControl() bool
 	AutoDetectInterfaceControl(fd int32) error
 	OpenTun(options TunOptions) (int32, error)
 	WriteLog(message string)
@@ -13,12 +10,6 @@ type PlatformInterface interface {
 	FindConnectionOwner(ipProtocol int32, sourceAddress string, sourcePort int32, destinationAddress string, destinationPort int32) (int32, error)
 	PackageNameByUid(uid int32) (string, error)
 	UIDByPackageName(packageName string) (int32, error)
-	UsePlatformDefaultInterfaceMonitor() bool
-	StartDefaultInterfaceMonitor(listener InterfaceUpdateListener) error
-	CloseDefaultInterfaceMonitor(listener InterfaceUpdateListener) error
-	UsePlatformInterfaceGetter() bool
-	GetInterfaces() (NetworkInterfaceIterator, error)
-	UnderNetworkExtension() bool
 }
 
 type TunInterface interface {
@@ -26,19 +17,8 @@ type TunInterface interface {
 	Close() error
 }
 
-type InterfaceUpdateListener interface {
-	UpdateDefaultInterface(interfaceName string, interfaceIndex int32)
-}
-
-type NetworkInterface struct {
-	Index     int32
-	MTU       int32
-	Name      string
-	Addresses StringIterator
-}
-
-type NetworkInterfaceIterator interface {
-	Next() *NetworkInterface
+type OnDemandRuleIterator interface {
+	Next() OnDemandRule
 	HasNext() bool
 }
 
@@ -51,11 +31,6 @@ type OnDemandRule interface {
 	ProbeURL() string
 }
 
-type OnDemandRuleIterator interface {
-	Next() OnDemandRule
-	HasNext() bool
-}
-
 type onDemandRule struct {
 	option.OnDemandRule
 }

experimental/libbox/platform/interface.go

@@ -1,35 +1,17 @@
 package platform
 
 import (
-	"context"
 	"io"
-	"net/netip"
 
-	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/process"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common/control"
-	E "github.com/sagernet/sing/common/exceptions"
 )
 
 type Interface interface {
-	Initialize(ctx context.Context, router adapter.Router) error
-	UsePlatformAutoDetectInterfaceControl() bool
 	AutoDetectInterfaceControl() control.Func
-	OpenTun(options *tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error)
-	UsePlatformDefaultInterfaceMonitor() bool
-	CreateDefaultInterfaceMonitor(errorHandler E.Handler) tun.DefaultInterfaceMonitor
-	UsePlatformInterfaceGetter() bool
-	Interfaces() ([]NetworkInterface, error)
-	UnderNetworkExtension() bool
+	OpenTun(options tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error)
 	process.Searcher
 	io.Writer
 }
-
-type NetworkInterface struct {
-	Index     int
-	MTU       int
-	Name      string
-	Addresses []netip.Prefix
-}

experimental/libbox/service.go

@@ -6,19 +6,14 @@ import (
 	"syscall"
 
 	"github.com/sagernet/sing-box"
-	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/process"
-	"github.com/sagernet/sing-box/common/urltest"
 	"github.com/sagernet/sing-box/experimental/libbox/internal/procfs"
 	"github.com/sagernet/sing-box/experimental/libbox/platform"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-tun"
-	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/service"
-	"github.com/sagernet/sing/service/filemanager"
 )
 
 type BoxService struct {
@@ -33,12 +28,10 @@ func NewService(configContent string, platformInterface PlatformInterface) (*Box
 		return nil, err
 	}
 	ctx, cancel := context.WithCancel(context.Background())
-	ctx = filemanager.WithDefault(ctx, sBasePath, sTempPath, sUserID, sGroupID)
-	ctx = service.ContextWithPtr(ctx, urltest.NewHistoryStorage())
 	instance, err := box.New(box.Options{
 		Context:           ctx,
 		Options:           options,
-		PlatformInterface: &platformInterfaceWrapper{iif: platformInterface, useProcFS: platformInterface.UseProcFS()},
+		PlatformInterface: &platformInterfaceWrapper{platformInterface, platformInterface.UseProcFS()},
 	})
 	if err != nil {
 		cancel()
@@ -65,16 +58,6 @@ var _ platform.Interface = (*platformInterfaceWrapper)(nil)
 type platformInterfaceWrapper struct {
 	iif       PlatformInterface
 	useProcFS bool
-	router    adapter.Router
-}
-
-func (w *platformInterfaceWrapper) Initialize(ctx context.Context, router adapter.Router) error {
-	w.router = router
-	return nil
-}
-
-func (w *platformInterfaceWrapper) UsePlatformAutoDetectInterfaceControl() bool {
-	return w.iif.UsePlatformAutoDetectInterfaceControl()
 }
 
 func (w *platformInterfaceWrapper) AutoDetectInterfaceControl() control.Func {
@@ -85,7 +68,7 @@ func (w *platformInterfaceWrapper) AutoDetectInterfaceControl() control.Func {
 	}
 }
 
-func (w *platformInterfaceWrapper) OpenTun(options *tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error) {
+func (w *platformInterfaceWrapper) OpenTun(options tun.Options, platformOptions option.TunPlatformOptions) (tun.Tun, error) {
 	if len(options.IncludeUID) > 0 || len(options.ExcludeUID) > 0 {
 		return nil, E.New("android: unsupported uid options")
 	}
@@ -96,16 +79,12 @@ func (w *platformInterfaceWrapper) OpenTun(options *tun.Options, platformOptions
 	if err != nil {
 		return nil, err
 	}
-	options.Name, err = getTunnelName(tunFd)
-	if err != nil {
-		return nil, E.Cause(err, "query tun name")
-	}
 	dupFd, err := dup(int(tunFd))
 	if err != nil {
 		return nil, E.Cause(err, "dup tun file descriptor")
 	}
 	options.FileDescriptor = dupFd
-	return tun.New(*options)
+	return tun.New(options)
 }
 
 func (w *platformInterfaceWrapper) Write(p []byte) (n int, err error) {
@@ -139,40 +118,3 @@ func (w *platformInterfaceWrapper) FindProcessInfo(ctx context.Context, network
 	packageName, _ := w.iif.PackageNameByUid(uid)
 	return &process.Info{UserId: uid, PackageName: packageName}, nil
 }
-
-func (w *platformInterfaceWrapper) UsePlatformDefaultInterfaceMonitor() bool {
-	return w.iif.UsePlatformDefaultInterfaceMonitor()
-}
-
-func (w *platformInterfaceWrapper) CreateDefaultInterfaceMonitor(errorHandler E.Handler) tun.DefaultInterfaceMonitor {
-	return &platformDefaultInterfaceMonitor{
-		platformInterfaceWrapper: w,
-		errorHandler:             errorHandler,
-		defaultInterfaceIndex:    -1,
-	}
-}
-
-func (w *platformInterfaceWrapper) UsePlatformInterfaceGetter() bool {
-	return w.iif.UsePlatformInterfaceGetter()
-}
-
-func (w *platformInterfaceWrapper) Interfaces() ([]platform.NetworkInterface, error) {
-	interfaceIterator, err := w.iif.GetInterfaces()
-	if err != nil {
-		return nil, err
-	}
-	var interfaces []platform.NetworkInterface
-	for _, netInterface := range iteratorToArray[*NetworkInterface](interfaceIterator) {
-		interfaces = append(interfaces, platform.NetworkInterface{
-			Index:     int(netInterface.Index),
-			MTU:       int(netInterface.MTU),
-			Name:      netInterface.Name,
-			Addresses: common.Map(iteratorToArray[string](netInterface.Addresses), netip.MustParsePrefix),
-		})
-	}
-	return interfaces, nil
-}
-
-func (w *platformInterfaceWrapper) UnderNetworkExtension() bool {
-	return w.iif.UnderNetworkExtension()
-}

experimental/libbox/setup.go

@@ -1,39 +1,17 @@
 package libbox
 
 import (
-	"os"
-	"os/user"
-	"strconv"
-
 	C "github.com/sagernet/sing-box/constant"
 
 	"github.com/dustin/go-humanize"
 )
 
-var (
-	sBasePath string
-	sTempPath string
-	sUserID   int
-	sGroupID  int
-)
-
-func Setup(basePath string, tempPath string) {
-	sBasePath = basePath
-	sTempPath = tempPath
-	sUserID = os.Getuid()
-	sGroupID = os.Getgid()
+func SetBasePath(path string) {
+	C.SetBasePath(path)
 }
 
-func SetupWithUsername(basePath string, tempPath string, username string) error {
-	sBasePath = basePath
-	sTempPath = tempPath
-	sUser, err := user.Lookup(username)
-	if err != nil {
-		return err
-	}
-	sUserID, _ = strconv.Atoi(sUser.Uid)
-	sGroupID, _ = strconv.Atoi(sUser.Gid)
-	return nil
+func SetTempPath(path string) {
+	C.SetTempPath(path)
 }
 
 func Version() string {

experimental/libbox/tun.go

@@ -59,7 +59,7 @@ func mapRoutePrefix(prefixes []netip.Prefix) RoutePrefixIterator {
 var _ TunOptions = (*tunOptions)(nil)
 
 type tunOptions struct {
-	*tun.Options
+	tun.Options
 	option.TunPlatformOptions
 }