Add ssm api server

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,79 +1,70 @@
-name: Bug report
-description: "Report sing-box bug"
+name: Bug Report
+description: "Create a report to help us improve."
 body:
-  - type: dropdown
+  - type: checkboxes
+    id: terms
     attributes:
-      label: Operating system
-      description: Operating system type
+      label: Welcome
       options:
-        - iOS
-        - macOS
-        - Apple tvOS
-        - Android
-        - Windows
-        - Linux
-        - Others
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: System version
-      description: Please provide the operating system version
-    validations:
-      required: true
-  - type: dropdown
-    attributes:
-      label: Installation type
-      description: Please provide the sing-box installation type
-      options:
-        - Original sing-box Command Line
-        - sing-box for iOS Graphical Client
-        - sing-box for macOS Graphical Client
-        - sing-box for Apple tvOS Graphical Client
-        - sing-box for Android Graphical Client
-        - Third-party graphical clients that advertise themselves as using sing-box (Windows)
-        - Third-party graphical clients that advertise themselves as using sing-box (Android)
-        - Others
-    validations:
-      required: true
-  - type: input
-    attributes:
-      description: Graphical client version
-      label: If you are using a graphical client, please provide the version of the client.
+        - label: Yes, I'm using the latest major release. Only such installations are supported.
+          required: true
+        - label: Yes, I'm using the latest Golang release. Only such installations are supported.
+          required: true
+        - label: Yes, I've searched similar issues on GitHub and didn't find any.
+          required: true
+        - label: Yes, I've included all information below (version, **FULL** config, **FULL** log, etc).
+          required: true
+
   - type: textarea
+    id: problem
     attributes:
-      label: Version
-      description: If you are using the original command line program, please provide the output of the `sing-box version` command.
+      label: Description of the problem
+      placeholder: Your problem description
+    validations:
+      required: true
+
+  - type: textarea
+    id: version
+    attributes:
+      label: Version of sing-box
       value: |-
         <details>
 
         ```console
-        # Replace this line with the output
+        $ sing-box version
+        # Paste output here
         ```
+
         </details>
-  - type: textarea
-    attributes:
-      label: Description
-      description: Please provide a detailed description of the error.
     validations:
       required: true
+
   - type: textarea
+    id: config
     attributes:
-      label: Reproduction
-      description: Please provide the steps to reproduce the error, including the configuration files and procedures that can locally (not dependent on the remote server) reproduce the error using the original command line program of sing-box.
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Logs
-      description: |-
-        If you encounter a crash with the graphical client, please provide crash logs.
-        For Apple platform clients, please check `Settings - View Service Log` for crash logs.
-        For the Android client, please check the `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` file for crash logs.
+      label: Server and client configuration file
       value: |-
         <details>
-        
+
         ```console
-        # Replace this line with logs
+        # paste json here
         ```
-        </details>
+
+        </details>
+    validations:
+      required: true
+
+  - type: textarea
+    id: log
+    attributes:
+      label: Server and client log file
+      value: |-
+        <details>
+
+        ```console
+        # paste log here
+        ```
+
+        </details>
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/bug_report_zh.yml

@@ -1,79 +0,0 @@
-name: 错误反馈
-description: "提交 sing-box 漏洞"
-body:
-  - type: dropdown
-    attributes:
-      label: 操作系统
-      description: 请提供操作系统类型
-      options:
-        - iOS
-        - macOS
-        - Apple tvOS
-        - Android
-        - Windows
-        - Linux
-        - 其他
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: 系统版本
-      description: 请提供操作系统版本
-    validations:
-      required: true
-  - type: dropdown
-    attributes:
-      label: 安装类型
-      description: 请提供该 sing-box 安装类型
-      options:
-        - sing-box 原始命令行程序
-        - sing-box for iOS 图形客户端程序
-        - sing-box for macOS 图形客户端程序
-        - sing-box for Apple tvOS 图形客户端程序
-        - sing-box for Android 图形客户端程序
-        - 宣传使用 sing-box 的第三方图形客户端程序 (Windows)
-        - 宣传使用 sing-box 的第三方图形客户端程序 (Android)
-        - 其他
-    validations:
-      required: true
-  - type: input
-    attributes:
-      description: 图形客户端版本
-      label: 如果您使用图形客户端程序，请提供该程序版本。
-  - type: textarea
-    attributes:
-      label: 版本
-      description: 如果您使用原始命令行程序，请提供 `sing-box version` 命令的输出。
-      value: |-
-        <details>
-
-        ```console
-        # 使用输出内容覆盖此行
-        ```
-        </details>
-  - type: textarea
-    attributes:
-      label: 描述
-      description: 请提供错误的详细描述。
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: 重现方式
-      description: 请提供重现错误的步骤，必须包括可以在本地（不依赖与远程服务器）使用 sing-box 原始命令行程序重现错误的配置文件与流程。
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: 日志
-      description: |-
-        如果您遭遇图形界面应用程序崩溃，请提供崩溃日志。
-        对于 Apple 平台图形客户端程序，请检查 `Settings - View Service Log` 以导出崩溃日志。
-        对于 Android 图形客户端程序，请检查 `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` 文件以导出崩溃日志。
-      value: |-
-        <details>
-        
-        ```console
-        # 使用日志内容覆盖此行
-        ```
-        </details>

.github/workflows/debug.yml

@@ -3,7 +3,6 @@ name: Debug build
 on:
   push:
     branches:
-      - stable-next
       - main-next
       - dev-next
     paths-ignore:
@@ -12,7 +11,6 @@ on:
       - '!.github/workflows/debug.yml'
   pull_request:
     branches:
-      - stable-next
       - main-next
       - dev-next
 
@@ -22,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Get latest go version
@@ -30,9 +28,15 @@ jobs:
         run: |
           echo go_version=$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g') >> $GITHUB_OUTPUT
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ steps.version.outputs.go_version }}
+      - name: Cache go module
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/go/pkg/mod
+          key: go-${{ hashFiles('**/go.sum') }}
       - name: Add cache to Go proxy
         run: |
           version=`git rev-parse HEAD`
@@ -50,11 +54,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v3
         with:
           go-version: 1.18.10
       - name: Cache go module
@@ -64,27 +68,7 @@ jobs:
             ~/go/pkg/mod
           key: go118-${{ hashFiles('**/go.sum') }}
       - name: Run Test
-        run: make ci_build_go118
-  build_go120:
-    name: Debug build (Go 1.20)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-        with:
-          fetch-depth: 0
-      - name: Setup Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: 1.20.7
-      - name: Cache go module
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/go/pkg/mod
-          key: go118-${{ hashFiles('**/go.sum') }}
-      - name: Run Test
-        run: make ci_build
+        run: make
   cross:
     strategy:
       matrix:
@@ -201,7 +185,7 @@ jobs:
       TAGS: with_clash_api,with_quic
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Get latest go version
@@ -209,9 +193,15 @@ jobs:
         run: |
           echo go_version=$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g') >> $GITHUB_OUTPUT
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ steps.version.outputs.go_version }}
+      - name: Cache go module
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/go/pkg/mod
+          key: go-${{ hashFiles('**/go.sum') }}
       - name: Build
         id: build
         run: make

.github/workflows/docker.yml

@@ -9,20 +9,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@v3
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
       - name: Setup QEMU for Docker Buildx
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v2
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Docker metadata
         id: metadata
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v4
         with:
           images: ghcr.io/sagernet/sing-box
       - name: Get tag to build
@@ -35,12 +35,10 @@ jobs:
             echo "versioned=ghcr.io/sagernet/sing-box:${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
           fi
       - name: Build and release Docker images
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v4
         with:
           platforms: linux/386,linux/amd64,linux/arm64,linux/s390x
           target: dist
-          build-args: |
-            BUILDKIT_CONTEXT_KEEP_GIT_DIR=1
           tags: |
             ${{ steps.tag.outputs.latest }}
             ${{ steps.tag.outputs.versioned }}

.github/workflows/lint.yml

@@ -3,7 +3,6 @@ name: Lint
 on:
   push:
     branches:
-      - stable-next
       - main-next
       - dev-next
     paths-ignore:
@@ -12,7 +11,6 @@ on:
       - '!.github/workflows/lint.yml'
   pull_request:
     branches:
-      - stable-next
       - main-next
       - dev-next
 
@@ -22,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Get latest go version
@@ -30,12 +28,16 @@ jobs:
         run: |
           echo go_version=$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g') >> $GITHUB_OUTPUT
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ steps.version.outputs.go_version }}
+      - name: Cache go module
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/go/pkg/mod
+          key: go-${{ hashFiles('**/go.sum') }}
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: latest
-          args: --timeout=30m
-          install-mode: binary
+          version: latest

.github/workflows/mkdocs.yml

@@ -0,0 +1,18 @@
+name: Generate Documents
+on:
+  push:
+    branches:
+      - dev
+    paths:
+      - docs/**
+      - .github/workflows/mkdocs.yml
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: 3.x
+      - run: pip install mkdocs-material mkdocs-static-i18n
+      - run: mkdocs gh-deploy -m "{sha}" --force --ignore-version --no-history

.github/workflows/stale.yml

@@ -8,7 +8,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v8
+      - uses: actions/stale@v7
         with:
           stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days'
           days-before-stale: 60

.gitignore

@@ -5,11 +5,4 @@
 /site/
 /bin/
 /dist/
-/sing-box
-/sing-box.exe
-/build/
-/*.jar
-/*.aar
-/*.xcframework/
-.DS_Store
-/config.d/
+/sing-box

.goreleaser.yaml

@@ -10,21 +10,17 @@ builds:
     gcflags:
       - all=-trimpath={{.Env.GOPATH}}
     ldflags:
-      - -X github.com/sagernet/sing-box/constant.Version={{ .Version }} -s -w -buildid=
+      - -s -w -buildid=
     tags:
       - with_gvisor
       - with_quic
-      - with_dhcp
       - with_wireguard
-      - with_ech
       - with_utls
-      - with_reality_server
-      - with_acme
       - with_clash_api
+      - with_ssm_api
     env:
       - CGO_ENABLED=0
     targets:
-      - linux_386
       - linux_amd64_v1
       - linux_amd64_v3
       - linux_arm64
@@ -38,36 +34,6 @@ builds:
       - darwin_amd64_v3
       - darwin_arm64
     mod_timestamp: '{{ .CommitTimestamp }}'
-  - id: legacy
-    main: ./cmd/sing-box
-    flags:
-      - -v
-      - -trimpath
-    asmflags:
-      - all=-trimpath={{.Env.GOPATH}}
-    gcflags:
-      - all=-trimpath={{.Env.GOPATH}}
-    ldflags:
-      - -X github.com/sagernet/sing-box/constant.Version={{ .Version }} -s -w -buildid=
-    tags:
-      - with_gvisor
-      - with_quic
-      - with_dhcp
-      - with_wireguard
-      - with_ech
-      - with_utls
-      - with_reality_server
-      - with_acme
-      - with_clash_api
-    env:
-      - CGO_ENABLED=0
-      - GOROOT=/nix/store/kg6i737jjqs923jcijnm003h68c1dghj-go-1.20.11/share/go
-    gobinary: /nix/store/kg6i737jjqs923jcijnm003h68c1dghj-go-1.20.11/bin/go
-    targets:
-      - windows_amd64_v1
-      - windows_386
-      - darwin_amd64_v1
-    mod_timestamp: '{{ .CommitTimestamp }}'
   - id: android
     main: ./cmd/sing-box
     flags:
@@ -78,17 +44,14 @@ builds:
     gcflags:
       - all=-trimpath={{.Env.GOPATH}}
     ldflags:
-      - -X github.com/sagernet/sing-box/constant.Version={{ .Version }} -s -w -buildid=
+      - -s -w -buildid=
     tags:
       - with_gvisor
       - with_quic
-      - with_dhcp
       - with_wireguard
-      - with_ech
       - with_utls
-      - with_reality_server
-      - with_acme
       - with_clash_api
+      - with_ssm_api
     env:
       - CGO_ENABLED=1
     overrides:
@@ -124,9 +87,6 @@ snapshot:
   name_template: "{{ .Version }}.{{ .ShortCommit }}"
 archives:
   - id: archive
-    builds:
-      - main
-      - android
     format: tar.gz
     format_overrides:
       - goos: windows
@@ -135,17 +95,6 @@ archives:
     files:
       - LICENSE
     name_template: '{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
-  - id: archive-legacy
-    builds:
-      - legacy
-    format: tar.gz
-    format_overrides:
-      - goos: windows
-        format: zip
-    wrap_in_directory: true
-    files:
-      - LICENSE
-    name_template: '{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}-legacy'
 nfpms:
   - id: package
     package_name: sing-box
@@ -158,7 +107,6 @@ nfpms:
     formats:
       - deb
       - rpm
-      - archlinux
     priority: extra
     contents:
       - src: release/config/config.json
@@ -170,6 +118,9 @@ nfpms:
         dst: /etc/systemd/system/sing-box@.service
       - src: LICENSE
         dst: /usr/share/licenses/sing-box/LICENSE
+    scripts:
+      postinstall: release/config/postinstall.sh
+      postremove: release/config/postremove.sh
 source:
   enabled: false
   name_template: '{{ .ProjectName }}-{{ .Version }}.source'

Dockerfile

@@ -1,27 +1,22 @@
-FROM --platform=$BUILDPLATFORM golang:1.21-alpine AS builder
+FROM golang:1.20-alpine AS builder
 LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
 COPY . /go/src/github.com/sagernet/sing-box
 WORKDIR /go/src/github.com/sagernet/sing-box
-ARG TARGETOS TARGETARCH
 ARG GOPROXY=""
 ENV GOPROXY ${GOPROXY}
 ENV CGO_ENABLED=0
-ENV GOOS=$TARGETOS
-ENV GOARCH=$TARGETARCH
 RUN set -ex \
     && apk add git build-base \
     && export COMMIT=$(git rev-parse --short HEAD) \
-    && export VERSION=$(go run ./cmd/internal/read_tag) \
-    && go build -v -trimpath -tags \
-        "with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api" \
+    && go build -v -trimpath -tags with_quic,with_wireguard,with_acme \
         -o /go/bin/sing-box \
-        -ldflags "-X \"github.com/sagernet/sing-box/constant.Version=$VERSION\" -s -w -buildid=" \
+        -ldflags "-s -w -buildid=" \
         ./cmd/sing-box
-FROM --platform=$TARGETPLATFORM alpine AS dist
+FROM alpine AS dist
 LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
 RUN set -ex \
     && apk upgrade \
     && apk add bash tzdata ca-certificates \
     && rm -rf /var/cache/apk/*
 COPY --from=builder /go/bin/sing-box /usr/local/bin/sing-box
-ENTRYPOINT ["sing-box"]
+ENTRYPOINT ["sing-box"]

LICENSE

@@ -11,7 +11,4 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 
 You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-In addition, no derivative work may use the name or imply association
-with this application without prior consent.
+along with this program. If not, see <http://www.gnu.org/licenses/>.

Makefile

@@ -1,39 +1,22 @@
 NAME = sing-box
 COMMIT = $(shell git rev-parse --short HEAD)
-TAGS_GO118 = with_gvisor,with_dhcp,with_wireguard,with_utls,with_reality_server,with_clash_api
-TAGS_GO120 = with_quic,with_ech
-TAGS ?= $(TAGS_GO118),$(TAGS_GO120)
-TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server
-
-GOHOSTOS = $(shell go env GOHOSTOS)
-GOHOSTARCH = $(shell go env GOHOSTARCH)
-VERSION=$(shell CGO_ENABLED=0 GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) go run ./cmd/internal/read_tag)
-
-PARAMS = -v -trimpath -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=$(VERSION)' -s -w -buildid="
-MAIN_PARAMS = $(PARAMS) -tags $(TAGS)
+TAGS ?= with_gvisor,with_quic,with_wireguard,with_utls,with_clash_api,with_ssm_api
+TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_shadowsocksr
+PARAMS = -v -trimpath -tags "$(TAGS)" -ldflags "-s -w -buildid="
 MAIN = ./cmd/sing-box
-PREFIX ?= $(shell go env GOPATH)
 
-.PHONY: test release docs
+.PHONY: test release
 
 build:
-	go build $(MAIN_PARAMS) $(MAIN)
-
-ci_build_go118:
 	go build $(PARAMS) $(MAIN)
-	go build $(PARAMS) -tags "$(TAGS_GO118)" $(MAIN)
-
-ci_build:
-	go build $(PARAMS) $(MAIN)
-	go build $(MAIN_PARAMS) $(MAIN)
 
 install:
-	go build -o $(PREFIX)/bin/$(NAME) $(MAIN_PARAMS) $(MAIN)
+	go install $(PARAMS) $(MAIN)
 
 fmt:
 	@gofumpt -l -w .
 	@gofmt -s -w .
-	@gci write --custom-order -s standard -s "prefix(github.com/sagernet/)" -s "default" .
+	@gci write --custom-order -s "standard,prefix(github.com/sagernet/),default" .
 
 fmt_install:
 	go install -v mvdan.cc/gofumpt@latest
@@ -58,103 +41,24 @@ proto_install:
 	go install -v google.golang.org/protobuf/cmd/protoc-gen-go@latest
 	go install -v google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
 
-release:
-	go run ./cmd/internal/build goreleaser release --clean --skip-publish || exit 1
+snapshot:
+	go run ./cmd/internal/build goreleaser release --rm-dist --snapshot || exit 1
 	mkdir dist/release
-	mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/*.pkg.tar.zst dist/release
-	ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release
-	rm -r dist/release
+	mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/release
+	ghr --delete --draft --prerelease -p 1 nightly dist/release
+	rm -r dist
+
+release:
+	go run ./cmd/internal/build goreleaser release --rm-dist --skip-publish || exit 1
+	mkdir dist/release
+	mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/release
+	ghr --delete --draft --prerelease -p 3 $(shell git describe --tags) dist/release
+	rm -r dist
 
 release_install:
 	go install -v github.com/goreleaser/goreleaser@latest
 	go install -v github.com/tcnksm/ghr@latest
 
-update_android_version:
-	go run ./cmd/internal/update_android_version
-
-build_android:
-	cd ../sing-box-for-android && ./gradlew :app:assemblePlayRelease && ./gradlew --stop
-
-upload_android:
-	mkdir -p dist/release_android
-	cp ../sing-box-for-android/app/build/outputs/apk/play/release/*.apk dist/release_android
-	ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release_android
-	rm -rf dist/release_android
-
-release_android: lib_android update_android_version build_android upload_android
-
-publish_android:
-	cd ../sing-box-for-android && ./gradlew :app:publishPlayReleaseBundle
-
-publish_android_appcenter:
-	cd ../sing-box-for-android && ./gradlew :app:appCenterAssembleAndUploadPlayRelease
-
-build_ios:
-	cd ../sing-box-for-apple && \
-	rm -rf build/SFI.xcarchive && \
-	xcodebuild archive -scheme SFI -configuration Release -archivePath build/SFI.xcarchive
-
-upload_ios_app_store:
-	cd ../sing-box-for-apple && \
-	xcodebuild -exportArchive -archivePath build/SFI.xcarchive -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates
-
-release_ios: build_ios upload_ios_app_store
-
-build_macos:
-	cd ../sing-box-for-apple && \
-	rm -rf build/SFM.xcarchive && \
-	xcodebuild archive -scheme SFM -configuration Release -archivePath build/SFM.xcarchive
-
-upload_macos_app_store:
-	cd ../sing-box-for-apple && \
-	xcodebuild -exportArchive -archivePath build/SFM.xcarchive -exportOptionsPlist SFI/Upload.plist  -allowProvisioningUpdates
-
-release_macos: build_macos upload_macos_app_store
-
-build_macos_independent:
-	cd ../sing-box-for-apple && \
-	rm -rf build/SFT.System.xcarchive && \
-	xcodebuild archive -scheme SFM.System -configuration Release -archivePath build/SFM.System.xcarchive
-
-notarize_macos_independent:
-	cd ../sing-box-for-apple && \
-	xcodebuild -exportArchive -archivePath "build/SFM.System.xcarchive" -exportOptionsPlist SFM.System/Upload.plist  -allowProvisioningUpdates
-
-wait_notarize_macos_independent:
-	sleep 60
-
-export_macos_independent:
-	rm -rf dist/SFM
-	mkdir -p dist/SFM
-	cd ../sing-box-for-apple && \
-	xcodebuild -exportNotarizedApp -archivePath build/SFM.System.xcarchive -exportPath "../sing-box/dist/SFM"
-
-upload_macos_independent:
-	cd dist/SFM && \
-	rm -f *.zip && \
-	zip -ry "SFM-${VERSION}-universal.zip" SFM.app && \
-	ghr --replace --draft --prerelease "v${VERSION}" *.zip
-
-release_macos_independent: build_macos_independent notarize_macos_independent wait_notarize_macos_independent export_macos_independent upload_macos_independent
-
-build_tvos:
-	cd ../sing-box-for-apple && \
-	rm -rf build/SFT.xcarchive && \
-	xcodebuild archive -scheme SFT -configuration Release -archivePath build/SFT.xcarchive
-
-upload_tvos_app_store:
-	cd ../sing-box-for-apple && \
-	xcodebuild -exportArchive -archivePath "build/SFT.xcarchive" -exportOptionsPlist SFI/Upload.plist  -allowProvisioningUpdates
-
-release_tvos: build_tvos upload_tvos_app_store
-
-update_apple_version:
-	go run ./cmd/internal/update_apple_version
-
-release_apple: lib_ios update_apple_version release_ios release_macos release_tvos release_macos_independent
-
-release_apple_beta: update_apple_version release_ios release_macos release_tvos
-
 test:
 	@go test -v ./... && \
 	cd test && \
@@ -167,29 +71,6 @@ test_stdio:
 	go mod tidy && \
 	go test -v -tags "$(TAGS_TEST),force_stdio" .
 
-lib_android:
-	go run ./cmd/internal/build_libbox -target android
-
-lib_ios:
-	go run ./cmd/internal/build_libbox -target ios
-
-lib:
-	go run ./cmd/internal/build_libbox -target android
-	go run ./cmd/internal/build_libbox -target ios
-
-lib_install:
-	go get -v -d
-	go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.0.0-20230915142329-c6740b6d2950
-	go install -v github.com/sagernet/gomobile/cmd/gobind@v0.0.0-20230915142329-c6740b6d2950
-
-docs:
-	mkdocs serve
-
-publish_docs:
-	mkdocs gh-deploy -m "Update" --force --ignore-version --no-history
-
-docs_install:
-	pip install --force-reinstall mkdocs-material=="9.*" mkdocs-static-i18n=="1.2.*"
 clean:
 	rm -rf bin dist sing-box
 	rm -f $(shell go env GOPATH)/sing-box

README.md

@@ -2,16 +2,10 @@
 
 The universal proxy platform.
 
-[![Packaging status](https://repology.org/badge/vertical-allrepos/sing-box.svg)](https://repology.org/project/sing-box/versions)
-
 ## Documentation
 
 https://sing-box.sagernet.org
 
-## Support
-
-https://community.sagernet.org/c/sing-box/
-
 ## License
 
 ```
@@ -29,7 +23,4 @@ GNU General Public License for more details.
 
 You should have received a copy of the GNU General Public License
 along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-In addition, no derivative work may use the name or imply association
-with this application without prior consent.
 ```

adapter/conn_router.go

@@ -1,104 +0,0 @@
-package adapter
-
-import (
-	"context"
-	"net"
-
-	"github.com/sagernet/sing/common/logger"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-)
-
-type ConnectionRouter interface {
-	RouteConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
-	RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
-}
-
-func NewRouteHandler(
-	metadata InboundContext,
-	router ConnectionRouter,
-	logger logger.ContextLogger,
-) UpstreamHandlerAdapter {
-	return &routeHandlerWrapper{
-		metadata: metadata,
-		router:   router,
-		logger:   logger,
-	}
-}
-
-func NewRouteContextHandler(
-	router ConnectionRouter,
-	logger logger.ContextLogger,
-) UpstreamHandlerAdapter {
-	return &routeContextHandlerWrapper{
-		router: router,
-		logger: logger,
-	}
-}
-
-var _ UpstreamHandlerAdapter = (*routeHandlerWrapper)(nil)
-
-type routeHandlerWrapper struct {
-	metadata InboundContext
-	router   ConnectionRouter
-	logger   logger.ContextLogger
-}
-
-func (w *routeHandlerWrapper) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
-	myMetadata := w.metadata
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
-	return w.router.RouteConnection(ctx, conn, myMetadata)
-}
-
-func (w *routeHandlerWrapper) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
-	myMetadata := w.metadata
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
-	return w.router.RoutePacketConnection(ctx, conn, myMetadata)
-}
-
-func (w *routeHandlerWrapper) NewError(ctx context.Context, err error) {
-	w.logger.ErrorContext(ctx, err)
-}
-
-var _ UpstreamHandlerAdapter = (*routeContextHandlerWrapper)(nil)
-
-type routeContextHandlerWrapper struct {
-	router ConnectionRouter
-	logger logger.ContextLogger
-}
-
-func (w *routeContextHandlerWrapper) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
-	myMetadata := ContextFrom(ctx)
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
-	return w.router.RouteConnection(ctx, conn, *myMetadata)
-}
-
-func (w *routeContextHandlerWrapper) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
-	myMetadata := ContextFrom(ctx)
-	if metadata.Source.IsValid() {
-		myMetadata.Source = metadata.Source
-	}
-	if metadata.Destination.IsValid() {
-		myMetadata.Destination = metadata.Destination
-	}
-	return w.router.RoutePacketConnection(ctx, conn, *myMetadata)
-}
-
-func (w *routeContextHandlerWrapper) NewError(ctx context.Context, err error) {
-	w.logger.ErrorContext(ctx, err)
-}

adapter/experimental.go

@@ -10,11 +10,8 @@ import (
 
 type ClashServer interface {
 	Service
-	PreStarter
 	Mode() string
-	ModeList() []string
 	StoreSelected() bool
-	StoreFakeIP() bool
 	CacheFile() ClashCacheFile
 	HistoryStorage() *urltest.HistoryStorage
 	RoutedConnection(ctx context.Context, conn net.Conn, metadata InboundContext, matchedRule Rule) (net.Conn, Tracker)
@@ -22,13 +19,8 @@ type ClashServer interface {
 }
 
 type ClashCacheFile interface {
-	LoadMode() string
-	StoreMode(mode string) error
 	LoadSelected(group string) string
 	StoreSelected(group string, selected string) error
-	LoadGroupExpand(group string) (isExpand bool, loaded bool)
-	StoreGroupExpand(group string, expand bool) error
-	FakeIPStorage
 }
 
 type Tracker interface {
@@ -36,16 +28,10 @@ type Tracker interface {
 }
 
 type OutboundGroup interface {
-	Outbound
 	Now() string
 	All() []string
 }
 
-type URLTestGroup interface {
-	OutboundGroup
-	URLTest(ctx context.Context, url string) (map[string]uint16, error)
-}
-
 func OutboundTag(detour Outbound) string {
 	if group, isGroup := detour.(OutboundGroup); isGroup {
 		return group.Now()
@@ -62,3 +48,16 @@ type V2RayStatsService interface {
 	RoutedConnection(inbound string, outbound string, user string, conn net.Conn) net.Conn
 	RoutedPacketConnection(inbound string, outbound string, user string, conn N.PacketConn) N.PacketConn
 }
+
+type SSMServer interface {
+	Service
+	RoutedConnection(metadata InboundContext, conn net.Conn) net.Conn
+	RoutedPacketConnection(metadata InboundContext, conn N.PacketConn) N.PacketConn
+}
+
+type ManagedShadowsocksServer interface {
+	Inbound
+	Method() string
+	Password() string
+	UpdateUsers(users []string, uPSKs []string) error
+}

adapter/fakeip.go

@@ -1,32 +0,0 @@
-package adapter
-
-import (
-	"net/netip"
-
-	"github.com/sagernet/sing-dns"
-	"github.com/sagernet/sing/common/logger"
-)
-
-type FakeIPStore interface {
-	Service
-	Contains(address netip.Addr) bool
-	Create(domain string, isIPv6 bool) (netip.Addr, error)
-	Lookup(address netip.Addr) (string, bool)
-	Reset() error
-}
-
-type FakeIPStorage interface {
-	FakeIPMetadata() *FakeIPMetadata
-	FakeIPSaveMetadata(metadata *FakeIPMetadata) error
-	FakeIPSaveMetadataAsync(metadata *FakeIPMetadata)
-	FakeIPStore(address netip.Addr, domain string) error
-	FakeIPStoreAsync(address netip.Addr, domain string, logger logger.Logger)
-	FakeIPLoad(address netip.Addr) (string, bool)
-	FakeIPLoadDomain(domain string, isIPv6 bool) (netip.Addr, bool)
-	FakeIPReset() error
-}
-
-type FakeIPTransport interface {
-	dns.Transport
-	Store() FakeIPStore
-}

adapter/fakeip_metadata.go

@@ -1,50 +0,0 @@
-package adapter
-
-import (
-	"bytes"
-	"encoding"
-	"encoding/binary"
-	"io"
-	"net/netip"
-
-	"github.com/sagernet/sing/common"
-)
-
-type FakeIPMetadata struct {
-	Inet4Range   netip.Prefix
-	Inet6Range   netip.Prefix
-	Inet4Current netip.Addr
-	Inet6Current netip.Addr
-}
-
-func (m *FakeIPMetadata) MarshalBinary() (data []byte, err error) {
-	var buffer bytes.Buffer
-	for _, marshaler := range []encoding.BinaryMarshaler{m.Inet4Range, m.Inet6Range, m.Inet4Current, m.Inet6Current} {
-		data, err = marshaler.MarshalBinary()
-		if err != nil {
-			return
-		}
-		common.Must(binary.Write(&buffer, binary.BigEndian, uint16(len(data))))
-		buffer.Write(data)
-	}
-	data = buffer.Bytes()
-	return
-}
-
-func (m *FakeIPMetadata) UnmarshalBinary(data []byte) error {
-	reader := bytes.NewReader(data)
-	for _, unmarshaler := range []encoding.BinaryUnmarshaler{&m.Inet4Range, &m.Inet6Range, &m.Inet4Current, &m.Inet6Current} {
-		var length uint16
-		common.Must(binary.Read(reader, binary.BigEndian, &length))
-		element := make([]byte, length)
-		_, err := io.ReadFull(reader, element)
-		if err != nil {
-			return err
-		}
-		err = unmarshaler.UnmarshalBinary(element)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}

adapter/inbound.go

@@ -27,7 +27,7 @@ type InjectableInbound interface {
 type InboundContext struct {
 	Inbound     string
 	InboundType string
-	IPVersion   uint8
+	IPVersion   int
 	Network     string
 	Source      M.Socksaddr
 	Destination M.Socksaddr
@@ -46,7 +46,6 @@ type InboundContext struct {
 	SourceGeoIPCode      string
 	GeoIPCode            string
 	ProcessInfo          *process.Info
-	FakeIP               bool
 
 	// dns cache
 
@@ -75,11 +74,3 @@ func AppendContext(ctx context.Context) (context.Context, *InboundContext) {
 	metadata = new(InboundContext)
 	return WithContext(ctx, metadata), metadata
 }
-
-func ExtendContext(ctx context.Context) (context.Context, *InboundContext) {
-	var newMetadata InboundContext
-	if metadata := ContextFrom(ctx); metadata != nil {
-		newMetadata = *metadata
-	}
-	return WithContext(ctx, &newMetadata), &newMetadata
-}

adapter/outbound.go

@@ -13,7 +13,6 @@ type Outbound interface {
 	Type() string
 	Tag() string
 	Network() []string
-	Dependencies() []string
 	N.Dialer
 	NewConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
 	NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error

adapter/prestart.go

@@ -1,9 +0,0 @@
-package adapter
-
-type PreStarter interface {
-	PreStart() error
-}
-
-type PostStarter interface {
-	PostStart() error
-}

adapter/router.go

@@ -2,13 +2,14 @@ package adapter
 
 import (
 	"context"
+	"net"
 	"net/netip"
 
 	"github.com/sagernet/sing-box/common/geoip"
 	"github.com/sagernet/sing-dns"
 	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common/control"
-	"github.com/sagernet/sing/service"
+	N "github.com/sagernet/sing/common/network"
 
 	mdns "github.com/miekg/dns"
 )
@@ -16,13 +17,13 @@ import (
 type Router interface {
 	Service
 
+	Inbound(tag string) (Inbound, bool)
 	Outbounds() []Outbound
 	Outbound(tag string) (Outbound, bool)
 	DefaultOutbound(network string) Outbound
 
-	FakeIPStore() FakeIPStore
-
-	ConnectionRouter
+	RouteConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
+	RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
 
 	GeoIPReader() *geoip.Reader
 	LoadGeosite(code string) (Rule, error)
@@ -30,18 +31,14 @@ type Router interface {
 	Exchange(ctx context.Context, message *mdns.Msg) (*mdns.Msg, error)
 	Lookup(ctx context.Context, domain string, strategy dns.DomainStrategy) ([]netip.Addr, error)
 	LookupDefault(ctx context.Context, domain string) ([]netip.Addr, error)
-	ClearDNSCache()
 
 	InterfaceFinder() control.InterfaceFinder
-	UpdateInterfaces() error
 	DefaultInterface() string
 	AutoDetectInterface() bool
-	AutoDetectInterfaceFunc() control.Func
 	DefaultMark() int
 	NetworkMonitor() tun.NetworkUpdateMonitor
 	InterfaceMonitor() tun.DefaultInterfaceMonitor
 	PackageManager() tun.PackageManager
-	WIFIState() WIFIState
 	Rules() []Rule
 
 	ClashServer() ClashServer
@@ -50,15 +47,22 @@ type Router interface {
 	V2RayServer() V2RayServer
 	SetV2RayServer(server V2RayServer)
 
-	ResetNetwork() error
+	SSMServer() SSMServer
+	SetSSMServer(server SSMServer)
 }
 
+type routerContextKey struct{}
+
 func ContextWithRouter(ctx context.Context, router Router) context.Context {
-	return service.ContextWith(ctx, router)
+	return context.WithValue(ctx, (*routerContextKey)(nil), router)
 }
 
 func RouterFromContext(ctx context.Context) Router {
-	return service.FromContext[Router](ctx)
+	metadata := ctx.Value((*routerContextKey)(nil))
+	if metadata == nil {
+		return nil
+	}
+	return metadata.(Router)
 }
 
 type Rule interface {
@@ -73,14 +77,8 @@ type Rule interface {
 type DNSRule interface {
 	Rule
 	DisableCache() bool
-	RewriteTTL() *uint32
 }
 
 type InterfaceUpdateListener interface {
-	InterfaceUpdated()
-}
-
-type WIFIState struct {
-	SSID  string
-	BSSID string
+	InterfaceUpdated() error
 }

adapter/time.go

@@ -1,8 +0,0 @@
-package adapter
-
-import "time"
-
-type TimeService interface {
-	Service
-	TimeFunc() func() time.Time
-}

adapter/v2ray.go

@@ -5,6 +5,7 @@ import (
 	"net"
 
 	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 )
 
@@ -18,6 +19,7 @@ type V2RayServerTransport interface {
 type V2RayServerTransportHandler interface {
 	N.TCPConnectionHandler
 	E.Handler
+	FallbackConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error
 }
 
 type V2RayClientTransport interface {

box.go

@@ -10,7 +10,6 @@ import (
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/experimental"
-	"github.com/sagernet/sing-box/experimental/libbox/platform"
 	"github.com/sagernet/sing-box/inbound"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
@@ -19,72 +18,94 @@ import (
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
-	"github.com/sagernet/sing/service"
-	"github.com/sagernet/sing/service/pause"
 )
 
 var _ adapter.Service = (*Box)(nil)
 
 type Box struct {
-	createdAt    time.Time
-	router       adapter.Router
-	inbounds     []adapter.Inbound
-	outbounds    []adapter.Outbound
-	logFactory   log.Factory
-	logger       log.ContextLogger
-	preServices  map[string]adapter.Service
-	postServices map[string]adapter.Service
-	done         chan struct{}
+	createdAt   time.Time
+	router      adapter.Router
+	inbounds    []adapter.Inbound
+	outbounds   []adapter.Outbound
+	logFactory  log.Factory
+	logger      log.ContextLogger
+	logFile     *os.File
+	clashServer adapter.ClashServer
+	v2rayServer adapter.V2RayServer
+	ssmServer   adapter.SSMServer
+	done        chan struct{}
 }
 
-type Options struct {
-	option.Options
-	Context           context.Context
-	PlatformInterface platform.Interface
-	PlatformLogWriter log.PlatformWriter
-}
-
-func New(options Options) (*Box, error) {
-	ctx := options.Context
-	if ctx == nil {
-		ctx = context.Background()
-	}
-	ctx = service.ContextWithDefaultRegistry(ctx)
-	ctx = pause.ContextWithDefaultManager(ctx)
+func New(ctx context.Context, options option.Options) (*Box, error) {
 	createdAt := time.Now()
-	experimentalOptions := common.PtrValueOrDefault(options.Experimental)
-	applyDebugOptions(common.PtrValueOrDefault(experimentalOptions.Debug))
+	logOptions := common.PtrValueOrDefault(options.Log)
+
 	var needClashAPI bool
 	var needV2RayAPI bool
-	if experimentalOptions.ClashAPI != nil || options.PlatformLogWriter != nil {
-		needClashAPI = true
+	var needSSMAPI bool
+	if options.Experimental != nil {
+		if options.Experimental.ClashAPI != nil && options.Experimental.ClashAPI.ExternalController != "" {
+			needClashAPI = true
+		}
+		if options.Experimental.V2RayAPI != nil && options.Experimental.V2RayAPI.Listen != "" {
+			needV2RayAPI = true
+		}
+		if options.Experimental.SSMAPI != nil && options.Experimental.SSMAPI.Listen != "" {
+			needSSMAPI = true
+		}
 	}
-	if experimentalOptions.V2RayAPI != nil && experimentalOptions.V2RayAPI.Listen != "" {
-		needV2RayAPI = true
-	}
-	var defaultLogWriter io.Writer
-	if options.PlatformInterface != nil {
-		defaultLogWriter = io.Discard
-	}
-	logFactory, err := log.New(log.Options{
-		Context:        ctx,
-		Options:        common.PtrValueOrDefault(options.Log),
-		Observable:     needClashAPI,
-		DefaultWriter:  defaultLogWriter,
-		BaseTime:       createdAt,
-		PlatformWriter: options.PlatformLogWriter,
-	})
-	if err != nil {
-		return nil, E.Cause(err, "create log factory")
+
+	var logFactory log.Factory
+	var observableLogFactory log.ObservableFactory
+	var logFile *os.File
+	if logOptions.Disabled {
+		observableLogFactory = log.NewNOPFactory()
+		logFactory = observableLogFactory
+	} else {
+		var logWriter io.Writer
+		switch logOptions.Output {
+		case "", "stderr":
+			logWriter = os.Stderr
+		case "stdout":
+			logWriter = os.Stdout
+		default:
+			var err error
+			logFile, err = os.OpenFile(logOptions.Output, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o644)
+			if err != nil {
+				return nil, err
+			}
+			logWriter = logFile
+		}
+		logFormatter := log.Formatter{
+			BaseTime:         createdAt,
+			DisableColors:    logOptions.DisableColor || logFile != nil,
+			DisableTimestamp: !logOptions.Timestamp && logFile != nil,
+			FullTimestamp:    logOptions.Timestamp,
+			TimestampFormat:  "-0700 2006-01-02 15:04:05",
+		}
+		if needClashAPI {
+			observableLogFactory = log.NewObservableFactory(logFormatter, logWriter)
+			logFactory = observableLogFactory
+		} else {
+			logFactory = log.NewFactory(logFormatter, logWriter)
+		}
+		if logOptions.Level != "" {
+			logLevel, err := log.ParseLevel(logOptions.Level)
+			if err != nil {
+				return nil, E.Cause(err, "parse log level")
+			}
+			logFactory.SetLevel(logLevel)
+		} else {
+			logFactory.SetLevel(log.LevelTrace)
+		}
 	}
+
 	router, err := route.NewRouter(
 		ctx,
 		logFactory,
 		common.PtrValueOrDefault(options.Route),
 		common.PtrValueOrDefault(options.DNS),
-		common.PtrValueOrDefault(options.NTP),
 		options.Inbounds,
-		options.PlatformInterface,
 	)
 	if err != nil {
 		return nil, E.Cause(err, "parse route options")
@@ -104,7 +125,6 @@ func New(options Options) (*Box, error) {
 			router,
 			logFactory.NewLogger(F.ToString("inbound/", inboundOptions.Type, "[", tag, "]")),
 			inboundOptions,
-			options.PlatformInterface,
 		)
 		if err != nil {
 			return nil, E.Cause(err, "parse inbound[", i, "]")
@@ -123,7 +143,6 @@ func New(options Options) (*Box, error) {
 			ctx,
 			router,
 			logFactory.NewLogger(F.ToString("outbound/", outboundOptions.Type, "[", tag, "]")),
-			tag,
 			outboundOptions)
 		if err != nil {
 			return nil, E.Cause(err, "parse outbound[", i, "]")
@@ -131,7 +150,7 @@ func New(options Options) (*Box, error) {
 		outbounds = append(outbounds, out)
 	}
 	err = router.Initialize(inbounds, outbounds, func() adapter.Outbound {
-		out, oErr := outbound.New(ctx, router, logFactory.NewLogger("outbound/direct"), "direct", option.Outbound{Type: "direct", Tag: "default"})
+		out, oErr := outbound.New(ctx, router, logFactory.NewLogger("outbound/direct"), option.Outbound{Type: "direct", Tag: "default"})
 		common.Must(oErr)
 		outbounds = append(outbounds, out)
 		return out
@@ -139,64 +158,46 @@ func New(options Options) (*Box, error) {
 	if err != nil {
 		return nil, err
 	}
-	if options.PlatformInterface != nil {
-		err = options.PlatformInterface.Initialize(ctx, router)
-		if err != nil {
-			return nil, E.Cause(err, "initialize platform interface")
-		}
-	}
-	preServices := make(map[string]adapter.Service)
-	postServices := make(map[string]adapter.Service)
+
+	var clashServer adapter.ClashServer
+	var v2rayServer adapter.V2RayServer
+	var ssmServer adapter.SSMServer
 	if needClashAPI {
-		clashAPIOptions := common.PtrValueOrDefault(experimentalOptions.ClashAPI)
-		clashAPIOptions.ModeList = experimental.CalculateClashModeList(options.Options)
-		clashServer, err := experimental.NewClashServer(ctx, router, logFactory.(log.ObservableFactory), clashAPIOptions)
+		clashServer, err = experimental.NewClashServer(router, observableLogFactory, common.PtrValueOrDefault(options.Experimental.ClashAPI))
 		if err != nil {
 			return nil, E.Cause(err, "create clash api server")
 		}
 		router.SetClashServer(clashServer)
-		preServices["clash api"] = clashServer
 	}
 	if needV2RayAPI {
-		v2rayServer, err := experimental.NewV2RayServer(logFactory.NewLogger("v2ray-api"), common.PtrValueOrDefault(experimentalOptions.V2RayAPI))
+		v2rayServer, err = experimental.NewV2RayServer(logFactory.NewLogger("v2ray-api"), common.PtrValueOrDefault(options.Experimental.V2RayAPI))
 		if err != nil {
 			return nil, E.Cause(err, "create v2ray api server")
 		}
 		router.SetV2RayServer(v2rayServer)
-		preServices["v2ray api"] = v2rayServer
+	}
+	if needSSMAPI {
+		ssmServer, err = experimental.NewSSMServer(router, logFactory.NewLogger("ssm-api"), common.PtrValueOrDefault(options.Experimental.SSMAPI))
+		if err != nil {
+			return nil, E.Cause(err, "create ssm api server")
+		}
+		router.SetSSMServer(ssmServer)
 	}
 	return &Box{
-		router:       router,
-		inbounds:     inbounds,
-		outbounds:    outbounds,
-		createdAt:    createdAt,
-		logFactory:   logFactory,
-		logger:       logFactory.Logger(),
-		preServices:  preServices,
-		postServices: postServices,
-		done:         make(chan struct{}),
+		router:      router,
+		inbounds:    inbounds,
+		outbounds:   outbounds,
+		createdAt:   createdAt,
+		logFactory:  logFactory,
+		logger:      logFactory.Logger(),
+		logFile:     logFile,
+		clashServer: clashServer,
+		v2rayServer: v2rayServer,
+		ssmServer:   ssmServer,
+		done:        make(chan struct{}),
 	}, nil
 }
 
-func (s *Box) PreStart() error {
-	err := s.preStart()
-	if err != nil {
-		// TODO: remove catch error
-		defer func() {
-			v := recover()
-			if v != nil {
-				log.Error(E.Cause(err, "origin error"))
-				debug.PrintStack()
-				panic("panic on early close: " + fmt.Sprint(v))
-			}
-		}()
-		s.Close()
-		return err
-	}
-	s.logger.Info("sing-box pre-started (", F.Seconds(time.Since(s.createdAt).Seconds()), "s)")
-	return nil
-}
-
 func (s *Box) Start() error {
 	err := s.start()
 	if err != nil {
@@ -210,74 +211,60 @@ func (s *Box) Start() error {
 			}
 		}()
 		s.Close()
-		return err
 	}
-	s.logger.Info("sing-box started (", F.Seconds(time.Since(s.createdAt).Seconds()), "s)")
-	return nil
-}
-
-func (s *Box) preStart() error {
-	for serviceName, service := range s.preServices {
-		if preService, isPreService := service.(adapter.PreStarter); isPreService {
-			s.logger.Trace("pre-start ", serviceName)
-			err := preService.PreStart()
-			if err != nil {
-				return E.Cause(err, "pre-starting ", serviceName)
-			}
-		}
-	}
-	err := s.startOutbounds()
-	if err != nil {
-		return err
-	}
-	return s.router.Start()
+	return err
 }
 
 func (s *Box) start() error {
-	err := s.preStart()
-	if err != nil {
-		return err
-	}
-	for serviceName, service := range s.preServices {
-		s.logger.Trace("starting ", serviceName)
-		err = service.Start()
-		if err != nil {
-			return E.Cause(err, "start ", serviceName)
-		}
-	}
-	for i, in := range s.inbounds {
-		var tag string
-		if in.Tag() == "" {
-			tag = F.ToString(i)
-		} else {
-			tag = in.Tag()
-		}
-		s.logger.Trace("initializing inbound/", in.Type(), "[", tag, "]")
-		err = in.Start()
-		if err != nil {
-			return E.Cause(err, "initialize inbound/", in.Type(), "[", tag, "]")
-		}
-	}
-	return nil
-}
-
-func (s *Box) postStart() error {
-	for serviceName, service := range s.postServices {
-		s.logger.Trace("starting ", service)
-		err := service.Start()
-		if err != nil {
-			return E.Cause(err, "start ", serviceName)
-		}
-	}
-	for serviceName, service := range s.outbounds {
-		if lateService, isLateService := service.(adapter.PostStarter); isLateService {
-			s.logger.Trace("post-starting ", service)
-			err := lateService.PostStart()
+	for i, out := range s.outbounds {
+		if starter, isStarter := out.(common.Starter); isStarter {
+			err := starter.Start()
 			if err != nil {
-				return E.Cause(err, "post-start ", serviceName)
+				var tag string
+				if out.Tag() == "" {
+					tag = F.ToString(i)
+				} else {
+					tag = out.Tag()
+				}
+				return E.Cause(err, "initialize outbound/", out.Type(), "[", tag, "]")
 			}
 		}
 	}
+	err := s.router.Start()
+	if err != nil {
+		return err
+	}
+	for i, in := range s.inbounds {
+		err = in.Start()
+		if err != nil {
+			var tag string
+			if in.Tag() == "" {
+				tag = F.ToString(i)
+			} else {
+				tag = in.Tag()
+			}
+			return E.Cause(err, "initialize inbound/", in.Type(), "[", tag, "]")
+		}
+	}
+	if s.clashServer != nil {
+		err = s.clashServer.Start()
+		if err != nil {
+			return E.Cause(err, "start clash api server")
+		}
+	}
+	if s.v2rayServer != nil {
+		err = s.v2rayServer.Start()
+		if err != nil {
+			return E.Cause(err, "start v2ray api server")
+		}
+	}
+	if s.ssmServer != nil {
+		err = s.ssmServer.Start()
+		if err != nil {
+			return E.Cause(err, "start ssm api server")
+		}
+	}
+	s.logger.Info("sing-box started (", F.Seconds(time.Since(s.createdAt).Seconds()), "s)")
 	return nil
 }
 
@@ -288,44 +275,20 @@ func (s *Box) Close() error {
 	default:
 		close(s.done)
 	}
-	var errors error
-	for serviceName, service := range s.postServices {
-		s.logger.Trace("closing ", serviceName)
-		errors = E.Append(errors, service.Close(), func(err error) error {
-			return E.Cause(err, "close ", serviceName)
-		})
+	for _, in := range s.inbounds {
+		in.Close()
 	}
-	for i, in := range s.inbounds {
-		s.logger.Trace("closing inbound/", in.Type(), "[", i, "]")
-		errors = E.Append(errors, in.Close(), func(err error) error {
-			return E.Cause(err, "close inbound/", in.Type(), "[", i, "]")
-		})
+	for _, out := range s.outbounds {
+		common.Close(out)
 	}
-	for i, out := range s.outbounds {
-		s.logger.Trace("closing outbound/", out.Type(), "[", i, "]")
-		errors = E.Append(errors, common.Close(out), func(err error) error {
-			return E.Cause(err, "close outbound/", out.Type(), "[", i, "]")
-		})
-	}
-	s.logger.Trace("closing router")
-	if err := common.Close(s.router); err != nil {
-		errors = E.Append(errors, err, func(err error) error {
-			return E.Cause(err, "close router")
-		})
-	}
-	for serviceName, service := range s.preServices {
-		s.logger.Trace("closing ", serviceName)
-		errors = E.Append(errors, service.Close(), func(err error) error {
-			return E.Cause(err, "close ", serviceName)
-		})
-	}
-	s.logger.Trace("closing log factory")
-	if err := common.Close(s.logFactory); err != nil {
-		errors = E.Append(errors, err, func(err error) error {
-			return E.Cause(err, "close log factory")
-		})
-	}
-	return errors
+	return common.Close(
+		s.router,
+		s.logFactory,
+		s.clashServer,
+		s.v2rayServer,
+		s.ssmServer,
+		common.PtrOrNil(s.logFile),
+	)
 }
 
 func (s *Box) Router() adapter.Router {

box_outbound.go

@@ -1,79 +0,0 @@
-package box
-
-import (
-	"strings"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing/common"
-	E "github.com/sagernet/sing/common/exceptions"
-	F "github.com/sagernet/sing/common/format"
-)
-
-func (s *Box) startOutbounds() error {
-	outboundTags := make(map[adapter.Outbound]string)
-	outbounds := make(map[string]adapter.Outbound)
-	for i, outboundToStart := range s.outbounds {
-		var outboundTag string
-		if outboundToStart.Tag() == "" {
-			outboundTag = F.ToString(i)
-		} else {
-			outboundTag = outboundToStart.Tag()
-		}
-		if _, exists := outbounds[outboundTag]; exists {
-			return E.New("outbound tag ", outboundTag, " duplicated")
-		}
-		outboundTags[outboundToStart] = outboundTag
-		outbounds[outboundTag] = outboundToStart
-	}
-	started := make(map[string]bool)
-	for {
-		canContinue := false
-	startOne:
-		for _, outboundToStart := range s.outbounds {
-			outboundTag := outboundTags[outboundToStart]
-			if started[outboundTag] {
-				continue
-			}
-			dependencies := outboundToStart.Dependencies()
-			for _, dependency := range dependencies {
-				if !started[dependency] {
-					continue startOne
-				}
-			}
-			started[outboundTag] = true
-			canContinue = true
-			if starter, isStarter := outboundToStart.(common.Starter); isStarter {
-				s.logger.Trace("initializing outbound/", outboundToStart.Type(), "[", outboundTag, "]")
-				err := starter.Start()
-				if err != nil {
-					return E.Cause(err, "initialize outbound/", outboundToStart.Type(), "[", outboundTag, "]")
-				}
-			}
-		}
-		if len(started) == len(s.outbounds) {
-			break
-		}
-		if canContinue {
-			continue
-		}
-		currentOutbound := common.Find(s.outbounds, func(it adapter.Outbound) bool {
-			return !started[outboundTags[it]]
-		})
-		var lintOutbound func(oTree []string, oCurrent adapter.Outbound) error
-		lintOutbound = func(oTree []string, oCurrent adapter.Outbound) error {
-			problemOutboundTag := common.Find(oCurrent.Dependencies(), func(it string) bool {
-				return !started[it]
-			})
-			if common.Contains(oTree, problemOutboundTag) {
-				return E.New("circular outbound dependency: ", strings.Join(oTree, " -> "), " -> ", problemOutboundTag)
-			}
-			problemOutbound := outbounds[problemOutboundTag]
-			if problemOutbound == nil {
-				return E.New("dependency[", problemOutboundTag, "] not found for outbound[", outboundTags[oCurrent], "]")
-			}
-			return lintOutbound(append(oTree, problemOutboundTag), problemOutbound)
-		}
-		return lintOutbound([]string{outboundTags[currentOutbound]}, currentOutbound)
-	}
-	return nil
-}

cmd/internal/build/main.go

@@ -1,20 +1,14 @@
 package main
 
 import (
-	"go/build"
 	"os"
 	"os/exec"
 
-	"github.com/sagernet/sing-box/cmd/internal/build_shared"
 	"github.com/sagernet/sing-box/log"
 )
 
 func main() {
-	build_shared.FindSDK()
-
-	if os.Getenv("GOPATH") == "" {
-		os.Setenv("GOPATH", build.Default.GOPATH)
-	}
+	findSDK()
 
 	command := exec.Command(os.Args[1], os.Args[2:]...)
 	command.Stdout = os.Stdout

cmd/internal/build/sdk.go

@@ -1,7 +1,6 @@
-package build_shared
+package main
 
 import (
-	"go/build"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -19,7 +18,7 @@ var (
 	androidNDKPath string
 )
 
-func FindSDK() {
+func findSDK() {
 	searchPath := []string{
 		"$ANDROID_HOME",
 		"$HOME/Android/Sdk",
@@ -80,13 +79,3 @@ func findNDK() bool {
 	}
 	return false
 }
-
-var GoBinPath string
-
-func FindMobile() {
-	goBin := filepath.Join(build.Default.GOPATH, "bin")
-	if !rw.FileExists(goBin + "/" + "gobind") {
-		log.Fatal("missing gomobile installation")
-	}
-	GoBinPath = goBin
-}

cmd/internal/build_libbox/main.go

@@ -1,144 +0,0 @@
-package main
-
-import (
-	"flag"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-
-	_ "github.com/sagernet/gomobile/event/key"
-	"github.com/sagernet/sing-box/cmd/internal/build_shared"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common/rw"
-)
-
-var (
-	debugEnabled bool
-	target       string
-)
-
-func init() {
-	flag.BoolVar(&debugEnabled, "debug", false, "enable debug")
-	flag.StringVar(&target, "target", "android", "target platform")
-}
-
-func main() {
-	flag.Parse()
-
-	build_shared.FindMobile()
-
-	switch target {
-	case "android":
-		buildAndroid()
-	case "ios":
-		buildiOS()
-	}
-}
-
-var (
-	sharedFlags []string
-	debugFlags  []string
-	sharedTags  []string
-	iosTags     []string
-	debugTags   []string
-)
-
-func init() {
-	sharedFlags = append(sharedFlags, "-trimpath")
-	sharedFlags = append(sharedFlags, "-ldflags")
-	currentTag, err := build_shared.ReadTag()
-	if err != nil {
-		currentTag = "unknown"
-	}
-	sharedFlags = append(sharedFlags, "-X github.com/sagernet/sing-box/constant.Version="+currentTag+" -s -w -buildid=")
-	debugFlags = append(debugFlags, "-X github.com/sagernet/sing-box/constant.Version="+currentTag)
-
-	sharedTags = append(sharedTags, "with_gvisor", "with_quic", "with_wireguard", "with_ech", "with_utls", "with_clash_api")
-	iosTags = append(iosTags, "with_dhcp", "with_low_memory", "with_conntrack")
-	debugTags = append(debugTags, "debug")
-}
-
-func buildAndroid() {
-	build_shared.FindSDK()
-
-	args := []string{
-		"bind",
-		"-v",
-		"-androidapi", "21",
-		"-javapkg=io.nekohasekai",
-		"-libname=box",
-	}
-	if !debugEnabled {
-		args = append(args, sharedFlags...)
-	} else {
-		args = append(args, debugFlags...)
-	}
-
-	args = append(args, "-tags")
-	if !debugEnabled {
-		args = append(args, strings.Join(sharedTags, ","))
-	} else {
-		args = append(args, strings.Join(append(sharedTags, debugTags...), ","))
-	}
-	args = append(args, "./experimental/libbox")
-
-	command := exec.Command(build_shared.GoBinPath+"/gomobile", args...)
-	command.Stdout = os.Stdout
-	command.Stderr = os.Stderr
-	err := command.Run()
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	const name = "libbox.aar"
-	copyPath := filepath.Join("..", "sing-box-for-android", "app", "libs")
-	if rw.FileExists(copyPath) {
-		copyPath, _ = filepath.Abs(copyPath)
-		err = rw.CopyFile(name, filepath.Join(copyPath, name))
-		if err != nil {
-			log.Fatal(err)
-		}
-		log.Info("copied to ", copyPath)
-	}
-}
-
-func buildiOS() {
-	args := []string{
-		"bind",
-		"-v",
-		"-target", "ios,iossimulator,tvos,tvossimulator,macos",
-		"-libname=box",
-	}
-	if !debugEnabled {
-		args = append(args, sharedFlags...)
-	} else {
-		args = append(args, debugFlags...)
-	}
-
-	tags := append(sharedTags, iosTags...)
-	args = append(args, "-tags")
-	if !debugEnabled {
-		args = append(args, strings.Join(tags, ","))
-	} else {
-		args = append(args, strings.Join(append(tags, debugTags...), ","))
-	}
-	args = append(args, "./experimental/libbox")
-
-	command := exec.Command(build_shared.GoBinPath+"/gomobile", args...)
-	command.Stdout = os.Stdout
-	command.Stderr = os.Stderr
-	err := command.Run()
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	copyPath := filepath.Join("..", "sing-box-for-apple")
-	if rw.FileExists(copyPath) {
-		targetDir := filepath.Join(copyPath, "Libbox.xcframework")
-		targetDir, _ = filepath.Abs(targetDir)
-		os.RemoveAll(targetDir)
-		os.Rename("Libbox.xcframework", targetDir)
-		log.Info("copied to ", targetDir)
-	}
-}

cmd/internal/build_shared/tag.go

@@ -1,33 +0,0 @@
-package build_shared
-
-import (
-	"github.com/sagernet/sing-box/common/badversion"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/shell"
-)
-
-func ReadTag() (string, error) {
-	currentTag, err := shell.Exec("git", "describe", "--tags").ReadOutput()
-	if err != nil {
-		return currentTag, err
-	}
-	currentTagRev, _ := shell.Exec("git", "describe", "--tags", "--abbrev=0").ReadOutput()
-	if currentTagRev == currentTag {
-		return currentTag[1:], nil
-	}
-	shortCommit, _ := shell.Exec("git", "rev-parse", "--short", "HEAD").ReadOutput()
-	version := badversion.Parse(currentTagRev[1:])
-	return version.String() + "-" + shortCommit, nil
-}
-
-func ReadTagVersion() (badversion.Version, error) {
-	currentTag := common.Must1(shell.Exec("git", "describe", "--tags").ReadOutput())
-	currentTagRev := common.Must1(shell.Exec("git", "describe", "--tags", "--abbrev=0").ReadOutput())
-	version := badversion.Parse(currentTagRev[1:])
-	if currentTagRev != currentTag {
-		if version.PreReleaseIdentifier == "" {
-			version.Patch++
-		}
-	}
-	return version, nil
-}

cmd/internal/read_tag/main.go

@@ -1,21 +0,0 @@
-package main
-
-import (
-	"os"
-
-	"github.com/sagernet/sing-box/cmd/internal/build_shared"
-	"github.com/sagernet/sing-box/log"
-)
-
-func main() {
-	currentTag, err := build_shared.ReadTag()
-	if err != nil {
-		log.Error(err)
-		_, err = os.Stdout.WriteString("unknown\n")
-	} else {
-		_, err = os.Stdout.WriteString(currentTag + "\n")
-	}
-	if err != nil {
-		log.Error(err)
-	}
-}

cmd/internal/update_android_version/main.go

@@ -1,51 +0,0 @@
-package main
-
-import (
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-
-	"github.com/sagernet/sing-box/cmd/internal/build_shared"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common"
-)
-
-func main() {
-	newVersion := common.Must1(build_shared.ReadTagVersion())
-	androidPath, err := filepath.Abs("../sing-box-for-android")
-	if err != nil {
-		log.Fatal(err)
-	}
-	common.Must(os.Chdir(androidPath))
-	localProps := common.Must1(os.ReadFile("local.properties"))
-	var propsList [][]string
-	for _, propLine := range strings.Split(string(localProps), "\n") {
-		propsList = append(propsList, strings.Split(propLine, "="))
-	}
-	for _, propPair := range propsList {
-		if propPair[0] == "VERSION_NAME" {
-			if propPair[1] == newVersion.String() {
-				log.Info("version not changed")
-				return
-			}
-			propPair[1] = newVersion.String()
-			log.Info("updated version to ", newVersion.String())
-		}
-	}
-	for _, propPair := range propsList {
-		switch propPair[0] {
-		case "VERSION_CODE":
-			versionCode := common.Must1(strconv.ParseInt(propPair[1], 10, 64))
-			propPair[1] = strconv.Itoa(int(versionCode + 1))
-			log.Info("updated version code to ", propPair[1])
-		case "RELEASE_NOTES":
-			propPair[1] = "sing-box " + newVersion.String()
-		}
-	}
-	var newProps []string
-	for _, propPair := range propsList {
-		newProps = append(newProps, strings.Join(propPair, "="))
-	}
-	common.Must(os.WriteFile("local.properties", []byte(strings.Join(newProps, "\n")), 0o644))
-}

cmd/internal/update_apple_version/main.go

@@ -1,131 +0,0 @@
-package main
-
-import (
-	"os"
-	"path/filepath"
-	"regexp"
-	"strings"
-
-	"github.com/sagernet/sing-box/cmd/internal/build_shared"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common"
-
-	"howett.net/plist"
-)
-
-func main() {
-	newVersion := common.Must1(build_shared.ReadTagVersion())
-	applePath, err := filepath.Abs("../sing-box-for-apple")
-	if err != nil {
-		log.Fatal(err)
-	}
-	common.Must(os.Chdir(applePath))
-	projectFile := common.Must1(os.Open("sing-box.xcodeproj/project.pbxproj"))
-	var project map[string]any
-	decoder := plist.NewDecoder(projectFile)
-	common.Must(decoder.Decode(&project))
-	objectsMap := project["objects"].(map[string]any)
-	projectContent := string(common.Must1(os.ReadFile("sing-box.xcodeproj/project.pbxproj")))
-	newContent, updated0 := findAndReplace(objectsMap, projectContent, []string{"io.nekohasekai.sfa"}, newVersion.VersionString())
-	newContent, updated1 := findAndReplace(objectsMap, newContent, []string{"io.nekohasekai.sfa.independent", "io.nekohasekai.sfa.system"}, newVersion.String())
-	if updated0 || updated1 {
-		log.Info("updated version to ", newVersion.VersionString(), " (", newVersion.String(), ")")
-	}
-	var updated2 bool
-	if macProjectVersion := os.Getenv("MACOS_PROJECT_VERSION"); macProjectVersion != "" {
-		newContent, updated2 = findAndReplaceProjectVersion(objectsMap, newContent, []string{"SFM"}, macProjectVersion)
-		if updated2 {
-			log.Info("updated macos project version to ", macProjectVersion)
-		}
-	}
-	if updated0 || updated1 || updated2 {
-		common.Must(os.WriteFile("sing-box.xcodeproj/project.pbxproj", []byte(newContent), 0o644))
-	}
-}
-
-func findAndReplace(objectsMap map[string]any, projectContent string, bundleIDList []string, newVersion string) (string, bool) {
-	objectKeyList := findObjectKey(objectsMap, bundleIDList)
-	var updated bool
-	for _, objectKey := range objectKeyList {
-		matchRegexp := common.Must1(regexp.Compile(objectKey + ".*= \\{"))
-		indexes := matchRegexp.FindStringIndex(projectContent)
-		if len(indexes) < 2 {
-			println(projectContent)
-			log.Fatal("failed to find object key ", objectKey, ": ", strings.Index(projectContent, objectKey))
-		}
-		indexStart := indexes[1]
-		indexEnd := indexStart + strings.Index(projectContent[indexStart:], "}")
-		versionStart := indexStart + strings.Index(projectContent[indexStart:indexEnd], "MARKETING_VERSION = ") + 20
-		versionEnd := versionStart + strings.Index(projectContent[versionStart:indexEnd], ";")
-		version := projectContent[versionStart:versionEnd]
-		if version == newVersion {
-			continue
-		}
-		updated = true
-		projectContent = projectContent[:versionStart] + newVersion + projectContent[versionEnd:]
-	}
-	return projectContent, updated
-}
-
-func findAndReplaceProjectVersion(objectsMap map[string]any, projectContent string, directoryList []string, newVersion string) (string, bool) {
-	objectKeyList := findObjectKeyByDirectory(objectsMap, directoryList)
-	var updated bool
-	for _, objectKey := range objectKeyList {
-		matchRegexp := common.Must1(regexp.Compile(objectKey + ".*= \\{"))
-		indexes := matchRegexp.FindStringIndex(projectContent)
-		if len(indexes) < 2 {
-			println(projectContent)
-			log.Fatal("failed to find object key ", objectKey, ": ", strings.Index(projectContent, objectKey))
-		}
-		indexStart := indexes[1]
-		indexEnd := indexStart + strings.Index(projectContent[indexStart:], "}")
-		versionStart := indexStart + strings.Index(projectContent[indexStart:indexEnd], "CURRENT_PROJECT_VERSION = ") + 26
-		versionEnd := versionStart + strings.Index(projectContent[versionStart:indexEnd], ";")
-		version := projectContent[versionStart:versionEnd]
-		if version == newVersion {
-			continue
-		}
-		updated = true
-		projectContent = projectContent[:versionStart] + newVersion + projectContent[versionEnd:]
-	}
-	return projectContent, updated
-}
-
-func findObjectKey(objectsMap map[string]any, bundleIDList []string) []string {
-	var objectKeyList []string
-	for objectKey, object := range objectsMap {
-		buildSettings := object.(map[string]any)["buildSettings"]
-		if buildSettings == nil {
-			continue
-		}
-		bundleIDObject := buildSettings.(map[string]any)["PRODUCT_BUNDLE_IDENTIFIER"]
-		if bundleIDObject == nil {
-			continue
-		}
-		if common.Contains(bundleIDList, bundleIDObject.(string)) {
-			objectKeyList = append(objectKeyList, objectKey)
-		}
-	}
-	return objectKeyList
-}
-
-func findObjectKeyByDirectory(objectsMap map[string]any, directoryList []string) []string {
-	var objectKeyList []string
-	for objectKey, object := range objectsMap {
-		buildSettings := object.(map[string]any)["buildSettings"]
-		if buildSettings == nil {
-			continue
-		}
-		infoPListFile := buildSettings.(map[string]any)["INFOPLIST_FILE"]
-		if infoPListFile == nil {
-			continue
-		}
-		for _, searchDirectory := range directoryList {
-			if strings.HasPrefix(infoPListFile.(string), searchDirectory+"/") {
-				objectKeyList = append(objectKeyList, objectKey)
-			}
-		}
-
-	}
-	return objectKeyList
-}

cmd/sing-box/cmd_check.go

@@ -26,18 +26,12 @@ func init() {
 }
 
 func check() error {
-	options, err := readConfigAndMerge()
+	options, err := readConfig()
 	if err != nil {
 		return err
 	}
 	ctx, cancel := context.WithCancel(context.Background())
-	instance, err := box.New(box.Options{
-		Context: ctx,
-		Options: options,
-	})
-	if err == nil {
-		instance.Close()
-	}
+	_, err = box.New(ctx, options)
 	cancel()
 	return err
 }

cmd/sing-box/cmd_format.go

@@ -33,44 +33,6 @@ func init() {
 }
 
 func format() error {
-	optionsList, err := readConfig()
-	if err != nil {
-		return err
-	}
-	for _, optionsEntry := range optionsList {
-		buffer := new(bytes.Buffer)
-		encoder := json.NewEncoder(buffer)
-		encoder.SetIndent("", "  ")
-		err = encoder.Encode(optionsEntry.options)
-		if err != nil {
-			return E.Cause(err, "encode config")
-		}
-		outputPath, _ := filepath.Abs(optionsEntry.path)
-		if !commandFormatFlagWrite {
-			if len(optionsList) > 1 {
-				os.Stdout.WriteString(outputPath + "\n")
-			}
-			os.Stdout.WriteString(buffer.String() + "\n")
-			continue
-		}
-		if bytes.Equal(optionsEntry.content, buffer.Bytes()) {
-			continue
-		}
-		output, err := os.Create(optionsEntry.path)
-		if err != nil {
-			return E.Cause(err, "open output")
-		}
-		_, err = output.Write(buffer.Bytes())
-		output.Close()
-		if err != nil {
-			return E.Cause(err, "write output")
-		}
-		os.Stderr.WriteString(outputPath + "\n")
-	}
-	return nil
-}
-
-func formatOne(configPath string) error {
 	configContent, err := os.ReadFile(configPath)
 	if err != nil {
 		return E.Cause(err, "read config")

cmd/sing-box/cmd_generate.go

@@ -1,92 +0,0 @@
-package main
-
-import (
-	"crypto/rand"
-	"encoding/base64"
-	"encoding/hex"
-	"os"
-	"strconv"
-
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/gofrs/uuid/v5"
-	"github.com/spf13/cobra"
-)
-
-var commandGenerate = &cobra.Command{
-	Use:   "generate",
-	Short: "Generate things",
-}
-
-func init() {
-	commandGenerate.AddCommand(commandGenerateUUID)
-	commandGenerate.AddCommand(commandGenerateRandom)
-
-	mainCommand.AddCommand(commandGenerate)
-}
-
-var (
-	outputBase64 bool
-	outputHex    bool
-)
-
-var commandGenerateRandom = &cobra.Command{
-	Use:   "rand <length>",
-	Short: "Generate random bytes",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateRandom(args)
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGenerateRandom.Flags().BoolVar(&outputBase64, "base64", false, "Generate base64 string")
-	commandGenerateRandom.Flags().BoolVar(&outputHex, "hex", false, "Generate hex string")
-}
-
-func generateRandom(args []string) error {
-	length, err := strconv.Atoi(args[0])
-	if err != nil {
-		return err
-	}
-
-	randomBytes := make([]byte, length)
-	_, err = rand.Read(randomBytes)
-	if err != nil {
-		return err
-	}
-
-	if outputBase64 {
-		_, err = os.Stdout.WriteString(base64.StdEncoding.EncodeToString(randomBytes) + "\n")
-	} else if outputHex {
-		_, err = os.Stdout.WriteString(hex.EncodeToString(randomBytes) + "\n")
-	} else {
-		_, err = os.Stdout.Write(randomBytes)
-	}
-
-	return err
-}
-
-var commandGenerateUUID = &cobra.Command{
-	Use:   "uuid",
-	Short: "Generate UUID string",
-	Args:  cobra.NoArgs,
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateUUID()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func generateUUID() error {
-	newUUID, err := uuid.NewV4()
-	if err != nil {
-		return err
-	}
-	_, err = os.Stdout.WriteString(newUUID.String() + "\n")
-	return err
-}

cmd/sing-box/cmd_generate_ech.go

@@ -1,39 +0,0 @@
-package main
-
-import (
-	"os"
-
-	"github.com/sagernet/sing-box/common/tls"
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/spf13/cobra"
-)
-
-var pqSignatureSchemesEnabled bool
-
-var commandGenerateECHKeyPair = &cobra.Command{
-	Use:   "ech-keypair <plain_server_name>",
-	Short: "Generate TLS ECH key pair",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateECHKeyPair(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGenerateECHKeyPair.Flags().BoolVar(&pqSignatureSchemesEnabled, "pq-signature-schemes-enabled", false, "Enable PQ signature schemes")
-	commandGenerate.AddCommand(commandGenerateECHKeyPair)
-}
-
-func generateECHKeyPair(serverName string) error {
-	configPem, keyPem, err := tls.ECHKeygenDefault(serverName, pqSignatureSchemesEnabled)
-	if err != nil {
-		return err
-	}
-	os.Stdout.WriteString(configPem)
-	os.Stdout.WriteString(keyPem)
-	return nil
-}

cmd/sing-box/cmd_generate_tls.go

@@ -1,40 +0,0 @@
-package main
-
-import (
-	"os"
-	"time"
-
-	"github.com/sagernet/sing-box/common/tls"
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/spf13/cobra"
-)
-
-var flagGenerateTLSKeyPairMonths int
-
-var commandGenerateTLSKeyPair = &cobra.Command{
-	Use:   "tls-keypair <server_name>",
-	Short: "Generate TLS self sign key pair",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateTLSKeyPair(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGenerateTLSKeyPair.Flags().IntVarP(&flagGenerateTLSKeyPairMonths, "months", "m", 1, "Valid months")
-	commandGenerate.AddCommand(commandGenerateTLSKeyPair)
-}
-
-func generateTLSKeyPair(serverName string) error {
-	privateKeyPem, publicKeyPem, err := tls.GenerateKeyPair(time.Now, serverName, time.Now().AddDate(0, flagGenerateTLSKeyPairMonths, 0))
-	if err != nil {
-		return err
-	}
-	os.Stdout.WriteString(string(privateKeyPem) + "\n")
-	os.Stdout.WriteString(string(publicKeyPem) + "\n")
-	return nil
-}

cmd/sing-box/cmd_generate_vapid.go

@@ -1,40 +0,0 @@
-//go:build go1.20
-
-package main
-
-import (
-	"crypto/ecdh"
-	"crypto/rand"
-	"encoding/base64"
-	"os"
-
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/spf13/cobra"
-)
-
-var commandGenerateVAPIDKeyPair = &cobra.Command{
-	Use:   "vapid-keypair",
-	Short: "Generate VAPID key pair",
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateVAPIDKeyPair()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandGenerate.AddCommand(commandGenerateVAPIDKeyPair)
-}
-
-func generateVAPIDKeyPair() error {
-	privateKey, err := ecdh.P256().GenerateKey(rand.Reader)
-	if err != nil {
-		return err
-	}
-	publicKey := privateKey.PublicKey()
-	os.Stdout.WriteString("PrivateKey: " + base64.RawURLEncoding.EncodeToString(privateKey.Bytes()) + "\n")
-	os.Stdout.WriteString("PublicKey: " + base64.RawURLEncoding.EncodeToString(publicKey.Bytes()) + "\n")
-	return nil
-}

cmd/sing-box/cmd_generate_wireguard.go

@@ -1,61 +0,0 @@
-package main
-
-import (
-	"encoding/base64"
-	"os"
-
-	"github.com/sagernet/sing-box/log"
-
-	"github.com/spf13/cobra"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-func init() {
-	commandGenerate.AddCommand(commandGenerateWireGuardKeyPair)
-	commandGenerate.AddCommand(commandGenerateRealityKeyPair)
-}
-
-var commandGenerateWireGuardKeyPair = &cobra.Command{
-	Use:   "wg-keypair",
-	Short: "Generate WireGuard key pair",
-	Args:  cobra.NoArgs,
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateWireGuardKey()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func generateWireGuardKey() error {
-	privateKey, err := wgtypes.GeneratePrivateKey()
-	if err != nil {
-		return err
-	}
-	os.Stdout.WriteString("PrivateKey: " + privateKey.String() + "\n")
-	os.Stdout.WriteString("PublicKey: " + privateKey.PublicKey().String() + "\n")
-	return nil
-}
-
-var commandGenerateRealityKeyPair = &cobra.Command{
-	Use:   "reality-keypair",
-	Short: "Generate reality key pair",
-	Args:  cobra.NoArgs,
-	Run: func(cmd *cobra.Command, args []string) {
-		err := generateRealityKey()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func generateRealityKey() error {
-	privateKey, err := wgtypes.GeneratePrivateKey()
-	if err != nil {
-		return err
-	}
-	publicKey := privateKey.PublicKey()
-	os.Stdout.WriteString("PrivateKey: " + base64.RawURLEncoding.EncodeToString(privateKey[:]) + "\n")
-	os.Stdout.WriteString("PublicKey: " + base64.RawURLEncoding.EncodeToString(publicKey[:]) + "\n")
-	return nil
-}

cmd/sing-box/cmd_merge.go

@@ -1,174 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/sagernet/sing-box/common/json"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing/common"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/rw"
-
-	"github.com/spf13/cobra"
-)
-
-var commandMerge = &cobra.Command{
-	Use:   "merge [output]",
-	Short: "Merge configurations",
-	Run: func(cmd *cobra.Command, args []string) {
-		err := merge(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-	Args: cobra.ExactArgs(1),
-}
-
-func init() {
-	mainCommand.AddCommand(commandMerge)
-}
-
-func merge(outputPath string) error {
-	mergedOptions, err := readConfigAndMerge()
-	if err != nil {
-		return err
-	}
-	err = mergePathResources(&mergedOptions)
-	if err != nil {
-		return err
-	}
-	buffer := new(bytes.Buffer)
-	encoder := json.NewEncoder(buffer)
-	encoder.SetIndent("", "  ")
-	err = encoder.Encode(mergedOptions)
-	if err != nil {
-		return E.Cause(err, "encode config")
-	}
-	if existsContent, err := os.ReadFile(outputPath); err != nil {
-		if string(existsContent) == buffer.String() {
-			return nil
-		}
-	}
-	err = rw.WriteFile(outputPath, buffer.Bytes())
-	if err != nil {
-		return err
-	}
-	outputPath, _ = filepath.Abs(outputPath)
-	os.Stderr.WriteString(outputPath + "\n")
-	return nil
-}
-
-func mergePathResources(options *option.Options) error {
-	for index, inbound := range options.Inbounds {
-		switch inbound.Type {
-		case C.TypeHTTP:
-			inbound.HTTPOptions.TLS = mergeTLSInboundOptions(inbound.HTTPOptions.TLS)
-		case C.TypeMixed:
-			inbound.MixedOptions.TLS = mergeTLSInboundOptions(inbound.MixedOptions.TLS)
-		case C.TypeVMess:
-			inbound.VMessOptions.TLS = mergeTLSInboundOptions(inbound.VMessOptions.TLS)
-		case C.TypeTrojan:
-			inbound.TrojanOptions.TLS = mergeTLSInboundOptions(inbound.TrojanOptions.TLS)
-		case C.TypeNaive:
-			inbound.NaiveOptions.TLS = mergeTLSInboundOptions(inbound.NaiveOptions.TLS)
-		case C.TypeHysteria:
-			inbound.HysteriaOptions.TLS = mergeTLSInboundOptions(inbound.HysteriaOptions.TLS)
-		case C.TypeVLESS:
-			inbound.VLESSOptions.TLS = mergeTLSInboundOptions(inbound.VLESSOptions.TLS)
-		case C.TypeTUIC:
-			inbound.TUICOptions.TLS = mergeTLSInboundOptions(inbound.TUICOptions.TLS)
-		case C.TypeHysteria2:
-			inbound.Hysteria2Options.TLS = mergeTLSInboundOptions(inbound.Hysteria2Options.TLS)
-		default:
-			continue
-		}
-		options.Inbounds[index] = inbound
-	}
-	for index, outbound := range options.Outbounds {
-		switch outbound.Type {
-		case C.TypeHTTP:
-			outbound.HTTPOptions.TLS = mergeTLSOutboundOptions(outbound.HTTPOptions.TLS)
-		case C.TypeVMess:
-			outbound.VMessOptions.TLS = mergeTLSOutboundOptions(outbound.VMessOptions.TLS)
-		case C.TypeTrojan:
-			outbound.TrojanOptions.TLS = mergeTLSOutboundOptions(outbound.TrojanOptions.TLS)
-		case C.TypeHysteria:
-			outbound.HysteriaOptions.TLS = mergeTLSOutboundOptions(outbound.HysteriaOptions.TLS)
-		case C.TypeSSH:
-			outbound.SSHOptions = mergeSSHOutboundOptions(outbound.SSHOptions)
-		case C.TypeVLESS:
-			outbound.VLESSOptions.TLS = mergeTLSOutboundOptions(outbound.VLESSOptions.TLS)
-		case C.TypeTUIC:
-			outbound.TUICOptions.TLS = mergeTLSOutboundOptions(outbound.TUICOptions.TLS)
-		case C.TypeHysteria2:
-			outbound.Hysteria2Options.TLS = mergeTLSOutboundOptions(outbound.Hysteria2Options.TLS)
-		default:
-			continue
-		}
-		options.Outbounds[index] = outbound
-	}
-	return nil
-}
-
-func mergeTLSInboundOptions(options *option.InboundTLSOptions) *option.InboundTLSOptions {
-	if options == nil {
-		return nil
-	}
-	if options.CertificatePath != "" {
-		if content, err := os.ReadFile(options.CertificatePath); err == nil {
-			options.Certificate = trimStringArray(strings.Split(string(content), "\n"))
-		}
-	}
-	if options.KeyPath != "" {
-		if content, err := os.ReadFile(options.KeyPath); err == nil {
-			options.Key = trimStringArray(strings.Split(string(content), "\n"))
-		}
-	}
-	if options.ECH != nil {
-		if options.ECH.KeyPath != "" {
-			if content, err := os.ReadFile(options.ECH.KeyPath); err == nil {
-				options.ECH.Key = trimStringArray(strings.Split(string(content), "\n"))
-			}
-		}
-	}
-	return options
-}
-
-func mergeTLSOutboundOptions(options *option.OutboundTLSOptions) *option.OutboundTLSOptions {
-	if options == nil {
-		return nil
-	}
-	if options.CertificatePath != "" {
-		if content, err := os.ReadFile(options.CertificatePath); err == nil {
-			options.Certificate = trimStringArray(strings.Split(string(content), "\n"))
-		}
-	}
-	if options.ECH != nil {
-		if options.ECH.ConfigPath != "" {
-			if content, err := os.ReadFile(options.ECH.ConfigPath); err == nil {
-				options.ECH.Config = trimStringArray(strings.Split(string(content), "\n"))
-			}
-		}
-	}
-	return options
-}
-
-func mergeSSHOutboundOptions(options option.SSHOutboundOptions) option.SSHOutboundOptions {
-	if options.PrivateKeyPath != "" {
-		if content, err := os.ReadFile(os.ExpandEnv(options.PrivateKeyPath)); err == nil {
-			options.PrivateKey = trimStringArray(strings.Split(string(content), "\n"))
-		}
-	}
-	return options
-}
-
-func trimStringArray(array []string) []string {
-	return common.Filter(array, func(it string) bool {
-		return strings.TrimSpace(it) != ""
-	})
-}

cmd/sing-box/cmd_run.go

@@ -5,15 +5,10 @@ import (
 	"io"
 	"os"
 	"os/signal"
-	"path/filepath"
 	runtimeDebug "runtime/debug"
-	"sort"
-	"strings"
 	"syscall"
-	"time"
 
 	"github.com/sagernet/sing-box"
-	"github.com/sagernet/sing-box/common/badjsonmerge"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	E "github.com/sagernet/sing/common/exceptions"
@@ -36,88 +31,29 @@ func init() {
 	mainCommand.AddCommand(commandRun)
 }
 
-type OptionsEntry struct {
-	content []byte
-	path    string
-	options option.Options
-}
-
-func readConfigAt(path string) (*OptionsEntry, error) {
+func readConfig() (option.Options, error) {
 	var (
 		configContent []byte
 		err           error
 	)
-	if path == "stdin" {
+	if configPath == "stdin" {
 		configContent, err = io.ReadAll(os.Stdin)
 	} else {
-		configContent, err = os.ReadFile(path)
+		configContent, err = os.ReadFile(configPath)
 	}
 	if err != nil {
-		return nil, E.Cause(err, "read config at ", path)
+		return option.Options{}, E.Cause(err, "read config")
 	}
 	var options option.Options
 	err = options.UnmarshalJSON(configContent)
 	if err != nil {
-		return nil, E.Cause(err, "decode config at ", path)
+		return option.Options{}, E.Cause(err, "decode config")
 	}
-	return &OptionsEntry{
-		content: configContent,
-		path:    path,
-		options: options,
-	}, nil
-}
-
-func readConfig() ([]*OptionsEntry, error) {
-	var optionsList []*OptionsEntry
-	for _, path := range configPaths {
-		optionsEntry, err := readConfigAt(path)
-		if err != nil {
-			return nil, err
-		}
-		optionsList = append(optionsList, optionsEntry)
-	}
-	for _, directory := range configDirectories {
-		entries, err := os.ReadDir(directory)
-		if err != nil {
-			return nil, E.Cause(err, "read config directory at ", directory)
-		}
-		for _, entry := range entries {
-			if !strings.HasSuffix(entry.Name(), ".json") || entry.IsDir() {
-				continue
-			}
-			optionsEntry, err := readConfigAt(filepath.Join(directory, entry.Name()))
-			if err != nil {
-				return nil, err
-			}
-			optionsList = append(optionsList, optionsEntry)
-		}
-	}
-	sort.Slice(optionsList, func(i, j int) bool {
-		return optionsList[i].path < optionsList[j].path
-	})
-	return optionsList, nil
-}
-
-func readConfigAndMerge() (option.Options, error) {
-	optionsList, err := readConfig()
-	if err != nil {
-		return option.Options{}, err
-	}
-	if len(optionsList) == 1 {
-		return optionsList[0].options, nil
-	}
-	var mergedOptions option.Options
-	for _, options := range optionsList {
-		mergedOptions, err = badjsonmerge.MergeOptions(options.options, mergedOptions)
-		if err != nil {
-			return option.Options{}, E.Cause(err, "merge config at ", options.path)
-		}
-	}
-	return mergedOptions, nil
+	return options, nil
 }
 
 func create() (*box.Box, context.CancelFunc, error) {
-	options, err := readConfigAndMerge()
+	options, err := readConfig()
 	if err != nil {
 		return nil, nil, err
 	}
@@ -128,10 +64,7 @@ func create() (*box.Box, context.CancelFunc, error) {
 		options.Log.DisableColor = true
 	}
 	ctx, cancel := context.WithCancel(context.Background())
-	instance, err := box.New(box.Options{
-		Context: ctx,
-		Options: options,
-	})
+	instance, err := box.New(ctx, options)
 	if err != nil {
 		cancel()
 		return nil, nil, E.Cause(err, "create service")
@@ -143,16 +76,14 @@ func create() (*box.Box, context.CancelFunc, error) {
 		signal.Stop(osSignals)
 		close(osSignals)
 	}()
-	startCtx, finishStart := context.WithCancel(context.Background())
+
 	go func() {
 		_, loaded := <-osSignals
 		if loaded {
 			cancel()
-			closeMonitor(startCtx)
 		}
 	}()
 	err = instance.Start()
-	finishStart()
 	if err != nil {
 		cancel()
 		return nil, nil, E.Cause(err, "start service")
@@ -180,10 +111,7 @@ func run() error {
 				}
 			}
 			cancel()
-			closeCtx, closed := context.WithCancel(context.Background())
-			go closeMonitor(closeCtx)
 			instance.Close()
-			closed()
 			if osSignal != syscall.SIGHUP {
 				return nil
 			}
@@ -191,13 +119,3 @@ func run() error {
 		}
 	}
 }
-
-func closeMonitor(ctx context.Context) {
-	time.Sleep(3 * time.Second)
-	select {
-	case <-ctx.Done():
-		return
-	default:
-	}
-	log.Fatal("sing-box did not close!")
-}

cmd/sing-box/cmd_tools.go

@@ -1,53 +0,0 @@
-package main
-
-import (
-	"github.com/sagernet/sing-box"
-	E "github.com/sagernet/sing/common/exceptions"
-	N "github.com/sagernet/sing/common/network"
-
-	"github.com/spf13/cobra"
-)
-
-var commandToolsFlagOutbound string
-
-var commandTools = &cobra.Command{
-	Use:   "tools",
-	Short: "Experimental tools",
-}
-
-func init() {
-	commandTools.PersistentFlags().StringVarP(&commandToolsFlagOutbound, "outbound", "o", "", "Use specified tag instead of default outbound")
-	mainCommand.AddCommand(commandTools)
-}
-
-func createPreStartedClient() (*box.Box, error) {
-	options, err := readConfigAndMerge()
-	if err != nil {
-		return nil, err
-	}
-	instance, err := box.New(box.Options{Options: options})
-	if err != nil {
-		return nil, E.Cause(err, "create service")
-	}
-	err = instance.PreStart()
-	if err != nil {
-		return nil, E.Cause(err, "start service")
-	}
-	return instance, nil
-}
-
-func createDialer(instance *box.Box, network string, outboundTag string) (N.Dialer, error) {
-	if outboundTag == "" {
-		outbound := instance.Router().DefaultOutbound(N.NetworkName(network))
-		if outbound == nil {
-			return nil, E.New("missing default outbound")
-		}
-		return outbound, nil
-	} else {
-		outbound, loaded := instance.Router().Outbound(outboundTag)
-		if !loaded {
-			return nil, E.New("outbound not found: ", outboundTag)
-		}
-		return outbound, nil
-	}
-}

cmd/sing-box/cmd_tools_connect.go

@@ -1,73 +0,0 @@
-package main
-
-import (
-	"context"
-	"os"
-
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/bufio"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/task"
-
-	"github.com/spf13/cobra"
-)
-
-var commandConnectFlagNetwork string
-
-var commandConnect = &cobra.Command{
-	Use:   "connect [address]",
-	Short: "Connect to an address",
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := connect(args[0])
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandConnect.Flags().StringVarP(&commandConnectFlagNetwork, "network", "n", "tcp", "network type")
-	commandTools.AddCommand(commandConnect)
-}
-
-func connect(address string) error {
-	switch N.NetworkName(commandConnectFlagNetwork) {
-	case N.NetworkTCP, N.NetworkUDP:
-	default:
-		return E.Cause(N.ErrUnknownNetwork, commandConnectFlagNetwork)
-	}
-	instance, err := createPreStartedClient()
-	if err != nil {
-		return err
-	}
-	defer instance.Close()
-	dialer, err := createDialer(instance, commandConnectFlagNetwork, commandToolsFlagOutbound)
-	if err != nil {
-		return err
-	}
-	conn, err := dialer.DialContext(context.Background(), commandConnectFlagNetwork, M.ParseSocksaddr(address))
-	if err != nil {
-		return E.Cause(err, "connect to server")
-	}
-	var group task.Group
-	group.Append("upload", func(ctx context.Context) error {
-		return common.Error(bufio.Copy(conn, os.Stdin))
-	})
-	group.Append("download", func(ctx context.Context) error {
-		return common.Error(bufio.Copy(os.Stdout, conn))
-	})
-	group.Cleanup(func() {
-		conn.Close()
-	})
-	err = group.Run(context.Background())
-	if E.IsClosed(err) {
-		log.Info(err)
-	} else {
-		log.Error(err)
-	}
-	return nil
-}

cmd/sing-box/cmd_tools_fetch.go

@@ -1,91 +0,0 @@
-package main
-
-import (
-	"context"
-	"errors"
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing/common/bufio"
-	M "github.com/sagernet/sing/common/metadata"
-
-	"github.com/spf13/cobra"
-)
-
-var commandFetch = &cobra.Command{
-	Use:   "fetch",
-	Short: "Fetch an URL",
-	Args:  cobra.MinimumNArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		err := fetch(args)
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandTools.AddCommand(commandFetch)
-}
-
-var httpClient *http.Client
-
-func fetch(args []string) error {
-	instance, err := createPreStartedClient()
-	if err != nil {
-		return err
-	}
-	defer instance.Close()
-	httpClient = &http.Client{
-		Transport: &http.Transport{
-			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
-				dialer, err := createDialer(instance, network, commandToolsFlagOutbound)
-				if err != nil {
-					return nil, err
-				}
-				return dialer.DialContext(ctx, network, M.ParseSocksaddr(addr))
-			},
-			ForceAttemptHTTP2: true,
-		},
-	}
-	defer httpClient.CloseIdleConnections()
-	for _, urlString := range args {
-		parsedURL, err := url.Parse(urlString)
-		if err != nil {
-			return err
-		}
-		switch parsedURL.Scheme {
-		case "":
-			parsedURL.Scheme = "http"
-			fallthrough
-		case "http", "https":
-			err = fetchHTTP(parsedURL)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func fetchHTTP(parsedURL *url.URL) error {
-	request, err := http.NewRequest("GET", parsedURL.String(), nil)
-	if err != nil {
-		return err
-	}
-	request.Header.Add("User-Agent", "curl/7.88.0")
-	response, err := httpClient.Do(request)
-	if err != nil {
-		return err
-	}
-	defer response.Body.Close()
-	_, err = bufio.Copy(os.Stdout, response.Body)
-	if errors.Is(err, io.EOF) {
-		return nil
-	}
-	return err
-}

cmd/sing-box/cmd_tools_synctime.go

@@ -1,69 +0,0 @@
-package main
-
-import (
-	"context"
-	"os"
-
-	"github.com/sagernet/sing-box/common/settings"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/ntp"
-
-	"github.com/spf13/cobra"
-)
-
-var (
-	commandSyncTimeFlagServer   string
-	commandSyncTimeOutputFormat string
-	commandSyncTimeWrite        bool
-)
-
-var commandSyncTime = &cobra.Command{
-	Use:   "synctime",
-	Short: "Sync time using the NTP protocol",
-	Args:  cobra.NoArgs,
-	Run: func(cmd *cobra.Command, args []string) {
-		err := syncTime()
-		if err != nil {
-			log.Fatal(err)
-		}
-	},
-}
-
-func init() {
-	commandSyncTime.Flags().StringVarP(&commandSyncTimeFlagServer, "server", "s", "time.apple.com", "Set NTP server")
-	commandSyncTime.Flags().StringVarP(&commandSyncTimeOutputFormat, "format", "f", C.TimeLayout, "Set output format")
-	commandSyncTime.Flags().BoolVarP(&commandSyncTimeWrite, "write", "w", false, "Write time to system")
-	commandTools.AddCommand(commandSyncTime)
-}
-
-func syncTime() error {
-	instance, err := createPreStartedClient()
-	if err != nil {
-		return err
-	}
-	dialer, err := createDialer(instance, N.NetworkUDP, commandToolsFlagOutbound)
-	if err != nil {
-		return err
-	}
-	defer instance.Close()
-	serverAddress := M.ParseSocksaddr(commandSyncTimeFlagServer)
-	if serverAddress.Port == 0 {
-		serverAddress.Port = 123
-	}
-	response, err := ntp.Exchange(context.Background(), dialer, serverAddress)
-	if err != nil {
-		return err
-	}
-	if commandSyncTimeWrite {
-		err = settings.SetSystemTime(response.Time)
-		if err != nil {
-			return E.Cause(err, "write time to system")
-		}
-	}
-	os.Stdout.WriteString(response.Time.Local().Format(commandSyncTimeOutputFormat))
-	return nil
-}

cmd/sing-box/debug.go

@@ -0,0 +1,44 @@
+//go:build debug
+
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	_ "net/http/pprof"
+	"runtime"
+	"runtime/debug"
+
+	"github.com/sagernet/sing-box/common/badjson"
+	"github.com/sagernet/sing-box/log"
+
+	"github.com/dustin/go-humanize"
+)
+
+func init() {
+	http.HandleFunc("/debug/gc", func(writer http.ResponseWriter, request *http.Request) {
+		writer.WriteHeader(http.StatusNoContent)
+		go debug.FreeOSMemory()
+	})
+	http.HandleFunc("/debug/memory", func(writer http.ResponseWriter, request *http.Request) {
+		var memStats runtime.MemStats
+		runtime.ReadMemStats(&memStats)
+
+		var memObject badjson.JSONObject
+		memObject.Put("heap", humanize.Bytes(memStats.HeapInuse))
+		memObject.Put("stack", humanize.Bytes(memStats.StackInuse))
+		memObject.Put("idle", humanize.Bytes(memStats.HeapIdle-memStats.HeapReleased))
+		memObject.Put("goroutines", runtime.NumGoroutine())
+		memObject.Put("rss", rusageMaxRSS())
+
+		encoder := json.NewEncoder(writer)
+		encoder.SetIndent("", "  ")
+		encoder.Encode(memObject)
+	})
+	go func() {
+		err := http.ListenAndServe("0.0.0.0:8964", nil)
+		if err != nil {
+			log.Debug(err)
+		}
+	}()
+}

cmd/sing-box/debug_linux.go

@@ -1,4 +1,6 @@
-package box
+//go:build debug
+
+package main
 
 import (
 	"runtime"

cmd/sing-box/debug_stub.go

@@ -1,6 +1,6 @@
-//go:build !linux
+//go:build debug && !linux
 
-package box
+package main
 
 func rusageMaxRSS() float64 {
 	return -1

cmd/sing-box/main.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"os"
-	"time"
 
 	_ "github.com/sagernet/sing-box/include"
 	"github.com/sagernet/sing-box/log"
@@ -11,10 +10,9 @@ import (
 )
 
 var (
-	configPaths       []string
-	configDirectories []string
-	workingDir        string
-	disableColor      bool
+	configPath   string
+	workingDir   string
+	disableColor bool
 )
 
 var mainCommand = &cobra.Command{
@@ -23,8 +21,7 @@ var mainCommand = &cobra.Command{
 }
 
 func init() {
-	mainCommand.PersistentFlags().StringArrayVarP(&configPaths, "config", "c", nil, "set configuration file path")
-	mainCommand.PersistentFlags().StringArrayVarP(&configDirectories, "config-directory", "C", nil, "set configuration directory path")
+	mainCommand.PersistentFlags().StringVarP(&configPath, "config", "c", "config.json", "set configuration file path")
 	mainCommand.PersistentFlags().StringVarP(&workingDir, "directory", "D", "", "set working directory")
 	mainCommand.PersistentFlags().BoolVarP(&disableColor, "disable-color", "", false, "disable color output")
 }
@@ -36,19 +33,9 @@ func main() {
 }
 
 func preRun(cmd *cobra.Command, args []string) {
-	if disableColor {
-		log.SetStdLogger(log.NewFactory(log.Formatter{BaseTime: time.Now(), DisableColors: true}, os.Stderr, nil).Logger())
-	}
 	if workingDir != "" {
-		_, err := os.Stat(workingDir)
-		if err != nil {
-			os.MkdirAll(workingDir, 0o777)
-		}
 		if err := os.Chdir(workingDir); err != nil {
 			log.Fatal(err)
 		}
 	}
-	if len(configPaths) == 0 && len(configDirectories) == 0 {
-		configPaths = append(configPaths, "config.json")
-	}
 }

common/baderror/baderror.go

@@ -0,0 +1,62 @@
+package baderror
+
+import (
+	"context"
+	"io"
+	"net"
+	"strings"
+
+	E "github.com/sagernet/sing/common/exceptions"
+)
+
+func Contains(err error, msgList ...string) bool {
+	for _, msg := range msgList {
+		if strings.Contains(err.Error(), msg) {
+			return true
+		}
+	}
+	return false
+}
+
+func WrapH2(err error) error {
+	if err == nil {
+		return nil
+	}
+	err = E.Unwrap(err)
+	if err == io.ErrUnexpectedEOF {
+		return io.EOF
+	}
+	if Contains(err, "client disconnected", "body closed by handler", "response body closed", "; CANCEL") {
+		return net.ErrClosed
+	}
+	return err
+}
+
+func WrapGRPC(err error) error {
+	// grpc uses stupid internal error types
+	if err == nil {
+		return nil
+	}
+	if Contains(err, "EOF") {
+		return io.EOF
+	}
+	if Contains(err, "Canceled") {
+		return context.Canceled
+	}
+	if Contains(err,
+		"the client connection is closing",
+		"server closed the stream without sending trailers") {
+		return net.ErrClosed
+	}
+	return err
+}
+
+func WrapQUIC(err error) error {
+	if err == nil {
+		return nil
+	}
+	if Contains(err, "canceled with error code 0") {
+		return net.ErrClosed
+	}
+	return err
+}

common/badjsonmerge/merge.go

@@ -1,80 +0,0 @@
-package badjsonmerge
-
-import (
-	"encoding/json"
-	"reflect"
-
-	"github.com/sagernet/sing-box/common/badjson"
-	"github.com/sagernet/sing-box/option"
-	E "github.com/sagernet/sing/common/exceptions"
-)
-
-func MergeOptions(source option.Options, destination option.Options) (option.Options, error) {
-	rawSource, err := json.Marshal(source)
-	if err != nil {
-		return option.Options{}, E.Cause(err, "marshal source")
-	}
-	rawDestination, err := json.Marshal(destination)
-	if err != nil {
-		return option.Options{}, E.Cause(err, "marshal destination")
-	}
-	rawMerged, err := MergeJSON(rawSource, rawDestination)
-	if err != nil {
-		return option.Options{}, E.Cause(err, "merge options")
-	}
-	var merged option.Options
-	err = json.Unmarshal(rawMerged, &merged)
-	if err != nil {
-		return option.Options{}, E.Cause(err, "unmarshal merged options")
-	}
-	return merged, nil
-}
-
-func MergeJSON(rawSource json.RawMessage, rawDestination json.RawMessage) (json.RawMessage, error) {
-	source, err := badjson.Decode(rawSource)
-	if err != nil {
-		return nil, E.Cause(err, "decode source")
-	}
-	destination, err := badjson.Decode(rawDestination)
-	if err != nil {
-		return nil, E.Cause(err, "decode destination")
-	}
-	merged, err := mergeJSON(source, destination)
-	if err != nil {
-		return nil, err
-	}
-	return json.Marshal(merged)
-}
-
-func mergeJSON(anySource any, anyDestination any) (any, error) {
-	switch destination := anyDestination.(type) {
-	case badjson.JSONArray:
-		switch source := anySource.(type) {
-		case badjson.JSONArray:
-			destination = append(destination, source...)
-		default:
-			destination = append(destination, source)
-		}
-		return destination, nil
-	case *badjson.JSONObject:
-		switch source := anySource.(type) {
-		case *badjson.JSONObject:
-			for _, entry := range source.Entries() {
-				oldValue, loaded := destination.Get(entry.Key)
-				if loaded {
-					var err error
-					entry.Value, err = mergeJSON(entry.Value, oldValue)
-					if err != nil {
-						return nil, E.Cause(err, "merge object item ", entry.Key)
-					}
-				}
-				destination.Put(entry.Key, entry.Value)
-			}
-		default:
-			return nil, E.New("cannot merge json object into ", reflect.TypeOf(destination))
-		}
-		return destination, nil
-	default:
-		return destination, nil
-	}
-}

common/badjsonmerge/merge_test.go

@@ -1,59 +0,0 @@
-package badjsonmerge
-
-import (
-	"testing"
-
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/option"
-	N "github.com/sagernet/sing/common/network"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestMergeJSON(t *testing.T) {
-	t.Parallel()
-	options := option.Options{
-		Log: &option.LogOptions{
-			Level: "info",
-		},
-		Route: &option.RouteOptions{
-			Rules: []option.Rule{
-				{
-					Type: C.RuleTypeDefault,
-					DefaultOptions: option.DefaultRule{
-						Network:  []string{N.NetworkTCP},
-						Outbound: "direct",
-					},
-				},
-			},
-		},
-	}
-	anotherOptions := option.Options{
-		Outbounds: []option.Outbound{
-			{
-				Type: C.TypeDirect,
-				Tag:  "direct",
-			},
-		},
-	}
-	thirdOptions := option.Options{
-		Route: &option.RouteOptions{
-			Rules: []option.Rule{
-				{
-					Type: C.RuleTypeDefault,
-					DefaultOptions: option.DefaultRule{
-						Network:  []string{N.NetworkUDP},
-						Outbound: "direct",
-					},
-				},
-			},
-		},
-	}
-	mergeOptions, err := MergeOptions(options, anotherOptions)
-	require.NoError(t, err)
-	mergeOptions, err = MergeOptions(thirdOptions, mergeOptions)
-	require.NoError(t, err)
-	require.Equal(t, "info", mergeOptions.Log.Level)
-	require.Equal(t, 2, len(mergeOptions.Route.Rules))
-	require.Equal(t, C.TypeDirect, mergeOptions.Outbounds[0].Type)
-}

common/badtls/badtls.go

@@ -1,4 +1,4 @@
-//go:build go1.20 && !go1.21
+//go:build go1.19 && !go1.20
 
 package badtls
 
@@ -14,60 +14,39 @@ import (
 	"sync/atomic"
 	"unsafe"
 
-	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
 	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
-	aTLS "github.com/sagernet/sing/common/tls"
 )
 
 type Conn struct {
 	*tls.Conn
-	writer              N.ExtendedWriter
-	isHandshakeComplete *atomic.Bool
-	activeCall          *atomic.Int32
-	closeNotifySent     *bool
-	version             *uint16
-	rand                io.Reader
-	halfAccess          *sync.Mutex
-	halfError           *error
-	cipher              cipher.AEAD
-	explicitNonceLen    int
-	halfPtr             uintptr
-	halfSeq             []byte
-	halfScratchBuf      []byte
+	writer           N.ExtendedWriter
+	activeCall       *int32
+	closeNotifySent  *bool
+	version          *uint16
+	rand             io.Reader
+	halfAccess       *sync.Mutex
+	halfError        *error
+	cipher           cipher.AEAD
+	explicitNonceLen int
+	halfPtr          uintptr
+	halfSeq          []byte
+	halfScratchBuf   []byte
 }
 
-func TryCreate(conn aTLS.Conn) aTLS.Conn {
-	tlsConn, ok := conn.(*tls.Conn)
-	if !ok {
-		return conn
-	}
-	badConn, err := Create(tlsConn)
-	if err != nil {
-		log.Warn("initialize badtls: ", err)
-		return conn
-	}
-	return badConn
-}
-
-func Create(conn *tls.Conn) (aTLS.Conn, error) {
-	rawConn := reflect.Indirect(reflect.ValueOf(conn))
-	rawIsHandshakeComplete := rawConn.FieldByName("isHandshakeComplete")
-	if !rawIsHandshakeComplete.IsValid() || rawIsHandshakeComplete.Kind() != reflect.Struct {
-		return nil, E.New("badtls: invalid isHandshakeComplete")
-	}
-	isHandshakeComplete := (*atomic.Bool)(unsafe.Pointer(rawIsHandshakeComplete.UnsafeAddr()))
-	if !isHandshakeComplete.Load() {
+func Create(conn *tls.Conn) (TLSConn, error) {
+	if !handshakeComplete(conn) {
 		return nil, E.New("handshake not finished")
 	}
+	rawConn := reflect.Indirect(reflect.ValueOf(conn))
 	rawActiveCall := rawConn.FieldByName("activeCall")
-	if !rawActiveCall.IsValid() || rawActiveCall.Kind() != reflect.Struct {
+	if !rawActiveCall.IsValid() || rawActiveCall.Kind() != reflect.Int32 {
 		return nil, E.New("badtls: invalid active call")
 	}
-	activeCall := (*atomic.Int32)(unsafe.Pointer(rawActiveCall.UnsafeAddr()))
+	activeCall := (*int32)(unsafe.Pointer(rawActiveCall.UnsafeAddr()))
 	rawHalfConn := rawConn.FieldByName("out")
 	if !rawHalfConn.IsValid() || rawHalfConn.Kind() != reflect.Struct {
 		return nil, E.New("badtls: invalid half conn")
@@ -129,20 +108,19 @@ func Create(conn *tls.Conn) (aTLS.Conn, error) {
 	}
 	halfScratchBuf := rawHalfScratchBuf.Bytes()
 	return &Conn{
-		Conn:                conn,
-		writer:              bufio.NewExtendedWriter(conn.NetConn()),
-		isHandshakeComplete: isHandshakeComplete,
-		activeCall:          activeCall,
-		closeNotifySent:     closeNotifySent,
-		version:             version,
-		halfAccess:          halfAccess,
-		halfError:           halfError,
-		cipher:              aeadCipher,
-		explicitNonceLen:    explicitNonceLen,
-		rand:                randReader,
-		halfPtr:             rawHalfConn.UnsafeAddr(),
-		halfSeq:             halfSeq,
-		halfScratchBuf:      halfScratchBuf,
+		Conn:             conn,
+		writer:           bufio.NewExtendedWriter(conn.NetConn()),
+		activeCall:       activeCall,
+		closeNotifySent:  closeNotifySent,
+		version:          version,
+		halfAccess:       halfAccess,
+		halfError:        halfError,
+		cipher:           aeadCipher,
+		explicitNonceLen: explicitNonceLen,
+		rand:             randReader,
+		halfPtr:          rawHalfConn.UnsafeAddr(),
+		halfSeq:          halfSeq,
+		halfScratchBuf:   halfScratchBuf,
 	}, nil
 }
 
@@ -152,15 +130,15 @@ func (c *Conn) WriteBuffer(buffer *buf.Buffer) error {
 		return common.Error(c.Write(buffer.Bytes()))
 	}
 	for {
-		x := c.activeCall.Load()
+		x := atomic.LoadInt32(c.activeCall)
 		if x&1 != 0 {
 			return net.ErrClosed
 		}
-		if c.activeCall.CompareAndSwap(x, x+2) {
+		if atomic.CompareAndSwapInt32(c.activeCall, x, x+2) {
 			break
 		}
 	}
-	defer c.activeCall.Add(-2)
+	defer atomic.AddInt32(c.activeCall, -2)
 	c.halfAccess.Lock()
 	defer c.halfAccess.Unlock()
 	if err := *c.halfError; err != nil {
@@ -208,7 +186,6 @@ func (c *Conn) WriteBuffer(buffer *buf.Buffer) error {
 		binary.BigEndian.PutUint16(outBuf[3:], uint16(dataLen+c.explicitNonceLen+c.cipher.Overhead()))
 	}
 	incSeq(c.halfPtr)
-	log.Trace("badtls write ", buffer.Len())
 	return c.writer.WriteBuffer(buffer)
 }
 

common/badtls/badtls_stub.go

@@ -1,14 +1,12 @@
-//go:build !go1.19 || go1.21
+//go:build !go1.19 || go1.20
 
 package badtls
 
 import (
 	"crypto/tls"
 	"os"
-
-	aTLS "github.com/sagernet/sing/common/tls"
 )
 
-func Create(conn *tls.Conn) (aTLS.Conn, error) {
+func Create(conn *tls.Conn) (TLSConn, error) {
 	return nil, os.ErrInvalid
 }

common/badtls/conn.go

@@ -0,0 +1,13 @@
+package badtls
+
+import (
+	"context"
+	"crypto/tls"
+	"net"
+)
+
+type TLSConn interface {
+	net.Conn
+	HandshakeContext(ctx context.Context) error
+	ConnectionState() tls.ConnectionState
+}

common/badtls/link.go

@@ -1,8 +1,9 @@
-//go:build go1.20 && !go.1.21
+//go:build go1.19 && !go.1.20
 
 package badtls
 
 import (
+	"crypto/tls"
 	"reflect"
 	_ "unsafe"
 )
@@ -15,6 +16,9 @@ const (
 //go:linkname errShutdown crypto/tls.errShutdown
 var errShutdown error
 
+//go:linkname handshakeComplete crypto/tls.(*Conn).handshakeComplete
+func handshakeComplete(conn *tls.Conn) bool
+
 //go:linkname incSeq crypto/tls.(*halfConn).incSeq
 func incSeq(conn uintptr)
 

common/badversion/version.go

@@ -1,124 +0,0 @@
-package badversion
-
-import (
-	"strconv"
-	"strings"
-
-	F "github.com/sagernet/sing/common/format"
-)
-
-type Version struct {
-	Major                int
-	Minor                int
-	Patch                int
-	Commit               string
-	PreReleaseIdentifier string
-	PreReleaseVersion    int
-}
-
-func (v Version) After(anotherVersion Version) bool {
-	if v.Major > anotherVersion.Major {
-		return true
-	} else if v.Major < anotherVersion.Major {
-		return false
-	}
-	if v.Minor > anotherVersion.Minor {
-		return true
-	} else if v.Minor < anotherVersion.Minor {
-		return false
-	}
-	if v.Patch > anotherVersion.Patch {
-		return true
-	} else if v.Patch < anotherVersion.Patch {
-		return false
-	}
-	if v.PreReleaseIdentifier == "" && anotherVersion.PreReleaseIdentifier != "" {
-		return true
-	} else if v.PreReleaseIdentifier != "" && anotherVersion.PreReleaseIdentifier == "" {
-		return false
-	}
-	if v.PreReleaseIdentifier != "" && anotherVersion.PreReleaseIdentifier != "" {
-		if v.PreReleaseIdentifier == anotherVersion.PreReleaseIdentifier {
-			if v.PreReleaseVersion > anotherVersion.PreReleaseVersion {
-				return true
-			} else if v.PreReleaseVersion < anotherVersion.PreReleaseVersion {
-				return false
-			}
-		} else if v.PreReleaseIdentifier == "rc" && anotherVersion.PreReleaseIdentifier == "beta" {
-			return true
-		} else if v.PreReleaseIdentifier == "beta" && anotherVersion.PreReleaseIdentifier == "rc" {
-			return false
-		} else if v.PreReleaseIdentifier == "beta" && anotherVersion.PreReleaseIdentifier == "alpha" {
-			return true
-		} else if v.PreReleaseIdentifier == "alpha" && anotherVersion.PreReleaseIdentifier == "beta" {
-			return false
-		}
-	}
-	return false
-}
-
-func (v Version) VersionString() string {
-	return F.ToString(v.Major, ".", v.Minor, ".", v.Patch)
-}
-
-func (v Version) String() string {
-	version := F.ToString(v.Major, ".", v.Minor, ".", v.Patch)
-	if v.PreReleaseIdentifier != "" {
-		version = F.ToString(version, "-", v.PreReleaseIdentifier, ".", v.PreReleaseVersion)
-	}
-	return version
-}
-
-func (v Version) BadString() string {
-	version := F.ToString(v.Major, ".", v.Minor)
-	if v.Patch > 0 {
-		version = F.ToString(version, ".", v.Patch)
-	}
-	if v.PreReleaseIdentifier != "" {
-		version = F.ToString(version, "-", v.PreReleaseIdentifier)
-		if v.PreReleaseVersion > 0 {
-			version = F.ToString(version, v.PreReleaseVersion)
-		}
-	}
-	return version
-}
-
-func Parse(versionName string) (version Version) {
-	if strings.HasPrefix(versionName, "v") {
-		versionName = versionName[1:]
-	}
-	if strings.Contains(versionName, "-") {
-		parts := strings.Split(versionName, "-")
-		versionName = parts[0]
-		identifier := parts[1]
-		if strings.Contains(identifier, ".") {
-			identifierParts := strings.Split(identifier, ".")
-			version.PreReleaseIdentifier = identifierParts[0]
-			if len(identifierParts) >= 2 {
-				version.PreReleaseVersion, _ = strconv.Atoi(identifierParts[1])
-			}
-		} else {
-			if strings.HasPrefix(identifier, "alpha") {
-				version.PreReleaseIdentifier = "alpha"
-				version.PreReleaseVersion, _ = strconv.Atoi(identifier[5:])
-			} else if strings.HasPrefix(identifier, "beta") {
-				version.PreReleaseIdentifier = "beta"
-				version.PreReleaseVersion, _ = strconv.Atoi(identifier[4:])
-			} else {
-				version.Commit = identifier
-			}
-		}
-	}
-	versionElements := strings.Split(versionName, ".")
-	versionLen := len(versionElements)
-	if versionLen >= 1 {
-		version.Major, _ = strconv.Atoi(versionElements[0])
-	}
-	if versionLen >= 2 {
-		version.Minor, _ = strconv.Atoi(versionElements[1])
-	}
-	if versionLen >= 3 {
-		version.Patch, _ = strconv.Atoi(versionElements[2])
-	}
-	return
-}

common/badversion/version_json.go

@@ -1,17 +0,0 @@
-package badversion
-
-import "github.com/sagernet/sing-box/common/json"
-
-func (v Version) MarshalJSON() ([]byte, error) {
-	return json.Marshal(v.String())
-}
-
-func (v *Version) UnmarshalJSON(data []byte) error {
-	var version string
-	err := json.Unmarshal(data, &version)
-	if err != nil {
-		return err
-	}
-	*v = Parse(version)
-	return nil
-}

common/badversion/version_test.go

@@ -1,18 +0,0 @@
-package badversion
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestCompareVersion(t *testing.T) {
-	t.Parallel()
-	require.Equal(t, "1.3.0-beta.1", Parse("v1.3.0-beta1").String())
-	require.Equal(t, "1.3-beta1", Parse("v1.3.0-beta.1").BadString())
-	require.True(t, Parse("1.3.0").After(Parse("1.3-beta1")))
-	require.True(t, Parse("1.3.0").After(Parse("1.3.0-beta1")))
-	require.True(t, Parse("1.3.0-beta1").After(Parse("1.3.0-alpha1")))
-	require.True(t, Parse("1.3.1").After(Parse("1.3.0")))
-	require.True(t, Parse("1.4").After(Parse("1.3")))
-}

common/canceler/instance.go

@@ -0,0 +1,48 @@
+package canceler
+
+import (
+	"context"
+	"time"
+)
+
+type Instance struct {
+	ctx        context.Context
+	cancelFunc context.CancelFunc
+	timer      *time.Timer
+	timeout    time.Duration
+}
+
+func New(ctx context.Context, cancelFunc context.CancelFunc, timeout time.Duration) *Instance {
+	instance := &Instance{
+		ctx,
+		cancelFunc,
+		time.NewTimer(timeout),
+		timeout,
+	}
+	go instance.wait()
+	return instance
+}
+
+func (i *Instance) Update() bool {
+	if !i.timer.Stop() {
+		return false
+	}
+	if !i.timer.Reset(i.timeout) {
+		return false
+	}
+	return true
+}
+
+func (i *Instance) wait() {
+	select {
+	case <-i.timer.C:
+	case <-i.ctx.Done():
+	}
+	i.Close()
+}
+
+func (i *Instance) Close() error {
+	i.timer.Stop()
+	i.cancelFunc()
+	return nil
+}

common/canceler/packet.go

@@ -0,0 +1,49 @@
+package canceler
+
+import (
+	"context"
+	"time"
+
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type PacketConn struct {
+	N.PacketConn
+	instance *Instance
+}
+
+func NewPacketConn(ctx context.Context, conn N.PacketConn, timeout time.Duration) (context.Context, N.PacketConn) {
+	ctx, cancel := context.WithCancel(ctx)
+	instance := New(ctx, cancel, timeout)
+	return ctx, &PacketConn{conn, instance}
+}
+
+func (c *PacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	destination, err = c.PacketConn.ReadPacket(buffer)
+	if err == nil {
+		c.instance.Update()
+	}
+	return
+}
+
+func (c *PacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	err := c.PacketConn.WritePacket(buffer, destination)
+	if err == nil {
+		c.instance.Update()
+	}
+	return err
+}
+
+func (c *PacketConn) Close() error {
+	return common.Close(
+		c.PacketConn,
+		c.instance,
+	)
+}
+
+func (c *PacketConn) Upstream() any {
+	return c.PacketConn
+}

common/conntrack/conn.go

@@ -1,54 +0,0 @@
-package conntrack
-
-import (
-	"io"
-	"net"
-
-	"github.com/sagernet/sing/common/x/list"
-)
-
-type Conn struct {
-	net.Conn
-	element *list.Element[io.Closer]
-}
-
-func NewConn(conn net.Conn) (net.Conn, error) {
-	connAccess.Lock()
-	element := openConnection.PushBack(conn)
-	connAccess.Unlock()
-	if KillerEnabled {
-		err := KillerCheck()
-		if err != nil {
-			conn.Close()
-			return nil, err
-		}
-	}
-	return &Conn{
-		Conn:    conn,
-		element: element,
-	}, nil
-}
-
-func (c *Conn) Close() error {
-	if c.element.Value != nil {
-		connAccess.Lock()
-		if c.element.Value != nil {
-			openConnection.Remove(c.element)
-			c.element.Value = nil
-		}
-		connAccess.Unlock()
-	}
-	return c.Conn.Close()
-}
-
-func (c *Conn) Upstream() any {
-	return c.Conn
-}
-
-func (c *Conn) ReaderReplaceable() bool {
-	return true
-}
-
-func (c *Conn) WriterReplaceable() bool {
-	return true
-}

common/conntrack/killer.go

@@ -1,35 +0,0 @@
-package conntrack
-
-import (
-	runtimeDebug "runtime/debug"
-	"time"
-
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/memory"
-)
-
-var (
-	KillerEnabled   bool
-	MemoryLimit     uint64
-	killerLastCheck time.Time
-)
-
-func KillerCheck() error {
-	if !KillerEnabled {
-		return nil
-	}
-	nowTime := time.Now()
-	if nowTime.Sub(killerLastCheck) < 3*time.Second {
-		return nil
-	}
-	killerLastCheck = nowTime
-	if memory.Total() > MemoryLimit {
-		Close()
-		go func() {
-			time.Sleep(time.Second)
-			runtimeDebug.FreeOSMemory()
-		}()
-		return E.New("out of memory")
-	}
-	return nil
-}

common/conntrack/packet_conn.go

@@ -1,55 +0,0 @@
-package conntrack
-
-import (
-	"io"
-	"net"
-
-	"github.com/sagernet/sing/common/bufio"
-	"github.com/sagernet/sing/common/x/list"
-)
-
-type PacketConn struct {
-	net.PacketConn
-	element *list.Element[io.Closer]
-}
-
-func NewPacketConn(conn net.PacketConn) (net.PacketConn, error) {
-	connAccess.Lock()
-	element := openConnection.PushBack(conn)
-	connAccess.Unlock()
-	if KillerEnabled {
-		err := KillerCheck()
-		if err != nil {
-			conn.Close()
-			return nil, err
-		}
-	}
-	return &PacketConn{
-		PacketConn: conn,
-		element:    element,
-	}, nil
-}
-
-func (c *PacketConn) Close() error {
-	if c.element.Value != nil {
-		connAccess.Lock()
-		if c.element.Value != nil {
-			openConnection.Remove(c.element)
-			c.element.Value = nil
-		}
-		connAccess.Unlock()
-	}
-	return c.PacketConn.Close()
-}
-
-func (c *PacketConn) Upstream() any {
-	return bufio.NewPacketConn(c.PacketConn)
-}
-
-func (c *PacketConn) ReaderReplaceable() bool {
-	return true
-}
-
-func (c *PacketConn) WriterReplaceable() bool {
-	return true
-}

common/conntrack/track.go

@@ -1,47 +0,0 @@
-package conntrack
-
-import (
-	"io"
-	"sync"
-
-	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/x/list"
-)
-
-var (
-	connAccess     sync.RWMutex
-	openConnection list.List[io.Closer]
-)
-
-func Count() int {
-	if !Enabled {
-		return 0
-	}
-	return openConnection.Len()
-}
-
-func List() []io.Closer {
-	if !Enabled {
-		return nil
-	}
-	connAccess.RLock()
-	defer connAccess.RUnlock()
-	connList := make([]io.Closer, 0, openConnection.Len())
-	for element := openConnection.Front(); element != nil; element = element.Next() {
-		connList = append(connList, element.Value)
-	}
-	return connList
-}
-
-func Close() {
-	if !Enabled {
-		return
-	}
-	connAccess.Lock()
-	defer connAccess.Unlock()
-	for element := openConnection.Front(); element != nil; element = element.Next() {
-		common.Close(element.Value)
-		element.Value = nil
-	}
-	openConnection.Init()
-}

common/conntrack/track_disable.go

@@ -1,5 +0,0 @@
-//go:build !with_conntrack
-
-package conntrack
-
-const Enabled = false

common/conntrack/track_enable.go

@@ -1,5 +0,0 @@
-//go:build with_conntrack
-
-package conntrack
-
-const Enabled = true

common/debugio/log.go

@@ -0,0 +1,87 @@
+package debugio
+
+import (
+	"net"
+
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type LogConn struct {
+	N.ExtendedConn
+	logger log.Logger
+	prefix string
+}
+
+func NewLogConn(conn net.Conn, logger log.Logger, prefix string) N.ExtendedConn {
+	return &LogConn{bufio.NewExtendedConn(conn), logger, prefix}
+}
+
+func (c *LogConn) Read(p []byte) (n int, err error) {
+	n, err = c.ExtendedConn.Read(p)
+	if n > 0 {
+		c.logger.Debug(c.prefix, " read ", buf.EncodeHexString(p[:n]))
+	}
+	return
+}
+
+func (c *LogConn) Write(p []byte) (n int, err error) {
+	c.logger.Debug(c.prefix, " write ", buf.EncodeHexString(p))
+	return c.ExtendedConn.Write(p)
+}
+
+func (c *LogConn) ReadBuffer(buffer *buf.Buffer) error {
+	err := c.ExtendedConn.ReadBuffer(buffer)
+	if err == nil {
+		c.logger.Debug(c.prefix, " read buffer ", buf.EncodeHexString(buffer.Bytes()))
+	}
+	return err
+}
+
+func (c *LogConn) WriteBuffer(buffer *buf.Buffer) error {
+	c.logger.Debug(c.prefix, " write buffer ", buf.EncodeHexString(buffer.Bytes()))
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *LogConn) Upstream() any {
+	return c.ExtendedConn
+}
+
+type LogPacketConn struct {
+	N.NetPacketConn
+	logger log.Logger
+	prefix string
+}
+
+func NewLogPacketConn(conn net.PacketConn, logger log.Logger, prefix string) N.NetPacketConn {
+	return &LogPacketConn{bufio.NewPacketConn(conn), logger, prefix}
+}
+
+func (c *LogPacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	n, addr, err = c.NetPacketConn.ReadFrom(p)
+	if n > 0 {
+		c.logger.Debug(c.prefix, " read from ", addr, " ", buf.EncodeHexString(p[:n]))
+	}
+	return
+}
+
+func (c *LogPacketConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	c.logger.Debug(c.prefix, " write to ", addr, " ", buf.EncodeHexString(p))
+	return c.NetPacketConn.WriteTo(p, addr)
+}
+
+func (c *LogPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	destination, err = c.NetPacketConn.ReadPacket(buffer)
+	if err == nil {
+		c.logger.Debug(c.prefix, " read packet from ", destination, " ", buf.EncodeHexString(buffer.Bytes()))
+	}
+	return
+}
+
+func (c *LogPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	c.logger.Debug(c.prefix, " write packet to ", destination, " ", buf.EncodeHexString(buffer.Bytes()))
+	return c.NetPacketConn.WritePacket(buffer, destination)
+}

common/debugio/print.go

@@ -0,0 +1,19 @@
+package debugio
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/sagernet/sing/common"
+)
+
+func PrintUpstream(obj any) {
+	for obj != nil {
+		fmt.Println(reflect.TypeOf(obj))
+		if u, ok := obj.(common.WithUpstream); !ok {
+			break
+		} else {
+			obj = u.Upstream()
+		}
+	}
+}

common/debugio/race.go

@@ -0,0 +1,48 @@
+package debugio
+
+import (
+	"net"
+	"sync"
+
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type RaceConn struct {
+	N.ExtendedConn
+	readAccess  sync.Mutex
+	writeAccess sync.Mutex
+}
+
+func NewRaceConn(conn net.Conn) N.ExtendedConn {
+	return &RaceConn{ExtendedConn: bufio.NewExtendedConn(conn)}
+}
+
+func (c *RaceConn) Read(p []byte) (n int, err error) {
+	c.readAccess.Lock()
+	defer c.readAccess.Unlock()
+	return c.ExtendedConn.Read(p)
+}
+
+func (c *RaceConn) Write(p []byte) (n int, err error) {
+	c.writeAccess.Lock()
+	defer c.writeAccess.Unlock()
+	return c.ExtendedConn.Write(p)
+}
+
+func (c *RaceConn) ReadBuffer(buffer *buf.Buffer) error {
+	c.readAccess.Lock()
+	defer c.readAccess.Unlock()
+	return c.ExtendedConn.ReadBuffer(buffer)
+}
+
+func (c *RaceConn) WriteBuffer(buffer *buf.Buffer) error {
+	c.writeAccess.Lock()
+	defer c.writeAccess.Unlock()
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *RaceConn) Upstream() any {
+	return c.ExtendedConn
+}

common/dialer/default.go

@@ -6,18 +6,54 @@ import (
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/conntrack"
+	"github.com/sagernet/sing-box/common/warning"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/tfo-go"
+)
+
+var warnBindInterfaceOnUnsupportedPlatform = warning.New(
+	func() bool {
+		return !(C.IsLinux || C.IsWindows || C.IsDarwin)
+	},
+	"outbound option `bind_interface` is only supported on Linux and Windows",
+)
+
+var warnRoutingMarkOnUnsupportedPlatform = warning.New(
+	func() bool {
+		return !C.IsLinux
+	},
+	"outbound option `routing_mark` is only supported on Linux",
+)
+
+var warnReuseAdderOnUnsupportedPlatform = warning.New(
+	func() bool {
+		return !(C.IsDarwin || C.IsDragonfly || C.IsFreebsd || C.IsLinux || C.IsNetbsd || C.IsOpenbsd || C.IsSolaris || C.IsWindows)
+	},
+	"outbound option `reuse_addr` is unsupported on current platform",
+)
+
+var warnProtectPathOnNonAndroid = warning.New(
+	func() bool {
+		return !C.IsAndroid
+	},
+	"outbound option `protect_path` is only supported on Android",
+)
+
+var warnTFOOnUnsupportedPlatform = warning.New(
+	func() bool {
+		return !(C.IsDarwin || C.IsFreebsd || C.IsLinux || C.IsWindows)
+	},
+	"outbound option `tcp_fast_open` is unsupported on current platform",
 )
 
 type DefaultDialer struct {
-	dialer4     tcpDialer
-	dialer6     tcpDialer
+	dialer4     tfo.Dialer
+	dialer6     tfo.Dialer
 	udpDialer4  net.Dialer
 	udpDialer6  net.Dialer
 	udpListener net.ListenConfig
@@ -25,15 +61,24 @@ type DefaultDialer struct {
 	udpAddr6    string
 }
 
-func NewDefault(router adapter.Router, options option.DialerOptions) (*DefaultDialer, error) {
+func NewDefault(router adapter.Router, options option.DialerOptions) *DefaultDialer {
 	var dialer net.Dialer
 	var listener net.ListenConfig
 	if options.BindInterface != "" {
+		warnBindInterfaceOnUnsupportedPlatform.Check()
 		bindFunc := control.BindToInterface(router.InterfaceFinder(), options.BindInterface, -1)
 		dialer.Control = control.Append(dialer.Control, bindFunc)
 		listener.Control = control.Append(listener.Control, bindFunc)
 	} else if router.AutoDetectInterface() {
-		bindFunc := router.AutoDetectInterfaceFunc()
+		const useInterfaceName = C.IsLinux
+		bindFunc := control.BindToInterfaceFunc(router.InterfaceFinder(), func(network string, address string) (interfaceName string, interfaceIndex int) {
+			remoteAddr := M.ParseSocksaddr(address).Addr
+			if C.IsLinux {
+				return router.InterfaceMonitor().DefaultInterfaceName(remoteAddr), -1
+			} else {
+				return "", router.InterfaceMonitor().DefaultInterfaceIndex(remoteAddr)
+			}
+		})
 		dialer.Control = control.Append(dialer.Control, bindFunc)
 		listener.Control = control.Append(listener.Control, bindFunc)
 	} else if router.DefaultInterface() != "" {
@@ -42,6 +87,7 @@ func NewDefault(router adapter.Router, options option.DialerOptions) (*DefaultDi
 		listener.Control = control.Append(listener.Control, bindFunc)
 	}
 	if options.RoutingMark != 0 {
+		warnRoutingMarkOnUnsupportedPlatform.Check()
 		dialer.Control = control.Append(dialer.Control, control.RoutingMark(options.RoutingMark))
 		listener.Control = control.Append(listener.Control, control.RoutingMark(options.RoutingMark))
 	} else if router.DefaultMark() != 0 {
@@ -49,9 +95,11 @@ func NewDefault(router adapter.Router, options option.DialerOptions) (*DefaultDi
 		listener.Control = control.Append(listener.Control, control.RoutingMark(router.DefaultMark()))
 	}
 	if options.ReuseAddr {
+		warnReuseAdderOnUnsupportedPlatform.Check()
 		listener.Control = control.Append(listener.Control, control.ReuseAddr())
 	}
 	if options.ProtectPath != "" {
+		warnProtectPathOnNonAndroid.Check()
 		dialer.Control = control.Append(dialer.Control, control.ProtectPath(options.ProtectPath))
 		listener.Control = control.Append(listener.Control, control.ProtectPath(options.ProtectPath))
 	}
@@ -60,6 +108,9 @@ func NewDefault(router adapter.Router, options option.DialerOptions) (*DefaultDi
 	} else {
 		dialer.Timeout = C.TCPTimeout
 	}
+	if options.TCPFastOpen {
+		warnTFOOnUnsupportedPlatform.Check()
+	}
 	var udpFragment bool
 	if options.UDPFragment != nil {
 		udpFragment = *options.UDPFragment
@@ -92,29 +143,15 @@ func NewDefault(router adapter.Router, options option.DialerOptions) (*DefaultDi
 		udpDialer6.LocalAddr = &net.UDPAddr{IP: bindAddr.AsSlice()}
 		udpAddr6 = M.SocksaddrFrom(bindAddr, 0).String()
 	}
-	if options.TCPMultiPath {
-		if !go121Available {
-			return nil, E.New("MultiPath TCP requires go1.21, please recompile your binary.")
-		}
-		setMultiPathTCP(&dialer4)
-	}
-	tcpDialer4, err := newTCPDialer(dialer4, options.TCPFastOpen)
-	if err != nil {
-		return nil, err
-	}
-	tcpDialer6, err := newTCPDialer(dialer6, options.TCPFastOpen)
-	if err != nil {
-		return nil, err
-	}
 	return &DefaultDialer{
-		tcpDialer4,
-		tcpDialer6,
+		tfo.Dialer{Dialer: dialer4, DisableTFO: !options.TCPFastOpen},
+		tfo.Dialer{Dialer: dialer6, DisableTFO: !options.TCPFastOpen},
 		udpDialer4,
 		udpDialer6,
 		listener,
 		udpAddr4,
 		udpAddr6,
-	}, nil
+	}
 }
 
 func (d *DefaultDialer) DialContext(ctx context.Context, network string, address M.Socksaddr) (net.Conn, error) {
@@ -124,38 +161,22 @@ func (d *DefaultDialer) DialContext(ctx context.Context, network string, address
 	switch N.NetworkName(network) {
 	case N.NetworkUDP:
 		if !address.IsIPv6() {
-			return trackConn(d.udpDialer4.DialContext(ctx, network, address.String()))
+			return d.udpDialer4.DialContext(ctx, network, address.String())
 		} else {
-			return trackConn(d.udpDialer6.DialContext(ctx, network, address.String()))
+			return d.udpDialer6.DialContext(ctx, network, address.String())
 		}
 	}
 	if !address.IsIPv6() {
-		return trackConn(DialSlowContext(&d.dialer4, ctx, network, address))
+		return DialSlowContext(&d.dialer4, ctx, network, address)
 	} else {
-		return trackConn(DialSlowContext(&d.dialer6, ctx, network, address))
+		return DialSlowContext(&d.dialer6, ctx, network, address)
 	}
 }
 
 func (d *DefaultDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	if destination.IsIPv6() {
-		return trackPacketConn(d.udpListener.ListenPacket(ctx, N.NetworkUDP, d.udpAddr6))
-	} else if destination.IsIPv4() && !destination.Addr.IsUnspecified() {
-		return trackPacketConn(d.udpListener.ListenPacket(ctx, N.NetworkUDP+"4", d.udpAddr4))
+	if !destination.IsIPv6() {
+		return d.udpListener.ListenPacket(ctx, N.NetworkUDP, d.udpAddr4)
 	} else {
-		return trackPacketConn(d.udpListener.ListenPacket(ctx, N.NetworkUDP, d.udpAddr4))
+		return d.udpListener.ListenPacket(ctx, N.NetworkUDP, d.udpAddr6)
 	}
 }
-
-func trackConn(conn net.Conn, err error) (net.Conn, error) {
-	if !conntrack.Enabled || err != nil {
-		return conn, err
-	}
-	return conntrack.NewConn(conn)
-}
-
-func trackPacketConn(conn net.PacketConn, err error) (net.PacketConn, error) {
-	if !conntrack.Enabled || err != nil {
-		return conn, err
-	}
-	return conntrack.NewPacketConn(conn)
-}

common/dialer/default_go1.20.go

@@ -1,15 +0,0 @@
-//go:build go1.20
-
-package dialer
-
-import (
-	"net"
-
-	"github.com/sagernet/tfo-go"
-)
-
-type tcpDialer = tfo.Dialer
-
-func newTCPDialer(dialer net.Dialer, tfoEnabled bool) (tcpDialer, error) {
-	return tfo.Dialer{Dialer: dialer, DisableTFO: !tfoEnabled}, nil
-}

common/dialer/default_go1.21.go

@@ -1,11 +0,0 @@
-//go:build go1.21
-
-package dialer
-
-import "net"
-
-const go121Available = true
-
-func setMultiPathTCP(dialer *net.Dialer) {
-	dialer.SetMultipathTCP(true)
-}

common/dialer/default_nongo1.20.go

@@ -1,18 +0,0 @@
-//go:build !go1.20
-
-package dialer
-
-import (
-	"net"
-
-	E "github.com/sagernet/sing/common/exceptions"
-)
-
-type tcpDialer = net.Dialer
-
-func newTCPDialer(dialer net.Dialer, tfoEnabled bool) (tcpDialer, error) {
-	if tfoEnabled {
-		return dialer, E.New("TCP Fast Open requires go1.20, please recompile your binary.")
-	}
-	return dialer, nil
-}

common/dialer/default_nongo1.21.go

@@ -1,12 +0,0 @@
-//go:build !go1.21
-
-package dialer
-
-import (
-	"net"
-)
-
-const go121Available = false
-
-func setMultiPathTCP(dialer *net.Dialer) {
-}

common/dialer/detour.go

@@ -6,7 +6,6 @@ import (
 	"sync"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing/common/bufio/deadline"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
@@ -45,14 +44,7 @@ func (d *DetourDialer) DialContext(ctx context.Context, network string, destinat
 	if err != nil {
 		return nil, err
 	}
-	conn, err := dialer.DialContext(ctx, network, destination)
-	if err != nil {
-		return nil, err
-	}
-	if deadline.NeedAdditionalReadDeadline(conn) {
-		conn = deadline.NewConn(conn)
-	}
-	return conn, nil
+	return dialer.DialContext(ctx, network, destination)
 }
 
 func (d *DetourDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {

common/dialer/dialer.go

@@ -6,35 +6,19 @@ import (
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-dns"
-	"github.com/sagernet/sing/common"
 	N "github.com/sagernet/sing/common/network"
 )
 
-func MustNew(router adapter.Router, options option.DialerOptions) N.Dialer {
-	return common.Must1(New(router, options))
-}
-
-func New(router adapter.Router, options option.DialerOptions) (N.Dialer, error) {
-	var (
-		dialer N.Dialer
-		err    error
-	)
+func New(router adapter.Router, options option.DialerOptions) N.Dialer {
+	var dialer N.Dialer
 	if options.Detour == "" {
-		dialer, err = NewDefault(router, options)
-		if err != nil {
-			return nil, err
-		}
+		dialer = NewDefault(router, options)
 	} else {
 		dialer = NewDetour(router, options.Detour)
 	}
 	domainStrategy := dns.DomainStrategy(options.DomainStrategy)
 	if domainStrategy != dns.DomainStrategyAsIS || options.Detour == "" {
-		dialer = NewResolveDialer(
-			router,
-			dialer,
-			options.Detour == "" && !options.TCPFastOpen,
-			domainStrategy,
-			time.Duration(options.FallbackDelay))
+		dialer = NewResolveDialer(router, dialer, domainStrategy, time.Duration(options.FallbackDelay))
 	}
-	return dialer, nil
+	return dialer
 }

common/dialer/resolve.go

@@ -9,23 +9,20 @@ import (
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-dns"
-	"github.com/sagernet/sing/common/bufio"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 )
 
 type ResolveDialer struct {
 	dialer        N.Dialer
-	parallel      bool
 	router        adapter.Router
 	strategy      dns.DomainStrategy
 	fallbackDelay time.Duration
 }
 
-func NewResolveDialer(router adapter.Router, dialer N.Dialer, parallel bool, strategy dns.DomainStrategy, fallbackDelay time.Duration) *ResolveDialer {
+func NewResolveDialer(router adapter.Router, dialer N.Dialer, strategy dns.DomainStrategy, fallbackDelay time.Duration) *ResolveDialer {
 	return &ResolveDialer{
 		dialer,
-		parallel,
 		router,
 		strategy,
 		fallbackDelay,
@@ -36,7 +33,7 @@ func (d *ResolveDialer) DialContext(ctx context.Context, network string, destina
 	if !destination.IsFqdn() {
 		return d.dialer.DialContext(ctx, network, destination)
 	}
-	ctx, metadata := adapter.ExtendContext(ctx)
+	ctx, metadata := adapter.AppendContext(ctx)
 	ctx = log.ContextWithOverrideLevel(ctx, log.LevelDebug)
 	metadata.Destination = destination
 	metadata.Domain = ""
@@ -50,18 +47,14 @@ func (d *ResolveDialer) DialContext(ctx context.Context, network string, destina
 	if err != nil {
 		return nil, err
 	}
-	if d.parallel {
-		return N.DialParallel(ctx, d.dialer, network, destination, addresses, d.strategy == dns.DomainStrategyPreferIPv6, d.fallbackDelay)
-	} else {
-		return N.DialSerial(ctx, d.dialer, network, destination, addresses)
-	}
+	return N.DialParallel(ctx, d.dialer, network, destination, addresses, d.strategy == dns.DomainStrategyPreferIPv6, d.fallbackDelay)
 }
 
 func (d *ResolveDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
 	if !destination.IsFqdn() {
 		return d.dialer.ListenPacket(ctx, destination)
 	}
-	ctx, metadata := adapter.ExtendContext(ctx)
+	ctx, metadata := adapter.AppendContext(ctx)
 	ctx = log.ContextWithOverrideLevel(ctx, log.LevelDebug)
 	metadata.Destination = destination
 	metadata.Domain = ""
@@ -75,11 +68,11 @@ func (d *ResolveDialer) ListenPacket(ctx context.Context, destination M.Socksadd
 	if err != nil {
 		return nil, err
 	}
-	conn, destinationAddress, err := N.ListenSerial(ctx, d.dialer, destination, addresses)
+	conn, err := N.ListenSerial(ctx, d.dialer, destination, addresses)
 	if err != nil {
 		return nil, err
 	}
-	return bufio.NewNATPacketConn(bufio.NewPacketConn(conn), M.SocksaddrFrom(destinationAddress, destination.Port), destination), nil
+	return NewResolvePacketConn(ctx, d.router, d.strategy, conn), nil
 }
 
 func (d *ResolveDialer) Upstream() any {

common/dialer/resolve_conn.go

@@ -0,0 +1,84 @@
+package dialer
+
+import (
+	"context"
+	"net"
+
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-dns"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+)
+
+func NewResolvePacketConn(ctx context.Context, router adapter.Router, strategy dns.DomainStrategy, conn net.PacketConn) N.NetPacketConn {
+	if udpConn, ok := conn.(*net.UDPConn); ok {
+		return &ResolveUDPConn{udpConn, ctx, router, strategy}
+	} else {
+		return &ResolvePacketConn{conn, ctx, router, strategy}
+	}
+}
+
+type ResolveUDPConn struct {
+	*net.UDPConn
+	ctx      context.Context
+	router   adapter.Router
+	strategy dns.DomainStrategy
+}
+
+func (w *ResolveUDPConn) ReadPacket(buffer *buf.Buffer) (M.Socksaddr, error) {
+	n, addr, err := w.ReadFromUDPAddrPort(buffer.FreeBytes())
+	if err != nil {
+		return M.Socksaddr{}, err
+	}
+	buffer.Truncate(n)
+	return M.SocksaddrFromNetIP(addr), nil
+}
+
+func (w *ResolveUDPConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	defer buffer.Release()
+	if destination.IsFqdn() {
+		addresses, err := w.router.Lookup(w.ctx, destination.Fqdn, w.strategy)
+		if err != nil {
+			return err
+		}
+		return common.Error(w.UDPConn.WriteToUDPAddrPort(buffer.Bytes(), M.SocksaddrFrom(addresses[0], destination.Port).AddrPort()))
+	}
+	return common.Error(w.UDPConn.WriteToUDPAddrPort(buffer.Bytes(), destination.AddrPort()))
+}
+
+func (w *ResolveUDPConn) Upstream() any {
+	return w.UDPConn
+}
+
+type ResolvePacketConn struct {
+	net.PacketConn
+	ctx      context.Context
+	router   adapter.Router
+	strategy dns.DomainStrategy
+}
+
+func (w *ResolvePacketConn) ReadPacket(buffer *buf.Buffer) (M.Socksaddr, error) {
+	_, addr, err := buffer.ReadPacketFrom(w)
+	if err != nil {
+		return M.Socksaddr{}, err
+	}
+	return M.SocksaddrFromNet(addr), err
+}
+
+func (w *ResolvePacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	defer buffer.Release()
+	if destination.IsFqdn() {
+		addresses, err := w.router.Lookup(w.ctx, destination.Fqdn, w.strategy)
+		if err != nil {
+			return err
+		}
+		return common.Error(w.WriteTo(buffer.Bytes(), M.SocksaddrFrom(addresses[0], destination.Port).UDPAddr()))
+	}
+	return common.Error(w.WriteTo(buffer.Bytes(), destination.UDPAddr()))
+}
+
+func (w *ResolvePacketConn) Upstream() any {
+	return w.PacketConn
+}

common/dialer/tfo.go

@@ -1,5 +1,3 @@
-//go:build go1.20
-
 package dialer
 
 import (
@@ -7,7 +5,6 @@ import (
 	"io"
 	"net"
 	"os"
-	"sync"
 	"time"
 
 	"github.com/sagernet/sing/common"
@@ -25,18 +22,12 @@ type slowOpenConn struct {
 	destination M.Socksaddr
 	conn        net.Conn
 	create      chan struct{}
-	access      sync.Mutex
 	err         error
 }
 
-func DialSlowContext(dialer *tcpDialer, ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+func DialSlowContext(dialer *tfo.Dialer, ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
 	if dialer.DisableTFO || N.NetworkName(network) != N.NetworkTCP {
-		switch N.NetworkName(network) {
-		case N.NetworkTCP, N.NetworkUDP:
-			return dialer.Dialer.DialContext(ctx, network, destination.String())
-		default:
-			return dialer.Dialer.DialContext(ctx, network, destination.AddrString())
-		}
+		return dialer.DialContext(ctx, network, destination.String(), nil)
 	}
 	return &slowOpenConn{
 		dialer:      dialer,
@@ -62,26 +53,15 @@ func (c *slowOpenConn) Read(b []byte) (n int, err error) {
 }
 
 func (c *slowOpenConn) Write(b []byte) (n int, err error) {
-	if c.conn != nil {
-		return c.conn.Write(b)
-	}
-	c.access.Lock()
-	defer c.access.Unlock()
-	select {
-	case <-c.create:
-		if c.err != nil {
-			return 0, c.err
+	if c.conn == nil {
+		c.conn, err = c.dialer.DialContext(c.ctx, c.network, c.destination.String(), b)
+		if err != nil {
+			c.err = E.Cause(err, "dial tcp fast open")
 		}
-		return c.conn.Write(b)
-	default:
+		close(c.create)
+		return
 	}
-	c.conn, err = c.dialer.DialContext(c.ctx, c.network, c.destination.String(), b)
-	if err != nil {
-		c.conn = nil
-		c.err = E.Cause(err, "dial tcp fast open")
-	}
-	close(c.create)
-	return
+	return c.conn.Write(b)
 }
 
 func (c *slowOpenConn) Close() error {
@@ -139,8 +119,11 @@ func (c *slowOpenConn) LazyHeadroom() bool {
 	return c.conn == nil
 }
 
-func (c *slowOpenConn) NeedHandshake() bool {
-	return c.conn == nil
+func (c *slowOpenConn) ReadFrom(r io.Reader) (n int64, err error) {
+	if c.conn != nil {
+		return bufio.Copy(c.conn, r)
+	}
+	return bufio.ReadFrom0(c, r)
 }
 
 func (c *slowOpenConn) WriteTo(w io.Writer) (n int64, err error) {

common/dialer/tfo_stub.go

@@ -1,20 +0,0 @@
-//go:build !go1.20
-
-package dialer
-
-import (
-	"context"
-	"net"
-
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-)
-
-func DialSlowContext(dialer *tcpDialer, ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	switch N.NetworkName(network) {
-	case N.NetworkTCP, N.NetworkUDP:
-		return dialer.DialContext(ctx, network, destination.String())
-	default:
-		return dialer.DialContext(ctx, network, destination.AddrString())
-	}
-}

common/humanize/bytes.go

@@ -1,158 +0,0 @@
-package humanize
-
-import (
-	"fmt"
-	"math"
-	"strconv"
-	"strings"
-	"unicode"
-)
-
-// IEC Sizes.
-// kibis of bits
-const (
-	Byte = 1 << (iota * 10)
-	KiByte
-	MiByte
-	GiByte
-	TiByte
-	PiByte
-	EiByte
-)
-
-// SI Sizes.
-const (
-	IByte = 1
-	KByte = IByte * 1000
-	MByte = KByte * 1000
-	GByte = MByte * 1000
-	TByte = GByte * 1000
-	PByte = TByte * 1000
-	EByte = PByte * 1000
-)
-
-var defaultSizeTable = map[string]uint64{
-	"b":   Byte,
-	"kib": KiByte,
-	"kb":  KByte,
-	"mib": MiByte,
-	"mb":  MByte,
-	"gib": GiByte,
-	"gb":  GByte,
-	"tib": TiByte,
-	"tb":  TByte,
-	"pib": PiByte,
-	"pb":  PByte,
-	"eib": EiByte,
-	"eb":  EByte,
-	// Without suffix
-	"":   Byte,
-	"ki": KiByte,
-	"k":  KByte,
-	"mi": MiByte,
-	"m":  MByte,
-	"gi": GiByte,
-	"g":  GByte,
-	"ti": TiByte,
-	"t":  TByte,
-	"pi": PiByte,
-	"p":  PByte,
-	"ei": EiByte,
-	"e":  EByte,
-}
-
-var memorysSizeTable = map[string]uint64{
-	"b":  Byte,
-	"kb": KiByte,
-	"mb": MiByte,
-	"gb": GiByte,
-	"tb": TiByte,
-	"pb": PiByte,
-	"eb": EiByte,
-	"":   Byte,
-	"k":  KiByte,
-	"m":  MiByte,
-	"g":  GiByte,
-	"t":  TiByte,
-	"p":  PiByte,
-	"e":  EiByte,
-}
-
-var (
-	defaultSizes = []string{"B", "kB", "MB", "GB", "TB", "PB", "EB"}
-	iSizes       = []string{"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB"}
-)
-
-func Bytes(s uint64) string {
-	return humanateBytes(s, 1000, defaultSizes)
-}
-
-func MemoryBytes(s uint64) string {
-	return humanateBytes(s, 1024, defaultSizes)
-}
-
-func IBytes(s uint64) string {
-	return humanateBytes(s, 1024, iSizes)
-}
-
-func logn(n, b float64) float64 {
-	return math.Log(n) / math.Log(b)
-}
-
-func humanateBytes(s uint64, base float64, sizes []string) string {
-	if s < 10 {
-		return fmt.Sprintf("%d B", s)
-	}
-	e := math.Floor(logn(float64(s), base))
-	suffix := sizes[int(e)]
-	val := math.Floor(float64(s)/math.Pow(base, e)*10+0.5) / 10
-	f := "%.0f %s"
-	if val < 10 {
-		f = "%.1f %s"
-	}
-
-	return fmt.Sprintf(f, val, suffix)
-}
-
-func ParseBytes(s string) (uint64, error) {
-	return parseBytes0(s, defaultSizeTable)
-}
-
-func ParseMemoryBytes(s string) (uint64, error) {
-	return parseBytes0(s, memorysSizeTable)
-}
-
-func parseBytes0(s string, sizeTable map[string]uint64) (uint64, error) {
-	lastDigit := 0
-	hasComma := false
-	for _, r := range s {
-		if !(unicode.IsDigit(r) || r == '.' || r == ',') {
-			break
-		}
-		if r == ',' {
-			hasComma = true
-		}
-		lastDigit++
-	}
-
-	num := s[:lastDigit]
-	if hasComma {
-		num = strings.Replace(num, ",", "", -1)
-	}
-
-	f, err := strconv.ParseFloat(num, 64)
-	if err != nil {
-		return 0, err
-	}
-
-	extra := strings.ToLower(strings.TrimSpace(s[lastDigit:]))
-	if m, ok := sizeTable[extra]; ok {
-		f *= float64(m)
-		if f >= math.MaxUint64 {
-			return 0, fmt.Errorf("too large: %v", s)
-		}
-		return uint64(f), nil
-	}
-
-	return 0, fmt.Errorf("unhandled size name: %v", extra)
-}

common/interrupt/conn.go

@@ -1,75 +0,0 @@
-package interrupt
-
-import (
-	"net"
-
-	"github.com/sagernet/sing/common/x/list"
-)
-
-/*type GroupedConn interface {
-	MarkAsInternal()
-}
-
-func MarkAsInternal(conn any) {
-	if groupedConn, isGroupConn := common.Cast[GroupedConn](conn); isGroupConn {
-		groupedConn.MarkAsInternal()
-	}
-}*/
-
-type Conn struct {
-	net.Conn
-	group   *Group
-	element *list.Element[*groupConnItem]
-}
-
-/*func (c *Conn) MarkAsInternal() {
-	c.element.Value.internal = true
-}*/
-
-func (c *Conn) Close() error {
-	c.group.access.Lock()
-	defer c.group.access.Unlock()
-	c.group.connections.Remove(c.element)
-	return c.Conn.Close()
-}
-
-func (c *Conn) ReaderReplaceable() bool {
-	return true
-}
-
-func (c *Conn) WriterReplaceable() bool {
-	return true
-}
-
-func (c *Conn) Upstream() any {
-	return c.Conn
-}
-
-type PacketConn struct {
-	net.PacketConn
-	group   *Group
-	element *list.Element[*groupConnItem]
-}
-
-/*func (c *PacketConn) MarkAsInternal() {
-	c.element.Value.internal = true
-}*/
-
-func (c *PacketConn) Close() error {
-	c.group.access.Lock()
-	defer c.group.access.Unlock()
-	c.group.connections.Remove(c.element)
-	return c.PacketConn.Close()
-}
-
-func (c *PacketConn) ReaderReplaceable() bool {
-	return true
-}
-
-func (c *PacketConn) WriterReplaceable() bool {
-	return true
-}
-
-func (c *PacketConn) Upstream() any {
-	return c.PacketConn
-}

common/interrupt/context.go

@@ -1,13 +0,0 @@
-package interrupt
-
-import "context"
-
-type contextKeyIsExternalConnection struct{}
-
-func ContextWithIsExternalConnection(ctx context.Context) context.Context {
-	return context.WithValue(ctx, contextKeyIsExternalConnection{}, true)
-}
-
-func IsExternalConnectionFromContext(ctx context.Context) bool {
-	return ctx.Value(contextKeyIsExternalConnection{}) != nil
-}

common/interrupt/group.go

@@ -1,52 +0,0 @@
-package interrupt
-
-import (
-	"io"
-	"net"
-	"sync"
-
-	"github.com/sagernet/sing/common/x/list"
-)
-
-type Group struct {
-	access      sync.Mutex
-	connections list.List[*groupConnItem]
-}
-
-type groupConnItem struct {
-	conn       io.Closer
-	isExternal bool
-}
-
-func NewGroup() *Group {
-	return &Group{}
-}
-
-func (g *Group) NewConn(conn net.Conn, isExternal bool) net.Conn {
-	g.access.Lock()
-	defer g.access.Unlock()
-	item := g.connections.PushBack(&groupConnItem{conn, isExternal})
-	return &Conn{Conn: conn, group: g, element: item}
-}
-
-func (g *Group) NewPacketConn(conn net.PacketConn, isExternal bool) net.PacketConn {
-	g.access.Lock()
-	defer g.access.Unlock()
-	item := g.connections.PushBack(&groupConnItem{conn, isExternal})
-	return &PacketConn{PacketConn: conn, group: g, element: item}
-}
-
-func (g *Group) Interrupt(interruptExternalConnections bool) {
-	g.access.Lock()
-	defer g.access.Unlock()
-	var toDelete []*list.Element[*groupConnItem]
-	for element := g.connections.Front(); element != nil; element = element.Next() {
-		if !element.Value.isExternal || interruptExternalConnections {
-			element.Value.conn.Close()
-			toDelete = append(toDelete, element)
-		}
-	}
-	for _, element := range toDelete {
-		g.connections.Remove(element)
-	}
-}

common/mux/client.go

@@ -1,42 +1,519 @@
 package mux
 
 import (
-	C "github.com/sagernet/sing-box/constant"
+	"context"
+	"encoding/binary"
+	"io"
+	"net"
+	"sync"
+
 	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-mux"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/logger"
+	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/x/list"
 )
 
-type Client = mux.Client
+var _ N.Dialer = (*Client)(nil)
 
-func NewClientWithOptions(dialer N.Dialer, logger logger.Logger, options option.OutboundMultiplexOptions) (*Client, error) {
+type Client struct {
+	access         sync.Mutex
+	connections    list.List[abstractSession]
+	ctx            context.Context
+	dialer         N.Dialer
+	protocol       Protocol
+	maxConnections int
+	minStreams     int
+	maxStreams     int
+}
+
+func NewClient(ctx context.Context, dialer N.Dialer, protocol Protocol, maxConnections int, minStreams int, maxStreams int) *Client {
+	return &Client{
+		ctx:            ctx,
+		dialer:         dialer,
+		protocol:       protocol,
+		maxConnections: maxConnections,
+		minStreams:     minStreams,
+		maxStreams:     maxStreams,
+	}
+}
+
+func NewClientWithOptions(ctx context.Context, dialer N.Dialer, options option.MultiplexOptions) (N.Dialer, error) {
 	if !options.Enabled {
 		return nil, nil
 	}
-	var brutalOptions mux.BrutalOptions
-	if options.Brutal != nil && options.Brutal.Enabled {
-		brutalOptions = mux.BrutalOptions{
-			Enabled:    true,
-			SendBPS:    uint64(options.Brutal.UpMbps * C.MbpsToBps),
-			ReceiveBPS: uint64(options.Brutal.DownMbps * C.MbpsToBps),
+	if options.MaxConnections == 0 && options.MaxStreams == 0 {
+		options.MinStreams = 8
+	}
+	protocol, err := ParseProtocol(options.Protocol)
+	if err != nil {
+		return nil, err
+	}
+	return NewClient(ctx, dialer, protocol, options.MaxConnections, options.MinStreams, options.MaxStreams), nil
+}
+
+func (c *Client) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	switch N.NetworkName(network) {
+	case N.NetworkTCP:
+		stream, err := c.openStream()
+		if err != nil {
+			return nil, err
 		}
-		if brutalOptions.SendBPS < mux.BrutalMinSpeedBPS {
-			return nil, E.New("brutal: invalid upload speed")
+		return &ClientConn{Conn: stream, destination: destination}, nil
+	case N.NetworkUDP:
+		stream, err := c.openStream()
+		if err != nil {
+			return nil, err
 		}
-		if brutalOptions.ReceiveBPS < mux.BrutalMinSpeedBPS {
-			return nil, E.New("brutal: invalid download speed")
+		return bufio.NewUnbindPacketConn(&ClientPacketConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: destination}), nil
+	default:
+		return nil, E.Extend(N.ErrUnknownNetwork, network)
+	}
+}
+
+func (c *Client) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	stream, err := c.openStream()
+	if err != nil {
+		return nil, err
+	}
+	return &ClientPacketAddrConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: destination}, nil
+}
+
+func (c *Client) openStream() (net.Conn, error) {
+	var (
+		session abstractSession
+		stream  net.Conn
+		err     error
+	)
+	for attempts := 0; attempts < 2; attempts++ {
+		session, err = c.offer()
+		if err != nil {
+			continue
+		}
+		stream, err = session.Open()
+		if err != nil {
+			continue
+		}
+		break
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &wrapStream{stream}, nil
+}
+
+func (c *Client) offer() (abstractSession, error) {
+	c.access.Lock()
+	defer c.access.Unlock()
+
+	sessions := make([]abstractSession, 0, c.maxConnections)
+	for element := c.connections.Front(); element != nil; {
+		if element.Value.IsClosed() {
+			nextElement := element.Next()
+			c.connections.Remove(element)
+			element = nextElement
+			continue
+		}
+		sessions = append(sessions, element.Value)
+		element = element.Next()
+	}
+	sLen := len(sessions)
+	if sLen == 0 {
+		return c.offerNew()
+	}
+	session := common.MinBy(sessions, abstractSession.NumStreams)
+	numStreams := session.NumStreams()
+	if numStreams == 0 {
+		return session, nil
+	}
+	if c.maxConnections > 0 {
+		if sLen >= c.maxConnections || numStreams < c.minStreams {
+			return session, nil
+		}
+	} else {
+		if c.maxStreams > 0 && numStreams < c.maxStreams {
+			return session, nil
 		}
 	}
-	return mux.NewClient(mux.Options{
-		Dialer:         dialer,
-		Logger:         logger,
-		Protocol:       options.Protocol,
-		MaxConnections: options.MaxConnections,
-		MinStreams:     options.MinStreams,
-		MaxStreams:     options.MaxStreams,
-		Padding:        options.Padding,
-		Brutal:         brutalOptions,
-	})
+	return c.offerNew()
+}
+
+func (c *Client) offerNew() (abstractSession, error) {
+	conn, err := c.dialer.DialContext(c.ctx, N.NetworkTCP, Destination)
+	if err != nil {
+		return nil, err
+	}
+	if vectorisedWriter, isVectorised := bufio.CreateVectorisedWriter(conn); isVectorised {
+		conn = &vectorisedProtocolConn{protocolConn{Conn: conn, protocol: c.protocol}, vectorisedWriter}
+	} else {
+		conn = &protocolConn{Conn: conn, protocol: c.protocol}
+	}
+	session, err := c.protocol.newClient(conn)
+	if err != nil {
+		return nil, err
+	}
+	c.connections.PushBack(session)
+	return session, nil
+}
+
+func (c *Client) Close() error {
+	c.access.Lock()
+	defer c.access.Unlock()
+	for _, session := range c.connections.Array() {
+		session.Close()
+	}
+	return nil
+}
+
+type ClientConn struct {
+	net.Conn
+	destination  M.Socksaddr
+	requestWrite bool
+	responseRead bool
+}
+
+func (c *ClientConn) readResponse() error {
+	response, err := ReadStreamResponse(c.Conn)
+	if err != nil {
+		return err
+	}
+	if response.Status == statusError {
+		return E.New("remote error: ", response.Message)
+	}
+	return nil
+}
+
+func (c *ClientConn) Read(b []byte) (n int, err error) {
+	if !c.responseRead {
+		err = c.readResponse()
+		if err != nil {
+			return
+		}
+		c.responseRead = true
+	}
+	return c.Conn.Read(b)
+}
+
+func (c *ClientConn) Write(b []byte) (n int, err error) {
+	if c.requestWrite {
+		return c.Conn.Write(b)
+	}
+	request := StreamRequest{
+		Network:     N.NetworkTCP,
+		Destination: c.destination,
+	}
+	_buffer := buf.StackNewSize(requestLen(request) + len(b))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	EncodeStreamRequest(request, buffer)
+	buffer.Write(b)
+	_, err = c.Conn.Write(buffer.Bytes())
+	if err != nil {
+		return
+	}
+	c.requestWrite = true
+	return len(b), nil
+}
+
+func (c *ClientConn) ReadFrom(r io.Reader) (n int64, err error) {
+	if !c.requestWrite {
+		return bufio.ReadFrom0(c, r)
+	}
+	return bufio.Copy(c.Conn, r)
+}
+
+func (c *ClientConn) WriteTo(w io.Writer) (n int64, err error) {
+	if !c.responseRead {
+		return bufio.WriteTo0(c, w)
+	}
+	return bufio.Copy(w, c.Conn)
+}
+
+func (c *ClientConn) LocalAddr() net.Addr {
+	return c.Conn.LocalAddr()
+}
+
+func (c *ClientConn) RemoteAddr() net.Addr {
+	return c.destination.TCPAddr()
+}
+
+func (c *ClientConn) ReaderReplaceable() bool {
+	return c.responseRead
+}
+
+func (c *ClientConn) WriterReplaceable() bool {
+	return c.requestWrite
+}
+
+func (c *ClientConn) Upstream() any {
+	return c.Conn
+}
+
+type ClientPacketConn struct {
+	N.ExtendedConn
+	destination  M.Socksaddr
+	requestWrite bool
+	responseRead bool
+}
+
+func (c *ClientPacketConn) readResponse() error {
+	response, err := ReadStreamResponse(c.ExtendedConn)
+	if err != nil {
+		return err
+	}
+	if response.Status == statusError {
+		return E.New("remote error: ", response.Message)
+	}
+	return nil
+}
+
+func (c *ClientPacketConn) Read(b []byte) (n int, err error) {
+	if !c.responseRead {
+		err = c.readResponse()
+		if err != nil {
+			return
+		}
+		c.responseRead = true
+	}
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	if cap(b) < int(length) {
+		return 0, io.ErrShortBuffer
+	}
+	return io.ReadFull(c.ExtendedConn, b[:length])
+}
+
+func (c *ClientPacketConn) writeRequest(payload []byte) (n int, err error) {
+	request := StreamRequest{
+		Network:     N.NetworkUDP,
+		Destination: c.destination,
+	}
+	rLen := requestLen(request)
+	if len(payload) > 0 {
+		rLen += 2 + len(payload)
+	}
+	_buffer := buf.StackNewSize(rLen)
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	EncodeStreamRequest(request, buffer)
+	if len(payload) > 0 {
+		common.Must(
+			binary.Write(buffer, binary.BigEndian, uint16(len(payload))),
+			common.Error(buffer.Write(payload)),
+		)
+	}
+	_, err = c.ExtendedConn.Write(buffer.Bytes())
+	if err != nil {
+		return
+	}
+	c.requestWrite = true
+	return len(payload), nil
+}
+
+func (c *ClientPacketConn) Write(b []byte) (n int, err error) {
+	if !c.requestWrite {
+		return c.writeRequest(b)
+	}
+	err = binary.Write(c.ExtendedConn, binary.BigEndian, uint16(len(b)))
+	if err != nil {
+		return
+	}
+	return c.ExtendedConn.Write(b)
+}
+
+func (c *ClientPacketConn) ReadBuffer(buffer *buf.Buffer) (err error) {
+	if !c.responseRead {
+		err = c.readResponse()
+		if err != nil {
+			return
+		}
+		c.responseRead = true
+	}
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
+	return
+}
+
+func (c *ClientPacketConn) WriteBuffer(buffer *buf.Buffer) error {
+	if !c.requestWrite {
+		defer buffer.Release()
+		return common.Error(c.writeRequest(buffer.Bytes()))
+	}
+	bLen := buffer.Len()
+	binary.BigEndian.PutUint16(buffer.ExtendHeader(2), uint16(bLen))
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ClientPacketConn) FrontHeadroom() int {
+	return 2
+}
+
+func (c *ClientPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	err = c.ReadBuffer(buffer)
+	return
+}
+
+func (c *ClientPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	return c.WriteBuffer(buffer)
+}
+
+func (c *ClientPacketConn) LocalAddr() net.Addr {
+	return c.ExtendedConn.LocalAddr()
+}
+
+func (c *ClientPacketConn) RemoteAddr() net.Addr {
+	return c.destination.UDPAddr()
+}
+
+func (c *ClientPacketConn) Upstream() any {
+	return c.ExtendedConn
+}
+
+var _ N.NetPacketConn = (*ClientPacketAddrConn)(nil)
+
+type ClientPacketAddrConn struct {
+	N.ExtendedConn
+	destination  M.Socksaddr
+	requestWrite bool
+	responseRead bool
+}
+
+func (c *ClientPacketAddrConn) readResponse() error {
+	response, err := ReadStreamResponse(c.ExtendedConn)
+	if err != nil {
+		return err
+	}
+	if response.Status == statusError {
+		return E.New("remote error: ", response.Message)
+	}
+	return nil
+}
+
+func (c *ClientPacketAddrConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	if !c.responseRead {
+		err = c.readResponse()
+		if err != nil {
+			return
+		}
+		c.responseRead = true
+	}
+	destination, err := M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
+	if err != nil {
+		return
+	}
+	addr = destination.UDPAddr()
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	if cap(p) < int(length) {
+		return 0, nil, io.ErrShortBuffer
+	}
+	n, err = io.ReadFull(c.ExtendedConn, p[:length])
+	return
+}
+
+func (c *ClientPacketAddrConn) writeRequest(payload []byte, destination M.Socksaddr) (n int, err error) {
+	request := StreamRequest{
+		Network:     N.NetworkUDP,
+		Destination: c.destination,
+		PacketAddr:  true,
+	}
+	rLen := requestLen(request)
+	if len(payload) > 0 {
+		rLen += M.SocksaddrSerializer.AddrPortLen(destination) + 2 + len(payload)
+	}
+	_buffer := buf.StackNewSize(rLen)
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	EncodeStreamRequest(request, buffer)
+	if len(payload) > 0 {
+		common.Must(
+			M.SocksaddrSerializer.WriteAddrPort(buffer, destination),
+			binary.Write(buffer, binary.BigEndian, uint16(len(payload))),
+			common.Error(buffer.Write(payload)),
+		)
+	}
+	_, err = c.ExtendedConn.Write(buffer.Bytes())
+	if err != nil {
+		return
+	}
+	c.requestWrite = true
+	return len(payload), nil
+}
+
+func (c *ClientPacketAddrConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	if !c.requestWrite {
+		return c.writeRequest(p, M.SocksaddrFromNet(addr))
+	}
+	err = M.SocksaddrSerializer.WriteAddrPort(c.ExtendedConn, M.SocksaddrFromNet(addr))
+	if err != nil {
+		return
+	}
+	err = binary.Write(c.ExtendedConn, binary.BigEndian, uint16(len(p)))
+	if err != nil {
+		return
+	}
+	return c.ExtendedConn.Write(p)
+}
+
+func (c *ClientPacketAddrConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	if !c.responseRead {
+		err = c.readResponse()
+		if err != nil {
+			return
+		}
+		c.responseRead = true
+	}
+	destination, err = M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
+	if err != nil {
+		return
+	}
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
+	return
+}
+
+func (c *ClientPacketAddrConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	if !c.requestWrite {
+		defer buffer.Release()
+		return common.Error(c.writeRequest(buffer.Bytes(), destination))
+	}
+	bLen := buffer.Len()
+	header := buf.With(buffer.ExtendHeader(M.SocksaddrSerializer.AddrPortLen(destination) + 2))
+	common.Must(
+		M.SocksaddrSerializer.WriteAddrPort(header, destination),
+		binary.Write(header, binary.BigEndian, uint16(bLen)),
+	)
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ClientPacketAddrConn) LocalAddr() net.Addr {
+	return c.ExtendedConn.LocalAddr()
+}
+
+func (c *ClientPacketAddrConn) FrontHeadroom() int {
+	return 2 + M.MaxSocksaddrLength
+}
+
+func (c *ClientPacketAddrConn) Upstream() any {
+	return c.ExtendedConn
 }

common/mux/protocol.go

@@ -0,0 +1,240 @@
+package mux
+
+import (
+	"encoding/binary"
+	"io"
+	"net"
+
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/rw"
+	"github.com/sagernet/smux"
+
+	"github.com/hashicorp/yamux"
+)
+
+var Destination = M.Socksaddr{
+	Fqdn: "sp.mux.sing-box.arpa",
+	Port: 444,
+}
+
+const (
+	ProtocolSMux Protocol = iota
+	ProtocolYAMux
+)
+
+type Protocol byte
+
+func ParseProtocol(name string) (Protocol, error) {
+	switch name {
+	case "", "smux":
+		return ProtocolSMux, nil
+	case "yamux":
+		return ProtocolYAMux, nil
+	default:
+		return ProtocolYAMux, E.New("unknown multiplex protocol: ", name)
+	}
+}
+
+func (p Protocol) newServer(conn net.Conn) (abstractSession, error) {
+	switch p {
+	case ProtocolSMux:
+		session, err := smux.Server(conn, smuxConfig())
+		if err != nil {
+			return nil, err
+		}
+		return &smuxSession{session}, nil
+	case ProtocolYAMux:
+		return yamux.Server(conn, yaMuxConfig())
+	default:
+		panic("unknown protocol")
+	}
+}
+
+func (p Protocol) newClient(conn net.Conn) (abstractSession, error) {
+	switch p {
+	case ProtocolSMux:
+		session, err := smux.Client(conn, smuxConfig())
+		if err != nil {
+			return nil, err
+		}
+		return &smuxSession{session}, nil
+	case ProtocolYAMux:
+		return yamux.Client(conn, yaMuxConfig())
+	default:
+		panic("unknown protocol")
+	}
+}
+
+func smuxConfig() *smux.Config {
+	config := smux.DefaultConfig()
+	config.KeepAliveDisabled = true
+	return config
+}
+
+func yaMuxConfig() *yamux.Config {
+	config := yamux.DefaultConfig()
+	config.LogOutput = io.Discard
+	config.StreamCloseTimeout = C.TCPTimeout
+	config.StreamOpenTimeout = C.TCPTimeout
+	return config
+}
+
+func (p Protocol) String() string {
+	switch p {
+	case ProtocolSMux:
+		return "smux"
+	case ProtocolYAMux:
+		return "yamux"
+	default:
+		return "unknown"
+	}
+}
+
+const (
+	version0 = 0
+)
+
+type Request struct {
+	Protocol Protocol
+}
+
+func ReadRequest(reader io.Reader) (*Request, error) {
+	version, err := rw.ReadByte(reader)
+	if err != nil {
+		return nil, err
+	}
+	if version != version0 {
+		return nil, E.New("unsupported version: ", version)
+	}
+	protocol, err := rw.ReadByte(reader)
+	if err != nil {
+		return nil, err
+	}
+	if protocol > byte(ProtocolYAMux) {
+		return nil, E.New("unsupported protocol: ", protocol)
+	}
+	return &Request{Protocol: Protocol(protocol)}, nil
+}
+
+func EncodeRequest(buffer *buf.Buffer, request Request) {
+	buffer.WriteByte(version0)
+	buffer.WriteByte(byte(request.Protocol))
+}
+
+const (
+	flagUDP       = 1
+	flagAddr      = 2
+	statusSuccess = 0
+	statusError   = 1
+)
+
+type StreamRequest struct {
+	Network     string
+	Destination M.Socksaddr
+	PacketAddr  bool
+}
+
+func ReadStreamRequest(reader io.Reader) (*StreamRequest, error) {
+	var flags uint16
+	err := binary.Read(reader, binary.BigEndian, &flags)
+	if err != nil {
+		return nil, err
+	}
+	destination, err := M.SocksaddrSerializer.ReadAddrPort(reader)
+	if err != nil {
+		return nil, err
+	}
+	var network string
+	var udpAddr bool
+	if flags&flagUDP == 0 {
+		network = N.NetworkTCP
+	} else {
+		network = N.NetworkUDP
+		udpAddr = flags&flagAddr != 0
+	}
+	return &StreamRequest{network, destination, udpAddr}, nil
+}
+
+func requestLen(request StreamRequest) int {
+	var rLen int
+	rLen += 1 // version
+	rLen += 2 // flags
+	rLen += M.SocksaddrSerializer.AddrPortLen(request.Destination)
+	return rLen
+}
+
+func EncodeStreamRequest(request StreamRequest, buffer *buf.Buffer) {
+	destination := request.Destination
+	var flags uint16
+	if request.Network == N.NetworkUDP {
+		flags |= flagUDP
+	}
+	if request.PacketAddr {
+		flags |= flagAddr
+		if !destination.IsValid() {
+			destination = Destination
+		}
+	}
+	common.Must(
+		binary.Write(buffer, binary.BigEndian, flags),
+		M.SocksaddrSerializer.WriteAddrPort(buffer, destination),
+	)
+}
+
+type StreamResponse struct {
+	Status  uint8
+	Message string
+}
+
+func ReadStreamResponse(reader io.Reader) (*StreamResponse, error) {
+	var response StreamResponse
+	status, err := rw.ReadByte(reader)
+	if err != nil {
+		return nil, err
+	}
+	response.Status = status
+	if status == statusError {
+		response.Message, err = rw.ReadVString(reader)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return &response, nil
+}
+
+type wrapStream struct {
+	net.Conn
+}
+
+func (w *wrapStream) Read(p []byte) (n int, err error) {
+	n, err = w.Conn.Read(p)
+	err = wrapError(err)
+	return
+}
+
+func (w *wrapStream) Write(p []byte) (n int, err error) {
+	n, err = w.Conn.Write(p)
+	err = wrapError(err)
+	return
+}
+
+func (w *wrapStream) WriteIsThreadUnsafe() {
+}
+
+func (w *wrapStream) Upstream() any {
+	return w.Conn
+}
+
+func wrapError(err error) error {
+	switch err {
+	case yamux.ErrStreamClosed:
+		return io.EOF
+	default:
+		return err
+	}
+}

common/mux/router.go

@@ -1,65 +0,0 @@
-package mux
-
-import (
-	"context"
-	"net"
-
-	"github.com/sagernet/sing-box/adapter"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/log"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-mux"
-	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/logger"
-	N "github.com/sagernet/sing/common/network"
-)
-
-type Router struct {
-	router  adapter.ConnectionRouter
-	service *mux.Service
-}
-
-func NewRouterWithOptions(router adapter.ConnectionRouter, logger logger.ContextLogger, options option.InboundMultiplexOptions) (adapter.ConnectionRouter, error) {
-	if !options.Enabled {
-		return router, nil
-	}
-	var brutalOptions mux.BrutalOptions
-	if options.Brutal != nil && options.Brutal.Enabled {
-		brutalOptions = mux.BrutalOptions{
-			Enabled:    true,
-			SendBPS:    uint64(options.Brutal.UpMbps * C.MbpsToBps),
-			ReceiveBPS: uint64(options.Brutal.DownMbps * C.MbpsToBps),
-		}
-		if brutalOptions.SendBPS < mux.BrutalMinSpeedBPS {
-			return nil, E.New("brutal: invalid upload speed")
-		}
-		if brutalOptions.ReceiveBPS < mux.BrutalMinSpeedBPS {
-			return nil, E.New("brutal: invalid download speed")
-		}
-	}
-	service, err := mux.NewService(mux.ServiceOptions{
-		NewStreamContext: func(ctx context.Context, conn net.Conn) context.Context {
-			return log.ContextWithNewID(ctx)
-		},
-		Logger:  logger,
-		Handler: adapter.NewRouteContextHandler(router, logger),
-		Padding: options.Padding,
-		Brutal:  brutalOptions,
-	})
-	if err != nil {
-		return nil, err
-	}
-	return &Router{router, service}, nil
-}
-
-func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
-	if metadata.Destination == mux.Destination {
-		return r.service.NewConnection(adapter.WithContext(ctx, &metadata), conn, adapter.UpstreamMetadata(metadata))
-	} else {
-		return r.router.RouteConnection(ctx, conn, metadata)
-	}
-}
-
-func (r *Router) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
-	return r.router.RoutePacketConnection(ctx, conn, metadata)
-}

common/mux/service.go

@@ -0,0 +1,257 @@
+package mux
+
+import (
+	"context"
+	"encoding/binary"
+	"net"
+
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/rw"
+	"github.com/sagernet/sing/common/task"
+)
+
+func NewConnection(ctx context.Context, router adapter.Router, errorHandler E.Handler, logger log.ContextLogger, conn net.Conn, metadata adapter.InboundContext) error {
+	request, err := ReadRequest(conn)
+	if err != nil {
+		return err
+	}
+	session, err := request.Protocol.newServer(conn)
+	if err != nil {
+		return err
+	}
+	var group task.Group
+	group.Append0(func(ctx context.Context) error {
+		var stream net.Conn
+		for {
+			stream, err = session.Accept()
+			if err != nil {
+				return err
+			}
+			go newConnection(ctx, router, errorHandler, logger, stream, metadata)
+		}
+	})
+	group.Cleanup(func() {
+		session.Close()
+	})
+	return group.Run(ctx)
+}
+
+func newConnection(ctx context.Context, router adapter.Router, errorHandler E.Handler, logger log.ContextLogger, stream net.Conn, metadata adapter.InboundContext) {
+	stream = &wrapStream{stream}
+	request, err := ReadStreamRequest(stream)
+	if err != nil {
+		logger.ErrorContext(ctx, err)
+		return
+	}
+	metadata.Destination = request.Destination
+	if request.Network == N.NetworkTCP {
+		logger.InfoContext(ctx, "inbound multiplex connection to ", metadata.Destination)
+		hErr := router.RouteConnection(ctx, &ServerConn{ExtendedConn: bufio.NewExtendedConn(stream)}, metadata)
+		stream.Close()
+		if hErr != nil {
+			errorHandler.NewError(ctx, hErr)
+		}
+	} else {
+		var packetConn N.PacketConn
+		if !request.PacketAddr {
+			logger.InfoContext(ctx, "inbound multiplex packet connection to ", metadata.Destination)
+			packetConn = &ServerPacketConn{ExtendedConn: bufio.NewExtendedConn(stream), destination: request.Destination}
+		} else {
+			logger.InfoContext(ctx, "inbound multiplex packet connection")
+			packetConn = &ServerPacketAddrConn{ExtendedConn: bufio.NewExtendedConn(stream)}
+		}
+		hErr := router.RoutePacketConnection(ctx, packetConn, metadata)
+		stream.Close()
+		if hErr != nil {
+			errorHandler.NewError(ctx, hErr)
+		}
+	}
+}
+
+var _ N.HandshakeConn = (*ServerConn)(nil)
+
+type ServerConn struct {
+	N.ExtendedConn
+	responseWrite bool
+}
+
+func (c *ServerConn) HandshakeFailure(err error) error {
+	errMessage := err.Error()
+	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	common.Must(
+		buffer.WriteByte(statusError),
+		rw.WriteVString(_buffer, errMessage),
+	)
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerConn) Write(b []byte) (n int, err error) {
+	if c.responseWrite {
+		return c.ExtendedConn.Write(b)
+	}
+	_buffer := buf.StackNewSize(1 + len(b))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	common.Must(
+		buffer.WriteByte(statusSuccess),
+		common.Error(buffer.Write(b)),
+	)
+	_, err = c.ExtendedConn.Write(buffer.Bytes())
+	if err != nil {
+		return
+	}
+	c.responseWrite = true
+	return len(b), nil
+}
+
+func (c *ServerConn) WriteBuffer(buffer *buf.Buffer) error {
+	if c.responseWrite {
+		return c.ExtendedConn.WriteBuffer(buffer)
+	}
+	buffer.ExtendHeader(1)[0] = statusSuccess
+	c.responseWrite = true
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerConn) FrontHeadroom() int {
+	if !c.responseWrite {
+		return 1
+	}
+	return 0
+}
+
+func (c *ServerConn) Upstream() any {
+	return c.ExtendedConn
+}
+
+var (
+	_ N.HandshakeConn = (*ServerPacketConn)(nil)
+	_ N.PacketConn    = (*ServerPacketConn)(nil)
+)
+
+type ServerPacketConn struct {
+	N.ExtendedConn
+	destination   M.Socksaddr
+	responseWrite bool
+}
+
+func (c *ServerPacketConn) HandshakeFailure(err error) error {
+	errMessage := err.Error()
+	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	common.Must(
+		buffer.WriteByte(statusError),
+		rw.WriteVString(_buffer, errMessage),
+	)
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
+	if err != nil {
+		return
+	}
+	destination = c.destination
+	return
+}
+
+func (c *ServerPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	pLen := buffer.Len()
+	common.Must(binary.Write(buf.With(buffer.ExtendHeader(2)), binary.BigEndian, uint16(pLen)))
+	if !c.responseWrite {
+		buffer.ExtendHeader(1)[0] = statusSuccess
+		c.responseWrite = true
+	}
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerPacketConn) Upstream() any {
+	return c.ExtendedConn
+}
+
+func (c *ServerPacketConn) FrontHeadroom() int {
+	if !c.responseWrite {
+		return 3
+	}
+	return 2
+}
+
+var (
+	_ N.HandshakeConn = (*ServerPacketAddrConn)(nil)
+	_ N.PacketConn    = (*ServerPacketAddrConn)(nil)
+)
+
+type ServerPacketAddrConn struct {
+	N.ExtendedConn
+	responseWrite bool
+}
+
+func (c *ServerPacketAddrConn) HandshakeFailure(err error) error {
+	errMessage := err.Error()
+	_buffer := buf.StackNewSize(1 + rw.UVariantLen(uint64(len(errMessage))) + len(errMessage))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	common.Must(
+		buffer.WriteByte(statusError),
+		rw.WriteVString(_buffer, errMessage),
+	)
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerPacketAddrConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
+	destination, err = M.SocksaddrSerializer.ReadAddrPort(c.ExtendedConn)
+	if err != nil {
+		return
+	}
+	var length uint16
+	err = binary.Read(c.ExtendedConn, binary.BigEndian, &length)
+	if err != nil {
+		return
+	}
+	_, err = buffer.ReadFullFrom(c.ExtendedConn, int(length))
+	if err != nil {
+		return
+	}
+	return
+}
+
+func (c *ServerPacketAddrConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
+	pLen := buffer.Len()
+	common.Must(binary.Write(buf.With(buffer.ExtendHeader(2)), binary.BigEndian, uint16(pLen)))
+	common.Must(M.SocksaddrSerializer.WriteAddrPort(buf.With(buffer.ExtendHeader(M.SocksaddrSerializer.AddrPortLen(destination))), destination))
+	if !c.responseWrite {
+		buffer.ExtendHeader(1)[0] = statusSuccess
+		c.responseWrite = true
+	}
+	return c.ExtendedConn.WriteBuffer(buffer)
+}
+
+func (c *ServerPacketAddrConn) Upstream() any {
+	return c.ExtendedConn
+}
+
+func (c *ServerPacketAddrConn) FrontHeadroom() int {
+	if !c.responseWrite {
+		return 3 + M.MaxSocksaddrLength
+	}
+	return 2 + M.MaxSocksaddrLength
+}

common/mux/session.go

@@ -0,0 +1,91 @@
+package mux
+
+import (
+	"io"
+	"net"
+
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/smux"
+)
+
+type abstractSession interface {
+	Open() (net.Conn, error)
+	Accept() (net.Conn, error)
+	NumStreams() int
+	Close() error
+	IsClosed() bool
+}
+
+var _ abstractSession = (*smuxSession)(nil)
+
+type smuxSession struct {
+	*smux.Session
+}
+
+func (s *smuxSession) Open() (net.Conn, error) {
+	return s.OpenStream()
+}
+
+func (s *smuxSession) Accept() (net.Conn, error) {
+	return s.AcceptStream()
+}
+
+type protocolConn struct {
+	net.Conn
+	protocol        Protocol
+	protocolWritten bool
+}
+
+func (c *protocolConn) Write(p []byte) (n int, err error) {
+	if c.protocolWritten {
+		return c.Conn.Write(p)
+	}
+	_buffer := buf.StackNewSize(2 + len(p))
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	EncodeRequest(buffer, Request{
+		Protocol: c.protocol,
+	})
+	common.Must(common.Error(buffer.Write(p)))
+	n, err = c.Conn.Write(buffer.Bytes())
+	if err == nil {
+		n--
+	}
+	c.protocolWritten = true
+	return n, err
+}
+
+func (c *protocolConn) ReadFrom(r io.Reader) (n int64, err error) {
+	if !c.protocolWritten {
+		return bufio.ReadFrom0(c, r)
+	}
+	return bufio.Copy(c.Conn, r)
+}
+
+func (c *protocolConn) Upstream() any {
+	return c.Conn
+}
+
+type vectorisedProtocolConn struct {
+	protocolConn
+	N.VectorisedWriter
+}
+
+func (c *vectorisedProtocolConn) WriteVectorised(buffers []*buf.Buffer) error {
+	if c.protocolWritten {
+		return c.VectorisedWriter.WriteVectorised(buffers)
+	}
+	c.protocolWritten = true
+	_buffer := buf.StackNewSize(2)
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
+	defer buffer.Release()
+	EncodeRequest(buffer, Request{
+		Protocol: c.protocol,
+	})
+	return c.VectorisedWriter.WriteVectorised(append([]*buf.Buffer{buffer}, buffers...))
+}

common/mux/v2ray_legacy.go

@@ -1,32 +0,0 @@
-package mux
-
-import (
-	"context"
-	"net"
-
-	"github.com/sagernet/sing-box/adapter"
-	vmess "github.com/sagernet/sing-vmess"
-	"github.com/sagernet/sing/common/logger"
-	N "github.com/sagernet/sing/common/network"
-)
-
-type V2RayLegacyRouter struct {
-	router adapter.ConnectionRouter
-	logger logger.ContextLogger
-}
-
-func NewV2RayLegacyRouter(router adapter.ConnectionRouter, logger logger.ContextLogger) adapter.ConnectionRouter {
-	return &V2RayLegacyRouter{router, logger}
-}
-
-func (r *V2RayLegacyRouter) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
-	if metadata.Destination.Fqdn == vmess.MuxDestination.Fqdn {
-		r.logger.InfoContext(ctx, "inbound legacy multiplex connection")
-		return vmess.HandleMuxConnection(ctx, conn, adapter.NewRouteHandler(metadata, r.router, r.logger))
-	}
-	return r.router.RouteConnection(ctx, conn, metadata)
-}
-
-func (r *V2RayLegacyRouter) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
-	return r.router.RoutePacketConnection(ctx, conn, metadata)
-}

common/process/searcher.go

@@ -3,12 +3,10 @@ package process
 import (
 	"context"
 	"net/netip"
-	"os/user"
 
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-tun"
 	E "github.com/sagernet/sing/common/exceptions"
-	F "github.com/sagernet/sing/common/format"
 )
 
 type Searcher interface {
@@ -30,15 +28,5 @@ type Info struct {
 }
 
 func FindProcessInfo(searcher Searcher, ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*Info, error) {
-	info, err := searcher.FindProcessInfo(ctx, network, source, destination)
-	if err != nil {
-		return nil, err
-	}
-	if info.UserId != -1 {
-		osUser, _ := user.LookupId(F.ToString(info.UserId))
-		if osUser != nil {
-			info.User = osUser.Username
-		}
-	}
-	return info, nil
+	return findProcessInfo(searcher, ctx, network, source, destination)
 }

common/process/searcher_linux_shared.go

@@ -15,6 +15,7 @@ import (
 	"unicode"
 	"unsafe"
 
+	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
@@ -81,7 +82,9 @@ func resolveSocketByNetlink(network string, source netip.AddrPort, destination n
 		return 0, 0, E.Cause(err, "write netlink request")
 	}
 
-	buffer := buf.New()
+	_buffer := buf.StackNew()
+	defer common.KeepAlive(_buffer)
+	buffer := common.Dup(_buffer)
 	defer buffer.Release()
 
 	n, err := syscall.Read(socket, buffer.FreeBytes())

common/process/searcher_with_name.go

@@ -0,0 +1,25 @@
+//go:build linux && !android
+
+package process
+
+import (
+	"context"
+	"net/netip"
+	"os/user"
+
+	F "github.com/sagernet/sing/common/format"
+)
+
+func findProcessInfo(searcher Searcher, ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*Info, error) {
+	info, err := searcher.FindProcessInfo(ctx, network, source, destination)
+	if err != nil {
+		return nil, err
+	}
+	if info.UserId != -1 {
+		osUser, _ := user.LookupId(F.ToString(info.UserId))
+		if osUser != nil {
+			info.User = osUser.Username
+		}
+	}
+	return info, nil
+}

common/process/searcher_without_name.go

@@ -0,0 +1,12 @@
+//go:build !linux || android
+
+package process
+
+import (
+	"context"
+	"net/netip"
+)
+
+func findProcessInfo(searcher Searcher, ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*Info, error) {
+	return searcher.FindProcessInfo(ctx, network, source, destination)
+}

common/proxyproto/dialer.go

@@ -0,0 +1,50 @@
+package proxyproto
+
+import (
+	"context"
+	"net"
+	"net/netip"
+
+	"github.com/sagernet/sing-box/adapter"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+
+	"github.com/pires/go-proxyproto"
+)
+
+var _ N.Dialer = (*Dialer)(nil)
+
+type Dialer struct {
+	N.Dialer
+}
+
+func (d *Dialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	switch N.NetworkName(network) {
+	case N.NetworkTCP:
+		conn, err := d.Dialer.DialContext(ctx, network, destination)
+		if err != nil {
+			return nil, err
+		}
+		var source M.Socksaddr
+		metadata := adapter.ContextFrom(ctx)
+		if metadata != nil {
+			source = metadata.Source
+		}
+		if !source.IsValid() {
+			source = M.SocksaddrFromNet(conn.LocalAddr())
+		}
+		if destination.Addr.Is6() {
+			source = M.SocksaddrFrom(netip.AddrFrom16(source.Addr.As16()), source.Port)
+		}
+		h := proxyproto.HeaderProxyFromAddrs(1, source.TCPAddr(), destination.TCPAddr())
+		_, err = h.WriteTo(conn)
+		if err != nil {
+			conn.Close()
+			return nil, E.Cause(err, "write proxy protocol header")
+		}
+		return conn, nil
+	default:
+		return d.Dialer.DialContext(ctx, network, destination)
+	}
+}

common/proxyproto/listener.go

@@ -0,0 +1,44 @@
+package proxyproto
+
+import (
+	std_bufio "bufio"
+	"net"
+
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"
+	M "github.com/sagernet/sing/common/metadata"
+
+	"github.com/pires/go-proxyproto"
+)
+
+type Listener struct {
+	net.Listener
+	AcceptNoHeader bool
+}
+
+func (l *Listener) Accept() (net.Conn, error) {
+	conn, err := l.Listener.Accept()
+	if err != nil {
+		return nil, err
+	}
+	bufReader := std_bufio.NewReader(conn)
+	header, err := proxyproto.Read(bufReader)
+	if err != nil && !(l.AcceptNoHeader && err == proxyproto.ErrNoProxyProtocol) {
+		return nil, err
+	}
+	if bufReader.Buffered() > 0 {
+		cache := buf.NewSize(bufReader.Buffered())
+		_, err = cache.ReadFullFrom(bufReader, cache.FreeLen())
+		if err != nil {
+			return nil, err
+		}
+		conn = bufio.NewCachedConn(conn, cache)
+	}
+	if header != nil {
+		return &bufio.AddrConn{Conn: conn, Metadata: M.Metadata{
+			Source:      M.SocksaddrFromNet(header.SourceAddr).Unwrap(),
+			Destination: M.SocksaddrFromNet(header.DestinationAddr).Unwrap(),
+		}}, nil
+	}
+	return conn, nil
+}

common/settings/proxy_android.go

@@ -1,73 +1,43 @@
 package settings
 
 import (
-	"context"
 	"os"
 	"strings"
 
+	"github.com/sagernet/sing-box/adapter"
 	C "github.com/sagernet/sing-box/constant"
-	E "github.com/sagernet/sing/common/exceptions"
+	"github.com/sagernet/sing/common"
 	F "github.com/sagernet/sing/common/format"
-	M "github.com/sagernet/sing/common/metadata"
-	"github.com/sagernet/sing/common/shell"
 )
 
-type AndroidSystemProxy struct {
-	useRish      bool
-	rishPath     string
-	serverAddr   M.Socksaddr
-	supportSOCKS bool
-	isEnabled    bool
-}
+var (
+	useRish  bool
+	rishPath string
+)
 
-func NewSystemProxy(ctx context.Context, serverAddr M.Socksaddr, supportSOCKS bool) (*AndroidSystemProxy, error) {
+func init() {
 	userId := os.Getuid()
-	var (
-		useRish  bool
-		rishPath string
-	)
 	if userId == 0 || userId == 1000 || userId == 2000 {
 		useRish = false
 	} else {
 		rishPath, useRish = C.FindPath("rish")
-		if !useRish {
-			return nil, E.Cause(os.ErrPermission, "root or system (adb) permission is required for set system proxy")
-		}
 	}
-	return &AndroidSystemProxy{
-		useRish:      useRish,
-		rishPath:     rishPath,
-		serverAddr:   serverAddr,
-		supportSOCKS: supportSOCKS,
+}
+
+func runAndroidShell(name string, args ...string) error {
+	if !useRish {
+		return common.Exec(name, args...).Attach().Run()
+	} else {
+		return common.Exec("sh", rishPath, "-c", F.ToString(name, " ", strings.Join(args, " "))).Attach().Run()
+	}
+}
+
+func SetSystemProxy(router adapter.Router, port uint16, isMixed bool) (func() error, error) {
+	err := runAndroidShell("settings", "put", "global", "http_proxy", F.ToString("127.0.0.1:", port))
+	if err != nil {
+		return nil, err
+	}
+	return func() error {
+		return runAndroidShell("settings", "put", "global", "http_proxy", ":0")
 	}, nil
 }
-
-func (p *AndroidSystemProxy) IsEnabled() bool {
-	return p.isEnabled
-}
-
-func (p *AndroidSystemProxy) Enable() error {
-	err := p.runAndroidShell("settings", "put", "global", "http_proxy", p.serverAddr.String())
-	if err != nil {
-		return err
-	}
-	p.isEnabled = true
-	return nil
-}
-
-func (p *AndroidSystemProxy) Disable() error {
-	err := p.runAndroidShell("settings", "put", "global", "http_proxy", ":0")
-	if err != nil {
-		return err
-	}
-	p.isEnabled = false
-	return nil
-}
-
-func (p *AndroidSystemProxy) runAndroidShell(name string, args ...string) error {
-	if !p.useRish {
-		return shell.Exec(name, args...).Attach().Run()
-	} else {
-		return shell.Exec("sh", p.rishPath, "-c", F.ToString(name, " ", strings.Join(args, " "))).Attach().Run()
-	}
-}

common/settings/proxy_darwin.go

@@ -1,113 +1,69 @@
 package settings
 
 import (
-	"context"
 	"net/netip"
-	"strconv"
 	"strings"
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-tun"
+	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	"github.com/sagernet/sing/common/shell"
+	F "github.com/sagernet/sing/common/format"
 	"github.com/sagernet/sing/common/x/list"
 )
 
-type DarwinSystemProxy struct {
+type systemProxy struct {
 	monitor       tun.DefaultInterfaceMonitor
 	interfaceName string
 	element       *list.Element[tun.DefaultInterfaceUpdateCallback]
-	serverAddr    M.Socksaddr
-	supportSOCKS  bool
-	isEnabled     bool
+	port          uint16
+	isMixed       bool
 }
 
-func NewSystemProxy(ctx context.Context, serverAddr M.Socksaddr, supportSOCKS bool) (*DarwinSystemProxy, error) {
-	interfaceMonitor := adapter.RouterFromContext(ctx).InterfaceMonitor()
-	if interfaceMonitor == nil {
-		return nil, E.New("missing interface monitor")
-	}
-	proxy := &DarwinSystemProxy{
-		monitor:      interfaceMonitor,
-		serverAddr:   serverAddr,
-		supportSOCKS: supportSOCKS,
-	}
-	proxy.element = interfaceMonitor.RegisterCallback(proxy.update)
-	return proxy, nil
-}
-
-func (p *DarwinSystemProxy) IsEnabled() bool {
-	return p.isEnabled
-}
-
-func (p *DarwinSystemProxy) Enable() error {
-	return p.update0()
-}
-
-func (p *DarwinSystemProxy) Disable() error {
-	interfaceDisplayName, err := getInterfaceDisplayName(p.interfaceName)
-	if err != nil {
-		return err
-	}
-	if p.supportSOCKS {
-		err = shell.Exec("networksetup", "-setsocksfirewallproxystate", interfaceDisplayName, "off").Attach().Run()
-	}
-	if err == nil {
-		err = shell.Exec("networksetup", "-setwebproxystate", interfaceDisplayName, "off").Attach().Run()
-	}
-	if err == nil {
-		err = shell.Exec("networksetup", "-setsecurewebproxystate", interfaceDisplayName, "off").Attach().Run()
-	}
-	if err == nil {
-		p.isEnabled = false
-	}
-	return err
-}
-
-func (p *DarwinSystemProxy) update(event int) {
-	if event&tun.EventInterfaceUpdate == 0 {
-		return
-	}
-	if !p.isEnabled {
-		return
-	}
-	_ = p.update0()
-}
-
-func (p *DarwinSystemProxy) update0() error {
+func (p *systemProxy) update(event int) error {
 	newInterfaceName := p.monitor.DefaultInterfaceName(netip.IPv4Unspecified())
 	if p.interfaceName == newInterfaceName {
 		return nil
 	}
 	if p.interfaceName != "" {
-		_ = p.Disable()
+		_ = p.unset()
 	}
 	p.interfaceName = newInterfaceName
 	interfaceDisplayName, err := getInterfaceDisplayName(p.interfaceName)
 	if err != nil {
 		return err
 	}
-	if p.supportSOCKS {
-		err = shell.Exec("networksetup", "-setsocksfirewallproxy", interfaceDisplayName, p.serverAddr.AddrString(), strconv.Itoa(int(p.serverAddr.Port))).Attach().Run()
+	if p.isMixed {
+		err = common.Exec("networksetup", "-setsocksfirewallproxy", interfaceDisplayName, "127.0.0.1", F.ToString(p.port)).Attach().Run()
 	}
+	if err == nil {
+		err = common.Exec("networksetup", "-setwebproxy", interfaceDisplayName, "127.0.0.1", F.ToString(p.port)).Attach().Run()
+	}
+	if err == nil {
+		err = common.Exec("networksetup", "-setsecurewebproxy", interfaceDisplayName, "127.0.0.1", F.ToString(p.port)).Attach().Run()
+	}
+	return err
+}
+
+func (p *systemProxy) unset() error {
+	interfaceDisplayName, err := getInterfaceDisplayName(p.interfaceName)
 	if err != nil {
 		return err
 	}
-	err = shell.Exec("networksetup", "-setwebproxy", interfaceDisplayName, p.serverAddr.AddrString(), strconv.Itoa(int(p.serverAddr.Port))).Attach().Run()
-	if err != nil {
-		return err
+	if p.isMixed {
+		err = common.Exec("networksetup", "-setsocksfirewallproxystate", interfaceDisplayName, "off").Attach().Run()
 	}
-	err = shell.Exec("networksetup", "-setsecurewebproxy", interfaceDisplayName, p.serverAddr.AddrString(), strconv.Itoa(int(p.serverAddr.Port))).Attach().Run()
-	if err != nil {
-		return err
+	if err == nil {
+		err = common.Exec("networksetup", "-setwebproxystate", interfaceDisplayName, "off").Attach().Run()
 	}
-	p.isEnabled = true
-	return nil
+	if err == nil {
+		err = common.Exec("networksetup", "-setsecurewebproxystate", interfaceDisplayName, "off").Attach().Run()
+	}
+	return err
 }
 
 func getInterfaceDisplayName(name string) (string, error) {
-	content, err := shell.Exec("networksetup", "-listallhardwareports").ReadOutput()
+	content, err := common.Exec("networksetup", "-listallhardwareports").Read()
 	if err != nil {
 		return "", err
 	}
@@ -121,3 +77,24 @@ func getInterfaceDisplayName(name string) (string, error) {
 	}
 	return "", E.New(name, " not found in networksetup -listallhardwareports")
 }
+
+func SetSystemProxy(router adapter.Router, port uint16, isMixed bool) (func() error, error) {
+	interfaceMonitor := router.InterfaceMonitor()
+	if interfaceMonitor == nil {
+		return nil, E.New("missing interface monitor")
+	}
+	proxy := &systemProxy{
+		monitor: interfaceMonitor,
+		port:    port,
+		isMixed: isMixed,
+	}
+	err := proxy.update(tun.EventInterfaceUpdate)
+	if err != nil {
+		return nil, err
+	}
+	proxy.element = interfaceMonitor.RegisterCallback(proxy.update)
+	return func() error {
+		interfaceMonitor.UnregisterCallback(proxy.element)
+		return proxy.unset()
+	}, nil
+}

common/settings/proxy_linux.go

@@ -3,161 +3,74 @@
 package settings
 
 import (
-	"context"
 	"os"
 	"os/exec"
 	"strings"
 
+	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	F "github.com/sagernet/sing/common/format"
-	M "github.com/sagernet/sing/common/metadata"
-	"github.com/sagernet/sing/common/shell"
 )
 
-type LinuxSystemProxy struct {
-	hasGSettings     bool
-	hasKWriteConfig5 bool
-	sudoUser         string
-	serverAddr       M.Socksaddr
-	supportSOCKS     bool
-	isEnabled        bool
-}
+var (
+	hasGSettings bool
+	sudoUser     string
+)
 
-func NewSystemProxy(ctx context.Context, serverAddr M.Socksaddr, supportSOCKS bool) (*LinuxSystemProxy, error) {
-	hasGSettings := common.Error(exec.LookPath("gsettings")) == nil
-	hasKWriteConfig5 := common.Error(exec.LookPath("kwriteconfig5")) == nil
-	var sudoUser string
+func init() {
+	hasGSettings = common.Error(exec.LookPath("gsettings")) == nil
 	if os.Getuid() == 0 {
 		sudoUser = os.Getenv("SUDO_USER")
 	}
-	if !hasGSettings && !hasKWriteConfig5 {
-		return nil, E.New("unsupported desktop environment")
-	}
-	return &LinuxSystemProxy{
-		hasGSettings:     hasGSettings,
-		hasKWriteConfig5: hasKWriteConfig5,
-		sudoUser:         sudoUser,
-		serverAddr:       serverAddr,
-		supportSOCKS:     supportSOCKS,
-	}, nil
 }
 
-func (p *LinuxSystemProxy) IsEnabled() bool {
-	return p.isEnabled
-}
-
-func (p *LinuxSystemProxy) Enable() error {
-	if p.hasGSettings {
-		err := p.runAsUser("gsettings", "set", "org.gnome.system.proxy.http", "enabled", "true")
-		if err != nil {
-			return err
-		}
-		if p.supportSOCKS {
-			err = p.setGnomeProxy("ftp", "http", "https", "socks")
-		} else {
-			err = p.setGnomeProxy("http", "https")
-		}
-		if err != nil {
-			return err
-		}
-		err = p.runAsUser("gsettings", "set", "org.gnome.system.proxy", "use-same-proxy", F.ToString(p.supportSOCKS))
-		if err != nil {
-			return err
-		}
-		err = p.runAsUser("gsettings", "set", "org.gnome.system.proxy", "mode", "manual")
-		if err != nil {
-			return err
-		}
-	}
-	if p.hasKWriteConfig5 {
-		err := p.runAsUser("kwriteconfig5", "--file", "kioslaverc", "--group", "Proxy Settings", "--key", "ProxyType", "1")
-		if err != nil {
-			return err
-		}
-		if p.supportSOCKS {
-			err = p.setKDEProxy("ftp", "http", "https", "socks")
-		} else {
-			err = p.setKDEProxy("http", "https")
-		}
-		if err != nil {
-			return err
-		}
-		err = p.runAsUser("kwriteconfig5", "--file", "kioslaverc", "--group", "Proxy Settings", "--key", "Authmode", "0")
-		if err != nil {
-			return err
-		}
-		err = p.runAsUser("dbus-send", "--type=signal", "/KIO/Scheduler", "org.kde.KIO.Scheduler.reparseSlaveConfiguration", "string:''")
-		if err != nil {
-			return err
-		}
-	}
-	p.isEnabled = true
-	return nil
-}
-
-func (p *LinuxSystemProxy) Disable() error {
-	if p.hasGSettings {
-		err := p.runAsUser("gsettings", "set", "org.gnome.system.proxy", "mode", "none")
-		if err != nil {
-			return err
-		}
-	}
-	if p.hasKWriteConfig5 {
-		err := p.runAsUser("kwriteconfig5", "--file", "kioslaverc", "--group", "Proxy Settings", "--key", "ProxyType", "0")
-		if err != nil {
-			return err
-		}
-		err = p.runAsUser("dbus-send", "--type=signal", "/KIO/Scheduler", "org.kde.KIO.Scheduler.reparseSlaveConfiguration", "string:''")
-		if err != nil {
-			return err
-		}
-	}
-	p.isEnabled = false
-	return nil
-}
-
-func (p *LinuxSystemProxy) runAsUser(name string, args ...string) error {
+func runAsUser(name string, args ...string) error {
 	if os.Getuid() != 0 {
-		return shell.Exec(name, args...).Attach().Run()
-	} else if p.sudoUser != "" {
-		return shell.Exec("su", "-", p.sudoUser, "-c", F.ToString(name, " ", strings.Join(args, " "))).Attach().Run()
+		return common.Exec(name, args...).Attach().Run()
+	} else if sudoUser != "" {
+		return common.Exec("su", "-", sudoUser, "-c", F.ToString(name, " ", strings.Join(args, " "))).Attach().Run()
 	} else {
 		return E.New("set system proxy: unable to set as root")
 	}
 }
 
-func (p *LinuxSystemProxy) setGnomeProxy(proxyTypes ...string) error {
-	for _, proxyType := range proxyTypes {
-		err := p.runAsUser("gsettings", "set", "org.gnome.system.proxy."+proxyType, "host", p.serverAddr.AddrString())
-		if err != nil {
-			return err
-		}
-		err = p.runAsUser("gsettings", "set", "org.gnome.system.proxy."+proxyType, "port", F.ToString(p.serverAddr.Port))
-		if err != nil {
-			return err
-		}
+func SetSystemProxy(router adapter.Router, port uint16, isMixed bool) (func() error, error) {
+	if !hasGSettings {
+		return nil, E.New("unsupported desktop environment")
 	}
-	return nil
+	err := runAsUser("gsettings", "set", "org.gnome.system.proxy.http", "enabled", "true")
+	if err != nil {
+		return nil, err
+	}
+	if isMixed {
+		err = setGnomeProxy(port, "ftp", "http", "https", "socks")
+	} else {
+		err = setGnomeProxy(port, "http", "https")
+	}
+	if err != nil {
+		return nil, err
+	}
+	err = runAsUser("gsettings", "set", "org.gnome.system.proxy", "use-same-proxy", F.ToString(isMixed))
+	if err != nil {
+		return nil, err
+	}
+	err = runAsUser("gsettings", "set", "org.gnome.system.proxy", "mode", "manual")
+	if err != nil {
+		return nil, err
+	}
+	return func() error {
+		return runAsUser("gsettings", "set", "org.gnome.system.proxy", "mode", "none")
+	}, nil
 }
 
-func (p *LinuxSystemProxy) setKDEProxy(proxyTypes ...string) error {
+func setGnomeProxy(port uint16, proxyTypes ...string) error {
 	for _, proxyType := range proxyTypes {
-		var proxyUrl string
-		if proxyType == "socks" {
-			proxyUrl = "socks://" + p.serverAddr.String()
-		} else {
-			proxyUrl = "http://" + p.serverAddr.String()
+		err := runAsUser("gsettings", "set", "org.gnome.system.proxy."+proxyType, "host", "127.0.0.1")
+		if err != nil {
+			return err
 		}
-		err := p.runAsUser(
-			"kwriteconfig5",
-			"--file",
-			"kioslaverc",
-			"--group",
-			"Proxy Settings",
-			"--key", proxyType+"Proxy",
-			proxyUrl,
-		)
+		err = runAsUser("gsettings", "set", "org.gnome.system.proxy."+proxyType, "port", F.ToString(port))
 		if err != nil {
 			return err
 		}