Bump version

Fix Makefile
Fix darwin interface monitor
2026-04-16 05:39:08 +10:00 · 2024-03-16 12:05:58 +08:00 · 2024-03-15 18:06:37 +08:00 · 2024-03-15 18:06:37 +08:00 · 2024-03-15 18:06:37 +08:00 · 2024-03-15 18:06:37 +08:00
193 changed files with 2239 additions and 1305 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+github: nekohasekai
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -61,7 +61,28 @@ body:
    attributes:
      label: Logs
      description: |-
-        If you encounter a crash with the graphical client, please provide crash logs.
+        In addition, if you encounter a crash with the graphical client, please also provide crash logs.
        For Apple platform clients, please check `Settings - View Service Log` for crash logs.
        For the Android client, please check the `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` file for crash logs.
-      render: shell
+      render: shell
+  - type: checkboxes
+    id: supporter
+    attributes:
+      label: Supporter
+      options:
+        - label: I am a [sponsor](https://github.com/sponsors/nekohasekai/)
+  - type: checkboxes
+    attributes:
+      label: Integrity requirements
+      description: |-
+        Please check all of the following options to prove that you have read and understood the requirements, otherwise this issue will be closed.
+        Sing-box is not a project aimed to please users who can't make any meaningful contributions and gain unethical influence. If you deceive here to deliberately waste the time of the developers, you will be permanently blocked.
+      options:
+        - label: I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
+          required: true
+        - label: I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
+          required: true
+        - label: I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
+          required: true
+        - label: I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.
+          required: true
--- a/.github/ISSUE_TEMPLATE/bug_report_zh.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report_zh.yml
@@ -61,21 +61,28 @@ body:
    attributes:
      label: 日志
      description: |-
-        如果您遭遇图形界面应用程序崩溃，请提供崩溃日志。
+        此外，如果您遭遇图形界面应用程序崩溃，请附加提供崩溃日志。
        对于 Apple 平台图形客户端程序，请检查 `Settings - View Service Log` 以导出崩溃日志。
        对于 Android 图形客户端程序，请检查 `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` 文件以导出崩溃日志。
      render: shell
  - type: checkboxes
+    id: supporter
    attributes:
-      label: 完整性要求
-      description: 我保证我提供了完整的可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件，否则该 issue 将被关闭。
+      label: 支持我们
      options:
-        - label: 我保证
-          required: true
+        - label: 我已经 [赞助](https://github.com/sponsors/nekohasekai/)
  - type: checkboxes
    attributes:
-      label: 负责性要求
-      description: 我保证我阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值，否则该 issue 将被关闭。
+      label: 完整性要求
+      description: |-
+        请勾选以下所有选项以证明您已经阅读并理解了以下要求，否则该 issue 将被关闭。
+        sing-box 不是讨好无法作出任何意义上的贡献的最终用户并获取非道德影响力的项目，如果您在此处欺骗以故意浪费开发者的时间，您将被永久封锁。
      options:
-        - label: 我保证
-          required: true
+        - label: 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
+          required: true
+        - label: 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
+          required: true
+        - label: 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
+          required: true
+        - label: 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。
+          required: true
--- a/.github/update_clients.sh
+++ b/.github/update_clients.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+PROJECTS=$(dirname "$0")/../..
+
+function updateClient() {
+  pushd clients/$1
+  git fetch
+  git reset FETCH_HEAD --hard
+  popd
+  git add clients/$1
+}
+
+updateClient "apple"
+updateClient "android"
--- a/.github/workflows/debug.yml
+++ b/.github/workflows/debug.yml
@@ -25,22 +25,10 @@ jobs:
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
        with:
          fetch-depth: 0
-      - name: Get latest go version
-        id: version
-        run: |
-          echo go_version=$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g') >> $GITHUB_OUTPUT
      - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
        with:
-          go-version: ${{ steps.version.outputs.go_version }}
-      - name: Add cache to Go proxy
-        run: |
-          version=`git rev-parse HEAD`
-          mkdir build
-          pushd build
-          go mod init build
-          go get -v github.com/sagernet/sing-box@$version
-          popd
+          go-version: ^1.22
        continue-on-error: true
      - name: Run Test
        run: |
@@ -54,11 +42,11 @@ jobs:
        with:
          fetch-depth: 0
      - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
        with:
-          go-version: 1.18.10
+          go-version: ~1.18
      - name: Cache go module
-        uses: actions/cache@v3
+        uses: actions/cache@v4
        with:
          path: |
            ~/go/pkg/mod
@@ -74,15 +62,35 @@ jobs:
        with:
          fetch-depth: 0
      - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
        with:
-          go-version: 1.20.7
+          go-version: ~1.20
      - name: Cache go module
-        uses: actions/cache@v3
+        uses: actions/cache@v4
        with:
          path: |
            ~/go/pkg/mod
-          key: go118-${{ hashFiles('**/go.sum') }}
+          key: go120-${{ hashFiles('**/go.sum') }}
+      - name: Run Test
+        run: make ci_build_go120
+  build_go121:
+    name: Debug build (Go 1.21)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        with:
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ~1.21
+      - name: Cache go module
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/go/pkg/mod
+          key: go121-${{ hashFiles('**/go.sum') }}
      - name: Run Test
        run: make ci_build
  cross:
@@ -188,8 +196,7 @@ jobs:
          - name: freebsd-arm64
            goos: freebsd
            goarch: arm64
-
-      fail-fast: false
+      fail-fast: true
    runs-on: ubuntu-latest
    env:
      GOOS: ${{ matrix.goos }}
@@ -204,19 +211,10 @@ jobs:
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
        with:
          fetch-depth: 0
-      - name: Get latest go version
-        id: version
-        run: |
-          echo go_version=$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g') >> $GITHUB_OUTPUT
      - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
        with:
-          go-version: ${{ steps.version.outputs.go_version }}
+          go-version: ^1.21
      - name: Build
        id: build
-        run: make
-      - name: Upload artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: sing-box-${{ matrix.name }}
-          path: sing-box*
+        run: make
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -1,9 +1,10 @@
 name: Build Docker Images
+
 on:
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: "The tag version you want to build"
+  release:
+    types:
+      - released
+
 jobs:
  build:
    runs-on: ubuntu-latest
@@ -25,15 +26,6 @@ jobs:
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/sagernet/sing-box
-      - name: Get tag to build
-        id: tag
-        run: |
-          echo "latest=ghcr.io/sagernet/sing-box:latest" >> $GITHUB_OUTPUT
-          if [[ -z "${{ github.event.inputs.tag }}" ]]; then
-            echo "versioned=ghcr.io/sagernet/sing-box:${{ github.ref_name }}" >> $GITHUB_OUTPUT
-          else
-            echo "versioned=ghcr.io/sagernet/sing-box:${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
-          fi
      - name: Build and release Docker images
        uses: docker/build-push-action@v5
        with:
@@ -42,6 +34,6 @@ jobs:
          build-args: |
            BUILDKIT_CONTEXT_KEEP_GIT_DIR=1
          tags: |
-            ${{ steps.tag.outputs.latest }}
-            ${{ steps.tag.outputs.versioned }}
+            ghcr.io/sagernet/sing-box:latest
+            ghcr.io/sagernet/sing-box:${{ github.ref_name }}
          push: true
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -25,16 +25,12 @@ jobs:
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
        with:
          fetch-depth: 0
-      - name: Get latest go version
-        id: version
-        run: |
-          echo go_version=$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g') >> $GITHUB_OUTPUT
      - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
        with:
-          go-version: ${{ steps.version.outputs.go_version }}
+          go-version: ^1.22
      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v4
        with:
          version: latest
          args: --timeout=30m
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -0,0 +1,28 @@
+name: Release to Linux repository
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        with:
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ^1.22
+      - name: Publish release
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser-pro
+          version: latest
+          args: goreleaser release -f .goreleaser.fury.yaml --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -8,7 +8,7 @@ jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@v8
+      - uses: actions/stale@v9
        with:
          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days'
          days-before-stale: 60
--- a/.gitmodules
+++ b/.gitmodules
@@ -0,0 +1,6 @@
+[submodule "clients/apple"]
+	path = clients/apple
+	url = https://github.com/SagerNet/sing-box-for-apple.git
+[submodule "clients/android"]
+	path = clients/android
+	url = https://github.com/SagerNet/sing-box-for-android.git
--- a/.goreleaser.fury.yaml
+++ b/.goreleaser.fury.yaml
@@ -0,0 +1,80 @@
+project_name: sing-box
+builds:
+  - id: main
+    main: ./cmd/sing-box
+    flags:
+      - -v
+      - -trimpath
+    ldflags:
+      - -X github.com/sagernet/sing-box/constant.Version={{ .Version }} -s -w -buildid=
+    tags:
+      - with_gvisor
+      - with_quic
+      - with_dhcp
+      - with_wireguard
+      - with_ech
+      - with_utls
+      - with_reality_server
+      - with_acme
+      - with_clash_api
+    env:
+      - CGO_ENABLED=0
+    targets:
+      - linux_386
+      - linux_amd64_v1
+      - linux_arm64
+      - linux_arm_7
+      - linux_s390x
+      - linux_riscv64
+    mod_timestamp: '{{ .CommitTimestamp }}'
+snapshot:
+  name_template: "{{ .Version }}.{{ .ShortCommit }}"
+nfpms:
+  - &template
+    id: package
+    package_name: sing-box
+    file_name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
+    builds:
+      - main
+    vendor: sagernet
+    homepage: https://sing-box.sagernet.org/
+    maintainer: nekohasekai <contact-git@sekai.icu>
+    description: The universal proxy platform.
+    license: GPLv3 or later
+    formats:
+      - deb
+      - rpm
+    priority: extra
+    contents:
+      - src: release/config/config.json
+        dst: /etc/sing-box/config.json
+        type: config
+      - src: release/config/sing-box.service
+        dst: /etc/systemd/system/sing-box.service
+      - src: release/config/sing-box@.service
+        dst: /etc/systemd/system/sing-box@.service
+      - src: LICENSE
+        dst: /usr/share/licenses/sing-box/LICENSE
+    conflicts:
+      - sing-box-beta
+  - id: package_beta
+    <<: *template
+    package_name: sing-box-beta
+    formats:
+      - deb
+      - rpm
+    conflicts:
+      - sing-box
+release:
+  disable: true
+furies:
+  - account: sagernet
+    ids:
+      - package
+    skip: |-
+      {{ eq .Prerelease "" }}
+  - account: sagernet
+    ids:
+      - package_beta
+    skip: |-
+      {{ ne .Prerelease "" }}
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,14 +1,11 @@
 project_name: sing-box
 builds:
-  - id: main
+  - &template
+    id: main
    main: ./cmd/sing-box
    flags:
      - -v
      - -trimpath
-    asmflags:
-      - all=-trimpath={{.Env.GOPATH}}
-    gcflags:
-      - all=-trimpath={{.Env.GOPATH}}
    ldflags:
      - -X github.com/sagernet/sing-box/constant.Version={{ .Version }} -s -w -buildid=
    tags:
@@ -30,65 +27,35 @@ builds:
      - linux_arm64
      - linux_arm_7
      - linux_s390x
+      - linux_riscv64
      - windows_amd64_v1
      - windows_amd64_v3
      - windows_386
      - windows_arm64
      - darwin_amd64_v1
-      - darwin_amd64_v3
      - darwin_arm64
    mod_timestamp: '{{ .CommitTimestamp }}'
  - id: legacy
-    main: ./cmd/sing-box
-    flags:
-      - -v
-      - -trimpath
-    asmflags:
-      - all=-trimpath={{.Env.GOPATH}}
-    gcflags:
-      - all=-trimpath={{.Env.GOPATH}}
-    ldflags:
-      - -X github.com/sagernet/sing-box/constant.Version={{ .Version }} -s -w -buildid=
+    <<: *template
    tags:
      - with_gvisor
      - with_quic
      - with_dhcp
      - with_wireguard
-      - with_ech
      - with_utls
      - with_reality_server
      - with_acme
      - with_clash_api
    env:
      - CGO_ENABLED=0
-      - GOROOT=/nix/store/kg6i737jjqs923jcijnm003h68c1dghj-go-1.20.11/share/go
-    gobinary: /nix/store/kg6i737jjqs923jcijnm003h68c1dghj-go-1.20.11/bin/go
+      - GOROOT=/nix/store/cpfvjwc7d5hai3iar78h86iwnvgppjrg-go-1.20.14/share/go
+    gobinary: /nix/store/cpfvjwc7d5hai3iar78h86iwnvgppjrg-go-1.20.14/bin/go
    targets:
      - windows_amd64_v1
      - windows_386
      - darwin_amd64_v1
-    mod_timestamp: '{{ .CommitTimestamp }}'
  - id: android
-    main: ./cmd/sing-box
-    flags:
-      - -v
-      - -trimpath
-    asmflags:
-      - all=-trimpath={{.Env.GOPATH}}
-    gcflags:
-      - all=-trimpath={{.Env.GOPATH}}
-    ldflags:
-      - -X github.com/sagernet/sing-box/constant.Version={{ .Version }} -s -w -buildid=
-    tags:
-      - with_gvisor
-      - with_quic
-      - with_dhcp
-      - with_wireguard
-      - with_ech
-      - with_utls
-      - with_reality_server
-      - with_acme
-      - with_clash_api
+    <<: *template
    env:
      - CGO_ENABLED=1
    overrides:
@@ -96,8 +63,8 @@ builds:
        goarch: arm
        goarm: 7
        env:
-          - CC=armv7a-linux-androideabi19-clang
-          - CXX=armv7a-linux-androideabi19-clang++
+          - CC=armv7a-linux-androideabi21-clang
+          - CXX=armv7a-linux-androideabi21-clang++
      - goos: android
        goarch: arm64
        env:
@@ -106,8 +73,8 @@ builds:
      - goos: android
        goarch: 386
        env:
-          - CC=i686-linux-android19-clang
-          - CXX=i686-linux-android19-clang++
+          - CC=i686-linux-android21-clang
+          - CXX=i686-linux-android21-clang++
      - goos: android
        goarch: amd64
        goamd64: v1
@@ -119,11 +86,11 @@ builds:
      - android_arm64
      - android_386
      - android_amd64
-    mod_timestamp: '{{ .CommitTimestamp }}'
 snapshot:
  name_template: "{{ .Version }}.{{ .ShortCommit }}"
 archives:
-  - id: archive
+  - &template
+    id: archive
    builds:
      - main
      - android
@@ -136,20 +103,16 @@ archives:
      - LICENSE
    name_template: '{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
  - id: archive-legacy
+    <<: *template
    builds:
      - legacy
-    format: tar.gz
-    format_overrides:
-      - goos: windows
-        format: zip
-    wrap_in_directory: true
-    files:
-      - LICENSE
    name_template: '{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}-legacy'
 nfpms:
  - id: package
    package_name: sing-box
    file_name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
+    builds:
+      - main
    vendor: sagernet
    homepage: https://sing-box.sagernet.org/
    maintainer: nekohasekai <contact-git@sekai.icu>
@@ -170,6 +133,20 @@ nfpms:
        dst: /etc/systemd/system/sing-box@.service
      - src: LICENSE
        dst: /usr/share/licenses/sing-box/LICENSE
+    deb:
+      signature:
+        key_file: "{{ .Env.NFPM_KEY_PATH }}"
+    rpm:
+      signature:
+        key_file: "{{ .Env.NFPM_KEY_PATH }}"
+    overrides:
+      deb:
+        conflicts:
+          - sing-box-beta
+      rpm:
+        conflicts:
+          - sing-box-beta
+
 source:
  enabled: false
  name_template: '{{ .ProjectName }}-{{ .Version }}.source'
@@ -183,6 +160,10 @@ release:
  github:
    owner: SagerNet
    name: sing-box
-  name_template: '{{ if .IsSnapshot }}{{ nightly }}{{ else }}{{ .Version }}{{ end }}'
  draft: true
-  mode: replace
+  prerelease: auto
+  mode: replace
+  ids:
+    - archive
+    - package
+  skip_upload: true
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM golang:1.21-alpine AS builder
+FROM --platform=$BUILDPLATFORM golang:1.22-alpine AS builder
 LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
 COPY . /go/src/github.com/sagernet/sing-box
 WORKDIR /go/src/github.com/sagernet/sing-box
--- a/32
+++ b/32
@@ -1,8 +1,9 @@
 NAME = sing-box
 COMMIT = $(shell git rev-parse --short HEAD)
 TAGS_GO118 = with_gvisor,with_dhcp,with_wireguard,with_reality_server,with_clash_api
-TAGS_GO120 = with_quic,with_ech,with_utls
-TAGS ?= $(TAGS_GO118),$(TAGS_GO120)
+TAGS_GO120 = with_quic,with_utls
+TAGS_GO121 = with_ech
+TAGS ?= $(TAGS_GO118),$(TAGS_GO120),$(TAGS_GO121)
 TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server

 GOHOSTOS = $(shell go env GOHOSTOS)
@@ -14,7 +15,7 @@ MAIN_PARAMS = $(PARAMS) -tags $(TAGS)
 MAIN = ./cmd/sing-box
 PREFIX ?= $(shell go env GOPATH)

-.PHONY: test release docs
+.PHONY: test release docs build

 build:
 	go build $(MAIN_PARAMS) $(MAIN)
@@ -23,6 +24,10 @@ ci_build_go118:
 	go build $(PARAMS) $(MAIN)
 	go build $(PARAMS) -tags "$(TAGS_GO118)" $(MAIN)

+ci_build_go120:
+	go build $(PARAMS) $(MAIN)
+	go build $(PARAMS) -tags "$(TAGS_GO118),$(TAGS_GO120)" $(MAIN)
+
 ci_build:
 	go build $(PARAMS) $(MAIN)
 	go build $(MAIN_PARAMS) $(MAIN)
@@ -59,12 +64,22 @@ proto_install:
 	go install -v google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest

 release:
-	go run ./cmd/internal/build goreleaser release --clean --skip-publish || exit 1
+	go run ./cmd/internal/build goreleaser release --clean --skip publish --skip fury
 	mkdir dist/release
-	mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/*.pkg.tar.zst dist/release
+	mv dist/*.tar.gz \
+		dist/*.zip \
+		dist/*.deb \
+		dist/*.rpm \
+		dist/*_amd64.pkg.tar.zst \
+		dist/*_amd64v3.pkg.tar.zst \
+		dist/*_arm64.pkg.tar.zst \
+		dist/release
 	ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release
 	rm -r dist/release

+release_repo:
+	go run ./cmd/internal/build goreleaser release -f .goreleaser.fury.yaml --clean
+
 release_install:
 	go install -v github.com/goreleaser/goreleaser@latest
 	go install -v github.com/tcnksm/ghr@latest
@@ -73,11 +88,12 @@ update_android_version:
 	go run ./cmd/internal/update_android_version

 build_android:
-	cd ../sing-box-for-android && ./gradlew :app:assemblePlayRelease && ./gradlew --stop
+	cd ../sing-box-for-android && ./gradlew :app:assemblePlayRelease && ./gradlew :app:assembleOtherRelease && ./gradlew --stop

 upload_android:
 	mkdir -p dist/release_android
 	cp ../sing-box-for-android/app/build/outputs/apk/play/release/*.apk dist/release_android
+	cp ../sing-box-for-android/app/build/outputs/apk/other/release/*-universal.apk dist/release_android
 	ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release_android
 	rm -rf dist/release_android

@@ -178,8 +194,8 @@ lib:
 	go run ./cmd/internal/build_libbox -target ios

 lib_install:
-	go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.1.1
-	go install -v github.com/sagernet/gomobile/cmd/gobind@v0.1.1
+	go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.1.3
+	go install -v github.com/sagernet/gomobile/cmd/gobind@v0.1.3

 docs:
 	mkdocs serve
--- a/adapter/router.go
+++ b/adapter/router.go
@@ -17,6 +17,7 @@ import (

 type Router interface {
 	Service
+	PreStarter
 	PostStarter

 	Outbounds() []Outbound
@@ -32,6 +33,8 @@ type Router interface {

 	RuleSet(tag string) (RuleSet, bool)

+	NeedWIFIState() bool
+
 	Exchange(ctx context.Context, message *mdns.Msg) (*mdns.Msg, error)
 	Lookup(ctx context.Context, domain string, strategy dns.DomainStrategy) ([]netip.Addr, error)
 	LookupDefault(ctx context.Context, domain string) ([]netip.Addr, error)
--- a/box.go
+++ b/box.go
@@ -55,7 +55,7 @@ func New(options Options) (*Box, error) {
 		ctx = context.Background()
 	}
 	ctx = service.ContextWithDefaultRegistry(ctx)
-	ctx = pause.ContextWithDefaultManager(ctx)
+	ctx = pause.WithDefaultManager(ctx)
 	experimentalOptions := common.PtrValueOrDefault(options.Experimental)
 	applyDebugOptions(common.PtrValueOrDefault(experimentalOptions.Debug))
 	var needCacheFile bool
@@ -157,9 +157,12 @@ func New(options Options) (*Box, error) {
 	preServices2 := make(map[string]adapter.Service)
 	postServices := make(map[string]adapter.Service)
 	if needCacheFile {
-		cacheFile := cachefile.New(ctx, common.PtrValueOrDefault(experimentalOptions.CacheFile))
+		cacheFile := service.FromContext[adapter.CacheFile](ctx)
+		if cacheFile == nil {
+			cacheFile = cachefile.New(ctx, common.PtrValueOrDefault(experimentalOptions.CacheFile))
+			service.MustRegister[adapter.CacheFile](ctx, cacheFile)
+		}
 		preServices1["cache file"] = cacheFile
-		service.MustRegister[adapter.CacheFile](ctx, cacheFile)
 	}
 	if needClashAPI {
 		clashAPIOptions := common.PtrValueOrDefault(experimentalOptions.ClashAPI)
@@ -259,6 +262,10 @@ func (s *Box) preStart() error {
 			}
 		}
 	}
+	err = s.router.PreStart()
+	if err != nil {
+		return E.Cause(err, "pre-start router")
+	}
 	err = s.startOutbounds()
 	if err != nil {
 		return err
@@ -313,10 +320,7 @@ func (s *Box) postStart() error {
 			}
 		}
 	}
-	err := s.router.PostStart()
-	if err != nil {
-		return E.Cause(err, "post-start router")
-	}
+
 	return s.router.PostStart()
 }

--- a/clients/android
+++ b/clients/android
--- a/clients/apple
+++ b/clients/apple
--- a/cmd/internal/build_libbox/main.go
+++ b/cmd/internal/build_libbox/main.go
@@ -46,13 +46,13 @@ var (

 func init() {
 	sharedFlags = append(sharedFlags, "-trimpath")
-	sharedFlags = append(sharedFlags, "-ldflags")
+	sharedFlags = append(sharedFlags, "-buildvcs=false")
 	currentTag, err := build_shared.ReadTag()
 	if err != nil {
 		currentTag = "unknown"
 	}
-	sharedFlags = append(sharedFlags, "-X github.com/sagernet/sing-box/constant.Version="+currentTag+" -s -w -buildid=")
-	debugFlags = append(debugFlags, "-X github.com/sagernet/sing-box/constant.Version="+currentTag)
+	sharedFlags = append(sharedFlags, "-ldflags", "-X github.com/sagernet/sing-box/constant.Version="+currentTag+" -s -w -buildid=")
+	debugFlags = append(debugFlags, "-ldflags", "-X github.com/sagernet/sing-box/constant.Version="+currentTag)

 	sharedTags = append(sharedTags, "with_gvisor", "with_quic", "with_wireguard", "with_ech", "with_utls", "with_clash_api")
 	iosTags = append(iosTags, "with_dhcp", "with_low_memory", "with_conntrack")
--- a/cmd/internal/build_shared/sdk.go
+++ b/cmd/internal/build_shared/sdk.go
@@ -11,7 +11,9 @@ import (

 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing/common"
+	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/rw"
+	"github.com/sagernet/sing/common/shell"
 )

 var (
@@ -28,7 +30,7 @@ func FindSDK() {
 	}
 	for _, path := range searchPath {
 		path = os.ExpandEnv(path)
-		if rw.FileExists(path + "/licenses/android-sdk-license") {
+		if rw.FileExists(filepath.Join(path, "licenses", "android-sdk-license")) {
 			androidSDKPath = path
 			break
 		}
@@ -40,6 +42,14 @@ func FindSDK() {
 		log.Fatal("android NDK not found")
 	}

+	javaVersion, err := shell.Exec("java", "--version").ReadOutput()
+	if err != nil {
+		log.Fatal(E.Cause(err, "check java version"))
+	}
+	if !strings.Contains(javaVersion, "openjdk 17") {
+		log.Fatal("java version should be openjdk 17")
+	}
+
 	os.Setenv("ANDROID_HOME", androidSDKPath)
 	os.Setenv("ANDROID_SDK_HOME", androidSDKPath)
 	os.Setenv("ANDROID_NDK_HOME", androidNDKPath)
@@ -48,11 +58,13 @@ func FindSDK() {
 }

 func findNDK() bool {
-	if rw.FileExists(androidSDKPath + "/ndk/25.1.8937393") {
-		androidNDKPath = androidSDKPath + "/ndk/25.1.8937393"
+	const fixedVersion = "26.2.11394342"
+	const versionFile = "source.properties"
+	if fixedPath := filepath.Join(androidSDKPath, "ndk", fixedVersion); rw.FileExists(filepath.Join(fixedPath, versionFile)) {
+		androidNDKPath = fixedPath
 		return true
 	}
-	ndkVersions, err := os.ReadDir(androidSDKPath + "/ndk")
+	ndkVersions, err := os.ReadDir(filepath.Join(androidSDKPath, "ndk"))
 	if err != nil {
 		return false
 	}
@@ -73,8 +85,10 @@ func findNDK() bool {
 		return true
 	})
 	for _, versionName := range versionNames {
-		if rw.FileExists(androidSDKPath + "/ndk/" + versionName) {
-			androidNDKPath = androidSDKPath + "/ndk/" + versionName
+		currentNDKPath := filepath.Join(androidSDKPath, "ndk", versionName)
+		if rw.FileExists(filepath.Join(androidSDKPath, versionFile)) {
+			androidNDKPath = currentNDKPath
+			log.Warn("reproducibility warning: using NDK version " + versionName + " instead of " + fixedVersion)
 			return true
 		}
 	}
@@ -85,8 +99,14 @@ var GoBinPath string

 func FindMobile() {
 	goBin := filepath.Join(build.Default.GOPATH, "bin")
-	if !rw.FileExists(goBin + "/" + "gobind") {
-		log.Fatal("missing gomobile installation")
+	if runtime.GOOS == "windows" {
+		if !rw.FileExists(filepath.Join(goBin, "gobind.exe")) {
+			log.Fatal("missing gomobile installation")
+		}
+	} else {
+		if !rw.FileExists(filepath.Join(goBin, "gobind")) {
+			log.Fatal("missing gomobile installation")
+		}
 	}
 	GoBinPath = goBin
 }
--- a/cmd/internal/update_android_version/main.go
+++ b/cmd/internal/update_android_version/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"os"
 	"path/filepath"
+	"runtime"
 	"strconv"
 	"strings"

@@ -18,34 +19,46 @@ func main() {
 		log.Fatal(err)
 	}
 	common.Must(os.Chdir(androidPath))
-	localProps := common.Must1(os.ReadFile("local.properties"))
+	localProps := common.Must1(os.ReadFile("version.properties"))
 	var propsList [][]string
 	for _, propLine := range strings.Split(string(localProps), "\n") {
 		propsList = append(propsList, strings.Split(propLine, "="))
 	}
+	var (
+		versionUpdated   bool
+		goVersionUpdated bool
+	)
 	for _, propPair := range propsList {
-		if propPair[0] == "VERSION_NAME" {
-			if propPair[1] == newVersion.String() {
-				log.Info("version not changed")
-				return
+		switch propPair[0] {
+		case "VERSION_NAME":
+			if propPair[1] != newVersion.String() {
+				versionUpdated = true
+				propPair[1] = newVersion.String()
+				log.Info("updated version to ", newVersion.String())
+			}
+		case "GO_VERSION":
+			if propPair[1] != runtime.Version() {
+				goVersionUpdated = true
+				propPair[1] = runtime.Version()
+				log.Info("updated Go version to ", runtime.Version())
 			}
-			propPair[1] = newVersion.String()
-			log.Info("updated version to ", newVersion.String())
 		}
 	}
+	if !(versionUpdated || goVersionUpdated) {
+		log.Info("version not changed")
+		return
+	}
 	for _, propPair := range propsList {
 		switch propPair[0] {
 		case "VERSION_CODE":
 			versionCode := common.Must1(strconv.ParseInt(propPair[1], 10, 64))
 			propPair[1] = strconv.Itoa(int(versionCode + 1))
 			log.Info("updated version code to ", propPair[1])
-		case "RELEASE_NOTES":
-			propPair[1] = "sing-box " + newVersion.String()
 		}
 	}
 	var newProps []string
 	for _, propPair := range propsList {
 		newProps = append(newProps, strings.Join(propPair, "="))
 	}
-	common.Must(os.WriteFile("local.properties", []byte(strings.Join(newProps, "\n")), 0o644))
+	common.Must(os.WriteFile("version.properties", []byte(strings.Join(newProps, "\n")), 0o644))
 }
--- a/cmd/sing-box/cmd_geosite_export.go
+++ b/cmd/sing-box/cmd_geosite_export.go
@@ -1,7 +1,6 @@
 package main

 import (
-	"encoding/json"
 	"io"
 	"os"

@@ -9,6 +8,7 @@ import (
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing/common/json"

 	"github.com/spf13/cobra"
 )
--- a/cmd/sing-box/cmd_rule_set_compile.go
+++ b/cmd/sing-box/cmd_rule_set_compile.go
@@ -47,10 +47,14 @@ func compileRuleSet(sourcePath string) error {
 			return err
 		}
 	}
-	decoder := json.NewDecoder(json.NewCommentFilter(reader))
-	decoder.DisallowUnknownFields()
-	var plainRuleSet option.PlainRuleSetCompat
-	err = decoder.Decode(&plainRuleSet)
+	content, err := io.ReadAll(reader)
+	if err != nil {
+		return err
+	}
+	plainRuleSet, err := json.UnmarshalExtended[option.PlainRuleSetCompat](content)
+	if err != nil {
+		return err
+	}
 	if err != nil {
 		return err
 	}
--- a/cmd/sing-box/cmd_rule_set_format.go
+++ b/cmd/sing-box/cmd_rule_set_format.go
@@ -50,18 +50,14 @@ func formatRuleSet(sourcePath string) error {
 	if err != nil {
 		return err
 	}
-	decoder := json.NewDecoder(json.NewCommentFilter(bytes.NewReader(content)))
-	decoder.DisallowUnknownFields()
-	var plainRuleSet option.PlainRuleSetCompat
-	err = decoder.Decode(&plainRuleSet)
+	plainRuleSet, err := json.UnmarshalExtended[option.PlainRuleSetCompat](content)
 	if err != nil {
 		return err
 	}
-	ruleSet := plainRuleSet.Upgrade()
 	buffer := new(bytes.Buffer)
 	encoder := json.NewEncoder(buffer)
 	encoder.SetIndent("", "  ")
-	err = encoder.Encode(ruleSet)
+	err = encoder.Encode(plainRuleSet)
 	if err != nil {
 		return E.Cause(err, "encode config")
 	}
--- a/cmd/sing-box/cmd_run.go
+++ b/cmd/sing-box/cmd_run.go
@@ -133,7 +133,7 @@ func create() (*box.Box, context.CancelFunc, error) {
 		}
 		options.Log.DisableColor = true
 	}
-	ctx, cancel := context.WithCancel(context.Background())
+	ctx, cancel := context.WithCancel(globalCtx)
 	instance, err := box.New(box.Options{
 		Context: ctx,
 		Options: options,
--- a/cmd/sing-box/main.go
+++ b/cmd/sing-box/main.go
@@ -3,15 +3,19 @@ package main
 import (
 	"context"
 	"os"
+	"os/user"
+	"strconv"
 	"time"

 	_ "github.com/sagernet/sing-box/include"
 	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing/service/filemanager"

 	"github.com/spf13/cobra"
 )

 var (
+	globalCtx         context.Context
 	configPaths       []string
 	configDirectories []string
 	workingDir        string
@@ -37,15 +41,30 @@ func main() {
 }

 func preRun(cmd *cobra.Command, args []string) {
+	globalCtx = context.Background()
+	sudoUser := os.Getenv("SUDO_USER")
+	sudoUID, _ := strconv.Atoi(os.Getenv("SUDO_UID"))
+	sudoGID, _ := strconv.Atoi(os.Getenv("SUDO_GID"))
+	if sudoUID == 0 && sudoGID == 0 && sudoUser != "" {
+		sudoUserObject, _ := user.Lookup(sudoUser)
+		if sudoUserObject != nil {
+			sudoUID, _ = strconv.Atoi(sudoUserObject.Uid)
+			sudoGID, _ = strconv.Atoi(sudoUserObject.Gid)
+		}
+	}
+	if sudoUID > 0 && sudoGID > 0 {
+		globalCtx = filemanager.WithDefault(globalCtx, "", "", sudoUID, sudoGID)
+	}
 	if disableColor {
 		log.SetStdLogger(log.NewDefaultFactory(context.Background(), log.Formatter{BaseTime: time.Now(), DisableColors: true}, os.Stderr, "", nil, false).Logger())
 	}
 	if workingDir != "" {
 		_, err := os.Stat(workingDir)
 		if err != nil {
-			os.MkdirAll(workingDir, 0o777)
+			filemanager.MkdirAll(globalCtx, workingDir, 0o777)
 		}
-		if err := os.Chdir(workingDir); err != nil {
+		err = os.Chdir(workingDir)
+		if err != nil {
 			log.Fatal(err)
 		}
 	}
--- a/common/badtls/read_wait.go
+++ b/common/badtls/read_wait.go
@@ -108,6 +108,10 @@ func (c *ReadWaitConn) WaitReadBuffer() (buffer *buf.Buffer, err error) {
 	return
 }

+func (c *ReadWaitConn) Upstream() any {
+	return c.STDConn
+}
+
 //go:linkname tlsReadRecord crypto/tls.(*Conn).readRecord
 func tlsReadRecord(c *tls.STDConn) error

--- a/common/dialer/default.go
+++ b/common/dialer/default.go
@@ -15,14 +15,17 @@ import (
 	N "github.com/sagernet/sing/common/network"
 )

+var _ WireGuardListener = (*DefaultDialer)(nil)
+
 type DefaultDialer struct {
-	dialer4     tcpDialer
-	dialer6     tcpDialer
-	udpDialer4  net.Dialer
-	udpDialer6  net.Dialer
-	udpListener net.ListenConfig
-	udpAddr4    string
-	udpAddr6    string
+	dialer4             tcpDialer
+	dialer6             tcpDialer
+	udpDialer4          net.Dialer
+	udpDialer6          net.Dialer
+	udpListener         net.ListenConfig
+	udpAddr4            string
+	udpAddr6            string
+	isWireGuardListener bool
 }

 func NewDefault(router adapter.Router, options option.DialerOptions) (*DefaultDialer, error) {
@@ -98,6 +101,11 @@ func NewDefault(router adapter.Router, options option.DialerOptions) (*DefaultDi
 		}
 		setMultiPathTCP(&dialer4)
 	}
+	if options.IsWireGuardListener {
+		for _, controlFn := range wgControlFns {
+			listener.Control = control.Append(listener.Control, controlFn)
+		}
+	}
 	tcpDialer4, err := newTCPDialer(dialer4, options.TCPFastOpen)
 	if err != nil {
 		return nil, err
@@ -114,6 +122,7 @@ func NewDefault(router adapter.Router, options option.DialerOptions) (*DefaultDi
 		listener,
 		udpAddr4,
 		udpAddr6,
+		options.IsWireGuardListener,
 	}, nil
 }

@@ -146,6 +155,10 @@ func (d *DefaultDialer) ListenPacket(ctx context.Context, destination M.Socksadd
 	}
 }

+func (d *DefaultDialer) ListenPacketCompat(network, address string) (net.PacketConn, error) {
+	return trackPacketConn(d.udpListener.ListenPacket(context.Background(), network, address))
+}
+
 func trackConn(conn net.Conn, err error) (net.Conn, error) {
 	if !conntrack.Enabled || err != nil {
 		return conn, err
--- a/common/dialer/dialer.go
+++ b/common/dialer/dialer.go
@@ -6,15 +6,13 @@ import (
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-dns"
-	"github.com/sagernet/sing/common"
 	N "github.com/sagernet/sing/common/network"
 )

-func MustNew(router adapter.Router, options option.DialerOptions) N.Dialer {
-	return common.Must1(New(router, options))
-}
-
 func New(router adapter.Router, options option.DialerOptions) (N.Dialer, error) {
+	if options.IsWireGuardListener {
+		return NewDefault(router, options)
+	}
 	var (
 		dialer N.Dialer
 		err    error
--- a/common/dialer/tfo.go
+++ b/common/dialer/tfo.go
@@ -80,6 +80,7 @@ func (c *slowOpenConn) Write(b []byte) (n int, err error) {
 		c.conn = nil
 		c.err = E.Cause(err, "dial tcp fast open")
 	}
+	n = len(b)
 	close(c.create)
 	return
 }
--- a/common/dialer/wireguard.go
+++ b/common/dialer/wireguard.go
@@ -0,0 +1,9 @@
+package dialer
+
+import (
+	"net"
+)
+
+type WireGuardListener interface {
+	ListenPacketCompat(network, address string) (net.PacketConn, error)
+}
--- a/common/dialer/wireguard_control.go
+++ b/common/dialer/wireguard_control.go
@@ -0,0 +1,11 @@
+//go:build with_wireguard
+
+package dialer
+
+import (
+	"github.com/sagernet/wireguard-go/conn"
+)
+
+var _ WireGuardListener = (conn.Listener)(nil)
+
+var wgControlFns = conn.ControlFns
--- a/common/dialer/wiregurad_stub.go
+++ b/common/dialer/wiregurad_stub.go
@@ -0,0 +1,9 @@
+//go:build !with_wireguard
+
+package dialer
+
+import (
+	"github.com/sagernet/sing/common/control"
+)
+
+var wgControlFns []control.Func
--- a/common/geoip/reader.go
+++ b/common/geoip/reader.go
@@ -32,3 +32,7 @@ func (r *Reader) Lookup(addr netip.Addr) string {
 	}
 	return "unknown"
 }
+
+func (r *Reader) Close() error {
+	return r.reader.Close()
+}
--- a/common/srs/binary.go
+++ b/common/srs/binary.go
@@ -253,7 +253,7 @@ func writeDefaultRule(writer io.Writer, rule option.DefaultHeadlessRule) error {
 	if len(rule.SourceIPCIDR) > 0 {
 		err = writeRuleItemCIDR(writer, ruleItemSourceIPCIDR, rule.SourceIPCIDR)
 		if err != nil {
-			return E.Cause(err, "source_ipcidr")
+			return E.Cause(err, "source_ip_cidr")
 		}
 	}
 	if len(rule.IPCIDR) > 0 {
--- a/common/tls/acme.go
+++ b/common/tls/acme.go
@@ -105,5 +105,16 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
 		},
 	})
 	config = certmagic.New(cache, *config)
-	return config.TLSConfig(), &acmeWrapper{ctx: ctx, cfg: config, cache: cache, domain: options.Domain}, nil
+	var tlsConfig *tls.Config
+	if acmeConfig.DisableTLSALPNChallenge || acmeConfig.DNS01Solver != nil {
+		tlsConfig = &tls.Config{
+			GetCertificate: config.GetCertificate,
+		}
+	} else {
+		tlsConfig = &tls.Config{
+			GetCertificate: config.GetCertificate,
+			NextProtos:     []string{ACMETLS1Protocol},
+		}
+	}
+	return tlsConfig, &acmeWrapper{ctx: ctx, cfg: config, cache: cache, domain: options.Domain}, nil
 }
--- a/common/tls/acme_contstant.go
+++ b/common/tls/acme_contstant.go
@@ -0,0 +1,3 @@
+package tls
+
+const ACMETLS1Protocol = "acme-tls/1"
--- a/common/tls/std_server.go
+++ b/common/tls/std_server.go
@@ -39,11 +39,19 @@ func (c *STDServerConfig) SetServerName(serverName string) {
 }

 func (c *STDServerConfig) NextProtos() []string {
-	return c.config.NextProtos
+	if c.acmeService != nil && len(c.config.NextProtos) > 1 && c.config.NextProtos[0] == ACMETLS1Protocol {
+		return c.config.NextProtos[1:]
+	} else {
+		return c.config.NextProtos
+	}
 }

 func (c *STDServerConfig) SetNextProtos(nextProto []string) {
-	c.config.NextProtos = nextProto
+	if c.acmeService != nil && len(c.config.NextProtos) > 1 && c.config.NextProtos[0] == ACMETLS1Protocol {
+		c.config.NextProtos = append(c.config.NextProtos[:1], nextProto...)
+	} else {
+		c.config.NextProtos = nextProto
+	}
 }

 func (c *STDServerConfig) Config() (*STDConfig, error) {
--- a/debug_http.go
+++ b/debug_http.go
@@ -5,6 +5,7 @@ import (
 	"net/http/pprof"
 	"runtime"
 	"runtime/debug"
+	"strings"

 	"github.com/sagernet/sing-box/common/humanize"
 	"github.com/sagernet/sing-box/log"
@@ -47,12 +48,20 @@ func applyDebugListenOption(options option.DebugOptions) {
 			encoder.SetIndent("", "  ")
 			encoder.Encode(memObject)
 		})
-		r.HandleFunc("/pprof", pprof.Index)
-		r.HandleFunc("/pprof/*", pprof.Index)
-		r.HandleFunc("/pprof/cmdline", pprof.Cmdline)
-		r.HandleFunc("/pprof/profile", pprof.Profile)
-		r.HandleFunc("/pprof/symbol", pprof.Symbol)
-		r.HandleFunc("/pprof/trace", pprof.Trace)
+		r.Route("/pprof", func(r chi.Router) {
+			r.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
+				if !strings.HasSuffix(request.URL.Path, "/") {
+					http.Redirect(writer, request, request.URL.Path+"/", http.StatusMovedPermanently)
+				} else {
+					pprof.Index(writer, request)
+				}
+			})
+			r.HandleFunc("/*", pprof.Index)
+			r.HandleFunc("/cmdline", pprof.Cmdline)
+			r.HandleFunc("/profile", pprof.Profile)
+			r.HandleFunc("/symbol", pprof.Symbol)
+			r.HandleFunc("/trace", pprof.Trace)
+		})
 	})
 	debugHTTPServer = &http.Server{
 		Addr:    options.Listen,
--- a/debug_stub.go
+++ b/debug_stub.go
@@ -1,4 +1,4 @@
-//go:build !linux
+//go:build !(linux || darwin)

 package box

--- a/debug_linux.go
+++ b/debug_linux.go
@@ -1,3 +1,5 @@
+//go:build linux || darwin
+
 package box

 import (
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -2,13 +2,168 @@
 icon: material/alert-decagram
 ---

-#### 1.8.0-beta.3
+#### 1.8.9

 * Fixes and improvements

-#### 1.8.0-beta.2
+#### 1.8.8

-* Fix GSO support
+* Fixes and improvements
+
+#### 1.8.7
+
+* Fixes and improvements
+
+#### 1.8.6
+
+* Fixes and improvements
+
+#### 1.8.5
+
+* Fixes and improvements
+
+#### 1.8.4
+
+* Fixes and improvements
+
+#### 1.8.2
+
+* Fixes and improvements
+
+#### 1.8.1
+
+* Fixes and improvements
+
+#### 1.8.0
+
+* Fixes and improvements
+
+Important changes since 1.7:
+
+* Migrate cache file from Clash API to independent options **1**
+* Introducing [Rule Set](/configuration/rule-set/) **2**
+* Add `sing-box geoip`, `sing-box geosite` and `sing-box rule-set` commands **3**
+* Allow nested logical rules **4**
+* Independent `source_ip_is_private` and `ip_is_private` rules **5**
+* Add context to JSON decode error message **6**
+* Reject internal fake-ip queries **7**
+* Add GSO support for TUN and WireGuard system interface **8**
+* Add `idle_timeout` for URLTest outbound **9**
+* Add simple loopback detect
+* Optimize memory usage of idle connections
+* Update uTLS to 1.5.4 **10**
+* Update dependencies **11**
+
+**1**:
+
+See [Cache File](/configuration/experimental/cache-file/) and
+[Migration](/migration/#migrate-cache-file-from-clash-api-to-independent-options).
+
+**2**:
+
+Rule set is independent collections of rules that can be compiled into binaries to improve performance.
+Compared to legacy GeoIP and Geosite resources,
+it can include more types of rules, load faster,
+use less memory, and update automatically.
+
+See [Route#rule_set](/configuration/route/#rule_set),
+[Route Rule](/configuration/route/rule/),
+[DNS Rule](/configuration/dns/rule/),
+[Rule Set](/configuration/rule-set/),
+[Source Format](/configuration/rule-set/source-format/) and
+[Headless Rule](/configuration/rule-set/headless-rule/).
+
+For GEO resources migration, see [Migrate GeoIP to rule sets](/migration/#migrate-geoip-to-rule-sets) and
+[Migrate Geosite to rule sets](/migration/#migrate-geosite-to-rule-sets).
+
+**3**:
+
+New commands manage GeoIP, Geosite and rule set resources, and help you migrate GEO resources to rule sets.
+
+**4**:
+
+Logical rules in route rules, DNS rules, and the new headless rule now allow nesting of logical rules.
+
+**5**:
+
+The `private` GeoIP country never existed and was actually implemented inside V2Ray.
+Since GeoIP was deprecated, we made this rule independent, see [Migration](/migration/#migrate-geoip-to-rule-sets).
+
+**6**:
+
+JSON parse errors will now include the current key path.
+Only takes effect when compiled with Go 1.21+.
+
+**7**:
+
+All internal DNS queries now skip DNS rules with `server` type `fakeip`,
+and the default DNS server can no longer be `fakeip`.
+
+This change is intended to break incorrect usage and essentially requires no action.
+
+**8**:
+
+See [TUN](/configuration/inbound/tun/) inbound and [WireGuard](/configuration/outbound/wireguard/) outbound.
+
+**9**:
+
+When URLTest is idle for a certain period of time, the scheduled delay test will be paused.
+
+**10**:
+
+Added some new [fingerprints](/configuration/shared/tls#utls).
+Also, starting with this release, uTLS requires at least Go 1.20.
+
+**11**:
+
+Updated `cloudflare-tls`, `gomobile`, `smux`, `tfo-go` and `wireguard-go` to latest, `quic-go` to `0.40.1` and  `gvisor`
+to `20231204.0`
+
+#### 1.8.0-rc.11
+
+* Fixes and improvements
+
+#### 1.7.8
+
+* Fixes and improvements
+
+#### 1.8.0-rc.10
+
+* Fixes and improvements
+
+#### 1.7.7
+
+* Fix V2Ray transport `path` validation behavior **1**
+* Fixes and improvements
+
+**1**:
+
+See [V2Ray transport](/configuration/shared/v2ray-transport/).
+
+#### 1.8.0-rc.7
+
+* Fixes and improvements
+
+#### 1.8.0-rc.3
+
+* Fix V2Ray transport `path` validation behavior **1**
+* Fixes and improvements
+
+**1**:
+
+See [V2Ray transport](/configuration/shared/v2ray-transport/).
+
+#### 1.7.6
+
+* Fixes and improvements
+
+#### 1.8.0-rc.1
+
+* Fixes and improvements
+
+#### 1.8.0-beta.9
+
+* Add simple loopback detect
 * Fixes and improvements

 #### 1.7.5
@@ -24,7 +179,7 @@ icon: material/alert-decagram

 **1**:

-See [TUN](/configuration/inbound/tun) inbound and [WireGuard](/configuration/outbound/wireguard) outbound.
+See [TUN](/configuration/inbound/tun/) inbound and [WireGuard](/configuration/outbound/wireguard/) outbound.

 **2**:

@@ -136,13 +291,13 @@ Since GeoIP was deprecated, we made this rule independent, see [Migration](/migr
 #### 1.8.0-alpha.1

 * Migrate cache file from Clash API to independent options **1**
-* Introducing [Rule Set](/configuration/rule-set) **2**
+* Introducing [Rule Set](/configuration/rule-set/) **2**
 * Add `sing-box geoip`, `sing-box geosite` and `sing-box rule-set` commands **3**
 * Allow nested logical rules **4**

 **1**:

-See [Cache File](/configuration/experimental/cache-file) and
+See [Cache File](/configuration/experimental/cache-file/) and
 [Migration](/migration/#migrate-cache-file-from-clash-api-to-independent-options).

 **2**:
@@ -153,11 +308,11 @@ it can include more types of rules, load faster,
 use less memory, and update automatically.

 See [Route#rule_set](/configuration/route/#rule_set),
-[Route Rule](/configuration/route/rule),
-[DNS Rule](/configuration/dns/rule),
-[Rule Set](/configuration/rule-set),
-[Source Format](/configuration/rule-set/source-format) and
-[Headless Rule](/configuration/rule-set/headless-rule).
+[Route Rule](/configuration/route/rule/),
+[DNS Rule](/configuration/dns/rule/),
+[Rule Set](/configuration/rule-set/),
+[Source Format](/configuration/rule-set/source-format/) and
+[Headless Rule](/configuration/rule-set/headless-rule/).

 For GEO resources migration, see [Migrate GeoIP to rule sets](/migration/#migrate-geoip-to-rule-sets) and
 [Migrate Geosite to rule sets](/migration/#migrate-geosite-to-rule-sets).
@@ -176,8 +331,8 @@ Logical rules in route rules, DNS rules, and the new headless rule now allow nes

 Important changes since 1.6:

-* Add [exclude route support](/configuration/inbound/tun) for TUN inbound
-* Add `udp_disable_domain_unmapping` [inbound listen option](/configuration/shared/listen) **1**
+* Add [exclude route support](/configuration/inbound/tun/) for TUN inbound
+* Add `udp_disable_domain_unmapping` [inbound listen option](/configuration/shared/listen/) **1**
 * Add [HTTPUpgrade V2Ray transport](/configuration/shared/v2ray-transport#HTTPUpgrade) support **2**
 * Migrate multiplex and UoT server to inbound **3**
 * Add TCP Brutal support for multiplex **4**
@@ -208,7 +363,7 @@ options.
 **4**

 Hysteria Brutal Congestion Control Algorithm in TCP. A kernel module needs to be installed on the Linux server,
-see [TCP Brutal](/configuration/shared/tcp-brutal) for details.
+see [TCP Brutal](/configuration/shared/tcp-brutal/) for details.

 **5**:

@@ -297,7 +452,7 @@ Only supported in graphical clients on Android and iOS.

 #### 1.6.1

-* Our [Android client](/installation/clients/sfa) is now available in the Google Play Store ▶️
+* Our [Android client](/installation/clients/sfa/) is now available in the Google Play Store ▶️
 * Fixes and improvements

 #### 1.7.0-alpha.6
@@ -317,7 +472,7 @@ options.
 **2**

 Hysteria Brutal Congestion Control Algorithm in TCP. A kernel module needs to be installed on the Linux server,
-see [TCP Brutal](/configuration/shared/tcp-brutal) for details.
+see [TCP Brutal](/configuration/shared/tcp-brutal/) for details.

 #### 1.7.0-alpha.3

@@ -336,13 +491,13 @@ The new HTTPUpgrade transport has better performance than WebSocket and is bette

 Important changes since 1.5:

-* Our [Apple tvOS client](/installation/clients/sft) is now available in the App Store 🍎
+* Our [Apple tvOS client](/installation/clients/sft/) is now available in the App Store 🍎
 * Update BBR congestion control for TUIC and Hysteria2 **1**
 * Update brutal congestion control for Hysteria2
 * Add `brutal_debug` option for Hysteria2
 * Update legacy Hysteria protocol **2**
 * Add TLS self sign key pair generate command
-* Remove [Deprecated Features](/deprecated) by agreement
+* Remove [Deprecated Features](/deprecated/) by agreement

 **1**:

@@ -360,8 +515,8 @@ the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2

 #### 1.7.0-alpha.1

-* Add [exclude route support](/configuration/inbound/tun) for TUN inbound
-* Add `udp_disable_domain_unmapping` [inbound listen option](/configuration/shared/listen) **1**
+* Add [exclude route support](/configuration/inbound/tun/) for TUN inbound
+* Add `udp_disable_domain_unmapping` [inbound listen option](/configuration/shared/listen/) **1**
 * Fixes and improvements

 **1**:
@@ -481,7 +636,7 @@ introduce new issues.

 #### 1.5.2

-* Our [Apple tvOS client](/installation/clients/sft) is now available in the App Store 🍎
+* Our [Apple tvOS client](/installation/clients/sft/) is now available in the App Store 🍎
 * Fixes and improvements

 #### 1.6.0-alpha.3
@@ -501,7 +656,7 @@ introduce new issues.
 * Update BBR congestion control for TUIC and Hysteria2 **1**
 * Update quic-go to v0.39.0
 * Update gVisor to 20230814.0
-* Remove [Deprecated Features](/deprecated) by agreement
+* Remove [Deprecated Features](/deprecated/) by agreement
 * Fixes and improvements

 **1**:
@@ -515,7 +670,7 @@ This update is intended to address the multi-send defects of the old implementat

 Important changes since 1.4:

-* Add TLS [ECH server](/configuration/shared/tls) support
+* Add TLS [ECH server](/configuration/shared/tls/) support
 * Improve TLS TCH client configuration
 * Add TLS ECH key pair generator **1**
 * Add TLS ECH support for QUIC based protocols **2**
@@ -524,7 +679,7 @@ Important changes since 1.4:
 * Add `interrupt_exist_connections` option for `Selector` and `URLTest` outbounds **4**
 * Add DNS01 challenge support for ACME TLS certificate issuer **5**
 * Add `merge` command **6**
-* Mark [Deprecated Features](/deprecated)
+* Mark [Deprecated Features](/deprecated/)

 **1**:

@@ -536,7 +691,7 @@ All inbounds and outbounds are supported, including `Naiveproxy`, `Hysteria[/2]`

 **3**:

-See [Hysteria2 inbound](/configuration/inbound/hysteria2) and [Hysteria2 outbound](/configuration/outbound/hysteria2)
+See [Hysteria2 inbound](/configuration/inbound/hysteria2/) and [Hysteria2 outbound](/configuration/outbound/hysteria2/)

 For protocol description, please refer to [https://v2.hysteria.network](https://v2.hysteria.network)

@@ -549,7 +704,7 @@ Only inbound connections are affected by this setting, internal connections will
 **5**:

 Only `Alibaba Cloud DNS` and `Cloudflare` are supported, see [ACME Fields](/configuration/shared/tls#acme-fields)
-and [DNS01 Challenge Fields](/configuration/shared/dns01_challenge).
+and [DNS01 Challenge Fields](/configuration/shared/dns01_challenge/).

 **6**:

@@ -631,7 +786,7 @@ Global Flags:

 Only `Alibaba Cloud DNS` and `Cloudflare` are supported,
 see [ACME Fields](/configuration/shared/tls#acme-fields)
-and [DNS01 Challenge Fields](/configuration/shared/dns01_challenge).
+and [DNS01 Challenge Fields](/configuration/shared/dns01_challenge/).

 #### 1.5.0-beta.10

@@ -660,7 +815,7 @@ Only inbound connections are affected by this setting, internal connections will

 * Fix compatibility issues with official Hysteria2 server and client
 * Fixes and improvements
-* Mark [deprecated features](/deprecated)
+* Mark [deprecated features](/deprecated/)

 #### 1.5.0-beta.3

@@ -679,13 +834,13 @@ Hysteria2 server and client when using `fastOpen=false` or UDP MTU >= 1200.

 **1**:

-See [Hysteria2 inbound](/configuration/inbound/hysteria2) and [Hysteria2 outbound](/configuration/outbound/hysteria2)
+See [Hysteria2 inbound](/configuration/inbound/hysteria2/) and [Hysteria2 outbound](/configuration/outbound/hysteria2/)

 For protocol description, please refer to [https://v2.hysteria.network](https://v2.hysteria.network)

 #### 1.5.0-beta.1

-* Add TLS [ECH server](/configuration/shared/tls) support
+* Add TLS [ECH server](/configuration/shared/tls/) support
 * Improve TLS TCH client configuration
 * Add TLS ECH key pair generator **1**
 * Add TLS ECH support for QUIC based protocols **2**
@@ -718,12 +873,12 @@ Important changes since 1.3:

 *1*:

-See [TUIC inbound](/configuration/inbound/tuic)
-and [TUIC outbound](/configuration/outbound/tuic)
+See [TUIC inbound](/configuration/inbound/tuic/)
+and [TUIC outbound](/configuration/outbound/tuic/)

 **2**:

-This is the TUIC port of the [UDP over TCP protocol](/configuration/shared/udp-over-tcp), designed to provide a QUIC
+This is the TUIC port of the [UDP over TCP protocol](/configuration/shared/udp-over-tcp/), designed to provide a QUIC
 stream based UDP relay mode that TUIC does not provide. Since it is an add-on protocol, you will need to use sing-box or
 another program compatible with the protocol as a server.

@@ -754,7 +909,7 @@ Requires sing-box to be compiled with Go 1.21.

 **1**:

-This is the TUIC port of the [UDP over TCP protocol](/configuration/shared/udp-over-tcp), designed to provide a QUIC
+This is the TUIC port of the [UDP over TCP protocol](/configuration/shared/udp-over-tcp/), designed to provide a QUIC
 stream based UDP relay mode that TUIC does not provide. Since it is an add-on protocol, you will need to use sing-box or
 another program compatible with the protocol as a server.

@@ -792,8 +947,8 @@ Requires sing-box to be compiled with Go 1.21.

 *1*:

-See [TUIC inbound](/configuration/inbound/tuic)
-and [TUIC outbound](/configuration/outbound/tuic)
+See [TUIC inbound](/configuration/inbound/tuic/)
+and [TUIC outbound](/configuration/outbound/tuic/)

 #### 1.3.6

@@ -802,7 +957,7 @@ and [TUIC outbound](/configuration/outbound/tuic)
 #### 1.3.5

 * Fixes and improvements
-* Introducing our [Apple tvOS](/installation/clients/sft) client applications **1**
+* Introducing our [Apple tvOS](/installation/clients/sft/) client applications **1**
 * Add per app proxy and app installed/updated trigger support for Android client
 * Add profile sharing support for Android/iOS/macOS clients

@@ -829,7 +984,8 @@ downloaded through TestFlight.

 #### 1.3.1-beta.3

-* Introducing our [new iOS](/installation/clients/sfi) and [macOS](/installation/clients/sfm) client applications **1**
+* Introducing our [new iOS](/installation/clients/sfi/) and [macOS](/installation/clients/sfm/) client applications **1
+  **
 * Fixes and improvements

 **1**:
@@ -850,7 +1006,7 @@ The old testflight link and app are no longer valid.

 Important changes since 1.2:

-* Add [FakeIP](/configuration/dns/fakeip) support **1**
+* Add [FakeIP](/configuration/dns/fakeip/) support **1**
 * Improve multiplex **2**
 * Add [DNS reverse mapping](/configuration/dns#reverse_mapping) support
 * Add `rewrite_ttl` DNS rule action
@@ -877,11 +1033,11 @@ Important changes since 1.2:

 *1*:

-See [FAQ](/faq/fakeip) for more information.
+See [FAQ](/faq/fakeip/) for more information.

 *2*:

-Added new `h2mux` multiplex protocol and `padding` multiplex option, see [Multiplex](/configuration/shared/multiplex).
+Added new `h2mux` multiplex protocol and `padding` multiplex option, see [Multiplex](/configuration/shared/multiplex/).

 #### 1.3-rc2

@@ -943,7 +1099,7 @@ Improved performance and reduced memory usage.

 *1*:

-Added new `h2mux` multiplex protocol and `padding` multiplex option, see [Multiplex](/configuration/shared/multiplex).
+Added new `h2mux` multiplex protocol and `padding` multiplex option, see [Multiplex](/configuration/shared/multiplex/).

 #### 1.2.6

@@ -995,25 +1151,25 @@ This is an incompatible update for XUDP in VLESS if vision flow is enabled.
 #### 1.3-beta1

 * Add [DNS reverse mapping](/configuration/dns#reverse_mapping) support
-* Add [L3 routing](/configuration/route/ip-rule) support **1**
+* Add [L3 routing](/configuration/route/ip-rule/) support **1**
 * Add `rewrite_ttl` DNS rule action
-* Add [FakeIP](/configuration/dns/fakeip) support **2**
+* Add [FakeIP](/configuration/dns/fakeip/) support **2**
 * Add `store_fakeip` Clash API option
 * Add multi-peer support for [WireGuard](/configuration/outbound/wireguard#peers) outbound
 * Add loopback detect

 *1*:

-It can currently be used to [route connections directly to WireGuard](/examples/wireguard-direct) or block connections
+It can currently be used to [route connections directly to WireGuard](/examples/wireguard-direct/) or block connections
 at the IP layer.

 *2*:

-See [FAQ](/faq/fakeip) for more information.
+See [FAQ](/faq/fakeip/) for more information.

 #### 1.2.3

-* Introducing our [new Android client application](/installation/clients/sfa)
+* Introducing our [new Android client application](/installation/clients/sfa/)
 * Improve UDP domain destination NAT
 * Update reality protocol
 * Fix TTL calculation for DNS response
@@ -1042,16 +1198,16 @@ to `domain` rule.

 Important changes since 1.1:

-* Introducing our [new iOS client application](/installation/clients/sfi)
-* Introducing [UDP over TCP protocol version 2](/configuration/shared/udp-over-tcp)
+* Introducing our [new iOS client application](/installation/clients/sfi/)
+* Introducing [UDP over TCP protocol version 2](/configuration/shared/udp-over-tcp/)
 * Add [platform options](/configuration/inbound/tun#platform) for tun inbound
 * Add [ShadowTLS protocol v3](https://github.com/ihciah/shadow-tls/blob/master/docs/protocol-v3-en.md)
-* Add [VLESS server](/configuration/inbound/vless) and [vision](/configuration/outbound/vless#flow) support
-* Add [reality TLS](/configuration/shared/tls) support
-* Add [NTP service](/configuration/ntp)
-* Add [DHCP DNS server](/configuration/dns/server) support
-* Add SSH [host key validation](/configuration/outbound/ssh) support
-* Add [query_type](/configuration/dns/rule) DNS rule item
+* Add [VLESS server](/configuration/inbound/vless/) and [vision](/configuration/outbound/vless#flow) support
+* Add [reality TLS](/configuration/shared/tls/) support
+* Add [NTP service](/configuration/ntp/)
+* Add [DHCP DNS server](/configuration/dns/server/) support
+* Add SSH [host key validation](/configuration/outbound/ssh/) support
+* Add [query_type](/configuration/dns/rule/) DNS rule item
 * Add fallback support for v2ray transport
 * Add custom TLS server support for http based v2ray transports
 * Add health check support for http-based v2ray transports
@@ -1082,7 +1238,7 @@ name.

 #### 1.2-beta9

-* Introducing the [UDP over TCP protocol version 2](/configuration/shared/udp-over-tcp)
+* Introducing the [UDP over TCP protocol version 2](/configuration/shared/udp-over-tcp/)
 * Add health check support for http-based v2ray transports
 * Remove length limit on short_id for reality TLS config
 * Fix bugs and update dependencies
@@ -1099,7 +1255,7 @@ name.

 #### 1.2-beta6

-* Introducing our [new iOS client application](/installation/clients/sfi)
+* Introducing our [new iOS client application](/installation/clients/sfi/)
 * Add [platform options](/configuration/inbound/tun#platform) for tun inbound
 * Add custom TLS server support for http based v2ray transports
 * Add generate commands
@@ -1112,8 +1268,8 @@ name.

 #### 1.2-beta5

-* Add [VLESS server](/configuration/inbound/vless) and [vision](/configuration/outbound/vless#flow) support
-* Add [reality TLS](/configuration/shared/tls) support
+* Add [VLESS server](/configuration/inbound/vless/) and [vision](/configuration/outbound/vless#flow) support
+* Add [reality TLS](/configuration/shared/tls/) support
 * Fix match private address

 #### 1.1.6
@@ -1128,7 +1284,7 @@ name.

 #### 1.2-beta4

-* Add [NTP service](/configuration/ntp)
+* Add [NTP service](/configuration/ntp/)
 * Add Add multiple server names and multi-user support for shadowtls
 * Add strict mode support for shadowtls v3
 * Add uTLS support for shadowtls v3
@@ -1148,9 +1304,9 @@ name.

 #### 1.2-beta1

-* Add [DHCP DNS server](/configuration/dns/server) support
-* Add SSH [host key validation](/configuration/outbound/ssh) support
-* Add [query_type](/configuration/dns/rule) DNS rule item
+* Add [DHCP DNS server](/configuration/dns/server/) support
+* Add SSH [host key validation](/configuration/outbound/ssh/) support
+* Add [query_type](/configuration/dns/rule/) DNS rule item
 * Add v2ray [user stats](/configuration/experimental#statsusers) api
 * Add new clash DNS query api
 * Improve vmess request
@@ -1379,7 +1535,7 @@ and [ShadowTLS outbound](/configuration/outbound/shadowtls#version)

 #### 1.1-beta6

-* Add [URLTest outbound](/configuration/outbound/urltest)
+* Add [URLTest outbound](/configuration/outbound/urltest/)
 * Fix bugs in 1.1-beta5

 #### 1.1-beta5
@@ -1411,8 +1567,8 @@ The default tun stack is changed to system.
 #### 1.1-beta4

 * Add internal simple-obfs and v2ray-plugin [Shadowsocks plugins](/configuration/outbound/shadowsocks#plugin)
-* Add [ShadowsocksR outbound](/configuration/outbound/shadowsocksr)
-* Add [VLESS outbound and XUDP](/configuration/outbound/vless)
+* Add [ShadowsocksR outbound](/configuration/outbound/shadowsocksr/)
+* Add [VLESS outbound and XUDP](/configuration/outbound/vless/)
 * Skip wait for hysteria tcp handshake response
 * Fix socks4 client
 * Fix hysteria inbound
@@ -1439,7 +1595,7 @@ The default tun stack is changed to system.
 *1*:

 Switching modes using the Clash API, and `store-selected` are now supported,
-see [Experimental](/configuration/experimental).
+see [Experimental](/configuration/experimental/).

 *2*:

@@ -1520,15 +1676,15 @@ and [Listen Fields](/configuration/shared/listen#udp_fragment).
 * Fix write trojan udp
 * Fix DNS routing
 * Add attribute support for geosite
-* Update documentation for [Dial Fields](/configuration/shared/dial)
+* Update documentation for [Dial Fields](/configuration/shared/dial/)

 #### 1.0-beta3

 * Add [chained inbound](/configuration/shared/listen#detour) support
 * Add process_path rule item
 * Add macOS redirect support
-* Add ShadowTLS [Inbound](/configuration/inbound/shadowtls), [Outbound](/configuration/outbound/shadowtls)
-  and [Examples](/examples/shadowtls)
+* Add ShadowTLS [Inbound](/configuration/inbound/shadowtls/), [Outbound](/configuration/outbound/shadowtls/)
+  and [Examples](/examples/shadowtls/)
 * Fix search android package in non-owner users
 * Fix socksaddr type condition
 * Fix smux session status
@@ -1572,7 +1728,7 @@ and [Listen Fields](/configuration/shared/listen#udp_fragment).

 ##### 2022/08/23

-* Add [V2Ray Transport](/configuration/shared/v2ray-transport) support for VMess and Trojan
+* Add [V2Ray Transport](/configuration/shared/v2ray-transport/) support for VMess and Trojan
 * Allow plain http request in Naive inbound (It can now be used with nginx)
 * Add proxy protocol support
 * Free memory after start
@@ -1581,13 +1737,13 @@ and [Listen Fields](/configuration/shared/listen#udp_fragment).

 ##### 2022/08/22

-* Add strategy setting for each [DNS server](/configuration/dns/server)
+* Add strategy setting for each [DNS server](/configuration/dns/server/)
 * Add bind address to outbound options

 ##### 2022/08/21

-* Add [Tor outbound](/configuration/outbound/tor)
-* Add [SSH outbound](/configuration/outbound/ssh)
+* Add [Tor outbound](/configuration/outbound/tor/)
+* Add [SSH outbound](/configuration/outbound/ssh/)

 ##### 2022/08/20

@@ -1601,8 +1757,8 @@ and [Listen Fields](/configuration/shared/listen#udp_fragment).

 ##### 2022/08/19

-* Add Hysteria [Inbound](/configuration/inbound/hysteria) and [Outbund](/configuration/outbound/hysteria)
-* Add [ACME TLS certificate issuer](/configuration/shared/tls)
+* Add Hysteria [Inbound](/configuration/inbound/hysteria/) and [Outbund](/configuration/outbound/hysteria/)
+* Add [ACME TLS certificate issuer](/configuration/shared/tls/)
 * Allow read config from stdin (-c stdin)
 * Update gVisor to 20220815.0

@@ -1620,11 +1776,11 @@ and [Listen Fields](/configuration/shared/listen#udp_fragment).
 ##### 2022/08/16

 * Add ip_version (route/dns) rule item
-* Add [WireGuard](/configuration/outbound/wireguard) outbound
+* Add [WireGuard](/configuration/outbound/wireguard/) outbound

 ##### 2022/08/15

-* Add uid, android user and package rules support in [Tun](/configuration/inbound/tun) routing.
+* Add uid, android user and package rules support in [Tun](/configuration/inbound/tun/) routing.

 ##### 2022/08/13

@@ -1633,15 +1789,15 @@ and [Listen Fields](/configuration/shared/listen#udp_fragment).
 ##### 2022/08/12

 * Performance improvements
-* Add UoT option for [SOCKS](/configuration/outbound/socks) outbound
+* Add UoT option for [SOCKS](/configuration/outbound/socks/) outbound

 ##### 2022/08/11

-* Add UoT option for [Shadowsocks](/configuration/outbound/shadowsocks) outbound, UoT support for all inbounds
+* Add UoT option for [Shadowsocks](/configuration/outbound/shadowsocks/) outbound, UoT support for all inbounds

 ##### 2022/08/10

-* Add full-featured [Naive](/configuration/inbound/naive) inbound
+* Add full-featured [Naive](/configuration/inbound/naive/) inbound
 * Fix default dns server option [#9] by iKirby

 ##### 2022/08/09
--- a/docs/clients/android/features.md
+++ b/docs/clients/android/features.md
@@ -19,7 +19,6 @@ SFA provides an unprivileged TUN implementation through Android VpnService.
 | `inet6_address`               | :material-check: | /                  |
 | `mtu`                         | :material-check: | /                  |
 | `gso`                         | :material-close: | No permission      |
-| `gso_max_size`                | :material-close: | No permission      |
 | `auto_route`                  | :material-check: | /                  |
 | `strict_route`                | :material-close: | Not implemented    |
 | `inet4_route_address`         | :material-check: | /                  |
--- a/docs/clients/android/index.md
+++ b/docs/clients/android/index.md
@@ -16,6 +16,7 @@ platform-specific function implementation, such as TUN transparent proxy impleme
 * [Play Store](https://play.google.com/store/apps/details?id=io.nekohasekai.sfa)
 * [Play Store (Beta)](https://play.google.com/apps/testing/io.nekohasekai.sfa)
 * [GitHub Releases](https://github.com/SagerNet/sing-box/releases)
+* [F-Droid](https://f-droid.org/packages/io.nekohasekai.sfa/) (Unified signature via reproducible builds)

 ## :material-source-repository: Source code

--- a/docs/clients/apple/features.md
+++ b/docs/clients/apple/features.md
@@ -21,7 +21,6 @@ SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension
 | `inet6_address`               | :material-check:  | /                 |
 | `mtu`                         | :material-check:  | /                 |
 | `gso`                         | :material-close:  | Not implemented   |
-| `gso_max_size`                | :material-close:  | Not implemented   |
 | `auto_route`                  | :material-check:  | /                 |
 | `strict_route`                | :material-close:️ | Not implemented   |
 | `inet4_route_address`         | :material-check:  | /                 |
--- a/docs/clients/index.md
+++ b/docs/clients/index.md
@@ -2,11 +2,11 @@

 Maintained by Project S to provide a unified experience and platform-specific functionality.

-| Platform                              | Client                                  |
-|---------------------------------------|-----------------------------------------|
-| :material-android: Android            | [sing-box for Android](./android)       |
-| :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple) |
-| :material-laptop: Desktop             | Working in progress                     |
+| Platform                              | Client                                   |
+|---------------------------------------|------------------------------------------|
+| :material-android: Android            | [sing-box for Android](./android/)       |
+| :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple/) |
+| :material-laptop: Desktop             | Working in progress                      |

 Some third-party projects that claim to use sing-box or use sing-box as a selling point are not listed here. The core
 motivation of the maintainers of such projects is to acquire more users, and even though they provide friendly VPN
--- a/docs/clients/index.zh.md
+++ b/docs/clients/index.zh.md
@@ -4,8 +4,8 @@

 | 平台                                    | 客户端                                     |
 |---------------------------------------|-----------------------------------------|
-| :material-android: Android            | [sing-box for Android](./android)       |
-| :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple) |
+| :material-android: Android            | [sing-box for Android](./android/)       |
+| :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple/) |
 | :material-laptop: Desktop             | 施工中                                     |

 此处没有列出一些声称使用或以 sing-box 为卖点的第三方项目。此类项目维护者的动机是获得更多用户，即使它们提供友好的商业
--- a/docs/clients/privacy.md
+++ b/docs/clients/privacy.md
@@ -6,3 +6,9 @@ icon: material/security

 sing-box and official graphics clients do not collect or share personal data,
 and the data generated by the software is always on your device.
+
+## Android
+
+If your configuration contains `wifi_ssid` or `wifi_bssid` routing rules,
+sing-box uses the location permission in the background
+to get information about the connected Wi-Fi network to make them work.
--- a/docs/configuration/dns/index.md
+++ b/docs/configuration/dns/index.md
@@ -23,9 +23,9 @@

 | Key      | Format                         |
 |----------|--------------------------------|
-| `server` | List of [DNS Server](./server) |
-| `rules`  | List of [DNS Rule](./rule)     |
-| `fakeip` | [FakeIP](./fakeip)             |
+| `server` | List of [DNS Server](./server/) |
+| `rules`  | List of [DNS Rule](./rule/)     |
+| `fakeip` | [FakeIP](./fakeip/)             |

 #### final

@@ -62,4 +62,4 @@ problematic in environments such as macOS, where DNS is proxied and cached by th

 #### fakeip

-[FakeIP](./fakeip) settings.
+[FakeIP](./fakeip/) settings.
--- a/docs/configuration/dns/index.zh.md
+++ b/docs/configuration/dns/index.zh.md
@@ -21,10 +21,10 @@

 ### 字段

-| 键        | 格式                     |
-|----------|------------------------|
-| `server` | 一组 [DNS 服务器](./server) |
-| `rules`  | 一组 [DNS 规则](./rule)    |
+| 键        | 格式                      |
+|----------|-------------------------|
+| `server` | 一组 [DNS 服务器](./server/) |
+| `rules`  | 一组 [DNS 规则](./rule/)    |

 #### final

@@ -60,4 +60,4 @@

 #### fakeip

-[FakeIP](./fakeip) 设置。
+[FakeIP](./fakeip/) 设置。
--- a/docs/configuration/dns/rule.md
+++ b/docs/configuration/dns/rule.md
@@ -142,7 +142,7 @@ icon: material/alert-decagram

 #### inbound

-Tags of [Inbound](/configuration/inbound).
+Tags of [Inbound](/configuration/inbound/).

 #### ip_version

--- a/docs/configuration/dns/rule.zh.md
+++ b/docs/configuration/dns/rule.zh.md
@@ -139,7 +139,7 @@ icon: material/alert-decagram

 #### inbound

-[入站](/zh/configuration/inbound) 标签.
+[入站](/zh/configuration/inbound/) 标签.

 #### ip_version

--- a/docs/configuration/dns/server.md
+++ b/docs/configuration/dns/server.md
@@ -30,18 +30,18 @@ The tag of the dns server.

 The address of the dns server.

-| Protocol                            | Format                        |
-|-------------------------------------|-------------------------------|
-| `System`                            | `local`                       |
-| `TCP`                               | `tcp://1.0.0.1`               |
-| `UDP`                               | `8.8.8.8` `udp://8.8.4.4`     |
-| `TLS`                               | `tls://dns.google`            |
-| `HTTPS`                             | `https://1.1.1.1/dns-query`   |
-| `QUIC`                              | `quic://dns.adguard.com`      |
-| `HTTP3`                             | `h3://8.8.8.8/dns-query`      |
-| `RCode`                             | `rcode://refused`             |
-| `DHCP`                              | `dhcp://auto` or `dhcp://en0` |
-| [FakeIP](/configuration/dns/fakeip) | `fakeip`                      |
+| Protocol                             | Format                        |
+|--------------------------------------|-------------------------------|
+| `System`                             | `local`                       |
+| `TCP`                                | `tcp://1.0.0.1`               |
+| `UDP`                                | `8.8.8.8` `udp://8.8.4.4`     |
+| `TLS`                                | `tls://dns.google`            |
+| `HTTPS`                              | `https://1.1.1.1/dns-query`   |
+| `QUIC`                               | `quic://dns.adguard.com`      |
+| `HTTP3`                              | `h3://8.8.8.8/dns-query`      |
+| `RCode`                              | `rcode://refused`             |
+| `DHCP`                               | `dhcp://auto` or `dhcp://en0` |
+| [FakeIP](/configuration/dns/fakeip/) | `fakeip`                      |

 !!! warning ""

--- a/docs/configuration/dns/server.zh.md
+++ b/docs/configuration/dns/server.zh.md
@@ -30,18 +30,18 @@ DNS 服务器的标签。

 DNS 服务器的地址。

-| 协议                                  | 格式                           |
-|-------------------------------------|------------------------------|
-| `System`                            | `local`                      |
-| `TCP`                               | `tcp://1.0.0.1`              |
-| `UDP`                               | `8.8.8.8` `udp://8.8.4.4`    |
-| `TLS`                               | `tls://dns.google`           |
-| `HTTPS`                             | `https://1.1.1.1/dns-query`  |
-| `QUIC`                              | `quic://dns.adguard.com`     |
-| `HTTP3`                             | `h3://8.8.8.8/dns-query`     |
-| `RCode`                             | `rcode://refused`            |
-| `DHCP`                              | `dhcp://auto` 或 `dhcp://en0` |
-| [FakeIP](/configuration/dns/fakeip) | `fakeip`                     |
+| 协议                                   | 格式                           |
+|--------------------------------------|------------------------------|
+| `System`                             | `local`                      |
+| `TCP`                                | `tcp://1.0.0.1`              |
+| `UDP`                                | `8.8.8.8` `udp://8.8.4.4`    |
+| `TLS`                                | `tls://dns.google`           |
+| `HTTPS`                              | `https://1.1.1.1/dns-query`  |
+| `QUIC`                               | `quic://dns.adguard.com`     |
+| `HTTP3`                              | `h3://8.8.8.8/dns-query`     |
+| `RCode`                              | `rcode://refused`            |
+| `DHCP`                               | `dhcp://auto` 或 `dhcp://en0` |
+| [FakeIP](/configuration/dns/fakeip/) | `fakeip`                     |

 !!! warning ""

--- a/docs/configuration/experimental/index.md
+++ b/docs/configuration/experimental/index.md
@@ -25,6 +25,6 @@ icon: material/alert-decagram

 | Key          | Format                     |
 |--------------|----------------------------|
-| `cache_file` | [Cache File](./cache-file) |
-| `clash_api`  | [Clash API](./clash-api)   |
-| `v2ray_api`  | [V2Ray API](./v2ray-api)   |
+| `cache_file` | [Cache File](./cache-file/) |
+| `clash_api`  | [Clash API](./clash-api/)   |
+| `v2ray_api`  | [V2Ray API](./v2ray-api/)   |
--- a/docs/configuration/experimental/index.zh.md
+++ b/docs/configuration/experimental/index.zh.md
@@ -25,6 +25,6 @@ icon: material/alert-decagram

 | 键            | 格式                       |
 |--------------|--------------------------|
-| `cache_file` | [缓存文件](./cache-file)     |
-| `clash_api`  | [Clash API](./clash-api) |
-| `v2ray_api`  | [V2Ray API](./v2ray-api) |
+| `cache_file` | [缓存文件](./cache-file/)     |
+| `clash_api`  | [Clash API](./clash-api/) |
+| `v2ray_api`  | [V2Ray API](./v2ray-api/) |
--- a/docs/configuration/inbound/direct.md
+++ b/docs/configuration/inbound/direct.md
@@ -17,7 +17,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

--- a/docs/configuration/inbound/http.md
+++ b/docs/configuration/inbound/http.md
@@ -20,7 +20,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

--- a/docs/configuration/inbound/hysteria.md
+++ b/docs/configuration/inbound/hysteria.md
@@ -31,7 +31,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

--- a/docs/configuration/inbound/hysteria2.md
+++ b/docs/configuration/inbound/hysteria2.md
@@ -35,7 +35,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

--- a/docs/configuration/inbound/index.md
+++ b/docs/configuration/inbound/index.md
@@ -15,24 +15,24 @@

 ### Fields

-| Type          | Format                       | Injectable |
-|---------------|------------------------------|------------|
-| `direct`      | [Direct](./direct)           | X          |
-| `mixed`       | [Mixed](./mixed)             | TCP        |
-| `socks`       | [SOCKS](./socks)             | TCP        |
-| `http`        | [HTTP](./http)               | TCP        |
-| `shadowsocks` | [Shadowsocks](./shadowsocks) | TCP        |
-| `vmess`       | [VMess](./vmess)             | TCP        |
-| `trojan`      | [Trojan](./trojan)           | TCP        |
-| `naive`       | [Naive](./naive)             | X          |
-| `hysteria`    | [Hysteria](./hysteria)       | X          |
-| `shadowtls`   | [ShadowTLS](./shadowtls)     | TCP        |
-| `tuic`        | [TUIC](./tuic)               | X          |
-| `hysteria2`   | [Hysteria2](./hysteria2)     | X          |
-| `vless`       | [VLESS](./vless)             | TCP        |
-| `tun`         | [Tun](./tun)                 | X          |
-| `redirect`    | [Redirect](./redirect)       | X          |
-| `tproxy`      | [TProxy](./tproxy)           | X          |
+| Type          | Format                        | Injectable |
+|---------------|-------------------------------|------------|
+| `direct`      | [Direct](./direct/)           | X          |
+| `mixed`       | [Mixed](./mixed/)             | TCP        |
+| `socks`       | [SOCKS](./socks/)             | TCP        |
+| `http`        | [HTTP](./http/)               | TCP        |
+| `shadowsocks` | [Shadowsocks](./shadowsocks/) | TCP        |
+| `vmess`       | [VMess](./vmess/)             | TCP        |
+| `trojan`      | [Trojan](./trojan/)           | TCP        |
+| `naive`       | [Naive](./naive/)             | X          |
+| `hysteria`    | [Hysteria](./hysteria/)       | X          |
+| `shadowtls`   | [ShadowTLS](./shadowtls/)     | TCP        |
+| `tuic`        | [TUIC](./tuic/)               | X          |
+| `hysteria2`   | [Hysteria2](./hysteria2/)     | X          |
+| `vless`       | [VLESS](./vless/)             | TCP        |
+| `tun`         | [Tun](./tun/)                 | X          |
+| `redirect`    | [Redirect](./redirect/)       | X          |
+| `tproxy`      | [TProxy](./tproxy/)           | X          |

 #### tag

--- a/docs/configuration/inbound/index.zh.md
+++ b/docs/configuration/inbound/index.zh.md
@@ -17,22 +17,22 @@

 | 类型            | 格式                           | 注入支持 |
 |---------------|------------------------------|------|
-| `direct`      | [Direct](./direct)           | X    |
-| `mixed`       | [Mixed](./mixed)             | TCP  |
-| `socks`       | [SOCKS](./socks)             | TCP  |
-| `http`        | [HTTP](./http)               | TCP  |
-| `shadowsocks` | [Shadowsocks](./shadowsocks) | TCP  |
-| `vmess`       | [VMess](./vmess)             | TCP  |
-| `trojan`      | [Trojan](./trojan)           | TCP  |
-| `naive`       | [Naive](./naive)             | X    |
-| `hysteria`    | [Hysteria](./hysteria)       | X    |
-| `shadowtls`   | [ShadowTLS](./shadowtls)     | TCP  |
-| `tuic`        | [TUIC](./tuic)               | X    |
-| `hysteria2`   | [Hysteria2](./hysteria2)     | X    |
-| `vless`       | [VLESS](./vless)             | TCP  |
-| `tun`         | [Tun](./tun)                 | X    |
-| `redirect`    | [Redirect](./redirect)       | X    |
-| `tproxy`      | [TProxy](./tproxy)           | X    |
+| `direct`      | [Direct](./direct/)           | X    |
+| `mixed`       | [Mixed](./mixed/)             | TCP  |
+| `socks`       | [SOCKS](./socks/)             | TCP  |
+| `http`        | [HTTP](./http/)               | TCP  |
+| `shadowsocks` | [Shadowsocks](./shadowsocks/) | TCP  |
+| `vmess`       | [VMess](./vmess/)             | TCP  |
+| `trojan`      | [Trojan](./trojan/)           | TCP  |
+| `naive`       | [Naive](./naive/)             | X    |
+| `hysteria`    | [Hysteria](./hysteria/)       | X    |
+| `shadowtls`   | [ShadowTLS](./shadowtls/)     | TCP  |
+| `tuic`        | [TUIC](./tuic/)               | X    |
+| `hysteria2`   | [Hysteria2](./hysteria2/)     | X    |
+| `vless`       | [VLESS](./vless/)             | TCP  |
+| `tun`         | [Tun](./tun/)                 | X    |
+| `redirect`    | [Redirect](./redirect/)       | X    |
+| `tproxy`      | [TProxy](./tproxy/)           | X    |

 #### tag

--- a/docs/configuration/inbound/mixed.md
+++ b/docs/configuration/inbound/mixed.md
@@ -21,7 +21,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

--- a/docs/configuration/inbound/naive.md
+++ b/docs/configuration/inbound/naive.md
@@ -20,7 +20,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

--- a/docs/configuration/inbound/redirect.md
+++ b/docs/configuration/inbound/redirect.md
@@ -15,4 +15,4 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.
--- a/docs/configuration/inbound/shadowsocks.md
+++ b/docs/configuration/inbound/shadowsocks.md
@@ -50,7 +50,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

--- a/docs/configuration/inbound/shadowsocks.zh.md
+++ b/docs/configuration/inbound/shadowsocks.zh.md
@@ -50,7 +50,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### 字段

--- a/docs/configuration/inbound/shadowtls.md
+++ b/docs/configuration/inbound/shadowtls.md
@@ -35,7 +35,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

@@ -66,11 +66,11 @@ Only available in the ShadowTLS protocol 3.

 ==Required==

-Handshake server address and [Dial options](/configuration/shared/dial).
+Handshake server address and [Dial options](/configuration/shared/dial/).

 #### handshake_for_server_name

-Handshake server address and [Dial options](/configuration/shared/dial) for specific server name.
+Handshake server address and [Dial options](/configuration/shared/dial/) for specific server name.

 Only available in the ShadowTLS protocol 2/3.

--- a/docs/configuration/inbound/socks.md
+++ b/docs/configuration/inbound/socks.md
@@ -20,7 +20,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

--- a/docs/configuration/inbound/tproxy.md
+++ b/docs/configuration/inbound/tproxy.md
@@ -17,7 +17,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

--- a/docs/configuration/inbound/trojan.md
+++ b/docs/configuration/inbound/trojan.md
@@ -31,7 +31,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

@@ -65,4 +65,4 @@ See [Multiplex](/configuration/shared/multiplex#inbound) for details.

 #### transport

-V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
+V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport/).
--- a/docs/configuration/inbound/trojan.zh.md
+++ b/docs/configuration/inbound/trojan.zh.md
@@ -67,4 +67,4 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。

 #### transport

-V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
+V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport/)。
--- a/docs/configuration/inbound/tuic.md
+++ b/docs/configuration/inbound/tuic.md
@@ -24,7 +24,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

--- a/docs/configuration/inbound/tun.md
+++ b/docs/configuration/inbound/tun.md
@@ -5,7 +5,6 @@ icon: material/alert-decagram
 !!! quote "Changes in sing-box 1.8.0"

    :material-plus: [gso](#gso)  
-    :material-plus: [gso_max_size](#gso_max_size)  
    :material-alert-decagram: [stack](#stack)

 !!! quote ""
@@ -23,7 +22,6 @@ icon: material/alert-decagram
  "inet6_address": "fdfe:dcba:9876::1/126",
  "mtu": 9000,
  "gso": false,
-  "gso_max_size": 65536,
  "auto_route": true,
  "strict_route": true,
  "inet4_route_address": [
@@ -41,6 +39,7 @@ icon: material/alert-decagram
    "fc00::/7"
  ],
  "endpoint_independent_nat": false,
+  "udp_timeout": "5m",
  "stack": "system",
  "include_interface": [
    "lan0"
@@ -120,18 +119,6 @@ The maximum transmission unit.

 Enable generic segmentation offload.

-#### gso_max_size
-
-!!! question "Since sing-box 1.8.0"
-
-!!! quote ""
-
-    Only supported on Linux.
-
-Maximum GSO packet size.
-
-`65536` is used by default.
-
 #### auto_route

 Set the default route to the Tun.
@@ -275,4 +262,4 @@ System HTTP proxy settings.

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.
--- a/docs/configuration/inbound/tun.zh.md
+++ b/docs/configuration/inbound/tun.zh.md
@@ -5,7 +5,6 @@ icon: material/alert-decagram
 !!! quote "sing-box 1.8.0 中的更改"

    :material-plus: [gso](#gso)  
-    :material-plus: [gso_max_size](#gso_max_size)  
    :material-alert-decagram: [stack](#stack)

 !!! quote ""
@@ -23,7 +22,6 @@ icon: material/alert-decagram
  "inet6_address": "fdfe:dcba:9876::1/126",
  "mtu": 9000,
  "gso": false,
-  "gso_max_size": 65536,
  "auto_route": true,
  "strict_route": true,
  "inet4_route_address": [
@@ -41,6 +39,7 @@ icon: material/alert-decagram
    "fc00::/7"
  ],
  "endpoint_independent_nat": false,
+  "udp_timeout": "5m",
  "stack": "system",
  "include_interface": [
    "lan0"
@@ -120,18 +119,6 @@ tun 接口的 IPv6 前缀。

 启用通用分段卸载。

-#### gso_max_size
-
-!!! question "自 sing-box 1.8.0 起"
-
-!!! quote ""
-
-    仅支持 Linux。
-
-通用分段卸载包的最大大小。
-
-默认使用 `65536`。
-
 #### auto_route

 设置到 Tun 的默认路由。
--- a/docs/configuration/inbound/vless.md
+++ b/docs/configuration/inbound/vless.md
@@ -22,7 +22,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

@@ -56,4 +56,4 @@ See [Multiplex](/configuration/shared/multiplex#inbound) for details.

 #### transport

-V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
+V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport/).
--- a/docs/configuration/inbound/vless.zh.md
+++ b/docs/configuration/inbound/vless.zh.md
@@ -56,4 +56,4 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。

 #### transport

-V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
+V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport/)。
--- a/docs/configuration/inbound/vmess.md
+++ b/docs/configuration/inbound/vmess.md
@@ -22,7 +22,7 @@

 ### Listen Fields

-See [Listen Fields](/configuration/shared/listen) for details.
+See [Listen Fields](/configuration/shared/listen/) for details.

 ### Fields

@@ -51,4 +51,4 @@ See [Multiplex](/configuration/shared/multiplex#inbound) for details.

 #### transport

-V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
+V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport/).
--- a/docs/configuration/inbound/vmess.zh.md
+++ b/docs/configuration/inbound/vmess.zh.md
@@ -51,4 +51,4 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。

 #### transport

-V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
+V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport/)。
--- a/docs/configuration/index.md
+++ b/docs/configuration/index.md
@@ -18,15 +18,15 @@ sing-box uses JSON for configuration files.

 ### Fields

-| Key            | Format                         |
-|----------------|--------------------------------|
-| `log`          | [Log](./log)                   |
-| `dns`          | [DNS](./dns)                   |
-| `ntp`          | [NTP](./ntp)                   |
-| `inbounds`     | [Inbound](./inbound)           |
-| `outbounds`    | [Outbound](./outbound)         |
-| `route`        | [Route](./route)               |
-| `experimental` | [Experimental](./experimental) |
+| Key            | Format                          |
+|----------------|---------------------------------|
+| `log`          | [Log](./log/)                   |
+| `dns`          | [DNS](./dns/)                   |
+| `ntp`          | [NTP](./ntp/)                   |
+| `inbounds`     | [Inbound](./inbound/)           |
+| `outbounds`    | [Outbound](./outbound/)         |
+| `route`        | [Route](./route/)               |
+| `experimental` | [Experimental](./experimental/) |

 ### Check

--- a/docs/configuration/index.zh.md
+++ b/docs/configuration/index.zh.md
@@ -17,14 +17,14 @@ sing-box 使用 JSON 作为配置文件格式。

 ### 字段

-| Key            | Format                |
-|----------------|-----------------------|
-| `log`          | [日志](./log)           |
-| `dns`          | [DNS](./dns)          |
-| `inbounds`     | [入站](./inbound)       |
-| `outbounds`    | [出站](./outbound)      |
-| `route`        | [路由](./route)         |
-| `experimental` | [实验性](./experimental) |
+| Key            | Format                 |
+|----------------|------------------------|
+| `log`          | [日志](./log/)           |
+| `dns`          | [DNS](./dns/)          |
+| `inbounds`     | [入站](./inbound/)       |
+| `outbounds`    | [出站](./outbound/)      |
+| `route`        | [路由](./route/)         |
+| `experimental` | [实验性](./experimental/) |

 ### 检查

--- a/docs/configuration/ntp/index.md
+++ b/docs/configuration/ntp/index.md
@@ -47,4 +47,4 @@ Time synchronization interval.

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/direct.md
+++ b/docs/configuration/outbound/direct.md
@@ -33,4 +33,4 @@ Protocol value can be `1` or `2`.

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/http.md
+++ b/docs/configuration/outbound/http.md
@@ -55,4 +55,4 @@ TLS configuration, see [TLS](/configuration/shared/tls/#outbound).

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/hysteria.md
+++ b/docs/configuration/outbound/hysteria.md
@@ -109,4 +109,4 @@ TLS configuration, see [TLS](/configuration/shared/tls/#outbound).

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/hysteria2.md
+++ b/docs/configuration/outbound/hysteria2.md
@@ -84,4 +84,4 @@ Enable debug information logging for Hysteria Brutal CC.

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/index.md
+++ b/docs/configuration/outbound/index.md
@@ -17,24 +17,24 @@

 | Type           | Format                         |
 |----------------|--------------------------------|
-| `direct`       | [Direct](./direct)             |
-| `block`        | [Block](./block)               |
-| `socks`        | [SOCKS](./socks)               |
-| `http`         | [HTTP](./http)                 |
-| `shadowsocks`  | [Shadowsocks](./shadowsocks)   |
-| `vmess`        | [VMess](./vmess)               |
-| `trojan`       | [Trojan](./trojan)             |
-| `wireguard`    | [Wireguard](./wireguard)       |
-| `hysteria`     | [Hysteria](./hysteria)         |
-| `vless`        | [VLESS](./vless)               |
-| `shadowtls`    | [ShadowTLS](./shadowtls)       |
-| `tuic`         | [TUIC](./tuic)                 |
-| `hysteria2`    | [Hysteria2](./hysteria2)       |
-| `tor`          | [Tor](./tor)                   |
-| `ssh`          | [SSH](./ssh)                   |
-| `dns`          | [DNS](./dns)                   |
-| `selector`     | [Selector](./selector)         |
-| `urltest`      | [URLTest](./urltest)           |
+| `direct`       | [Direct](./direct/)             |
+| `block`        | [Block](./block/)               |
+| `socks`        | [SOCKS](./socks/)               |
+| `http`         | [HTTP](./http/)                 |
+| `shadowsocks`  | [Shadowsocks](./shadowsocks/)   |
+| `vmess`        | [VMess](./vmess/)               |
+| `trojan`       | [Trojan](./trojan/)             |
+| `wireguard`    | [Wireguard](./wireguard/)       |
+| `hysteria`     | [Hysteria](./hysteria/)         |
+| `vless`        | [VLESS](./vless/)               |
+| `shadowtls`    | [ShadowTLS](./shadowtls/)       |
+| `tuic`         | [TUIC](./tuic/)                 |
+| `hysteria2`    | [Hysteria2](./hysteria2/)       |
+| `tor`          | [Tor](./tor/)                   |
+| `ssh`          | [SSH](./ssh/)                   |
+| `dns`          | [DNS](./dns/)                   |
+| `selector`     | [Selector](./selector/)         |
+| `urltest`      | [URLTest](./urltest/)           |

 #### tag

--- a/docs/configuration/outbound/index.zh.md
+++ b/docs/configuration/outbound/index.zh.md
@@ -17,24 +17,24 @@

 | 类型             | 格式                             |
 |----------------|--------------------------------|
-| `direct`       | [Direct](./direct)             |
-| `block`        | [Block](./block)               |
-| `socks`        | [SOCKS](./socks)               |
-| `http`         | [HTTP](./http)                 |
-| `shadowsocks`  | [Shadowsocks](./shadowsocks)   |
-| `vmess`        | [VMess](./vmess)               |
-| `trojan`       | [Trojan](./trojan)             |
-| `wireguard`    | [Wireguard](./wireguard)       |
-| `hysteria`     | [Hysteria](./hysteria)         |
-| `vless`        | [VLESS](./vless)               |
-| `shadowtls`    | [ShadowTLS](./shadowtls)       |
-| `tuic`         | [TUIC](./tuic)                 |
-| `hysteria2`    | [Hysteria2](./hysteria2)       |
-| `tor`          | [Tor](./tor)                   |
-| `ssh`          | [SSH](./ssh)                   |
-| `dns`          | [DNS](./dns)                   |
-| `selector`     | [Selector](./selector)         |
-| `urltest`      | [URLTest](./urltest)           |
+| `direct`       | [Direct](./direct/)             |
+| `block`        | [Block](./block/)               |
+| `socks`        | [SOCKS](./socks/)               |
+| `http`         | [HTTP](./http/)                 |
+| `shadowsocks`  | [Shadowsocks](./shadowsocks/)   |
+| `vmess`        | [VMess](./vmess/)               |
+| `trojan`       | [Trojan](./trojan/)             |
+| `wireguard`    | [Wireguard](./wireguard/)       |
+| `hysteria`     | [Hysteria](./hysteria/)         |
+| `vless`        | [VLESS](./vless/)               |
+| `shadowtls`    | [ShadowTLS](./shadowtls/)       |
+| `tuic`         | [TUIC](./tuic/)                 |
+| `hysteria2`    | [Hysteria2](./hysteria2/)       |
+| `tor`          | [Tor](./tor/)                   |
+| `ssh`          | [SSH](./ssh/)                   |
+| `dns`          | [DNS](./dns/)                   |
+| `selector`     | [Selector](./selector/)         |
+| `urltest`      | [URLTest](./urltest/)           |

 #### tag

--- a/docs/configuration/outbound/shadowsocks.md
+++ b/docs/configuration/outbound/shadowsocks.md
@@ -89,7 +89,7 @@ Both is enabled by default.

 UDP over TCP configuration.

-See [UDP Over TCP](/configuration/shared/udp-over-tcp) for details.
+See [UDP Over TCP](/configuration/shared/udp-over-tcp/) for details.

 Conflict with `multiplex`.

@@ -99,4 +99,4 @@ See [Multiplex](/configuration/shared/multiplex#outbound) for details.

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/shadowsocks.zh.md
+++ b/docs/configuration/outbound/shadowsocks.zh.md
@@ -89,7 +89,7 @@ Shadowsocks SIP003 插件参数。

 UDP over TCP 配置。

-参阅 [UDP Over TCP](/zh/configuration/shared/udp-over-tcp)。
+参阅 [UDP Over TCP](/zh/configuration/shared/udp-over-tcp/)。

 与 `multiplex` 冲突。

--- a/docs/configuration/outbound/shadowtls.md
+++ b/docs/configuration/outbound/shadowtls.md
@@ -53,4 +53,4 @@ TLS configuration, see [TLS](/configuration/shared/tls/#outbound).

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/socks.md
+++ b/docs/configuration/outbound/socks.md
@@ -59,8 +59,8 @@ Both is enabled by default.

 UDP over TCP protocol settings.

-See [UDP Over TCP](/configuration/shared/udp-over-tcp) for details.
+See [UDP Over TCP](/configuration/shared/udp-over-tcp/) for details.

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/socks.zh.md
+++ b/docs/configuration/outbound/socks.zh.md
@@ -59,7 +59,7 @@ SOCKS5 密码。

 UDP over TCP 配置。

-参阅 [UDP Over TCP](/zh/configuration/shared/udp-over-tcp)。
+参阅 [UDP Over TCP](/zh/configuration/shared/udp-over-tcp/)。

 ### 拨号字段

--- a/docs/configuration/outbound/ssh.md
+++ b/docs/configuration/outbound/ssh.md
@@ -68,4 +68,4 @@ Client version. Random version will be used if empty.

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/tor.md
+++ b/docs/configuration/outbound/tor.md
@@ -48,4 +48,4 @@ See [tor(1)](https://linux.die.net/man/1/tor) for details.

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/trojan.md
+++ b/docs/configuration/outbound/trojan.md
@@ -55,8 +55,8 @@ See [Multiplex](/configuration/shared/multiplex#outbound) for details.

 #### transport

-V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
+V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport/).

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/trojan.zh.md
+++ b/docs/configuration/outbound/trojan.zh.md
@@ -55,7 +55,7 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#outbound)。

 #### transport

-V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
+V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport/)。

 ### 拨号字段

--- a/docs/configuration/outbound/tuic.md
+++ b/docs/configuration/outbound/tuic.md
@@ -68,7 +68,7 @@ Conflict with `udp_over_stream`.

 #### udp_over_stream

-This is the TUIC port of the [UDP over TCP protocol](/configuration/shared/udp-over-tcp), designed to provide a QUIC
+This is the TUIC port of the [UDP over TCP protocol](/configuration/shared/udp-over-tcp/), designed to provide a QUIC
 stream based UDP relay mode that TUIC does not provide. Since it is an add-on protocol, you will need to use sing-box or
 another program compatible with the protocol as a server.

@@ -93,4 +93,4 @@ TLS configuration, see [TLS](/configuration/shared/tls/#outbound).

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/docs/configuration/outbound/tuic.zh.md
+++ b/docs/configuration/outbound/tuic.zh.md
@@ -66,7 +66,7 @@ UDP 包中继模式

 #### udp_over_stream

-这是 TUIC 的 [UDP over TCP 协议](/configuration/shared/udp-over-tcp) 移植， 旨在提供 TUIC 不提供的 基于 QUIC 流的 UDP 中继模式。 由于它是一个附加协议，因此您需要使用 sing-box 或其他兼容的程序作为服务器。
+这是 TUIC 的 [UDP over TCP 协议](/configuration/shared/udp-over-tcp/) 移植， 旨在提供 TUIC 不提供的 基于 QUIC 流的 UDP 中继模式。 由于它是一个附加协议，因此您需要使用 sing-box 或其他兼容的程序作为服务器。

 此模式在正确的 UDP 代理场景中没有任何积极作用，仅适用于中继流式 UDP 流量（基本上是 QUIC 流）。

--- a/docs/configuration/outbound/vless.md
+++ b/docs/configuration/outbound/vless.md
@@ -75,8 +75,8 @@ See [Multiplex](/configuration/shared/multiplex#outbound) for details.

 #### transport

-V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
+V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport/).

 ### Dial Fields

-See [Dial Fields](/configuration/shared/dial) for details.
+See [Dial Fields](/configuration/shared/dial/) for details.
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
世界	e27fb51b54	Bump version	2024-03-16 12:05:58 +08:00
世界	adc38b26eb	Fix Makefile	2024-03-15 18:06:37 +08:00
世界	7e943e743a	Fix darwin interface monitor	2024-03-15 18:06:37 +08:00
世界	ceffcc0ad2	platform: Improve stop on apple platforms	2024-03-15 18:06:37 +08:00
世界	fdc451f7c6	platform: Fix missing log on apple platforms	2024-03-15 18:06:37 +08:00
世界	b48c471e6a	Add repo release	2024-03-15 18:06:37 +08:00
世界	4b1fabd007	Fix lint workflow	2024-03-13 19:39:59 +08:00
世界	2b5eb1c59e	Add sponsor link to issue template	2024-03-13 19:39:59 +08:00
世界	e2d3862e64	platform: reset network on invalid power events	2024-03-13 19:39:59 +08:00
世界	4f5e7b974d	Fix crash in HTTP proxy server again	2024-03-10 16:53:58 +08:00
世界	21dedddd93	Update dependencies	2024-03-08 23:36:33 +08:00
世界	e02502bec0	Update go 1.20	2024-03-08 23:31:42 +08:00
世界	ba67633ee8	Fix missing source address in inbound logs in QUIC inbounds	2024-03-07 10:47:16 +08:00
世界	7fd9abe802	Bump version	2024-03-05 13:14:38 +08:00
世界	78a5f59202	documentation: Add link to F-Droid	2024-03-05 13:13:31 +08:00
世界	8d0da685d2	Update dependencies	2024-03-02 14:29:28 +08:00
世界	e6644f784e	Fix crash in HTTP proxy server	2024-03-02 14:28:47 +08:00
世界	2b93b74d38	Fix `SO_BINDTOIFINDEX` usage	2024-02-29 13:03:05 +08:00
世界	dd52c26ae1	Don't return error in WireGurad client bind	2024-02-28 15:28:38 +08:00
世界	f288e3898b	Bump version	2024-02-28 15:10:28 +08:00
世界	1bc893a73a	documentation: Update privacy policy to make Play Store happy	2024-02-28 15:10:28 +08:00
世界	7359fdf195	platform: Upgrade NDK to the latest LTS version	2024-02-28 15:10:28 +08:00
世界	02b7041de6	Update dependencies	2024-02-26 22:53:31 +08:00
世界	96ac931b11	Fix network/interface monitor	2024-02-26 22:53:31 +08:00
世界	3077a82650	Fix reproducible builds	2024-02-24 23:19:31 +08:00
世界	de998c5119	Fix docker workflow	2024-02-24 22:49:07 +08:00
世界	d32c30c4b7	documentation: Bump version	2024-02-24 13:20:43 +08:00
世界	4823023806	Remove invalid archlinux packages from release	2024-02-24 13:20:43 +08:00
Aleksandr Razumov	bb355d17b2	Add `riscv64` to platform list in release	2024-02-24 13:20:43 +08:00
hiddify	aaf30bf92b	platform: Fix group update interval not taking effect	2024-02-24 13:20:43 +08:00
hiddify	f8c400cffc	platform: Remove duplicated close	2024-02-24 13:20:43 +08:00
hatune-miku	3c24411e14	documentation: Fix navigation menu	2024-02-24 13:20:42 +08:00
世界	4a44aa3c21	Fix HTTP inbound	2024-02-24 13:20:42 +08:00
世界	8db2ae0c83	Fix documentation	2024-02-24 13:20:42 +08:00
世界	80d1aebcb7	platform: Unify client versions	2024-02-24 13:20:27 +08:00
世界	5583e01c99	platform: Export `NeedWIFIState` for Android	2024-02-18 14:24:21 +08:00
世界	bca0b86549	Copy DNS message struct instead of deep copy	2024-02-10 23:49:09 +08:00
世界	8332878cdc	Fix destination IP CIDR match in DNS	2024-02-10 22:37:42 +08:00
世界	d0ba69ad22	Fix TUN unaligned panic on windows	2024-02-10 21:22:02 +08:00
世界	31b8834427	documentation: Fix description for `with_ech`	2024-02-10 12:01:09 +08:00
renovate[bot]	d0f7a59e9b	[dependencies] Update golang Docker tag to v1.22	2024-02-10 11:54:40 +08:00
renovate[bot]	71e7d517a8	[dependencies] Update github-actions	2024-02-10 11:54:31 +08:00
世界	e6885e9967	platform: Ignore momentary pause on iOS	2024-02-09 13:57:47 +08:00
世界	e2090923db	Bump Go version	2024-02-08 20:31:40 +08:00
世界	46be319976	Fix external controller crash before started	2024-02-08 20:31:40 +08:00
renovate[bot]	b27bc45cf2	[dependencies] Update actions/cache action to v4	2024-02-03 15:08:41 +08:00
世界	3d735281f4	documentation: Bump version	2024-02-02 17:51:40 +08:00
世界	8760a0d94d	Fix android interface monitor	2024-02-02 17:51:40 +08:00
世界	2239b59933	Remove duplicated rules	2024-02-02 14:30:27 +08:00
世界	425a63f59d	Fix rawConn not closed for hy/hy2	2024-02-02 14:30:27 +08:00
世界	b85725c009	urltest: Remember the last choice when there is no valid result	2024-02-02 11:27:36 +08:00
世界	17aebc56c1	Fix UDP DNS response not truncated	2024-02-01 14:43:59 +08:00
Devman	f76b21b02c	Fix mobile build on windows gobind executable name is not exactly `gobind` on windows it's `gobind.exe` Signed-off-by: Devman <85770917+amir-devman@users.noreply.github.com>	2024-02-01 12:07:39 +08:00
kkocdko	704545a2ec	Fix rule description header of `domain_suffix` I read other rule_item_xxx.go files, they are all snake case. This description is showed on dashboard like yacd. Signed-off-by: kkocdko <31189892+kkocdko@users.noreply.github.com>	2024-02-01 10:42:12 +08:00
dyhkwong	dc7b7afc06	Fix loop back detector	2024-02-01 10:41:38 +08:00
世界	e478d3c2dc	Update workflow	2024-01-24 12:21:18 +08:00
世界	c8318058bb	documentation: Bump version	2024-01-23 11:57:28 +08:00
世界	abca2118e7	documentation: Update geosite usage	2024-01-23 11:57:28 +08:00
世界	a8ee41715a	platform: Add service error wrapper for macOS system extension	2024-01-22 19:00:09 +08:00
世界	94f76d6671	Update dependencies	2024-01-22 14:37:21 +08:00
世界	bf6cc8903c	Fix missing write result in TFO open	2024-01-19 11:22:13 +08:00
世界	1b15e1692a	Add sponsor button	2024-01-19 11:22:13 +08:00
世界	017372db25	Fix missing loopback detect	2024-01-19 11:22:12 +08:00
世界	216a0380fe	documentation: Bump version	2024-01-16 05:50:07 +08:00
Noob Zhang	71b9e4ff17	Add network-online.target in .service files This helps the daemon work better on IoT devices like RaspberryPi. According to systemd's documentation, `network.target` means there has already been a network manager started, but the network may not be "up". On most PCs this does not matter because the network will turn to "up" almost immidiately. The IoT devices' network interface may not be set up quickly enough, so they may meet that the sing-box daemon is started before network is ready, which results that sing-box cannot find a working route. The workaround of this is restarting sing-box daemon but it absolutely is not the perfect solution. As `network-online.target` must be triggered by network manager after you configured it, I keep `network.target` so there will be no change to those who do not enabled proper trigger service like `NetworkManager-wait-online.service`. See also: https://systemd.io/NETWORK_ONLINE/	2024-01-16 05:50:07 +08:00
printfer	9b7deb5246	Enhanced light/dark mode support in mkdocs configuration	2024-01-16 05:50:07 +08:00
世界	a850a73e1a	Fix missing upstream func for read wait conn	2024-01-16 05:50:07 +08:00
世界	c4d9be9e0d	Fix rule match	2024-01-14 13:01:57 +08:00
世界	f31c604b3d	documentation: Bump version	2024-01-09 12:22:22 +08:00
世界	4c8a50a52b	Fix TLS conn cast for vision	2024-01-09 12:22:22 +08:00
世界	b326e60998	Update dependencies	2024-01-09 12:22:22 +08:00
世界	11bec79a06	documentation: Bump version	2024-01-05 11:17:49 +08:00
世界	16eff06c37	documentation: remove usages of `category-companies@cn` since merged into `cn`	2024-01-03 12:21:53 +08:00
世界	2911eba236	documentation: Update package managers	2024-01-03 12:21:48 +08:00
世界	2e607118c3	Remove unnecessary context wrappers	2024-01-03 12:21:48 +08:00
世界	89c723e3e4	Improve read wait interface & Refactor Authenticator interface to struct & Update smux & Update gVisor to 20231204.0 & Update quic-go to v0.40.1 & Update wireguard-go & Add GSO support for TUN/WireGuard & Fix router pre-start & Fix bind forwarder to interface for systems stack	2024-01-03 12:21:47 +08:00
世界	35fd9de3ff	Make generated files have `SUDO_USER`'s permissions if possible.	2024-01-03 12:21:47 +08:00
世界	6ddcd3954d	Refactor inbound/outbound options struct	2024-01-03 12:21:47 +08:00
世界	36b0f2e91a	Improve configuration merge	2024-01-03 12:21:47 +08:00
世界	fe053e26b5	Update uTLS to 1.5.4	2024-01-03 12:21:47 +08:00
世界	269434cfe6	Update tfo-go	2024-01-03 12:21:47 +08:00
世界	88495a24dc	Update gomobile and add tag	2024-01-03 12:21:46 +08:00
世界	d131a7c10a	Update cloudflare-tls to go1.21.5	2024-01-03 12:21:46 +08:00
世界	744a5d703b	Make type check strict	2024-01-03 12:21:46 +08:00
世界	09421b6378	Remove comparable limit for Listable	2024-01-03 12:21:46 +08:00
世界	21283b554a	Avoid opening log output before start & Replace tracing logs with task monitor	2024-01-03 12:21:46 +08:00
世界	25810b50c1	Update documentation	2024-01-03 12:21:37 +08:00
世界	f1e3a59db3	Add `idle_timeout` for URLTest outbound	2024-01-03 12:21:37 +08:00
世界	a99deb2cb5	Skip internal fake-ip queries	2024-01-03 12:21:37 +08:00
世界	38d28e0763	Migrate contentjson and badjson to library & Add omitempty in format	2024-01-03 12:21:37 +08:00
世界	e09a94bb9e	Update documentation	2024-01-03 12:21:36 +08:00
世界	a21c5324fd	Independent `source_ip_is_private` and `ip_is_private` rules	2024-01-03 12:21:36 +08:00
世界	4b43acfec0	Add rule-set	2024-01-03 12:21:36 +08:00
世界	7df151e820	Update buffer usage	2024-01-03 12:21:36 +08:00
世界	5948ffb965	Allow nested logical rules	2024-01-03 12:21:36 +08:00
世界	bf4e556f67	Migrate to independent cache file	2024-01-03 12:21:36 +08:00
世界	e3f8567690	documentation: Bump version	2024-01-02 14:31:53 +08:00
世界	40c7f3e170	Fix geoip close	2024-01-02 14:31:23 +08:00
世界	c506255e0f	Fix grpc lite transport encoding	2024-01-01 16:16:58 +08:00
世界	87c6fd4c0f	Fix h2mux request context	2024-01-01 16:15:49 +08:00
世界	19c445d28e	documentation: Bump version	2023-12-29 18:00:40 +08:00
世界	9119a5209b	dcoumentation: Fix description of `cipher_suites`	2023-12-29 18:00:40 +08:00
世界	46c8d6e61f	Fix pprof URL path	2023-12-29 18:00:40 +08:00
世界	ea17c2786d	Update dependencies	2023-12-27 10:37:18 +08:00
世界	12ababd911	Fix mux test	2023-12-27 10:30:19 +08:00
世界	0523845833	Update issue reporting templates Enhanced the issue reporting templates for both English and Chinese versions by adding more structured and comprehensive guideline checkboxes. This aims to ensure contributors provide sufficient and beneficial information for reproducing and resolving issues, thereby improving the quality of reports and making issue tracking more efficient.	2023-12-26 19:05:19 +08:00
renovate[bot]	57794919fa	[dependencies] Update actions/upload-artifact action to v4	2023-12-26 19:04:51 +08:00
世界	f5bb5cf343	Fix missing marshal for `udp_timeout`	2023-12-26 10:52:46 +08:00
世界	3eed614dea	Fix ACME ALPN conflict	2023-12-26 09:02:58 +08:00
世界	76a295a660	Fix missing nil check for URLTest	2023-12-26 09:02:58 +08:00
世界	082e3fb8df	Fix V2Ray transport `path` validation behavior	2023-12-26 09:02:58 +08:00
世界	a0cab4f563	Fix websocket client initialize	2023-12-22 20:38:06 +08:00
世界	aeb7308e81	documentation: Bump version	2023-12-21 15:25:19 +08:00
世界	bb1ebfda83	documentation: Fix link format	2023-12-21 15:24:05 +08:00
世界	c05c798221	Fix missing UDP timeout for QUIC protocols	2023-12-21 15:16:36 +08:00
世界	55b1bcc6a5	Migrate `udp_timeout` from seconds to duration format	2023-12-21 14:50:33 +08:00
世界	d6eddce420	Fix missing handshake timeout for multiplex	2023-12-21 14:21:59 +08:00
世界	4bf057139b	Fix DNS dial context	2023-12-21 14:19:27 +08:00
世界	a1b28b8282	Try to fix HTTP server leak again	2023-12-21 14:16:16 +08:00
世界	d0aaf71770	Fix direct UDP override	2023-12-18 21:48:59 +08:00
世界	2f31202c6b	documentation: Update shadowsocks example Remove the information on password generation for `2022-blake3-aes-128-gcm` cipher from the Server Example section in the shadowsocks.md file as it is no longer needed.	2023-12-14 21:05:41 +08:00
renovate[bot]	e4cc510712	[dependencies] Update github-actions	2023-12-14 15:14:22 +08:00
世界	e329bf6865	Update dependencies	2023-12-14 15:09:03 +08:00