Merge branch 'Alpha' into Meta

2026-02-28 09:39:54 +00:00 · 2024-01-02 15:21:37 +08:00 · 2023-12-03 08:44:30 +08:00 · 2023-11-03 21:59:44 +08:00 · 2023-02-19 01:25:34 +08:00 · 2023-02-19 01:25:01 +08:00
349 changed files with 11533 additions and 12174 deletions
--- a/.github/genReleaseNote.sh
+++ b/.github/genReleaseNote.sh
@@ -1,32 +0,0 @@
-#!/bin/bash
-
-while getopts "v:" opt; do
-  case $opt in
-    v)
-      version_range=$OPTARG
-      ;;
-    \?)
-      echo "Invalid option: -$OPTARG" >&2
-      exit 1
-      ;;
-  esac
-done
-
-if [ -z "$version_range" ]; then
-  echo "Please provide the version range using -v option. Example: ./genReleashNote.sh -v v1.14.1...v1.14.2"
-  exit 1
-fi
-
-echo "## What's Changed" > release.md
-git log --pretty=format:"* %h %s by @%an" --grep="^feat" -i $version_range | sort -f | uniq >> release.md
-echo "" >> release.md
-
-echo "## BUG & Fix" >> release.md
-git log --pretty=format:"* %h %s by @%an" --grep="^fix" -i $version_range | sort -f | uniq >> release.md
-echo "" >> release.md
-
-echo "## Maintenance" >> release.md
-git log --pretty=format:"* %h %s by @%an" --grep="^chore\|^docs\|^refactor" -i $version_range | sort -f | uniq >> release.md
-echo "" >> release.md
-
-echo "**Full Changelog**: https://github.com/MetaCubeX/mihomo/compare/$version_range" >> release.md
--- a/.github/mihomo.service
+++ b/.github/mihomo.service
@@ -1,17 +0,0 @@
-[Unit]
-Description=mihomo Daemon, Another Clash Kernel.
-After=network.target NetworkManager.service systemd-networkd.service iwd.service
-
-[Service]
-Type=simple
-LimitNPROC=500
-LimitNOFILE=1000000
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
-Restart=always
-ExecStartPre=/usr/bin/sleep 2s
-ExecStart=/usr/bin/mihomo -d /etc/mihomo
-ExecReload=/bin/kill -HUP $MAINPID
-
-[Install]
-WantedBy=multi-user.target
--- a/.github/workflows/Delete.yml
+++ b/.github/workflows/Delete.yml
@@ -0,0 +1,16 @@
+name: Delete old workflow runs
+on:
+  schedule:
+    - cron: '0 0 1 * *'
+# Run monthly, at 00:00 on the 1st day of month.
+
+jobs:
+  del_runs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete workflow runs
+        uses: GitRML/delete-workflow-runs@main
+        with:
+          token: ${{ secrets.AUTH_PAT }}
+          repository: ${{ github.repository }}
+          retain_days: 30
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,10 +1,6 @@
 name: Build
 on:
  workflow_dispatch:
-    inputs:
-      version:
-        description: "Tag version to release"
-        required: true
  push:
    paths-ignore:
      - "docs/**"
@@ -17,465 +13,339 @@ on:
  pull_request_target:
    branches:
      - Alpha
+      
 concurrency:
-  group: "${{ github.workflow }}-${{ github.ref }}"
+  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
  
 env:
  REGISTRY: docker.io
 jobs:
-  build:
+  Build:
+    permissions: write-all
    runs-on: ubuntu-latest
    strategy:
+      fail-fast: false
      matrix:
-        jobs:
-          - { goos: darwin, goarch: arm64, output: arm64 }
-          - { goos: darwin, goarch: amd64, goamd64: v1, output: amd64-compatible }
-          - { goos: darwin, goarch: amd64, goamd64: v3, output: amd64 }
-
-          - { goos: linux, goarch: '386', output: '386' }
-          - { goos: linux, goarch: amd64, goamd64: v1, output: amd64-compatible, test: test }
-          - { goos: linux, goarch: amd64, goamd64: v3, output: amd64 }
-          - { goos: linux, goarch: arm64, output: arm64 }
-          - { goos: linux, goarch: arm, goarm: '5', output: armv5 }
-          - { goos: linux, goarch: arm, goarm: '6', output: armv6 }
-          - { goos: linux, goarch: arm, goarm: '7', output: armv7 }
-          - { goos: linux, goarch: mips, gomips: hardfloat, output: mips-hardfloat }
-          - { goos: linux, goarch: mips, gomips: softfloat, output: mips-softfloat }
-          - { goos: linux, goarch: mipsle, gomips: hardfloat, output: mipsle-hardfloat }
-          - { goos: linux, goarch: mipsle, gomips: softfloat, output: mipsle-softfloat }
-          - { goos: linux, goarch: mips64, output: mips64 }
-          - { goos: linux, goarch: mips64le, output: mips64le }
-          - { goos: linux, goarch: loong64, output: loong64-abi1, abi: '1' }
-          - { goos: linux, goarch: loong64, output: loong64-abi2, abi: '2' }
-          - { goos: linux, goarch: riscv64, output: riscv64 }
-          - { goos: linux, goarch: s390x, output: s390x }
-
-          - { goos: windows, goarch: '386', output: '386' }
-          - { goos: windows, goarch: amd64, goamd64: v1, output: amd64-compatible }
-          - { goos: windows, goarch: amd64, goamd64: v3, output: amd64 }
-          - { goos: windows, goarch: arm, goarm: '7', output: armv7 }
-          - { goos: windows, goarch: arm64, output: arm64 }
-
-          - { goos: freebsd, goarch: '386', output: '386' }
-          - { goos: freebsd, goarch: amd64, goamd64: v1, output: amd64-compatible }
-          - { goos: freebsd, goarch: amd64, goamd64: v3, output: amd64 }
-          - { goos: freebsd, goarch: arm64, output: arm64 }
-
-          - { goos: android, goarch: '386', ndk: i686-linux-android34, output: '386' }
-          - { goos: android, goarch: amd64, ndk: x86_64-linux-android34, output: amd64 }
-          - { goos: android, goarch: arm, ndk: armv7a-linux-androideabi34, output: armv7 }
-          - { goos: android, goarch: arm64, ndk: aarch64-linux-android34, output: arm64-v8 }
-
-          # Go 1.22 with special patch can work on Windows 7
-          # https://github.com/MetaCubeX/go/commits/release-branch.go1.22/
-          - { goos: windows, goarch: '386', output: '386-go122', goversion: '1.22' }
-          - { goos: windows, goarch: amd64, goamd64: v1, output: amd64-compatible-go122, goversion: '1.22' }
-          - { goos: windows, goarch: amd64, goamd64: v3, output: amd64-go122, goversion: '1.22' }
-
-          # Go 1.21 can revert commit `9e4385` to work on Windows 7
-          # https://github.com/golang/go/issues/64622#issuecomment-1847475161
-          # (OR we can just use golang1.21.4 which unneeded any patch)
-          - { goos: windows, goarch: '386', output: '386-go121', goversion: '1.21' }
-          - { goos: windows, goarch: amd64, goamd64: v1, output: amd64-compatible-go121, goversion: '1.21' }
-          - { goos: windows, goarch: amd64, goamd64: v3, output: amd64-go121, goversion: '1.21' }
-
-          # Go 1.20 is the last release that will run on any release of Windows 7, 8, Server 2008 and Server 2012. Go 1.21 will require at least Windows 10 or Server 2016.
-          - { goos: windows, goarch: '386', output: '386-go120', goversion: '1.20' }
-          - { goos: windows, goarch: amd64, goamd64: v1, output: amd64-compatible-go120, goversion: '1.20' }
-          - { goos: windows, goarch: amd64, goamd64: v3, output: amd64-go120, goversion: '1.20' }
-
-          # Go 1.22 is the last release that will run on macOS 10.15 Catalina. Go 1.23 will require macOS 11 Big Sur or later.
-          - { goos: darwin, goarch: arm64, output: arm64-go122, goversion: '1.22' }
-          - { goos: darwin, goarch: amd64, goamd64: v1, output: amd64-compatible-go122, goversion: '1.22' }
-          - { goos: darwin, goarch: amd64, goamd64: v3, output: amd64-go122, goversion: '1.22' }
-
-          # Go 1.20 is the last release that will run on macOS 10.13 High Sierra or 10.14 Mojave. Go 1.21 will require macOS 10.15 Catalina or later.
-          - { goos: darwin, goarch: arm64, output: arm64-go120, goversion: '1.20' }
-          - { goos: darwin, goarch: amd64, goamd64: v1, output: amd64-compatible-go120, goversion: '1.20' }
-          - { goos: darwin, goarch: amd64, goamd64: v3, output: amd64-go120, goversion: '1.20' }
-
+        job:
+          - {
+              type: "WithoutCGO",
+              target: "linux-amd64 linux-amd64-compatible",
+              id: "1",
+            }
+          - {
+              type: "WithoutCGO",
+              target: "linux-armv5 linux-armv6 linux-armv7",
+              id: "2",
+            }
+          - {
+              type: "WithoutCGO",
+              target: "linux-arm64 linux-mips64 linux-mips64le",
+              id: "3",
+            }
+          - {
+              type: "WithoutCGO",
+              target: "linux-mips-softfloat linux-mips-hardfloat linux-mipsle-softfloat linux-mipsle-hardfloat",
+              id: "4",
+            }
+          - { type: "WithoutCGO", target: "linux-386 linux-riscv64 linux-loong64", id: "5" }
+          - {
+              type: "WithoutCGO",
+              target: "freebsd-386 freebsd-amd64 freebsd-arm64",
+              id: "6",
+            }
+          - {
+              type: "WithoutCGO",
+              target: "windows-amd64-compatible windows-amd64 windows-386",
+              id: "7",
+            }
+          - {
+              type: "WithoutCGO",
+              target: "windows-arm64 windows-arm32v7",
+              id: "8",
+            }
+          - {
+              type: "WithoutCGO",
+              target: "darwin-amd64 darwin-arm64 android-arm64",
+              id: "9",
+            }
          # only for test
-          - { goos: linux, goarch: '386', output: '386-go120', goversion: '1.20' }
-          - { goos: linux, goarch: amd64, goamd64: v1, output: amd64-compatible-go120, goversion: '1.20', test: test }
-          - { goos: linux, goarch: amd64, goamd64: v3, output: amd64-go120, goversion: '1.20' }
+          - { type: "WithoutCGO-GO120", target: "linux-amd64 linux-amd64-compatible",id: "1" }
+          # Go 1.20 is the last release that will run on any release of Windows 7, 8, Server 2008 and Server 2012. Go 1.21 will require at least Windows 10 or Server 2016.
+          - { type: "WithoutCGO-GO120", target: "windows-amd64-compatible windows-amd64 windows-386",id: "2" }
+          # Go 1.20 is the last release that will run on macOS 10.13 High Sierra or 10.14 Mojave. Go 1.21 will require macOS 10.15 Catalina or later.
+          - { type: "WithoutCGO-GO120", target: "darwin-amd64 darwin-arm64 android-arm64",id: "3" }
+#          - { type: "WithCGO", target: "windows/*", id: "1" }
+#          - { type: "WithCGO", target: "linux/386", id: "2" }
+#          - { type: "WithCGO", target: "linux/amd64", id: "3" }
+#          - { type: "WithCGO", target: "linux/arm64,linux/riscv64", id: "4" }
+#          - { type: "WithCGO", target: "linux/arm,", id: "5" }
+#          - { type: "WithCGO", target: "linux/arm-6,linux/arm-7", id: "6" }
+#          - { type: "WithCGO", target: "linux/mips,linux/mipsle", id: "7" }
+#          - { type: "WithCGO", target: "linux/mips64", id: "8" }
+#          - { type: "WithCGO", target: "linux/mips64le", id: "9" }
+#          - { type: "WithCGO", target: "darwin-10.16/*", id: "10" }
+#          - { type: "WithCGO", target: "android", id: "11" }

    steps:
-    - uses: actions/checkout@v4
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3

-    - name: Set up Go
-      if: ${{ matrix.jobs.goversion == '' && matrix.jobs.abi != '1' }}
-      uses: actions/setup-go@v5
-      with:
-        go-version: '1.23'
+      - name: Set variables
+        run: echo "VERSION=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+        shell: bash

-    - name: Set up Go
-      if: ${{ matrix.jobs.goversion != '' && matrix.jobs.abi != '1' }}
-      uses: actions/setup-go@v5
-      with:
-        go-version: ${{ matrix.jobs.goversion }}
+      - name: Set variables
+        if: ${{github.ref_name=='Alpha'}}
+        run: echo "VERSION=alpha-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+        shell: bash

-    - name: Set up Go1.23 loongarch abi1
-      if: ${{ matrix.jobs.goarch == 'loong64' && matrix.jobs.abi == '1' }}
-      run: |
-        wget -q https://github.com/MetaCubeX/loongarch64-golang/releases/download/1.23.0/go1.23.0.linux-amd64-abi1.tar.gz
-        sudo tar zxf go1.23.0.linux-amd64-abi1.tar.gz -C /usr/local
-        echo "/usr/local/go/bin" >> $GITHUB_PATH
+      - name: Set variables
+        if: ${{github.ref_name=='Beta'}}
+        run: echo "VERSION=beta-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+        shell: bash

-      # modify from https://github.com/restic/restic/issues/4636#issuecomment-1896455557
-      # this patch file only works on golang1.23.x
-      # that means after golang1.24 release it must be changed
-      # see: https://github.com/MetaCubeX/go/commits/release-branch.go1.23/
-      # revert:
-      # 693def151adff1af707d82d28f55dba81ceb08e1: "crypto/rand,runtime: switch RtlGenRandom for ProcessPrng"
-      # 7c1157f9544922e96945196b47b95664b1e39108: "net: remove sysSocket fallback for Windows 7"
-      # 48042aa09c2f878c4faa576948b07fe625c4707a: "syscall: remove Windows 7 console handle workaround"
-      # a17d959debdb04cd550016a3501dd09d50cd62e7: "runtime: always use LoadLibraryEx to load system libraries"
-    - name: Revert Golang1.23 commit for Windows7/8
-      if: ${{ matrix.jobs.goos == 'windows' && matrix.jobs.goversion == '' }}
-      run: |
-        cd $(go env GOROOT)
-        curl https://github.com/MetaCubeX/go/commit/9ac42137ef6730e8b7daca016ece831297a1d75b.diff | patch --verbose -p 1
-        curl https://github.com/MetaCubeX/go/commit/21290de8a4c91408de7c2b5b68757b1e90af49dd.diff | patch --verbose -p 1
-        curl https://github.com/MetaCubeX/go/commit/6a31d3fa8e47ddabc10bd97bff10d9a85f4cfb76.diff | patch --verbose -p 1
-        curl https://github.com/MetaCubeX/go/commit/69e2eed6dd0f6d815ebf15797761c13f31213dd6.diff | patch --verbose -p 1
+      - name: Set variables
+        if: ${{github.ref_name=='Meta'}}
+        run: echo "VERSION=meta-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+        shell: bash

-      # modify from https://github.com/restic/restic/issues/4636#issuecomment-1896455557
-      # this patch file only works on golang1.22.x
-      # that means after golang1.23 release it must be changed
-      # see: https://github.com/MetaCubeX/go/commits/release-branch.go1.22/
-      # revert:
-      # 693def151adff1af707d82d28f55dba81ceb08e1: "crypto/rand,runtime: switch RtlGenRandom for ProcessPrng"
-      # 7c1157f9544922e96945196b47b95664b1e39108: "net: remove sysSocket fallback for Windows 7"
-      # 48042aa09c2f878c4faa576948b07fe625c4707a: "syscall: remove Windows 7 console handle workaround"
-      # a17d959debdb04cd550016a3501dd09d50cd62e7: "runtime: always use LoadLibraryEx to load system libraries"
-    - name: Revert Golang1.22 commit for Windows7/8
-      if: ${{ matrix.jobs.goos == 'windows' && matrix.jobs.goversion == '1.22' }}
-      run: |
-        cd $(go env GOROOT)
-        curl https://github.com/MetaCubeX/go/commit/9779155f18b6556a034f7bb79fb7fb2aad1e26a9.diff | patch --verbose -p 1
-        curl https://github.com/MetaCubeX/go/commit/ef0606261340e608017860b423ffae5c1ce78239.diff | patch --verbose -p 1
-        curl https://github.com/MetaCubeX/go/commit/7f83badcb925a7e743188041cb6e561fc9b5b642.diff | patch --verbose -p 1
-        curl https://github.com/MetaCubeX/go/commit/83ff9782e024cb328b690cbf0da4e7848a327f4f.diff | patch --verbose -p 1
+      - name: Set variables
+        if: ${{github.ref_name=='' || github.ref_type=='tag'}}
+        run: echo "VERSION=$(git describe --tags)" >> $GITHUB_ENV
+        shell: bash

-      # modify from https://github.com/restic/restic/issues/4636#issuecomment-1896455557
-    - name: Revert Golang1.21 commit for Windows7/8
-      if: ${{ matrix.jobs.goos == 'windows' && matrix.jobs.goversion == '1.21' }}
-      run: |
-        cd $(go env GOROOT)
-        curl https://github.com/golang/go/commit/9e43850a3298a9b8b1162ba0033d4c53f8637571.diff | patch --verbose -R -p 1
+      - name: Set ENV
+        run: |
+          sudo timedatectl set-timezone "Asia/Shanghai"
+          echo "BUILDTIME=$(date)" >> $GITHUB_ENV
+        shell: bash

-    - name: Set variables
-      if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.version != '' }}
-      run: echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
-      shell: bash
+      - name: Set ENV
+        run: |
+          echo "TAGS=with_gvisor,with_lwip" >> $GITHUB_ENV
+          echo "LDFLAGS=-X 'github.com/metacubex/mihomo/constant.Version=${VERSION}' -X 'github.com/metacubex/mihomo/constant.BuildTime=${BUILDTIME}' -w -s -buildid=" >> $GITHUB_ENV
+          echo "GOTOOLCHAIN=local" >> $GITHUB_ENV
+        shell: bash

-    - name: Set variables
-      if: ${{ github.event_name != 'workflow_dispatch' && github.ref_name == 'Alpha' }}
-      run: echo "VERSION=alpha-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
-      shell: bash
+      - name: Setup Go
+        if: ${{ matrix.job.type!='WithoutCGO-GO120' }}
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.21"
+          check-latest: true

-    - name: Set Time Variable
-      run: |
-        echo "BUILDTIME=$(date)" >> $GITHUB_ENV
-        echo "CGO_ENABLED=0" >> $GITHUB_ENV
-        echo "BUILDTAG=-extldflags --static" >> $GITHUB_ENV
-        echo "GOTOOLCHAIN=local" >> $GITHUB_ENV
+      - name: Setup Go
+        if: ${{ matrix.job.type=='WithoutCGO-GO120' }}
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.20"
+          check-latest: true

-    - name: Setup NDK
-      if: ${{ matrix.jobs.goos == 'android' }}
-      uses: nttld/setup-ndk@v1
-      id: setup-ndk
-      with:
-        ndk-version: r28-beta1
+      - name: Test
+        if: ${{ matrix.job.id=='1' && matrix.job.type!='WithCGO' }}
+        run: |
+          go test ./...

-    - name: Set NDK path
-      if: ${{ matrix.jobs.goos == 'android' }}
-      run: |
-        echo "CC=${{steps.setup-ndk.outputs.ndk-path}}/toolchains/llvm/prebuilt/linux-x86_64/bin/${{matrix.jobs.ndk}}-clang" >> $GITHUB_ENV
-        echo "CGO_ENABLED=1" >> $GITHUB_ENV
-        echo "BUILDTAG=" >> $GITHUB_ENV
+      - name: Build WithoutCGO
+        if: ${{ matrix.job.type!='WithCGO' }}
+        env:
+          NAME: mihomo
+          BINDIR: bin
+        run: make -j$(($(nproc) + 1)) ${{ matrix.job.target }}

-    - name: Test
-      if: ${{ matrix.jobs.test == 'test' }}
-      run: |
-        go test ./...
-        echo "---test with_gvisor---"
-        go test ./... -tags "with_gvisor" -count=1
+      - uses: nttld/setup-ndk@v1
+        if: ${{ matrix.job.type=='WithCGO' && matrix.job.target=='android' }}
+        id: setup-ndk
+        with:
+          ndk-version: r26b
+          add-to-path: true

-    - name: Update CA
-      run: |
-        sudo apt-get install ca-certificates
-        sudo update-ca-certificates
-        cp -f /etc/ssl/certs/ca-certificates.crt component/ca/ca-certificates.crt
+      - name: Build Android
+        if: ${{ matrix.job.type=='WithCGO' && matrix.job.target=='android' }}
+        env:
+          ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }}
+        run: |
+          mkdir bin
+          CC=${ANDROID_NDK_HOME}/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android33-clang
+          CGO_ENABLED=1 CC=${CC} GOARCH=arm64 GOOS=android go build -tags ${TAGS} -trimpath -ldflags "${LDFLAGS}" -o bin/${NAME}-android-arm64

-    - name: Build core
-      env:
-        GOOS: ${{matrix.jobs.goos}}
-        GOARCH: ${{matrix.jobs.goarch}}
-        GOAMD64: ${{matrix.jobs.goamd64}}
-        GOARM: ${{matrix.jobs.goarm}}
-        GOMIPS: ${{matrix.jobs.gomips}}
-      run: |
-        go env
-        go build -v -tags "with_gvisor" -trimpath -ldflags "${BUILDTAG} -X 'github.com/metacubex/mihomo/constant.Version=${VERSION}' -X 'github.com/metacubex/mihomo/constant.BuildTime=${BUILDTIME}' -w -s -buildid="
-        if [ "${{matrix.jobs.goos}}" = "windows" ]; then
-          cp mihomo.exe mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}.exe
-          zip -r mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}.zip mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}.exe
-        else
-          cp mihomo mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}
-          gzip -c mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}} > mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}.gz
-          rm mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}
-        fi
+      - name: Set up xgo
+        if: ${{ matrix.job.type=='WithCGO' && matrix.job.target!='android' }}
+        run: |
+          docker pull techknowlogick/xgo:latest
+          go install src.techknowlogick.com/xgo@latest

-    - name: Create DEB package
-      if: ${{ matrix.jobs.goos == 'linux' && !contains(matrix.jobs.goarch, 'mips') }}
-      run: |
-        sudo apt-get install dpkg
-        if [ "${{matrix.jobs.abi}}" = "1" ]; then
-          ARCH=loongarch64
-        elif [ "${{matrix.jobs.goarm}}" = "7" ]; then
-          ARCH=armhf
-        elif [ "${{matrix.jobs.goarch}}" = "arm" ]; then
-          ARCH=armel
-        else
-          ARCH=${{matrix.jobs.goarch}}
-        fi
-        PackageVersion=$(curl -s "https://api.github.com/repos/MetaCubeX/mihomo/releases/latest" | grep -o '"tag_name": "[^"]*' | grep -o '[^"]*$' | sed 's/v//g' )
-        if [ $(git branch | awk -F ' ' '{print $2}') = "Alpha" ]; then
-          PackageVersion="$(echo "${PackageVersion}" | awk -F '.' '{$NF = $NF + 1; print}' OFS='.')-${VERSION}"
-        fi
+      - name: Build by xgo
+        if: ${{ matrix.job.type=='WithCGO' && matrix.job.target!='android' }}
+        env:
+          ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }}
+        run: |
+          mkdir bin
+          xgo --targets="${{ matrix.job.target }}" --tags="${TAGS}" -ldflags="${LDFLAGS}" --out bin/${NAME} ./

-        mkdir -p mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}/DEBIAN
-        mkdir -p mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}/usr/bin
-        mkdir -p mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}/etc/mihomo
-        mkdir -p mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}/etc/systemd/system/
-        mkdir -p mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}/usr/share/licenses/mihomo
+      - name: Rename
+        if: ${{ matrix.job.type=='WithCGO' }}
+        run: |
+          cd bin
+          ls -la
+          cp ../.github/rename-cgo.sh ./
+          bash ./rename-cgo.sh
+          rm ./rename-cgo.sh
+          ls -la
+          cd ..

-        cp mihomo mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}/usr/bin/mihomo
-        cp LICENSE mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}/usr/share/licenses/mihomo/
-        cp .github/mihomo.service mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}/etc/systemd/system/
+      - name: Rename
+        if: ${{ matrix.job.type=='WithoutCGO-GO120' }}
+        run: |
+          cd bin
+          ls -la
+          cp ../.github/rename-go120.sh ./
+          bash ./rename-go120.sh
+          rm ./rename-go120.sh
+          ls -la
+          cd ..

-        cat > mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}/etc/mihomo/config.yaml <<EOF
-        mixed-port: 7890
-        external-controller: 127.0.0.1:9090
-        EOF
+      - name: Zip
+        if: ${{  success() }}
+        run: |
+          cd bin
+          ls -la
+          chmod +x *
+          cp ../.github/release.sh ./
+          bash ./release.sh
+          rm ./release.sh
+          ls -la
+          cd ..

-        cat > mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}/DEBIAN/control <<EOF
-        Package: mihomo
-        Version: ${PackageVersion}
-        Section:
-        Priority: extra
-        Architecture: ${ARCH}
-        Maintainer: MetaCubeX <none@example.com>
-        Homepage: https://wiki.metacubex.one/
-        Description: The universal proxy platform.
-        EOF
+      - name: Save version
+        run: echo ${VERSION} > bin/version.txt
+        shell: bash

-        dpkg-deb -Z gzip --build mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}
-
-    - name: Convert DEB to RPM
-      if: ${{ matrix.jobs.goos == 'linux' && !contains(matrix.jobs.goarch, 'mips') }}
-      run: |
-        sudo apt-get install -y alien
-        alien --to-rpm --scripts mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}.deb
-        mv mihomo*.rpm mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}.rpm
-
-    # - name: Convert DEB to PKG
-    #   if: ${{ matrix.jobs.goos == 'linux' && !contains(matrix.jobs.goarch, 'mips') && !contains(matrix.jobs.goarch, 'loong64') }}
-    #   run: |
-    #     docker pull archlinux
-    #     docker run --rm -v ./:/mnt archlinux bash -c "
-    #       pacman -Syu pkgfile base-devel --noconfirm
-    #       curl -L https://github.com/helixarch/debtap/raw/master/debtap > /usr/bin/debtap
-    #       chmod 755 /usr/bin/debtap
-    #       debtap -u 
-    #       debtap -Q /mnt/mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}.deb
-    #     "
-    #     mv mihomo*.pkg.tar.zst mihomo-${{matrix.jobs.goos}}-${{matrix.jobs.output}}-${VERSION}.pkg.tar.zst
-
-    - name: Save version
-      run: |
-        echo ${VERSION} > version.txt
-      shell: bash
-
-    - name: Archive production artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "${{ matrix.jobs.goos }}-${{ matrix.jobs.output }}"
-        path: |
-          mihomo*.gz
-          mihomo*.deb
-          mihomo*.rpm
-          mihomo*.zip
-          version.txt
+      - uses: actions/upload-artifact@v3
+        if: ${{  success() }}
+        with:
+          name: artifact
+          path: bin/

  Upload-Prerelease:
    permissions: write-all
-    if: ${{ github.event_name != 'workflow_dispatch' && github.ref_type == 'branch' && !startsWith(github.event_name, 'pull_request') }}
-    needs: [build]
+    if: ${{ github.ref_type == 'branch' && !startsWith(github.event_name, 'pull_request') }}
+    needs: [Build]
    runs-on: ubuntu-latest
    steps:
-    - name: Download all workflow run artifacts
-      uses: actions/download-artifact@v4
-      with:
-        path: bin/
-        merge-multiple: true
-
-    - name: Delete current release assets
-      uses: 8Mi-Tech/delete-release-assets-action@main
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        tag: Prerelease-${{ github.ref_name }}
-        deleteOnlyFromDrafts: false
-    - name: Set Env
-      run: |
-        echo "BUILDTIME=$(TZ=Asia/Shanghai date)" >> $GITHUB_ENV
-      shell: bash
-
-    - name: Tag Repo
-      uses: richardsimko/update-tag@v1
-      with:
-        tag_name: Prerelease-${{ github.ref_name }}
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      
-    - run: |
-        cat > release.txt << 'EOF'
-        Release created at  ${{ env.BUILDTIME }}
-        Synchronize ${{ github.ref_name }} branch code updates, keeping only the latest version
-        <br>
-        [我应该下载哪个文件? / Which file should I download?](https://github.com/MetaCubeX/mihomo/wiki/FAQ)
-        [二进制文件筛选 / Binary file selector](https://metacubex.github.io/Meta-Docs/startup/#_1)
-        [查看文档 / Docs](https://metacubex.github.io/Meta-Docs/)
-        EOF
-
-    - name: Upload Prerelease
-      uses: softprops/action-gh-release@v1
-      if: ${{  success() }}
-      with:
-        tag_name: Prerelease-${{ github.ref_name }}
-        files: |
-          bin/*
-        prerelease: true
-        generate_release_notes: true
-        body_path: release.txt
-
-  Upload-Release:
-    permissions: write-all
-    if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.version != '' }}
-    needs: [build]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          ref: Meta
-          fetch-depth: '0'
-          fetch-tags: 'true'
-
-      - name: Get tags
-        run: |
-          echo "CURRENTVERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
-          git fetch --tags
-          echo "PREVERSION=$(git describe --tags --abbrev=0 HEAD)" >> $GITHUB_ENV
-
-      - name: Force push Alpha branch to Meta
-        run: |
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-          git config --global user.name "github-actions[bot]"
-          git fetch origin Alpha:Alpha
-          git push origin Alpha:Meta --force
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Tag the commit on Alpha
-        run: |
-          git checkout Alpha 
-          git tag ${{ github.event.inputs.version }}
-          git push origin ${{ github.event.inputs.version }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Generate release notes
-        run: |
-            cp ./.github/genReleaseNote.sh ./
-            bash ./genReleaseNote.sh -v ${PREVERSION}...${CURRENTVERSION}
-            rm ./genReleaseNote.sh
-  
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
        with:
+          name: artifact
          path: bin/
-          merge-multiple: true
-  
+
      - name: Display structure of downloaded files
        run: ls -R
        working-directory: bin
-  
-      - name: Upload Release
-        uses: softprops/action-gh-release@v2
-        if: ${{ success() }}
+
+      - name: Delete current release assets
+        uses: 8Mi-Tech/delete-release-assets-action@main
        with:
-          tag_name: ${{ github.event.inputs.version }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: Prerelease-${{ github.ref_name }}
+          deleteOnlyFromDrafts: false
+
+      - name: Set Env
+        run: |
+          echo "BUILDTIME=$(TZ=Asia/Shanghai date)" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Tag Repo
+        uses: richardsimko/update-tag@v1.0.6
+        with:
+          tag_name: Prerelease-${{ github.ref_name }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - run: |
+          cat > release.txt << 'EOF'
+          Release created at  ${{ env.BUILDTIME }}
+          Synchronize ${{ github.ref_name }} branch code updates, keeping only the latest version
+          <br>
+          [我应该下载哪个文件? / Which file should I download?](https://github.com/MetaCubeX/mihomo/wiki/FAQ)
+          [查看文档 / Docs](https://metacubex.github.io/Meta-Docs/)
+          EOF
+
+      - name: Upload Prerelease
+        uses: softprops/action-gh-release@v1
+        if: ${{  success() }}
+        with:
+          tag_name: Prerelease-${{ github.ref_name }}
+          files: |
+            bin/*
+          prerelease: true
+          generate_release_notes: true
+          body_path: release.txt
+
+  Upload-Release:
+    permissions: write-all
+    if: ${{ github.ref_type=='tag' }}
+    needs: [Build]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: artifact
+          path: bin/
+
+      - name: Display structure of downloaded files
+        run: ls -R
+        working-directory: bin
+
+      - name: Upload Release
+        uses: softprops/action-gh-release@v1
+        if: ${{  success() }}
+        with:
+          tag_name: ${{ github.ref_name }}
          files: bin/*
-          body_path: release.md
+          generate_release_notes: true

  Docker:
    if: ${{ !startsWith(github.event_name, 'pull_request') }}
    permissions: write-all
-    needs: [build]
+    needs: [Build]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0

-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
        with:
+          name: artifact
          path: bin/
-          merge-multiple: true

      - name: Display structure of downloaded files
        run: ls -R
        working-directory: bin

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v2

      - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
        with:
          version: latest
-      
+
      # Extract metadata (tags, labels) for Docker
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
-        if: ${{ github.event_name != 'workflow_dispatch' }}
-        id: meta_alpha
-        uses: docker/metadata-action@v5
+        id: meta
+        uses: docker/metadata-action@v4
        with:
-          images: '${{ env.REGISTRY }}/${{ github.repository }}'
-      
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
-      - name: Extract Docker metadata
-        if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.version != '' }}
-        id: meta_release
-        uses: docker/metadata-action@v5
-        with:
-          images: '${{ env.REGISTRY }}/${{ github.repository }}'
-          tags: |
-            ${{ github.event.inputs.version }}
-          flavor: |
-            latest=true
-          labels: org.opencontainers.image.version=${{ github.event.inputs.version }}
-      
+          images: ${{ env.REGISTRY }}/${{ github.repository }}
+
      - name: Show files
        run: |
          ls .
          ls bin/
-      
+
      - name: login to docker REGISTRY
        uses: docker/login-action@v3
        with:
@@ -486,7 +356,7 @@ jobs:
      # Build and push Docker image with Buildx (don't push on PR)
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
-        if: ${{ github.event_name != 'workflow_dispatch' }}
+        id: build-and-push
        uses: docker/build-push-action@v5
        with:
          context: .
@@ -497,20 +367,5 @@ jobs:
            linux/amd64
            linux/arm64
            linux/arm/v7
-          tags: ${{ steps.meta_alpha.outputs.tags }}
-          labels: ${{ steps.meta_alpha.outputs.labels }}
-      
-      - name: Build and push Docker image
-        if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.version != '' }}
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ./Dockerfile
-          push: ${{ github.event_name != 'pull_request' }}
-          platforms: |
-            linux/386
-            linux/amd64
-            linux/arm64
-            linux/arm/v7
-          tags: ${{ steps.meta_release.outputs.tags }}
-          labels: ${{ steps.meta_release.outputs.labels }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/trigger-cmfa-update.yml
+++ b/.github/workflows/trigger-cmfa-update.yml
@@ -15,7 +15,7 @@ on:
      - Alpha
      
 jobs:
-  # Send "core-updated" to MetaCubeX/ClashMetaForAndroid to trigger update-dependencies
+  # Send "core-updated" to MetaCubeX/MihomoForAndroid to trigger update-dependencies
  trigger-CMFA-update:
    runs-on: ubuntu-latest
    steps:
@@ -27,7 +27,7 @@ jobs:
      
      - name: Trigger update-dependencies
        run: |
-          curl -X POST https://api.github.com/repos/MetaCubeX/ClashMetaForAndroid/dispatches \
+          curl -X POST https://api.github.com/repos/MetaCubeX/MihomoForAndroid/dispatches \
            -H "Accept: application/vnd.github.everest-preview+json" \
            -H "Authorization: token ${{ steps.generate-token.outputs.token }}" \
-            -d '{"event_type": "core-updated"}'
+            -d '{"event_type": "core-updated"}'
--- a/5
+++ b/5
@@ -12,8 +12,8 @@ COPY docker/file-name.sh /mihomo/file-name.sh
 WORKDIR /mihomo
 COPY bin/ bin/
 RUN FILE_NAME=`sh file-name.sh` && echo $FILE_NAME && \
-    FILE_NAME=`ls bin/ | egrep "$FILE_NAME.gz"|awk NR==1` && echo $FILE_NAME && \
-    mv bin/$FILE_NAME mihomo.gz && gzip -d mihomo.gz && chmod +x mihomo && echo "$FILE_NAME" > /mihomo-config/test
+    FILE_NAME=`ls bin/ | egrep "$FILE_NAME.*"|awk NR==1` && echo $FILE_NAME && \
+    mv bin/$FILE_NAME mihomo.gz && gzip -d mihomo.gz && echo "$FILE_NAME" > /mihomo-config/test
 FROM alpine:latest
 LABEL org.opencontainers.image.source="https://github.com/MetaCubeX/mihomo"

@@ -23,4 +23,5 @@ VOLUME ["/root/.config/mihomo/"]

 COPY --from=builder /mihomo-config/ /root/.config/mihomo/
 COPY --from=builder /mihomo/mihomo /mihomo
+RUN chmod +x /mihomo
 ENTRYPOINT [ "/mihomo" ]
--- a/5
+++ b/5
@@ -17,7 +17,6 @@ GOBUILD=CGO_ENABLED=0 go build -tags with_gvisor -trimpath -ldflags '-X "github.
 		-w -s -buildid='

 PLATFORM_LIST = \
-	darwin-amd64-compatible \
 	darwin-amd64 \
 	darwin-arm64 \
 	linux-amd64-compatible \
@@ -163,3 +162,7 @@ clean:
 CLANG ?= clang-14
 CFLAGS := -O2 -g -Wall -Werror $(CFLAGS)

+ebpf: export BPF_CLANG := $(CLANG)
+ebpf: export BPF_CFLAGS := $(CFLAGS)
+ebpf:
+	cd component/ebpf/ && go generate ./...
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@
  <a href="https://goreportcard.com/report/github.com/MetaCubeX/mihomo">
    <img src="https://goreportcard.com/badge/github.com/MetaCubeX/mihomo?style=flat-square">
  </a>
-  <img src="https://img.shields.io/github/go-mod/go-version/MetaCubeX/mihomo/Alpha?style=flat-square">
+  <img src="https://img.shields.io/github/go-mod/go-version/MetaCubeX/mihomo?style=flat-square">
  <a href="https://github.com/MetaCubeX/mihomo/releases">
    <img src="https://img.shields.io/github/release/MetaCubeX/mihomo/all.svg?style=flat-square">
  </a>
@@ -98,3 +98,4 @@ API.

 This software is released under the GPL-3.0 license.

+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2FMetaCubeX%2Fmihomo.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2FMetaCubeX%2Fmihomo?ref=badge_large)
--- a/adapter/adapter.go
+++ b/adapter/adapter.go
@@ -2,24 +2,21 @@ package adapter

 import (
 	"context"
-	"crypto/tls"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"net/netip"
 	"net/url"
 	"strconv"
-	"strings"
 	"time"

 	"github.com/metacubex/mihomo/common/atomic"
 	"github.com/metacubex/mihomo/common/queue"
 	"github.com/metacubex/mihomo/common/utils"
-	"github.com/metacubex/mihomo/component/ca"
 	"github.com/metacubex/mihomo/component/dialer"
 	C "github.com/metacubex/mihomo/constant"
-	"github.com/metacubex/mihomo/log"
 	"github.com/puzpuzpuz/xsync/v3"
 )

@@ -41,11 +38,6 @@ type Proxy struct {
 	extra   *xsync.MapOf[string, *internalProxyState]
 }

-// Adapter implements C.Proxy
-func (p *Proxy) Adapter() C.ProxyAdapter {
-	return p.ProxyAdapter
-}
-
 // AliveForTestUrl implements C.Proxy
 func (p *Proxy) AliveForTestUrl(url string) bool {
 	if state, ok := p.extra.Load(url); ok {
@@ -163,25 +155,14 @@ func (p *Proxy) MarshalJSON() ([]byte, error) {
 	mapping["alive"] = p.alive.Load()
 	mapping["name"] = p.Name()
 	mapping["udp"] = p.SupportUDP()
-	mapping["uot"] = p.SupportUOT()
-
-	proxyInfo := p.ProxyInfo()
-	mapping["xudp"] = proxyInfo.XUDP
-	mapping["tfo"] = proxyInfo.TFO
-	mapping["mptcp"] = proxyInfo.MPTCP
-	mapping["smux"] = proxyInfo.SMUX
-	mapping["interface"] = proxyInfo.Interface
-	mapping["dialer-proxy"] = proxyInfo.DialerProxy
-	mapping["routing-mark"] = proxyInfo.RoutingMark
-
+	mapping["xudp"] = p.SupportXUDP()
+	mapping["tfo"] = p.SupportTFO()
 	return json.Marshal(mapping)
 }

 // URLTest get the delay for the specified URL
 // implements C.Proxy
 func (p *Proxy) URLTest(ctx context.Context, url string, expectedStatus utils.IntRanges[uint16]) (t uint16, err error) {
-	var satisfied bool
-
 	defer func() {
 		alive := err == nil
 		record := C.DelayHistory{Time: time.Now()}
@@ -204,11 +185,6 @@ func (p *Proxy) URLTest(ctx context.Context, url string, expectedStatus utils.In
 			p.extra.Store(url, state)
 		}

-		if !satisfied {
-			record.Delay = 0
-			alive = false
-		}
-
 		state.alive.Store(alive)
 		state.history.Put(record)
 		if state.history.Len() > defaultHistoriesNum {
@@ -248,7 +224,6 @@ func (p *Proxy) URLTest(ctx context.Context, url string, expectedStatus utils.In
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
-		TLSClientConfig:       ca.GetGlobalTLSConfig(&tls.Config{}),
 	}

 	client := http.Client{
@@ -271,25 +246,22 @@ func (p *Proxy) URLTest(ctx context.Context, url string, expectedStatus utils.In

 	if unifiedDelay {
 		second := time.Now()
-		var ignoredErr error
-		var secondResp *http.Response
-		secondResp, ignoredErr = client.Do(req)
-		if ignoredErr == nil {
-			resp = secondResp
+		resp, err = client.Do(req)
+		if err == nil {
 			_ = resp.Body.Close()
 			start = second
-		} else {
-			if strings.HasPrefix(url, "http://") {
-				log.Errorln("%s failed to get the second response from %s: %v", p.Name(), url, ignoredErr)
-				log.Warnln("It is recommended to use HTTPS for provider.health-check.url and group.url to ensure better reliability. Due to some proxy providers hijacking test addresses and not being compatible with repeated HEAD requests, using HTTP may result in failed tests.")
-			}
 		}
 	}

-	satisfied = resp != nil && (expectedStatus == nil || expectedStatus.Check(uint16(resp.StatusCode)))
+	if expectedStatus != nil && !expectedStatus.Check(uint16(resp.StatusCode)) {
+		// maybe another value should be returned for differentiation
+		err = errors.New("response status is inconsistent with the expected status")
+	}
+
 	t = uint16(time.Since(start) / time.Millisecond)
 	return
 }
+
 func NewProxy(adapter C.ProxyAdapter) *Proxy {
 	return &Proxy{
 		ProxyAdapter: adapter,
--- a/adapter/inbound/addition.go
+++ b/adapter/inbound/addition.go
@@ -47,7 +47,7 @@ func WithDstAddr(addr net.Addr) Addition {
 func WithSrcAddr(addr net.Addr) Addition {
 	return func(metadata *C.Metadata) {
 		m := C.Metadata{}
-		if err := m.SetRemoteAddr(addr); err == nil {
+		if err := m.SetRemoteAddr(addr);err ==nil{
 			metadata.SrcIP = m.DstIP
 			metadata.SrcPort = m.DstPort
 		}
@@ -57,17 +57,9 @@ func WithSrcAddr(addr net.Addr) Addition {
 func WithInAddr(addr net.Addr) Addition {
 	return func(metadata *C.Metadata) {
 		m := C.Metadata{}
-		if err := m.SetRemoteAddr(addr); err == nil {
+		if err := m.SetRemoteAddr(addr);err ==nil{
 			metadata.InIP = m.DstIP
 			metadata.InPort = m.DstPort
 		}
 	}
 }
-
-func WithDSCP(dscp uint8) Addition {
-	return func(metadata *C.Metadata) {
-		metadata.DSCP = dscp
-	}
-}
-
-func Placeholder(metadata *C.Metadata) {}
--- a/adapter/inbound/auth.go
+++ b/adapter/inbound/auth.go
@@ -34,5 +34,12 @@ func SkipAuthRemoteAddress(addr string) bool {
 }

 func skipAuth(addr netip.Addr) bool {
-	return prefixesContains(skipAuthPrefixes, addr)
+	if addr.IsValid() {
+		for _, prefix := range skipAuthPrefixes {
+			if prefix.Contains(addr.Unmap()) {
+				return true
+			}
+		}
+	}
+	return false
 }
--- a/adapter/inbound/http.go
+++ b/adapter/inbound/http.go
@@ -14,7 +14,7 @@ func NewHTTP(target socks5.Addr, srcConn net.Conn, conn net.Conn, additions ...A
 	metadata.Type = C.HTTP
 	metadata.RawSrcAddr = srcConn.RemoteAddr()
 	metadata.RawDstAddr = srcConn.LocalAddr()
-	ApplyAdditions(metadata, WithSrcAddr(srcConn.RemoteAddr()), WithInAddr(srcConn.LocalAddr()))
+	ApplyAdditions(metadata, WithSrcAddr(srcConn.RemoteAddr()), WithInAddr(conn.LocalAddr()))
 	ApplyAdditions(metadata, additions...)
 	return conn, metadata
 }
--- a/adapter/inbound/https.go
+++ b/adapter/inbound/https.go
@@ -11,8 +11,6 @@ import (
 func NewHTTPS(request *http.Request, conn net.Conn, additions ...Addition) (net.Conn, *C.Metadata) {
 	metadata := parseHTTPAddr(request)
 	metadata.Type = C.HTTPS
-	metadata.RawSrcAddr = conn.RemoteAddr()
-	metadata.RawDstAddr = conn.LocalAddr()
 	ApplyAdditions(metadata, WithSrcAddr(conn.RemoteAddr()), WithInAddr(conn.LocalAddr()))
 	ApplyAdditions(metadata, additions...)
 	return conn, metadata
--- a/adapter/inbound/ipfilter.go
+++ b/adapter/inbound/ipfilter.go
@@ -31,17 +31,27 @@ func IsRemoteAddrDisAllowed(addr net.Addr) bool {
 	if err := m.SetRemoteAddr(addr); err != nil {
 		return false
 	}
-	ipAddr := m.AddrPort().Addr()
-	if ipAddr.IsValid() {
-		return isAllowed(ipAddr) && !isDisAllowed(ipAddr)
+	return isAllowed(m.AddrPort().Addr().Unmap()) && !isDisAllowed(m.AddrPort().Addr().Unmap())
+}
+
+func isAllowed(addr netip.Addr) bool {
+	if addr.IsValid() {
+		for _, prefix := range lanAllowedIPs {
+			if prefix.Contains(addr) {
+				return true
+			}
+		}
 	}
 	return false
 }

-func isAllowed(addr netip.Addr) bool {
-	return prefixesContains(lanAllowedIPs, addr)
-}
-
 func isDisAllowed(addr netip.Addr) bool {
-	return prefixesContains(lanDisAllowedIPs, addr)
+	if addr.IsValid() {
+		for _, prefix := range lanDisAllowedIPs {
+			if prefix.Contains(addr) {
+				return true
+			}
+		}
+	}
+	return false
 }
--- a/adapter/inbound/listen.go
+++ b/adapter/inbound/listen.go
@@ -2,82 +2,29 @@ package inbound

 import (
 	"context"
-	"fmt"
 	"net"
-	"net/netip"
-	"sync"

-	"github.com/metacubex/mihomo/component/keepalive"
-
-	"github.com/metacubex/tfo-go"
+	"github.com/sagernet/tfo-go"
 )

 var (
 	lc = tfo.ListenConfig{
 		DisableTFO: true,
 	}
-	mutex sync.RWMutex
 )

 func SetTfo(open bool) {
-	mutex.Lock()
-	defer mutex.Unlock()
 	lc.DisableTFO = !open
 }

-func Tfo() bool {
-	mutex.RLock()
-	defer mutex.RUnlock()
-	return !lc.DisableTFO
-}
-
 func SetMPTCP(open bool) {
-	mutex.Lock()
-	defer mutex.Unlock()
 	setMultiPathTCP(&lc.ListenConfig, open)
 }

-func MPTCP() bool {
-	mutex.RLock()
-	defer mutex.RUnlock()
-	return getMultiPathTCP(&lc.ListenConfig)
-}
-
 func ListenContext(ctx context.Context, network, address string) (net.Listener, error) {
-	switch network { // like net.Resolver.internetAddrList but filter domain to avoid call net.Resolver.lookupIPAddr
-	case "tcp", "tcp4", "tcp6", "udp", "udp4", "udp6", "ip", "ip4", "ip6":
-		if host, port, err := net.SplitHostPort(address); err == nil {
-			switch host {
-			case "localhost":
-				switch network {
-				case "tcp6", "udp6", "ip6":
-					address = net.JoinHostPort("::1", port)
-				default:
-					address = net.JoinHostPort("127.0.0.1", port)
-				}
-			case "": // internetAddrList can handle this special case
-				break
-			default:
-				if _, err := netip.ParseAddr(host); err != nil { // not ip
-					return nil, fmt.Errorf("invalid network address: %s", address)
-				}
-			}
-		}
-	}
-
-	mutex.RLock()
-	defer mutex.RUnlock()
 	return lc.Listen(ctx, network, address)
 }

 func Listen(network, address string) (net.Listener, error) {
 	return ListenContext(context.Background(), network, address)
 }
-
-func init() {
-	keepalive.SetDisableKeepAliveCallback.Register(func(b bool) {
-		mutex.Lock()
-		defer mutex.Unlock()
-		keepalive.SetNetListenConfig(&lc.ListenConfig)
-	})
-}
--- a/adapter/inbound/listen_notwindows.go
+++ b/adapter/inbound/listen_notwindows.go
@@ -1,14 +0,0 @@
-//go:build !windows
-
-package inbound
-
-import (
-	"net"
-	"os"
-)
-
-const SupportNamedPipe = false
-
-func ListenNamedPipe(path string) (net.Listener, error) {
-	return nil, os.ErrInvalid
-}
--- a/adapter/inbound/listen_windows.go
+++ b/adapter/inbound/listen_windows.go
@@ -1,32 +0,0 @@
-package inbound
-
-import (
-	"net"
-	"os"
-
-	"github.com/metacubex/wireguard-go/ipc/namedpipe"
-	"golang.org/x/sys/windows"
-)
-
-const SupportNamedPipe = true
-
-// windowsSDDL is the Security Descriptor set on the namedpipe.
-// It provides read/write access to all users and the local system.
-const windowsSDDL = "D:PAI(A;OICI;GWGR;;;BU)(A;OICI;GWGR;;;SY)"
-
-func ListenNamedPipe(path string) (net.Listener, error) {
-	sddl := os.Getenv("LISTEN_NAMEDPIPE_SDDL")
-	if sddl == "" {
-		sddl = windowsSDDL
-	}
-	securityDescriptor, err := windows.SecurityDescriptorFromString(sddl)
-	if err != nil {
-		return nil, err
-	}
-	namedpipeLC := namedpipe.ListenConfig{
-		SecurityDescriptor: securityDescriptor,
-		InputBufferSize:    256 * 1024,
-		OutputBufferSize:   256 * 1024,
-	}
-	return namedpipeLC.Listen(path)
-}
--- a/adapter/inbound/mptcp_go120.go
+++ b/adapter/inbound/mptcp_go120.go
@@ -8,7 +8,3 @@ const multipathTCPAvailable = false

 func setMultiPathTCP(listenConfig *net.ListenConfig, open bool) {
 }
-
-func getMultiPathTCP(listenConfig *net.ListenConfig) bool {
-	return false
-}
--- a/adapter/inbound/mptcp_go121.go
+++ b/adapter/inbound/mptcp_go121.go
@@ -9,7 +9,3 @@ const multipathTCPAvailable = true
 func setMultiPathTCP(listenConfig *net.ListenConfig, open bool) {
 	listenConfig.SetMultipathTCP(open)
 }
-
-func getMultiPathTCP(listenConfig *net.ListenConfig) bool {
-	return listenConfig.MultipathTCP()
-}
--- a/adapter/inbound/util.go
+++ b/adapter/inbound/util.go
@@ -61,19 +61,3 @@ func parseHTTPAddr(request *http.Request) *C.Metadata {

 	return metadata
 }
-
-func prefixesContains(prefixes []netip.Prefix, addr netip.Addr) bool {
-	if len(prefixes) == 0 {
-		return false
-	}
-	if !addr.IsValid() {
-		return false
-	}
-	addr = addr.Unmap().WithZone("") // netip.Prefix.Contains returns false if ip has an IPv6 zone
-	for _, prefix := range prefixes {
-		if prefix.Contains(addr) {
-			return true
-		}
-	}
-	return false
-}
--- a/adapter/outbound/base.go
+++ b/adapter/outbound/base.go
@@ -85,15 +85,14 @@ func (b *Base) SupportUDP() bool {
 	return b.udp
 }

-// ProxyInfo implements C.ProxyAdapter
-func (b *Base) ProxyInfo() (info C.ProxyInfo) {
-	info.XUDP = b.xudp
-	info.TFO = b.tfo
-	info.MPTCP = b.mpTcp
-	info.SMUX = false
-	info.Interface = b.iface
-	info.RoutingMark = b.rmark
-	return
+// SupportXUDP implements C.ProxyAdapter
+func (b *Base) SupportXUDP() bool {
+	return b.xudp
+}
+
+// SupportTFO implements C.ProxyAdapter
+func (b *Base) SupportTFO() bool {
+	return b.tfo
 }

 // IsL3Protocol implements C.ProxyAdapter
--- a/adapter/outbound/direct.go
+++ b/adapter/outbound/direct.go
@@ -3,15 +3,18 @@ package outbound
 import (
 	"context"
 	"errors"
+	"fmt"
+	"net/netip"
+
+	N "github.com/metacubex/mihomo/common/net"
 	"github.com/metacubex/mihomo/component/dialer"
-	"github.com/metacubex/mihomo/component/loopback"
 	"github.com/metacubex/mihomo/component/resolver"
 	C "github.com/metacubex/mihomo/constant"
 )

 type Direct struct {
 	*Base
-	loopBack *loopback.Detector
+	loopBack *loopBackDetector
 }

 type DirectOption struct {
@@ -21,41 +24,38 @@ type DirectOption struct {

 // DialContext implements C.ProxyAdapter
 func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
-	if err := d.loopBack.CheckConn(metadata); err != nil {
-		return nil, err
+	if d.loopBack.CheckConn(metadata.SourceAddrPort()) {
+		return nil, fmt.Errorf("reject loopback connection to: %s", metadata.RemoteAddress())
 	}
-	opts = append(opts, dialer.WithResolver(resolver.DirectHostResolver))
+	opts = append(opts, dialer.WithResolver(resolver.DefaultResolver))
 	c, err := dialer.DialContext(ctx, "tcp", metadata.RemoteAddress(), d.Base.DialOptions(opts...)...)
 	if err != nil {
 		return nil, err
 	}
+	N.TCPKeepAlive(c)
 	return d.loopBack.NewConn(NewConn(c, d)), nil
 }

 // ListenPacketContext implements C.ProxyAdapter
 func (d *Direct) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
-	if err := d.loopBack.CheckPacketConn(metadata); err != nil {
-		return nil, err
+	if d.loopBack.CheckPacketConn(metadata.SourceAddrPort()) {
+		return nil, fmt.Errorf("reject loopback connection to: %s", metadata.RemoteAddress())
 	}
 	// net.UDPConn.WriteTo only working with *net.UDPAddr, so we need a net.UDPAddr
 	if !metadata.Resolved() {
-		ip, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, resolver.DirectHostResolver)
+		ip, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, resolver.DefaultResolver)
 		if err != nil {
 			return nil, errors.New("can't resolve ip")
 		}
 		metadata.DstIP = ip
 	}
-	pc, err := dialer.NewDialer(d.Base.DialOptions(opts...)...).ListenPacket(ctx, "udp", "", metadata.AddrPort())
+	pc, err := dialer.NewDialer(d.Base.DialOptions(opts...)...).ListenPacket(ctx, "udp", "", netip.AddrPortFrom(metadata.DstIP, metadata.DstPort))
 	if err != nil {
 		return nil, err
 	}
 	return d.loopBack.NewPacketConn(newPacketConn(pc, d)), nil
 }

-func (d *Direct) IsL3Protocol(metadata *C.Metadata) bool {
-	return true // tell DNSDialer don't send domain to DialContext, avoid lookback to DefaultResolver
-}
-
 func NewDirectWithOption(option DirectOption) *Direct {
 	return &Direct{
 		Base: &Base{
@@ -68,7 +68,7 @@ func NewDirectWithOption(option DirectOption) *Direct {
 			rmark:  option.RoutingMark,
 			prefer: C.NewDNSPrefer(option.IPVersion),
 		},
-		loopBack: loopback.NewDetector(),
+		loopBack: newLoopBackDetector(),
 	}
 }

@@ -80,7 +80,7 @@ func NewDirect() *Direct {
 			udp:    true,
 			prefer: C.DualStack,
 		},
-		loopBack: loopback.NewDetector(),
+		loopBack: newLoopBackDetector(),
 	}
 }

@@ -92,6 +92,6 @@ func NewCompatible() *Direct {
 			udp:    true,
 			prefer: C.DualStack,
 		},
-		loopBack: loopback.NewDetector(),
+		loopBack: newLoopBackDetector(),
 	}
 }
--- a/adapter/outbound/direct_loopback_detect.go
+++ b/adapter/outbound/direct_loopback_detect.go
@@ -0,0 +1,68 @@
+package outbound
+
+import (
+	"net/netip"
+
+	"github.com/metacubex/mihomo/common/callback"
+	C "github.com/metacubex/mihomo/constant"
+
+	"github.com/puzpuzpuz/xsync/v3"
+)
+
+type loopBackDetector struct {
+	connMap       *xsync.MapOf[netip.AddrPort, struct{}]
+	packetConnMap *xsync.MapOf[netip.AddrPort, struct{}]
+}
+
+func newLoopBackDetector() *loopBackDetector {
+	return &loopBackDetector{
+		connMap:       xsync.NewMapOf[netip.AddrPort, struct{}](),
+		packetConnMap: xsync.NewMapOf[netip.AddrPort, struct{}](),
+	}
+}
+
+func (l *loopBackDetector) NewConn(conn C.Conn) C.Conn {
+	metadata := C.Metadata{}
+	if metadata.SetRemoteAddr(conn.LocalAddr()) != nil {
+		return conn
+	}
+	connAddr := metadata.AddrPort()
+	if !connAddr.IsValid() {
+		return conn
+	}
+	l.connMap.Store(connAddr, struct{}{})
+	return callback.NewCloseCallbackConn(conn, func() {
+		l.connMap.Delete(connAddr)
+	})
+}
+
+func (l *loopBackDetector) NewPacketConn(conn C.PacketConn) C.PacketConn {
+	metadata := C.Metadata{}
+	if metadata.SetRemoteAddr(conn.LocalAddr()) != nil {
+		return conn
+	}
+	connAddr := metadata.AddrPort()
+	if !connAddr.IsValid() {
+		return conn
+	}
+	l.packetConnMap.Store(connAddr, struct{}{})
+	return callback.NewCloseCallbackPacketConn(conn, func() {
+		l.packetConnMap.Delete(connAddr)
+	})
+}
+
+func (l *loopBackDetector) CheckConn(connAddr netip.AddrPort) bool {
+	if !connAddr.IsValid() {
+		return false
+	}
+	_, ok := l.connMap.Load(connAddr)
+	return ok
+}
+
+func (l *loopBackDetector) CheckPacketConn(connAddr netip.AddrPort) bool {
+	if !connAddr.IsValid() {
+		return false
+	}
+	_, ok := l.packetConnMap.Load(connAddr)
+	return ok
+}
--- a/adapter/outbound/dns.go
+++ b/adapter/outbound/dns.go
@@ -1,159 +0,0 @@
-package outbound
-
-import (
-	"context"
-	"net"
-	"time"
-
-	N "github.com/metacubex/mihomo/common/net"
-	"github.com/metacubex/mihomo/common/pool"
-	"github.com/metacubex/mihomo/component/dialer"
-	"github.com/metacubex/mihomo/component/resolver"
-	C "github.com/metacubex/mihomo/constant"
-	"github.com/metacubex/mihomo/log"
-)
-
-type Dns struct {
-	*Base
-}
-
-type DnsOption struct {
-	BasicOption
-	Name string `proxy:"name"`
-}
-
-// DialContext implements C.ProxyAdapter
-func (d *Dns) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
-	left, right := N.Pipe()
-	go resolver.RelayDnsConn(context.Background(), right, 0)
-	return NewConn(left, d), nil
-}
-
-// ListenPacketContext implements C.ProxyAdapter
-func (d *Dns) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
-	log.Debugln("[DNS] hijack udp:%s from %s", metadata.RemoteAddress(), metadata.SourceAddrPort())
-
-	ctx, cancel := context.WithCancel(context.Background())
-
-	return newPacketConn(&dnsPacketConn{
-		response: make(chan dnsPacket, 1),
-		ctx:      ctx,
-		cancel:   cancel,
-	}, d), nil
-}
-
-type dnsPacket struct {
-	data []byte
-	put  func()
-	addr net.Addr
-}
-
-// dnsPacketConn implements net.PacketConn
-type dnsPacketConn struct {
-	response chan dnsPacket
-	ctx      context.Context
-	cancel   context.CancelFunc
-}
-
-func (d *dnsPacketConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err error) {
-	select {
-	case packet := <-d.response:
-		return packet.data, packet.put, packet.addr, nil
-	case <-d.ctx.Done():
-		return nil, nil, nil, net.ErrClosed
-	}
-}
-
-func (d *dnsPacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
-	select {
-	case packet := <-d.response:
-		n = copy(p, packet.data)
-		if packet.put != nil {
-			packet.put()
-		}
-		return n, packet.addr, nil
-	case <-d.ctx.Done():
-		return 0, nil, net.ErrClosed
-	}
-}
-
-func (d *dnsPacketConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
-	select {
-	case <-d.ctx.Done():
-		return 0, net.ErrClosed
-	default:
-	}
-
-	if len(p) > resolver.SafeDnsPacketSize {
-		// wtf???
-		return len(p), nil
-	}
-
-	buf := pool.Get(resolver.SafeDnsPacketSize)
-	put := func() { _ = pool.Put(buf) }
-	copy(buf, p) // avoid p be changed after WriteTo returned
-
-	go func() { // don't block the WriteTo function
-		ctx, cancel := context.WithTimeout(d.ctx, resolver.DefaultDnsRelayTimeout)
-		defer cancel()
-
-		buf, err = resolver.RelayDnsPacket(ctx, buf[:len(p)], buf)
-		if err != nil {
-			put()
-			return
-		}
-
-		packet := dnsPacket{
-			data: buf,
-			put:  put,
-			addr: addr,
-		}
-		select {
-		case d.response <- packet:
-			break
-		case <-d.ctx.Done():
-			put()
-		}
-	}()
-	return len(p), nil
-}
-
-func (d *dnsPacketConn) Close() error {
-	d.cancel()
-	return nil
-}
-
-func (*dnsPacketConn) LocalAddr() net.Addr {
-	return &net.UDPAddr{
-		IP:   net.IPv4(127, 0, 0, 1),
-		Port: 53,
-		Zone: "",
-	}
-}
-
-func (*dnsPacketConn) SetDeadline(t time.Time) error {
-	return nil
-}
-
-func (*dnsPacketConn) SetReadDeadline(t time.Time) error {
-	return nil
-}
-
-func (*dnsPacketConn) SetWriteDeadline(t time.Time) error {
-	return nil
-}
-
-func NewDnsWithOption(option DnsOption) *Dns {
-	return &Dns{
-		Base: &Base{
-			name:   option.Name,
-			tp:     C.Dns,
-			udp:    true,
-			tfo:    option.TFO,
-			mpTcp:  option.MPTCP,
-			iface:  option.Interface,
-			rmark:  option.RoutingMark,
-			prefer: C.NewDNSPrefer(option.IPVersion),
-		},
-	}
-}
--- a/adapter/outbound/http.go
+++ b/adapter/outbound/http.go
@@ -7,11 +7,13 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+
 	"io"
 	"net"
 	"net/http"
 	"strconv"

+	N "github.com/metacubex/mihomo/common/net"
 	"github.com/metacubex/mihomo/component/ca"
 	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/proxydialer"
@@ -74,6 +76,7 @@ func (h *Http) DialContextWithDialer(ctx context.Context, dialer C.Dialer, metad
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", h.addr, err)
 	}
+	N.TCPKeepAlive(c)

 	defer func(c net.Conn) {
 		safeConnClose(c, err)
@@ -92,13 +95,6 @@ func (h *Http) SupportWithDialer() C.NetWork {
 	return C.TCP
 }

-// ProxyInfo implements C.ProxyAdapter
-func (h *Http) ProxyInfo() C.ProxyInfo {
-	info := h.Base.ProxyInfo()
-	info.DialerProxy = h.option.DialerProxy
-	return info
-}
-
 func (h *Http) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
 	addr := metadata.RemoteAddress()
 	HeaderString := "CONNECT " + addr + " HTTP/1.1\r\n"
--- a/adapter/outbound/hysteria.go
+++ b/adapter/outbound/hysteria.go
@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"net"
 	"net/netip"
-	"runtime"
 	"strconv"
 	"time"

@@ -15,7 +14,6 @@ import (
 	"github.com/metacubex/quic-go/congestion"
 	M "github.com/sagernet/sing/common/metadata"

-	CN "github.com/metacubex/mihomo/common/net"
 	"github.com/metacubex/mihomo/component/ca"
 	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/proxydialer"
@@ -45,8 +43,6 @@ type Hysteria struct {

 	option *HysteriaOption
 	client *core.Client
-
-	closeCh chan struct{} // for test
 }

 func (h *Hysteria) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
@@ -55,7 +51,7 @@ func (h *Hysteria) DialContext(ctx context.Context, metadata *C.Metadata, opts .
 		return nil, err
 	}

-	return NewConn(CN.NewRefConn(tcpConn, h), h), nil
+	return NewConn(tcpConn, h), nil
 }

 func (h *Hysteria) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
@@ -63,13 +59,13 @@ func (h *Hysteria) ListenPacketContext(ctx context.Context, metadata *C.Metadata
 	if err != nil {
 		return nil, err
 	}
-	return newPacketConn(CN.NewRefPacketConn(&hyPacketConn{udpConn}, h), h), nil
+	return newPacketConn(&hyPacketConn{udpConn}, h), nil
 }

 func (h *Hysteria) genHdc(ctx context.Context, opts ...dialer.Option) utils.PacketDialer {
 	return &hyDialerWithContext{
 		ctx: context.Background(),
-		hyDialer: func(network string, rAddr net.Addr) (net.PacketConn, error) {
+		hyDialer: func(network string) (net.PacketConn, error) {
 			var err error
 			var cDialer C.Dialer = dialer.NewDialer(h.Base.DialOptions(opts...)...)
 			if len(h.option.DialerProxy) > 0 {
@@ -78,7 +74,7 @@ func (h *Hysteria) genHdc(ctx context.Context, opts ...dialer.Option) utils.Pack
 					return nil, err
 				}
 			}
-			rAddrPort, _ := netip.ParseAddrPort(rAddr.String())
+			rAddrPort, _ := netip.ParseAddrPort(h.Addr())
 			return cDialer.ListenPacket(ctx, network, "", rAddrPort)
 		},
 		remoteAddr: func(addr string) (net.Addr, error) {
@@ -87,13 +83,6 @@ func (h *Hysteria) genHdc(ctx context.Context, opts ...dialer.Option) utils.Pack
 	}
 }

-// ProxyInfo implements C.ProxyAdapter
-func (h *Hysteria) ProxyInfo() C.ProxyInfo {
-	info := h.Base.ProxyInfo()
-	info.DialerProxy = h.option.DialerProxy
-	return info
-}
-
 type HysteriaOption struct {
 	BasicOption
 	Name                string   `proxy:"name"`
@@ -138,7 +127,11 @@ func (c *HysteriaOption) Speed() (uint64, uint64, error) {
 }

 func NewHysteria(option HysteriaOption) (*Hysteria, error) {
-	clientTransport := &transport.ClientTransport{}
+	clientTransport := &transport.ClientTransport{
+		Dialer: &net.Dialer{
+			Timeout: 8 * time.Second,
+		},
+	}
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	ports := option.Ports

@@ -225,7 +218,7 @@ func NewHysteria(option HysteriaOption) (*Hysteria, error) {
 	if err != nil {
 		return nil, fmt.Errorf("hysteria %s create error: %w", addr, err)
 	}
-	outbound := &Hysteria{
+	return &Hysteria{
 		Base: &Base{
 			name:   option.Name,
 			addr:   addr,
@@ -238,19 +231,7 @@ func NewHysteria(option HysteriaOption) (*Hysteria, error) {
 		},
 		option: &option,
 		client: client,
-	}
-	runtime.SetFinalizer(outbound, closeHysteria)
-
-	return outbound, nil
-}
-
-func closeHysteria(h *Hysteria) {
-	if h.client != nil {
-		_ = h.client.Close()
-	}
-	if h.closeCh != nil {
-		close(h.closeCh)
-	}
+	}, nil
 }

 type hyPacketConn struct {
@@ -287,7 +268,7 @@ func (c *hyPacketConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
 }

 type hyDialerWithContext struct {
-	hyDialer   func(network string, rAddr net.Addr) (net.PacketConn, error)
+	hyDialer   func(network string) (net.PacketConn, error)
 	ctx        context.Context
 	remoteAddr func(host string) (net.Addr, error)
 }
@@ -297,7 +278,7 @@ func (h *hyDialerWithContext) ListenPacket(rAddr net.Addr) (net.PacketConn, erro
 	if addrPort, err := netip.ParseAddrPort(rAddr.String()); err == nil {
 		network = dialer.ParseNetwork(network, addrPort.Addr())
 	}
-	return h.hyDialer(network, rAddr)
+	return h.hyDialer(network)
 }

 func (h *hyDialerWithContext) Context() context.Context {
--- a/adapter/outbound/hysteria2.go
+++ b/adapter/outbound/hysteria2.go
@@ -8,20 +8,16 @@ import (
 	"net"
 	"runtime"
 	"strconv"
-	"time"

 	CN "github.com/metacubex/mihomo/common/net"
-	"github.com/metacubex/mihomo/common/utils"
 	"github.com/metacubex/mihomo/component/ca"
 	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/proxydialer"
 	C "github.com/metacubex/mihomo/constant"
-	"github.com/metacubex/mihomo/log"
 	tuicCommon "github.com/metacubex/mihomo/transport/tuic/common"

 	"github.com/metacubex/sing-quic/hysteria2"

-	"github.com/metacubex/randv2"
 	M "github.com/sagernet/sing/common/metadata"
 )

@@ -29,26 +25,19 @@ func init() {
 	hysteria2.SetCongestionController = tuicCommon.SetCongestionController
 }

-const minHopInterval = 5
-const defaultHopInterval = 30
-
 type Hysteria2 struct {
 	*Base

 	option *Hysteria2Option
 	client *hysteria2.Client
 	dialer proxydialer.SingDialer
-
-	closeCh chan struct{} // for test
 }

 type Hysteria2Option struct {
 	BasicOption
 	Name           string   `proxy:"name"`
 	Server         string   `proxy:"server"`
-	Port           int      `proxy:"port,omitempty"`
-	Ports          string   `proxy:"ports,omitempty"`
-	HopInterval    int      `proxy:"hop-interval,omitempty"`
+	Port           int      `proxy:"port"`
 	Up             string   `proxy:"up,omitempty"`
 	Down           string   `proxy:"down,omitempty"`
 	Password       string   `proxy:"password,omitempty"`
@@ -61,7 +50,6 @@ type Hysteria2Option struct {
 	CustomCA       string   `proxy:"ca,omitempty"`
 	CustomCAString string   `proxy:"ca-str,omitempty"`
 	CWND           int      `proxy:"cwnd,omitempty"`
-	UdpMTU         int      `proxy:"udp-mtu,omitempty"`
 }

 func (h *Hysteria2) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
@@ -91,16 +79,6 @@ func closeHysteria2(h *Hysteria2) {
 	if h.client != nil {
 		_ = h.client.CloseWithError(errors.New("proxy removed"))
 	}
-	if h.closeCh != nil {
-		close(h.closeCh)
-	}
-}
-
-// ProxyInfo implements C.ProxyAdapter
-func (h *Hysteria2) ProxyInfo() C.ProxyInfo {
-	info := h.Base.ProxyInfo()
-	info.DialerProxy = h.option.DialerProxy
-	return info
 }

 func NewHysteria2(option Hysteria2Option) (*Hysteria2, error) {
@@ -139,18 +117,12 @@ func NewHysteria2(option Hysteria2Option) (*Hysteria2, error) {
 		tlsConfig.NextProtos = option.ALPN
 	}

-	if option.UdpMTU == 0 {
-		// "1200" from quic-go's MaxDatagramSize
-		// "-3" from quic-go's DatagramFrame.MaxDataLen
-		option.UdpMTU = 1200 - 3
-	}
-
 	singDialer := proxydialer.NewByNameSingDialer(option.DialerProxy, dialer.NewDialer())

 	clientOptions := hysteria2.ClientOptions{
 		Context:            context.TODO(),
 		Dialer:             singDialer,
-		Logger:             log.SingLogger,
+		ServerAddress:      M.ParseSocksaddrHostPort(option.Server, uint16(option.Port)),
 		SendBPS:            StringToBps(option.Up),
 		ReceiveBPS:         StringToBps(option.Down),
 		SalamanderPassword: salamanderPassword,
@@ -158,38 +130,6 @@ func NewHysteria2(option Hysteria2Option) (*Hysteria2, error) {
 		TLSConfig:          tlsConfig,
 		UDPDisabled:        false,
 		CWND:               option.CWND,
-		UdpMTU:             option.UdpMTU,
-		ServerAddress: func(ctx context.Context) (*net.UDPAddr, error) {
-			return resolveUDPAddrWithPrefer(ctx, "udp", addr, C.NewDNSPrefer(option.IPVersion))
-		},
-	}
-
-	var ranges utils.IntRanges[uint16]
-	var serverAddress []string
-	if option.Ports != "" {
-		ranges, err = utils.NewUnsignedRanges[uint16](option.Ports)
-		if err != nil {
-			return nil, err
-		}
-		ranges.Range(func(port uint16) bool {
-			serverAddress = append(serverAddress, net.JoinHostPort(option.Server, strconv.Itoa(int(port))))
-			return true
-		})
-		if len(serverAddress) > 0 {
-			clientOptions.ServerAddress = func(ctx context.Context) (*net.UDPAddr, error) {
-				return resolveUDPAddrWithPrefer(ctx, "udp", serverAddress[randv2.IntN(len(serverAddress))], C.NewDNSPrefer(option.IPVersion))
-			}
-
-			if option.HopInterval == 0 {
-				option.HopInterval = defaultHopInterval
-			} else if option.HopInterval < minHopInterval {
-				option.HopInterval = minHopInterval
-			}
-			clientOptions.HopInterval = time.Duration(option.HopInterval) * time.Second
-		}
-	}
-	if option.Port == 0 && len(serverAddress) == 0 {
-		return nil, errors.New("invalid port")
 	}

 	client, err := hysteria2.NewClient(clientOptions)
--- a/adapter/outbound/hysteria2_test.go
+++ b/adapter/outbound/hysteria2_test.go
@@ -1,38 +0,0 @@
-package outbound
-
-import (
-	"context"
-	"runtime"
-	"testing"
-	"time"
-)
-
-func TestHysteria2GC(t *testing.T) {
-	option := Hysteria2Option{}
-	option.Server = "127.0.0.1"
-	option.Ports = "200,204,401-429,501-503"
-	option.HopInterval = 30
-	option.Password = "password"
-	option.Obfs = "salamander"
-	option.ObfsPassword = "password"
-	option.SNI = "example.com"
-	option.ALPN = []string{"h3"}
-	hy, err := NewHysteria2(option)
-	if err != nil {
-		t.Error(err)
-		return
-	}
-	closeCh := make(chan struct{})
-	hy.closeCh = closeCh
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
-	defer cancel()
-
-	hy = nil
-	runtime.GC()
-	select {
-	case <-closeCh:
-		return
-	case <-ctx.Done():
-		t.Error("timeout not GC")
-	}
-}
--- a/adapter/outbound/hysteria_test.go
+++ b/adapter/outbound/hysteria_test.go
@@ -1,39 +0,0 @@
-package outbound
-
-import (
-	"context"
-	"runtime"
-	"testing"
-	"time"
-)
-
-func TestHysteriaGC(t *testing.T) {
-	option := HysteriaOption{}
-	option.Server = "127.0.0.1"
-	option.Ports = "200,204,401-429,501-503"
-	option.Protocol = "udp"
-	option.Up = "1Mbps"
-	option.Down = "1Mbps"
-	option.HopInterval = 30
-	option.Obfs = "salamander"
-	option.SNI = "example.com"
-	option.ALPN = []string{"h3"}
-	hy, err := NewHysteria(option)
-	if err != nil {
-		t.Error(err)
-		return
-	}
-	closeCh := make(chan struct{})
-	hy.closeCh = closeCh
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
-	defer cancel()
-
-	hy = nil
-	runtime.GC()
-	select {
-	case <-closeCh:
-		return
-	case <-ctx.Done():
-		t.Error("timeout not GC")
-	}
-}
--- a/adapter/outbound/mieru.go
+++ b/adapter/outbound/mieru.go
@@ -1,268 +0,0 @@
-package outbound
-
-import (
-	"context"
-	"fmt"
-	"net"
-	"runtime"
-	"strconv"
-	"sync"
-
-	mieruclient "github.com/enfein/mieru/v3/apis/client"
-	mierumodel "github.com/enfein/mieru/v3/apis/model"
-	mierupb "github.com/enfein/mieru/v3/pkg/appctl/appctlpb"
-	"github.com/metacubex/mihomo/component/dialer"
-	"github.com/metacubex/mihomo/component/proxydialer"
-	C "github.com/metacubex/mihomo/constant"
-	"google.golang.org/protobuf/proto"
-)
-
-type Mieru struct {
-	*Base
-	option *MieruOption
-	client mieruclient.Client
-	mu     sync.Mutex
-}
-
-type MieruOption struct {
-	BasicOption
-	Name      string `proxy:"name"`
-	Server    string `proxy:"server"`
-	Port      int    `proxy:"port,omitempty"`
-	PortRange string `proxy:"port-range,omitempty"`
-	Transport string `proxy:"transport"`
-	UserName  string `proxy:"username"`
-	Password  string `proxy:"password"`
-}
-
-// DialContext implements C.ProxyAdapter
-func (m *Mieru) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
-	if err := m.ensureClientIsRunning(opts...); err != nil {
-		return nil, err
-	}
-	addr := metadataToMieruNetAddrSpec(metadata)
-	c, err := m.client.DialContext(ctx, addr)
-	if err != nil {
-		return nil, fmt.Errorf("dial to %s failed: %w", addr, err)
-	}
-	return NewConn(c, m), nil
-}
-
-// ProxyInfo implements C.ProxyAdapter
-func (m *Mieru) ProxyInfo() C.ProxyInfo {
-	info := m.Base.ProxyInfo()
-	info.DialerProxy = m.option.DialerProxy
-	return info
-}
-
-func (m *Mieru) ensureClientIsRunning(opts ...dialer.Option) error {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
-	if m.client.IsRunning() {
-		return nil
-	}
-
-	// Create a dialer and add it to the client config, before starting the client.
-	var dialer C.Dialer = dialer.NewDialer(m.Base.DialOptions(opts...)...)
-	var err error
-	if len(m.option.DialerProxy) > 0 {
-		dialer, err = proxydialer.NewByName(m.option.DialerProxy, dialer)
-		if err != nil {
-			return err
-		}
-	}
-	config, err := m.client.Load()
-	if err != nil {
-		return err
-	}
-	config.Dialer = dialer
-	if err := m.client.Store(config); err != nil {
-		return err
-	}
-
-	if err := m.client.Start(); err != nil {
-		return fmt.Errorf("failed to start mieru client: %w", err)
-	}
-	return nil
-}
-
-func NewMieru(option MieruOption) (*Mieru, error) {
-	config, err := buildMieruClientConfig(option)
-	if err != nil {
-		return nil, fmt.Errorf("failed to build mieru client config: %w", err)
-	}
-	c := mieruclient.NewClient()
-	if err := c.Store(config); err != nil {
-		return nil, fmt.Errorf("failed to store mieru client config: %w", err)
-	}
-	// Client is started lazily on the first use.
-
-	var addr string
-	if option.Port != 0 {
-		addr = net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
-	} else {
-		beginPort, _, _ := beginAndEndPortFromPortRange(option.PortRange)
-		addr = net.JoinHostPort(option.Server, strconv.Itoa(beginPort))
-	}
-	outbound := &Mieru{
-		Base: &Base{
-			name:   option.Name,
-			addr:   addr,
-			iface:  option.Interface,
-			tp:     C.Mieru,
-			udp:    false,
-			xudp:   false,
-			rmark:  option.RoutingMark,
-			prefer: C.NewDNSPrefer(option.IPVersion),
-		},
-		option: &option,
-		client: c,
-	}
-	runtime.SetFinalizer(outbound, closeMieru)
-	return outbound, nil
-}
-
-func closeMieru(m *Mieru) {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	if m.client != nil && m.client.IsRunning() {
-		m.client.Stop()
-	}
-}
-
-func metadataToMieruNetAddrSpec(metadata *C.Metadata) mierumodel.NetAddrSpec {
-	if metadata.Host != "" {
-		return mierumodel.NetAddrSpec{
-			AddrSpec: mierumodel.AddrSpec{
-				FQDN: metadata.Host,
-				Port: int(metadata.DstPort),
-			},
-			Net: "tcp",
-		}
-	} else {
-		return mierumodel.NetAddrSpec{
-			AddrSpec: mierumodel.AddrSpec{
-				IP:   metadata.DstIP.AsSlice(),
-				Port: int(metadata.DstPort),
-			},
-			Net: "tcp",
-		}
-	}
-}
-
-func buildMieruClientConfig(option MieruOption) (*mieruclient.ClientConfig, error) {
-	if err := validateMieruOption(option); err != nil {
-		return nil, fmt.Errorf("failed to validate mieru option: %w", err)
-	}
-
-	transportProtocol := mierupb.TransportProtocol_TCP.Enum()
-	var server *mierupb.ServerEndpoint
-	if net.ParseIP(option.Server) != nil {
-		// server is an IP address
-		if option.PortRange != "" {
-			server = &mierupb.ServerEndpoint{
-				IpAddress: proto.String(option.Server),
-				PortBindings: []*mierupb.PortBinding{
-					{
-						PortRange: proto.String(option.PortRange),
-						Protocol:  transportProtocol,
-					},
-				},
-			}
-		} else {
-			server = &mierupb.ServerEndpoint{
-				IpAddress: proto.String(option.Server),
-				PortBindings: []*mierupb.PortBinding{
-					{
-						Port:     proto.Int32(int32(option.Port)),
-						Protocol: transportProtocol,
-					},
-				},
-			}
-		}
-	} else {
-		// server is a domain name
-		if option.PortRange != "" {
-			server = &mierupb.ServerEndpoint{
-				DomainName: proto.String(option.Server),
-				PortBindings: []*mierupb.PortBinding{
-					{
-						PortRange: proto.String(option.PortRange),
-						Protocol:  transportProtocol,
-					},
-				},
-			}
-		} else {
-			server = &mierupb.ServerEndpoint{
-				DomainName: proto.String(option.Server),
-				PortBindings: []*mierupb.PortBinding{
-					{
-						Port:     proto.Int32(int32(option.Port)),
-						Protocol: transportProtocol,
-					},
-				},
-			}
-		}
-	}
-	return &mieruclient.ClientConfig{
-		Profile: &mierupb.ClientProfile{
-			ProfileName: proto.String(option.Name),
-			User: &mierupb.User{
-				Name:     proto.String(option.UserName),
-				Password: proto.String(option.Password),
-			},
-			Servers: []*mierupb.ServerEndpoint{server},
-		},
-	}, nil
-}
-
-func validateMieruOption(option MieruOption) error {
-	if option.Name == "" {
-		return fmt.Errorf("name is empty")
-	}
-	if option.Server == "" {
-		return fmt.Errorf("server is empty")
-	}
-	if option.Port == 0 && option.PortRange == "" {
-		return fmt.Errorf("either port or port-range must be set")
-	}
-	if option.Port != 0 && option.PortRange != "" {
-		return fmt.Errorf("port and port-range cannot be set at the same time")
-	}
-	if option.Port != 0 && (option.Port < 1 || option.Port > 65535) {
-		return fmt.Errorf("port must be between 1 and 65535")
-	}
-	if option.PortRange != "" {
-		begin, end, err := beginAndEndPortFromPortRange(option.PortRange)
-		if err != nil {
-			return fmt.Errorf("invalid port-range format")
-		}
-		if begin < 1 || begin > 65535 {
-			return fmt.Errorf("begin port must be between 1 and 65535")
-		}
-		if end < 1 || end > 65535 {
-			return fmt.Errorf("end port must be between 1 and 65535")
-		}
-		if begin > end {
-			return fmt.Errorf("begin port must be less than or equal to end port")
-		}
-	}
-
-	if option.Transport != "TCP" {
-		return fmt.Errorf("transport must be TCP")
-	}
-	if option.UserName == "" {
-		return fmt.Errorf("username is empty")
-	}
-	if option.Password == "" {
-		return fmt.Errorf("password is empty")
-	}
-	return nil
-}
-
-func beginAndEndPortFromPortRange(portRange string) (int, int, error) {
-	var begin, end int
-	_, err := fmt.Sscanf(portRange, "%d-%d", &begin, &end)
-	return begin, end, err
-}
--- a/adapter/outbound/mieru_test.go
+++ b/adapter/outbound/mieru_test.go
@@ -1,92 +0,0 @@
-package outbound
-
-import "testing"
-
-func TestNewMieru(t *testing.T) {
-	testCases := []struct {
-		option       MieruOption
-		wantBaseAddr string
-	}{
-		{
-			option: MieruOption{
-				Name:      "test",
-				Server:    "1.2.3.4",
-				Port:      10000,
-				Transport: "TCP",
-				UserName:  "test",
-				Password:  "test",
-			},
-			wantBaseAddr: "1.2.3.4:10000",
-		},
-		{
-			option: MieruOption{
-				Name:      "test",
-				Server:    "2001:db8::1",
-				PortRange: "10001-10002",
-				Transport: "TCP",
-				UserName:  "test",
-				Password:  "test",
-			},
-			wantBaseAddr: "[2001:db8::1]:10001",
-		},
-		{
-			option: MieruOption{
-				Name:      "test",
-				Server:    "example.com",
-				Port:      10003,
-				Transport: "TCP",
-				UserName:  "test",
-				Password:  "test",
-			},
-			wantBaseAddr: "example.com:10003",
-		},
-	}
-
-	for _, testCase := range testCases {
-		mieru, err := NewMieru(testCase.option)
-		if err != nil {
-			t.Error(err)
-		}
-		if mieru.addr != testCase.wantBaseAddr {
-			t.Errorf("got addr %q, want %q", mieru.addr, testCase.wantBaseAddr)
-		}
-	}
-}
-
-func TestBeginAndEndPortFromPortRange(t *testing.T) {
-	testCases := []struct {
-		input  string
-		begin  int
-		end    int
-		hasErr bool
-	}{
-		{"1-10", 1, 10, false},
-		{"1000-2000", 1000, 2000, false},
-		{"65535-65535", 65535, 65535, false},
-		{"1", 0, 0, true},
-		{"1-", 0, 0, true},
-		{"-10", 0, 0, true},
-		{"a-b", 0, 0, true},
-		{"1-b", 0, 0, true},
-		{"a-10", 0, 0, true},
-	}
-
-	for _, testCase := range testCases {
-		begin, end, err := beginAndEndPortFromPortRange(testCase.input)
-		if testCase.hasErr {
-			if err == nil {
-				t.Errorf("beginAndEndPortFromPortRange(%s) should return an error", testCase.input)
-			}
-		} else {
-			if err != nil {
-				t.Errorf("beginAndEndPortFromPortRange(%s) should not return an error, but got %v", testCase.input, err)
-			}
-			if begin != testCase.begin {
-				t.Errorf("beginAndEndPortFromPortRange(%s) begin port mismatch, got %d, want %d", testCase.input, begin, testCase.begin)
-			}
-			if end != testCase.end {
-				t.Errorf("beginAndEndPortFromPortRange(%s) end port mismatch, got %d, want %d", testCase.input, end, testCase.end)
-			}
-		}
-	}
-}
--- a/adapter/outbound/reject.go
+++ b/adapter/outbound/reject.go
@@ -37,7 +37,7 @@ func NewRejectWithOption(option RejectOption) *Reject {
 	return &Reject{
 		Base: &Base{
 			name: option.Name,
-			tp:   C.Reject,
+			tp:   C.Direct,
 			udp:  true,
 		},
 	}
--- a/adapter/outbound/shadowsocks.go
+++ b/adapter/outbound/shadowsocks.go
@@ -149,6 +149,7 @@ func (ss *ShadowSocks) DialContextWithDialer(ctx context.Context, dialer C.Diale
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
 	}
+	N.TCPKeepAlive(c)

 	defer func(c net.Conn) {
 		safeConnClose(c, err)
@@ -165,6 +166,12 @@ func (ss *ShadowSocks) ListenPacketContext(ctx context.Context, metadata *C.Meta

 // ListenPacketWithDialer implements C.ProxyAdapter
 func (ss *ShadowSocks) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	if len(ss.option.DialerProxy) > 0 {
+		dialer, err = proxydialer.NewByName(ss.option.DialerProxy, dialer)
+		if err != nil {
+			return nil, err
+		}
+	}
 	if ss.option.UDPOverTCP {
 		tcpConn, err := ss.DialContextWithDialer(ctx, dialer, metadata)
 		if err != nil {
@@ -172,12 +179,6 @@ func (ss *ShadowSocks) ListenPacketWithDialer(ctx context.Context, dialer C.Dial
 		}
 		return ss.ListenPacketOnStreamConn(ctx, tcpConn, metadata)
 	}
-	if len(ss.option.DialerProxy) > 0 {
-		dialer, err = proxydialer.NewByName(ss.option.DialerProxy, dialer)
-		if err != nil {
-			return nil, err
-		}
-	}
 	addr, err := resolveUDPAddrWithPrefer(ctx, "udp", ss.addr, ss.prefer)
 	if err != nil {
 		return nil, err
@@ -196,13 +197,6 @@ func (ss *ShadowSocks) SupportWithDialer() C.NetWork {
 	return C.ALLNet
 }

-// ProxyInfo implements C.ProxyAdapter
-func (ss *ShadowSocks) ProxyInfo() C.ProxyInfo {
-	info := ss.Base.ProxyInfo()
-	info.DialerProxy = ss.option.DialerProxy
-	return info
-}
-
 // ListenPacketOnStreamConn implements C.ProxyAdapter
 func (ss *ShadowSocks) ListenPacketOnStreamConn(ctx context.Context, c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	if ss.option.UDPOverTCP {
@@ -279,7 +273,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 		if opts.TLS {
 			v2rayOption.TLS = true
 			v2rayOption.SkipCertVerify = opts.SkipCertVerify
-			v2rayOption.Fingerprint = opts.Fingerprint
 		}
 	} else if option.Plugin == shadowtls.Mode {
 		obfsMode = shadowtls.Mode
--- a/adapter/outbound/shadowsocksr.go
+++ b/adapter/outbound/shadowsocksr.go
@@ -80,6 +80,7 @@ func (ssr *ShadowSocksR) DialContextWithDialer(ctx context.Context, dialer C.Dia
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", ssr.addr, err)
 	}
+	N.TCPKeepAlive(c)

 	defer func(c net.Conn) {
 		safeConnClose(c, err)
@@ -122,13 +123,6 @@ func (ssr *ShadowSocksR) SupportWithDialer() C.NetWork {
 	return C.ALLNet
 }

-// ProxyInfo implements C.ProxyAdapter
-func (ssr *ShadowSocksR) ProxyInfo() C.ProxyInfo {
-	info := ssr.Base.ProxyInfo()
-	info.DialerProxy = ssr.option.DialerProxy
-	return info
-}
-
 func NewShadowSocksR(option ShadowSocksROption) (*ShadowSocksR, error) {
 	// SSR protocol compatibility
 	// https://github.com/metacubex/mihomo/pull/2056
--- a/adapter/outbound/singmux.go
+++ b/adapter/outbound/singmux.go
@@ -97,12 +97,6 @@ func (s *SingMux) SupportUOT() bool {
 	return true
 }

-func (s *SingMux) ProxyInfo() C.ProxyInfo {
-	info := s.ProxyAdapter.ProxyInfo()
-	info.SMUX = true
-	return info
-}
-
 func closeSingMux(s *SingMux) {
 	_ = s.client.Close()
 }
--- a/adapter/outbound/snell.go
+++ b/adapter/outbound/snell.go
@@ -6,6 +6,7 @@ import (
 	"net"
 	"strconv"

+	N "github.com/metacubex/mihomo/common/net"
 	"github.com/metacubex/mihomo/common/structure"
 	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/proxydialer"
@@ -93,6 +94,7 @@ func (s *Snell) DialContextWithDialer(ctx context.Context, dialer C.Dialer, meta
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", s.addr, err)
 	}
+	N.TCPKeepAlive(c)

 	defer func(c net.Conn) {
 		safeConnClose(c, err)
@@ -120,6 +122,7 @@ func (s *Snell) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, met
 	if err != nil {
 		return nil, err
 	}
+	N.TCPKeepAlive(c)
 	c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})

 	err = snell.WriteUDPHeader(c, s.version)
@@ -141,13 +144,6 @@ func (s *Snell) SupportUOT() bool {
 	return true
 }

-// ProxyInfo implements C.ProxyAdapter
-func (s *Snell) ProxyInfo() C.ProxyInfo {
-	info := s.Base.ProxyInfo()
-	info.DialerProxy = s.option.DialerProxy
-	return info
-}
-
 func NewSnell(option SnellOption) (*Snell, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	psk := []byte(option.Psk)
@@ -212,6 +208,7 @@ func NewSnell(option SnellOption) (*Snell, error) {
 				return nil, err
 			}

+			N.TCPKeepAlive(c)
 			return streamConn(c, streamOption{psk, option.Version, addr, obfsOption}), nil
 		})
 	}
--- a/adapter/outbound/socks5.go
+++ b/adapter/outbound/socks5.go
@@ -10,6 +10,7 @@ import (
 	"net/netip"
 	"strconv"

+	N "github.com/metacubex/mihomo/common/net"
 	"github.com/metacubex/mihomo/component/ca"
 	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/proxydialer"
@@ -81,6 +82,7 @@ func (ss *Socks5) DialContextWithDialer(ctx context.Context, dialer C.Dialer, me
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
 	}
+	N.TCPKeepAlive(c)

 	defer func(c net.Conn) {
 		safeConnClose(c, err)
@@ -126,6 +128,7 @@ func (ss *Socks5) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 		safeConnClose(c, err)
 	}(c)

+	N.TCPKeepAlive(c)
 	var user *socks5.User
 	if ss.user != "" {
 		user = &socks5.User{
@@ -171,13 +174,6 @@ func (ss *Socks5) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 	return newPacketConn(&socksPacketConn{PacketConn: pc, rAddr: bindUDPAddr, tcpConn: c}, ss), nil
 }

-// ProxyInfo implements C.ProxyAdapter
-func (ss *Socks5) ProxyInfo() C.ProxyInfo {
-	info := ss.Base.ProxyInfo()
-	info.DialerProxy = ss.option.DialerProxy
-	return info
-}
-
 func NewSocks5(option Socks5Option) (*Socks5, error) {
 	var tlsConfig *tls.Config
 	if option.TLS {
--- a/adapter/outbound/ssh.go
+++ b/adapter/outbound/ssh.go
@@ -1,214 +0,0 @@
-package outbound
-
-import (
-	"bytes"
-	"context"
-	"encoding/base64"
-	"fmt"
-	"net"
-	"os"
-	"runtime"
-	"strconv"
-	"strings"
-	"sync"
-
-	N "github.com/metacubex/mihomo/common/net"
-	"github.com/metacubex/mihomo/component/dialer"
-	"github.com/metacubex/mihomo/component/proxydialer"
-	C "github.com/metacubex/mihomo/constant"
-
-	"github.com/metacubex/randv2"
-	"golang.org/x/crypto/ssh"
-)
-
-type Ssh struct {
-	*Base
-
-	option *SshOption
-	client *sshClient // using a standalone struct to avoid its inner loop invalidate the Finalizer
-}
-
-type SshOption struct {
-	BasicOption
-	Name                 string   `proxy:"name"`
-	Server               string   `proxy:"server"`
-	Port                 int      `proxy:"port"`
-	UserName             string   `proxy:"username"`
-	Password             string   `proxy:"password,omitempty"`
-	PrivateKey           string   `proxy:"private-key,omitempty"`
-	PrivateKeyPassphrase string   `proxy:"private-key-passphrase,omitempty"`
-	HostKey              []string `proxy:"host-key,omitempty"`
-	HostKeyAlgorithms    []string `proxy:"host-key-algorithms,omitempty"`
-}
-
-func (s *Ssh) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
-	var cDialer C.Dialer = dialer.NewDialer(s.Base.DialOptions(opts...)...)
-	if len(s.option.DialerProxy) > 0 {
-		cDialer, err = proxydialer.NewByName(s.option.DialerProxy, cDialer)
-		if err != nil {
-			return nil, err
-		}
-	}
-	client, err := s.client.connect(ctx, cDialer, s.addr)
-	if err != nil {
-		return nil, err
-	}
-	c, err := client.DialContext(ctx, "tcp", metadata.RemoteAddress())
-	if err != nil {
-		return nil, err
-	}
-
-	return NewConn(N.NewRefConn(c, s), s), nil
-}
-
-type sshClient struct {
-	config *ssh.ClientConfig
-	client *ssh.Client
-	cMutex sync.Mutex
-}
-
-func (s *sshClient) connect(ctx context.Context, cDialer C.Dialer, addr string) (client *ssh.Client, err error) {
-	s.cMutex.Lock()
-	defer s.cMutex.Unlock()
-	if s.client != nil {
-		return s.client, nil
-	}
-	c, err := cDialer.DialContext(ctx, "tcp", addr)
-	if err != nil {
-		return nil, err
-	}
-
-	defer func(c net.Conn) {
-		safeConnClose(c, err)
-	}(c)
-
-	if ctx.Done() != nil {
-		done := N.SetupContextForConn(ctx, c)
-		defer done(&err)
-	}
-
-	clientConn, chans, reqs, err := ssh.NewClientConn(c, addr, s.config)
-	if err != nil {
-		return nil, err
-	}
-	client = ssh.NewClient(clientConn, chans, reqs)
-
-	s.client = client
-
-	go func() {
-		_ = client.Wait() // wait shutdown
-		_ = client.Close()
-		s.cMutex.Lock()
-		defer s.cMutex.Unlock()
-		if s.client == client {
-			s.client = nil
-		}
-	}()
-
-	return client, nil
-}
-
-func (s *sshClient) Close() error {
-	s.cMutex.Lock()
-	defer s.cMutex.Unlock()
-	if s.client != nil {
-		return s.client.Close()
-	}
-	return nil
-}
-
-func closeSsh(s *Ssh) {
-	_ = s.client.Close()
-}
-
-// ProxyInfo implements C.ProxyAdapter
-func (s *Ssh) ProxyInfo() C.ProxyInfo {
-	info := s.Base.ProxyInfo()
-	info.DialerProxy = s.option.DialerProxy
-	return info
-}
-
-func NewSsh(option SshOption) (*Ssh, error) {
-	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
-
-	config := ssh.ClientConfig{
-		User:              option.UserName,
-		HostKeyCallback:   ssh.InsecureIgnoreHostKey(),
-		HostKeyAlgorithms: option.HostKeyAlgorithms,
-	}
-
-	if option.PrivateKey != "" {
-		var b []byte
-		var err error
-		if strings.Contains(option.PrivateKey, "PRIVATE KEY") {
-			b = []byte(option.PrivateKey)
-		} else {
-			b, err = os.ReadFile(C.Path.Resolve(option.PrivateKey))
-			if err != nil {
-				return nil, err
-			}
-		}
-		var pKey ssh.Signer
-		if option.PrivateKeyPassphrase != "" {
-			pKey, err = ssh.ParsePrivateKeyWithPassphrase(b, []byte(option.PrivateKeyPassphrase))
-		} else {
-			pKey, err = ssh.ParsePrivateKey(b)
-		}
-		if err != nil {
-			return nil, err
-		}
-
-		config.Auth = append(config.Auth, ssh.PublicKeys(pKey))
-	}
-
-	if option.Password != "" {
-		config.Auth = append(config.Auth, ssh.Password(option.Password))
-	}
-
-	if len(option.HostKey) != 0 {
-		keys := make([]ssh.PublicKey, len(option.HostKey))
-		for i, hostKey := range option.HostKey {
-			key, _, _, _, err := ssh.ParseAuthorizedKey([]byte(hostKey))
-			if err != nil {
-				return nil, fmt.Errorf("parse host key :%s", key)
-			}
-			keys[i] = key
-		}
-		config.HostKeyCallback = func(hostname string, remote net.Addr, key ssh.PublicKey) error {
-			serverKey := key.Marshal()
-			for _, hostKey := range keys {
-				if bytes.Equal(serverKey, hostKey.Marshal()) {
-					return nil
-				}
-			}
-			return fmt.Errorf("host key mismatch, server send :%s %s", key.Type(), base64.StdEncoding.EncodeToString(serverKey))
-		}
-	}
-
-	version := "SSH-2.0-OpenSSH_"
-	if randv2.IntN(2) == 0 {
-		version += "7." + strconv.Itoa(randv2.IntN(10))
-	} else {
-		version += "8." + strconv.Itoa(randv2.IntN(9))
-	}
-	config.ClientVersion = version
-
-	outbound := &Ssh{
-		Base: &Base{
-			name:   option.Name,
-			addr:   addr,
-			tp:     C.Ssh,
-			udp:    false,
-			iface:  option.Interface,
-			rmark:  option.RoutingMark,
-			prefer: C.NewDNSPrefer(option.IPVersion),
-		},
-		option: &option,
-		client: &sshClient{
-			config: &config,
-		},
-	}
-	runtime.SetFinalizer(outbound, closeSsh)
-
-	return outbound, nil
-}
--- a/adapter/outbound/trojan.go
+++ b/adapter/outbound/trojan.go
@@ -3,19 +3,18 @@ package outbound
 import (
 	"context"
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"strconv"

+	N "github.com/metacubex/mihomo/common/net"
 	"github.com/metacubex/mihomo/component/ca"
 	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/proxydialer"
 	tlsC "github.com/metacubex/mihomo/component/tls"
 	C "github.com/metacubex/mihomo/constant"
 	"github.com/metacubex/mihomo/transport/gun"
-	"github.com/metacubex/mihomo/transport/shadowsocks/core"
 	"github.com/metacubex/mihomo/transport/trojan"
 )

@@ -30,8 +29,6 @@ type Trojan struct {
 	transport    *gun.TransportWrap

 	realityConfig *tlsC.RealityConfig
-
-	ssCipher core.Cipher
 }

 type TrojanOption struct {
@@ -49,17 +46,9 @@ type TrojanOption struct {
 	RealityOpts       RealityOptions `proxy:"reality-opts,omitempty"`
 	GrpcOpts          GrpcOptions    `proxy:"grpc-opts,omitempty"`
 	WSOpts            WSOptions      `proxy:"ws-opts,omitempty"`
-	SSOpts            TrojanSSOption `proxy:"ss-opts,omitempty"`
 	ClientFingerprint string         `proxy:"client-fingerprint,omitempty"`
 }

-// TrojanSSOption from https://github.com/p4gefau1t/trojan-go/blob/v0.10.6/tunnel/shadowsocks/config.go#L5
-type TrojanSSOption struct {
-	Enabled  bool   `proxy:"enabled,omitempty"`
-	Method   string `proxy:"method,omitempty"`
-	Password string `proxy:"password,omitempty"`
-}
-
 func (t *Trojan) plainStream(ctx context.Context, c net.Conn) (net.Conn, error) {
 	if t.option.Network == "ws" {
 		host, port, _ := net.SplitHostPort(t.addr)
@@ -106,10 +95,6 @@ func (t *Trojan) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}

-	if t.ssCipher != nil {
-		c = t.ssCipher.StreamConn(c)
-	}
-
 	if metadata.NetWork == C.UDP {
 		err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
 		return c, err
@@ -127,10 +112,6 @@ func (t *Trojan) DialContext(ctx context.Context, metadata *C.Metadata, opts ...
 			return nil, err
 		}

-		if t.ssCipher != nil {
-			c = t.ssCipher.StreamConn(c)
-		}
-
 		if err = t.instance.WriteHeader(c, trojan.CommandTCP, serializesSocksAddr(metadata)); err != nil {
 			c.Close()
 			return nil, err
@@ -153,6 +134,7 @@ func (t *Trojan) DialContextWithDialer(ctx context.Context, dialer C.Dialer, met
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}
+	N.TCPKeepAlive(c)

 	defer func(c net.Conn) {
 		safeConnClose(c, err)
@@ -179,11 +161,6 @@ func (t *Trojan) ListenPacketContext(ctx context.Context, metadata *C.Metadata,
 		defer func(c net.Conn) {
 			safeConnClose(c, err)
 		}(c)
-
-		if t.ssCipher != nil {
-			c = t.ssCipher.StreamConn(c)
-		}
-
 		err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
 		if err != nil {
 			return nil, err
@@ -210,15 +187,12 @@ func (t *Trojan) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, me
 	defer func(c net.Conn) {
 		safeConnClose(c, err)
 	}(c)
+	N.TCPKeepAlive(c)
 	c, err = t.plainStream(ctx, c)
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %w", t.addr, err)
 	}

-	if t.ssCipher != nil {
-		c = t.ssCipher.StreamConn(c)
-	}
-
 	err = t.instance.WriteHeader(c, trojan.CommandUDP, serializesSocksAddr(metadata))
 	if err != nil {
 		return nil, err
@@ -244,13 +218,6 @@ func (t *Trojan) SupportUOT() bool {
 	return true
 }

-// ProxyInfo implements C.ProxyAdapter
-func (t *Trojan) ProxyInfo() C.ProxyInfo {
-	info := t.Base.ProxyInfo()
-	info.DialerProxy = t.option.DialerProxy
-	return info
-}
-
 func NewTrojan(option TrojanOption) (*Trojan, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))

@@ -290,20 +257,6 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 	}
 	tOption.Reality = t.realityConfig

-	if option.SSOpts.Enabled {
-		if option.SSOpts.Password == "" {
-			return nil, errors.New("empty password")
-		}
-		if option.SSOpts.Method == "" {
-			option.SSOpts.Method = "AES-128-GCM"
-		}
-		ciph, err := core.PickCipher(option.SSOpts.Method, nil, option.SSOpts.Password)
-		if err != nil {
-			return nil, err
-		}
-		t.ssCipher = ciph
-	}
-
 	if option.Network == "grpc" {
 		dialFn := func(network, addr string) (net.Conn, error) {
 			var err error
@@ -318,6 +271,7 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %s", t.addr, err.Error())
 			}
+			N.TCPKeepAlive(c)
 			return c, nil
 		}

--- a/adapter/outbound/tuic.go
+++ b/adapter/outbound/tuic.go
@@ -146,13 +146,6 @@ func (t *Tuic) dialWithDialer(ctx context.Context, dialer C.Dialer) (transport *
 	return
 }

-// ProxyInfo implements C.ProxyAdapter
-func (t *Tuic) ProxyInfo() C.ProxyInfo {
-	info := t.Base.ProxyInfo()
-	info.DialerProxy = t.option.DialerProxy
-	return info
-}
-
 func NewTuic(option TuicOption) (*Tuic, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	serverName := option.Server
--- a/adapter/outbound/util.go
+++ b/adapter/outbound/util.go
@@ -55,7 +55,7 @@ func resolveUDPAddr(ctx context.Context, network, address string) (*net.UDPAddr,
 		return nil, err
 	}

-	ip, err := resolver.ResolveIPWithResolver(ctx, host, resolver.ProxyServerHostResolver)
+	ip, err := resolver.ResolveProxyServerHost(ctx, host)
 	if err != nil {
 		return nil, err
 	}
@@ -71,12 +71,12 @@ func resolveUDPAddrWithPrefer(ctx context.Context, network, address string, pref
 	var fallback netip.Addr
 	switch prefer {
 	case C.IPv4Only:
-		ip, err = resolver.ResolveIPv4WithResolver(ctx, host, resolver.ProxyServerHostResolver)
+		ip, err = resolver.ResolveIPv4ProxyServerHost(ctx, host)
 	case C.IPv6Only:
-		ip, err = resolver.ResolveIPv6WithResolver(ctx, host, resolver.ProxyServerHostResolver)
+		ip, err = resolver.ResolveIPv6ProxyServerHost(ctx, host)
 	case C.IPv6Prefer:
 		var ips []netip.Addr
-		ips, err = resolver.LookupIPWithResolver(ctx, host, resolver.ProxyServerHostResolver)
+		ips, err = resolver.LookupIPProxyServerHost(ctx, host)
 		if err == nil {
 			for _, addr := range ips {
 				if addr.Is6() {
@@ -92,7 +92,7 @@ func resolveUDPAddrWithPrefer(ctx context.Context, network, address string, pref
 	default:
 		// C.IPv4Prefer, C.DualStack and other
 		var ips []netip.Addr
-		ips, err = resolver.LookupIPWithResolver(ctx, host, resolver.ProxyServerHostResolver)
+		ips, err = resolver.LookupIPProxyServerHost(ctx, host)
 		if err == nil {
 			for _, addr := range ips {
 				if addr.Is4() {
--- a/adapter/outbound/vless.go
+++ b/adapter/outbound/vless.go
@@ -262,6 +262,7 @@ func (v *Vless) DialContextWithDialer(ctx context.Context, dialer C.Dialer, meta
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 	}
+	N.TCPKeepAlive(c)
 	defer func(c net.Conn) {
 		safeConnClose(c, err)
 	}(c)
@@ -326,6 +327,7 @@ func (v *Vless) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, met
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 	}
+	N.TCPKeepAlive(c)
 	defer func(c net.Conn) {
 		safeConnClose(c, err)
 	}(c)
@@ -371,7 +373,7 @@ func (v *Vless) ListenPacketOnStreamConn(ctx context.Context, c net.Conn, metada
 			}, M.SocksaddrFromNet(metadata.UDPAddr())),
 		), v), nil
 	}
-	return newPacketConn(N.NewThreadSafePacketConn(&vlessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}), v), nil
+	return newPacketConn(&vlessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }

 // SupportUOT implements C.ProxyAdapter
@@ -379,13 +381,6 @@ func (v *Vless) SupportUOT() bool {
 	return true
 }

-// ProxyInfo implements C.ProxyAdapter
-func (v *Vless) ProxyInfo() C.ProxyInfo {
-	info := v.Base.ProxyInfo()
-	info.DialerProxy = v.option.DialerProxy
-	return info
-}
-
 func parseVlessAddr(metadata *C.Metadata, xudp bool) *vless.DstAddr {
 	var addrType byte
 	var addr []byte
@@ -510,14 +505,17 @@ func NewVless(option VlessOption) (*Vless, error) {
 	var addons *vless.Addons
 	if option.Network != "ws" && len(option.Flow) >= 16 {
 		option.Flow = option.Flow[:16]
-		if option.Flow != vless.XRV {
+		switch option.Flow {
+		case vless.XRV:
+			log.Warnln("To use %s, ensure your server is upgrade to Xray-core v1.8.0+", vless.XRV)
+			addons = &vless.Addons{
+				Flow: option.Flow,
+			}
+		case vless.XRO, vless.XRD, vless.XRS:
+			log.Fatalln("Legacy XTLS protocol %s is deprecated and no longer supported", option.Flow)
+		default:
 			return nil, fmt.Errorf("unsupported xtls flow type: %s", option.Flow)
 		}
-
-		log.Warnln("To use %s, ensure your server is upgrade to Xray-core v1.8.0+", vless.XRV)
-		addons = &vless.Addons{
-			Flow: option.Flow,
-		}
 	}

 	switch option.PacketEncoding {
@@ -579,6 +577,7 @@ func NewVless(option VlessOption) (*Vless, error) {
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 			}
+			N.TCPKeepAlive(c)
 			return c, nil
 		}

--- a/adapter/outbound/vmess.go
+++ b/adapter/outbound/vmess.go
@@ -179,7 +179,6 @@ func (v *Vmess) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.M
 		tlsOpts := mihomoVMess.TLSConfig{
 			Host:              host,
 			SkipCertVerify:    v.option.SkipCertVerify,
-			FingerPrint:       v.option.Fingerprint,
 			NextProtos:        []string{"h2"},
 			ClientFingerprint: v.option.ClientFingerprint,
 			Reality:           v.realityConfig,
@@ -209,7 +208,6 @@ func (v *Vmess) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.M
 			tlsOpts := &mihomoVMess.TLSConfig{
 				Host:              host,
 				SkipCertVerify:    v.option.SkipCertVerify,
-				FingerPrint:       v.option.Fingerprint,
 				ClientFingerprint: v.option.ClientFingerprint,
 				Reality:           v.realityConfig,
 				NextProtos:        v.option.ALPN,
@@ -312,6 +310,7 @@ func (v *Vmess) DialContextWithDialer(ctx context.Context, dialer C.Dialer, meta
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 	}
+	N.TCPKeepAlive(c)
 	defer func(c net.Conn) {
 		safeConnClose(c, err)
 	}(c)
@@ -372,6 +371,7 @@ func (v *Vmess) ListenPacketWithDialer(ctx context.Context, dialer C.Dialer, met
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 	}
+	N.TCPKeepAlive(c)
 	defer func(c net.Conn) {
 		safeConnClose(c, err)
 	}(c)
@@ -388,13 +388,6 @@ func (v *Vmess) SupportWithDialer() C.NetWork {
 	return C.ALLNet
 }

-// ProxyInfo implements C.ProxyAdapter
-func (v *Vmess) ProxyInfo() C.ProxyInfo {
-	info := v.Base.ProxyInfo()
-	info.DialerProxy = v.option.DialerProxy
-	return info
-}
-
 // ListenPacketOnStreamConn implements C.ProxyAdapter
 func (v *Vmess) ListenPacketOnStreamConn(ctx context.Context, c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
 	// vmess use stream-oriented udp with a special address, so we need a net.UDPAddr
@@ -478,6 +471,7 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 			if err != nil {
 				return nil, fmt.Errorf("%s connect error: %s", v.addr, err.Error())
 			}
+			N.TCPKeepAlive(c)
 			return c, nil
 		}

--- a/adapter/outbound/wireguard.go
+++ b/adapter/outbound/wireguard.go
@@ -12,98 +12,63 @@ import (
 	"strconv"
 	"strings"
 	"sync"
-	"time"

-	"github.com/metacubex/mihomo/common/atomic"
 	CN "github.com/metacubex/mihomo/common/net"
 	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/proxydialer"
 	"github.com/metacubex/mihomo/component/resolver"
-	"github.com/metacubex/mihomo/component/slowdown"
 	C "github.com/metacubex/mihomo/constant"
 	"github.com/metacubex/mihomo/dns"
 	"github.com/metacubex/mihomo/log"

-	amnezia "github.com/metacubex/amneziawg-go/device"
 	wireguard "github.com/metacubex/sing-wireguard"
-	"github.com/metacubex/wireguard-go/device"

+	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/debug"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
+	"github.com/sagernet/wireguard-go/device"
 )

-type wireguardGoDevice interface {
-	Close()
-	IpcSet(uapiConf string) error
-}
-
 type WireGuard struct {
 	*Base
 	bind      *wireguard.ClientBind
-	device    wireguardGoDevice
+	device    *device.Device
 	tunDevice wireguard.Device
 	dialer    proxydialer.SingDialer
-	resolver  resolver.Resolver
+	startOnce sync.Once
+	startErr  error
+	resolver  *dns.Resolver
 	refP      *refProxyAdapter
-
-	initOk        atomic.Bool
-	initMutex     sync.Mutex
-	initErr       error
-	option        WireGuardOption
-	connectAddr   M.Socksaddr
-	localPrefixes []netip.Prefix
-
-	serverAddrMap   map[M.Socksaddr]netip.AddrPort
-	serverAddrTime  atomic.TypedValue[time.Time]
-	serverAddrMutex sync.Mutex
-
-	closeCh chan struct{} // for test
 }

 type WireGuardOption struct {
 	BasicOption
 	WireGuardPeerOption
 	Name                string `proxy:"name"`
-	Ip                  string `proxy:"ip,omitempty"`
-	Ipv6                string `proxy:"ipv6,omitempty"`
 	PrivateKey          string `proxy:"private-key"`
 	Workers             int    `proxy:"workers,omitempty"`
 	MTU                 int    `proxy:"mtu,omitempty"`
 	UDP                 bool   `proxy:"udp,omitempty"`
 	PersistentKeepalive int    `proxy:"persistent-keepalive,omitempty"`

-	AmneziaWGOption *AmneziaWGOption `proxy:"amnezia-wg-option,omitempty"`
-
 	Peers []WireGuardPeerOption `proxy:"peers,omitempty"`

 	RemoteDnsResolve bool     `proxy:"remote-dns-resolve,omitempty"`
 	Dns              []string `proxy:"dns,omitempty"`
-
-	RefreshServerIPInterval int `proxy:"refresh-server-ip-interval,omitempty"`
 }

 type WireGuardPeerOption struct {
 	Server       string   `proxy:"server"`
 	Port         int      `proxy:"port"`
+	Ip           string   `proxy:"ip,omitempty"`
+	Ipv6         string   `proxy:"ipv6,omitempty"`
 	PublicKey    string   `proxy:"public-key,omitempty"`
 	PreSharedKey string   `proxy:"pre-shared-key,omitempty"`
 	Reserved     []uint8  `proxy:"reserved,omitempty"`
 	AllowedIPs   []string `proxy:"allowed-ips,omitempty"`
 }

-type AmneziaWGOption struct {
-	JC   int    `proxy:"jc"`
-	JMin int    `proxy:"jmin"`
-	JMax int    `proxy:"jmax"`
-	S1   int    `proxy:"s1"`
-	S2   int    `proxy:"s2"`
-	H1   uint32 `proxy:"h1"`
-	H2   uint32 `proxy:"h2"`
-	H3   uint32 `proxy:"h3"`
-	H4   uint32 `proxy:"h4"`
-}
-
 type wgSingErrorHandler struct {
 	name string
 }
@@ -132,7 +97,7 @@ func (option WireGuardPeerOption) Addr() M.Socksaddr {
 	return M.ParseSocksaddrHostPort(option.Server, uint16(option.Port))
 }

-func (option WireGuardOption) Prefixes() ([]netip.Prefix, error) {
+func (option WireGuardPeerOption) Prefixes() ([]netip.Prefix, error) {
 	localPrefixes := make([]netip.Prefix, 0, 2)
 	if len(option.Ip) > 0 {
 		if !strings.Contains(option.Ip, "/") {
@@ -171,7 +136,7 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 			rmark:  option.RoutingMark,
 			prefer: C.NewDNSPrefer(option.IPVersion),
 		},
-		dialer: proxydialer.NewSlowDownSingDialer(proxydialer.NewByNameSingDialer(option.DialerProxy, dialer.NewDialer()), slowdown.New()),
+		dialer: proxydialer.NewByNameSingDialer(option.DialerProxy, dialer.NewDialer()),
 	}
 	runtime.SetFinalizer(outbound, closeWireGuard)

@@ -183,103 +148,147 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 		copy(reserved[:], option.Reserved)
 	}
 	var isConnect bool
+	var connectAddr M.Socksaddr
 	if len(option.Peers) < 2 {
 		isConnect = true
 		if len(option.Peers) == 1 {
-			outbound.connectAddr = option.Peers[0].Addr()
+			connectAddr = option.Peers[0].Addr()
 		} else {
-			outbound.connectAddr = option.Addr()
+			connectAddr = option.Addr()
 		}
 	}
-	outbound.bind = wireguard.NewClientBind(context.Background(), wgSingErrorHandler{outbound.Name()}, outbound.dialer, isConnect, outbound.connectAddr.AddrPort(), reserved)
+	outbound.bind = wireguard.NewClientBind(context.Background(), wgSingErrorHandler{outbound.Name()}, outbound.dialer, isConnect, connectAddr, reserved)

-	var err error
-	outbound.localPrefixes, err = option.Prefixes()
-	if err != nil {
-		return nil, err
-	}
+	var localPrefixes []netip.Prefix

+	var privateKey string
 	{
 		bytes, err := base64.StdEncoding.DecodeString(option.PrivateKey)
 		if err != nil {
 			return nil, E.Cause(err, "decode private key")
 		}
-		option.PrivateKey = hex.EncodeToString(bytes)
+		privateKey = hex.EncodeToString(bytes)
 	}
-
-	if len(option.Peers) > 0 {
-		for i := range option.Peers {
-			peer := &option.Peers[i] // we need modify option here
-			bytes, err := base64.StdEncoding.DecodeString(peer.PublicKey)
-			if err != nil {
-				return nil, E.Cause(err, "decode public key for peer ", i)
+	ipcConf := "private_key=" + privateKey
+	if peersLen := len(option.Peers); peersLen > 0 {
+		localPrefixes = make([]netip.Prefix, 0, peersLen*2)
+		for i, peer := range option.Peers {
+			var peerPublicKey, preSharedKey string
+			{
+				bytes, err := base64.StdEncoding.DecodeString(peer.PublicKey)
+				if err != nil {
+					return nil, E.Cause(err, "decode public key for peer ", i)
+				}
+				peerPublicKey = hex.EncodeToString(bytes)
 			}
-			peer.PublicKey = hex.EncodeToString(bytes)
-
 			if peer.PreSharedKey != "" {
 				bytes, err := base64.StdEncoding.DecodeString(peer.PreSharedKey)
 				if err != nil {
 					return nil, E.Cause(err, "decode pre shared key for peer ", i)
 				}
-				peer.PreSharedKey = hex.EncodeToString(bytes)
+				preSharedKey = hex.EncodeToString(bytes)
+			}
+			destination := peer.Addr()
+			ipcConf += "\npublic_key=" + peerPublicKey
+			ipcConf += "\nendpoint=" + destination.String()
+			if preSharedKey != "" {
+				ipcConf += "\npreshared_key=" + preSharedKey
 			}
-
 			if len(peer.AllowedIPs) == 0 {
 				return nil, E.New("missing allowed_ips for peer ", i)
 			}
-
+			for _, allowedIP := range peer.AllowedIPs {
+				ipcConf += "\nallowed_ip=" + allowedIP
+			}
 			if len(peer.Reserved) > 0 {
 				if len(peer.Reserved) != 3 {
 					return nil, E.New("invalid reserved value for peer ", i, ", required 3 bytes, got ", len(peer.Reserved))
 				}
+				copy(reserved[:], option.Reserved)
+				outbound.bind.SetReservedForEndpoint(destination, reserved)
 			}
+			prefixes, err := peer.Prefixes()
+			if err != nil {
+				return nil, err
+			}
+			localPrefixes = append(localPrefixes, prefixes...)
 		}
 	} else {
+		var peerPublicKey, preSharedKey string
 		{
 			bytes, err := base64.StdEncoding.DecodeString(option.PublicKey)
 			if err != nil {
 				return nil, E.Cause(err, "decode peer public key")
 			}
-			option.PublicKey = hex.EncodeToString(bytes)
+			peerPublicKey = hex.EncodeToString(bytes)
 		}
 		if option.PreSharedKey != "" {
 			bytes, err := base64.StdEncoding.DecodeString(option.PreSharedKey)
 			if err != nil {
 				return nil, E.Cause(err, "decode pre shared key")
 			}
-			option.PreSharedKey = hex.EncodeToString(bytes)
+			preSharedKey = hex.EncodeToString(bytes)
+		}
+		ipcConf += "\npublic_key=" + peerPublicKey
+		ipcConf += "\nendpoint=" + connectAddr.String()
+		if preSharedKey != "" {
+			ipcConf += "\npreshared_key=" + preSharedKey
+		}
+		var err error
+		localPrefixes, err = option.Prefixes()
+		if err != nil {
+			return nil, err
+		}
+		var has4, has6 bool
+		for _, address := range localPrefixes {
+			if address.Addr().Is4() {
+				has4 = true
+			} else {
+				has6 = true
+			}
+		}
+		if has4 {
+			ipcConf += "\nallowed_ip=0.0.0.0/0"
+		}
+		if has6 {
+			ipcConf += "\nallowed_ip=::/0"
 		}
 	}
-	outbound.option = option

+	if option.PersistentKeepalive != 0 {
+		ipcConf += fmt.Sprintf("\npersistent_keepalive_interval=%d", option.PersistentKeepalive)
+	}
 	mtu := option.MTU
 	if mtu == 0 {
 		mtu = 1408
 	}
-	if len(outbound.localPrefixes) == 0 {
+	if len(localPrefixes) == 0 {
 		return nil, E.New("missing local address")
 	}
-	outbound.tunDevice, err = wireguard.NewStackDevice(outbound.localPrefixes, uint32(mtu))
+	var err error
+	outbound.tunDevice, err = wireguard.NewStackDevice(localPrefixes, uint32(mtu))
 	if err != nil {
 		return nil, E.Cause(err, "create WireGuard device")
 	}
-	logger := &device.Logger{
+	outbound.device = device.NewDevice(context.Background(), outbound.tunDevice, outbound.bind, &device.Logger{
 		Verbosef: func(format string, args ...interface{}) {
 			log.SingLogger.Debug(fmt.Sprintf("[WG](%s) %s", option.Name, fmt.Sprintf(format, args...)))
 		},
 		Errorf: func(format string, args ...interface{}) {
 			log.SingLogger.Error(fmt.Sprintf("[WG](%s) %s", option.Name, fmt.Sprintf(format, args...)))
 		},
+	}, option.Workers)
+	if debug.Enabled {
+		log.SingLogger.Trace(fmt.Sprintf("[WG](%s) created wireguard ipc conf: \n %s", option.Name, ipcConf))
 	}
-	if option.AmneziaWGOption != nil {
-		outbound.bind.SetParseReserved(false) // AmneziaWG don't need parse reserved
-		outbound.device = amnezia.NewDevice(outbound.tunDevice, outbound.bind, logger, option.Workers)
-	} else {
-		outbound.device = device.NewDevice(outbound.tunDevice, outbound.bind, logger, option.Workers)
+	err = outbound.device.IpcSet(ipcConf)
+	if err != nil {
+		return nil, E.Cause(err, "setup wireguard")
 	}
+	//err = outbound.tunDevice.Start()

 	var has6 bool
-	for _, address := range outbound.localPrefixes {
+	for _, address := range localPrefixes {
 		if !address.Addr().Unmap().Is4() {
 			has6 = true
 			break
@@ -305,204 +314,22 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 	return outbound, nil
 }

-func (w *WireGuard) resolve(ctx context.Context, address M.Socksaddr) (netip.AddrPort, error) {
-	if address.Addr.IsValid() {
-		return address.AddrPort(), nil
-	}
-	udpAddr, err := resolveUDPAddrWithPrefer(ctx, "udp", address.String(), w.prefer)
-	if err != nil {
-		return netip.AddrPort{}, err
-	}
-	// net.ResolveUDPAddr maybe return 4in6 address, so unmap at here
-	addrPort := udpAddr.AddrPort()
-	return netip.AddrPortFrom(addrPort.Addr().Unmap(), addrPort.Port()), nil
-}
-
-func (w *WireGuard) init(ctx context.Context) error {
-	err := w.init0(ctx)
-	if err != nil {
-		return err
-	}
-	w.updateServerAddr(ctx)
-	return nil
-}
-
-func (w *WireGuard) init0(ctx context.Context) error {
-	if w.initOk.Load() {
-		return nil
-	}
-	w.initMutex.Lock()
-	defer w.initMutex.Unlock()
-	// double check like sync.Once
-	if w.initOk.Load() {
-		return nil
-	}
-	if w.initErr != nil {
-		return w.initErr
-	}
-
-	w.bind.ResetReservedForEndpoint()
-	w.serverAddrMap = make(map[M.Socksaddr]netip.AddrPort)
-	ipcConf, err := w.genIpcConf(ctx, false)
-	if err != nil {
-		// !!! do not set initErr here !!!
-		// let us can retry domain resolve in next time
-		return err
-	}
-
-	if debug.Enabled {
-		log.SingLogger.Trace(fmt.Sprintf("[WG](%s) created wireguard ipc conf: \n %s", w.option.Name, ipcConf))
-	}
-	err = w.device.IpcSet(ipcConf)
-	if err != nil {
-		w.initErr = E.Cause(err, "setup wireguard")
-		return w.initErr
-	}
-	w.serverAddrTime.Store(time.Now())
-
-	err = w.tunDevice.Start()
-	if err != nil {
-		w.initErr = err
-		return w.initErr
-	}
-
-	w.initOk.Store(true)
-	return nil
-}
-
-func (w *WireGuard) updateServerAddr(ctx context.Context) {
-	if w.option.RefreshServerIPInterval != 0 && time.Since(w.serverAddrTime.Load()) > time.Second*time.Duration(w.option.RefreshServerIPInterval) {
-		if w.serverAddrMutex.TryLock() {
-			defer w.serverAddrMutex.Unlock()
-			ipcConf, err := w.genIpcConf(ctx, true)
-			if err != nil {
-				log.Warnln("[WG](%s)UpdateServerAddr failed to generate wireguard ipc conf: %s", w.option.Name, err)
-				return
-			}
-			err = w.device.IpcSet(ipcConf)
-			if err != nil {
-				log.Warnln("[WG](%s)UpdateServerAddr failed to update wireguard ipc conf: %s", w.option.Name, err)
-				return
-			}
-			w.serverAddrTime.Store(time.Now())
-		}
-	}
-}
-
-func (w *WireGuard) genIpcConf(ctx context.Context, updateOnly bool) (string, error) {
-	ipcConf := ""
-	if !updateOnly {
-		ipcConf += "private_key=" + w.option.PrivateKey + "\n"
-		if w.option.AmneziaWGOption != nil {
-			ipcConf += "jc=" + strconv.Itoa(w.option.AmneziaWGOption.JC) + "\n"
-			ipcConf += "jmin=" + strconv.Itoa(w.option.AmneziaWGOption.JMin) + "\n"
-			ipcConf += "jmax=" + strconv.Itoa(w.option.AmneziaWGOption.JMax) + "\n"
-			ipcConf += "s1=" + strconv.Itoa(w.option.AmneziaWGOption.S1) + "\n"
-			ipcConf += "s2=" + strconv.Itoa(w.option.AmneziaWGOption.S2) + "\n"
-			ipcConf += "h1=" + strconv.FormatUint(uint64(w.option.AmneziaWGOption.H1), 10) + "\n"
-			ipcConf += "h2=" + strconv.FormatUint(uint64(w.option.AmneziaWGOption.H2), 10) + "\n"
-			ipcConf += "h3=" + strconv.FormatUint(uint64(w.option.AmneziaWGOption.H3), 10) + "\n"
-			ipcConf += "h4=" + strconv.FormatUint(uint64(w.option.AmneziaWGOption.H4), 10) + "\n"
-		}
-	}
-	if len(w.option.Peers) > 0 {
-		for i, peer := range w.option.Peers {
-			peerAddr := peer.Addr()
-			destination, err := w.resolve(ctx, peerAddr)
-			if err != nil {
-				return "", E.Cause(err, "resolve endpoint domain for peer ", i)
-			}
-			if w.serverAddrMap[peerAddr] != destination {
-				w.serverAddrMap[peerAddr] = destination
-			} else if updateOnly {
-				continue
-			}
-
-			if len(w.option.Peers) == 1 { // must call SetConnectAddr if isConnect == true
-				w.bind.SetConnectAddr(destination)
-			}
-			ipcConf += "public_key=" + peer.PublicKey + "\n"
-			if updateOnly {
-				ipcConf += "update_only=true\n"
-			}
-			ipcConf += "endpoint=" + destination.String() + "\n"
-			if len(peer.Reserved) > 0 {
-				var reserved [3]uint8
-				copy(reserved[:], w.option.Reserved)
-				w.bind.SetReservedForEndpoint(destination, reserved)
-			}
-			if updateOnly {
-				continue
-			}
-			if peer.PreSharedKey != "" {
-				ipcConf += "preshared_key=" + peer.PreSharedKey + "\n"
-			}
-			for _, allowedIP := range peer.AllowedIPs {
-				ipcConf += "allowed_ip=" + allowedIP + "\n"
-			}
-			if w.option.PersistentKeepalive != 0 {
-				ipcConf += fmt.Sprintf("persistent_keepalive_interval=%d\n", w.option.PersistentKeepalive)
-			}
-		}
-	} else {
-		destination, err := w.resolve(ctx, w.connectAddr)
-		if err != nil {
-			return "", E.Cause(err, "resolve endpoint domain")
-		}
-		if w.serverAddrMap[w.connectAddr] != destination {
-			w.serverAddrMap[w.connectAddr] = destination
-		} else if updateOnly {
-			return "", nil
-		}
-		w.bind.SetConnectAddr(destination) // must call SetConnectAddr if isConnect == true
-		ipcConf += "public_key=" + w.option.PublicKey + "\n"
-		if updateOnly {
-			ipcConf += "update_only=true\n"
-		}
-		ipcConf += "endpoint=" + destination.String() + "\n"
-		if updateOnly {
-			return ipcConf, nil
-		}
-		if w.option.PreSharedKey != "" {
-			ipcConf += "preshared_key=" + w.option.PreSharedKey + "\n"
-		}
-		var has4, has6 bool
-		for _, address := range w.localPrefixes {
-			if address.Addr().Is4() {
-				has4 = true
-			} else {
-				has6 = true
-			}
-		}
-		if has4 {
-			ipcConf += "allowed_ip=0.0.0.0/0\n"
-		}
-		if has6 {
-			ipcConf += "allowed_ip=::/0\n"
-		}
-
-		if w.option.PersistentKeepalive != 0 {
-			ipcConf += fmt.Sprintf("persistent_keepalive_interval=%d\n", w.option.PersistentKeepalive)
-		}
-	}
-	return ipcConf, nil
-}
-
 func closeWireGuard(w *WireGuard) {
 	if w.device != nil {
 		w.device.Close()
 	}
-	if w.closeCh != nil {
-		close(w.closeCh)
-	}
+	_ = common.Close(w.tunDevice)
 }

 func (w *WireGuard) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
 	options := w.Base.DialOptions(opts...)
 	w.dialer.SetDialer(dialer.NewDialer(options...))
 	var conn net.Conn
-	if err = w.init(ctx); err != nil {
-		return nil, err
+	w.startOnce.Do(func() {
+		w.startErr = w.tunDevice.Start()
+	})
+	if w.startErr != nil {
+		return nil, w.startErr
 	}
 	if !metadata.Resolved() || w.resolver != nil {
 		r := resolver.DefaultResolver
@@ -530,7 +357,13 @@ func (w *WireGuard) ListenPacketContext(ctx context.Context, metadata *C.Metadat
 	options := w.Base.DialOptions(opts...)
 	w.dialer.SetDialer(dialer.NewDialer(options...))
 	var pc net.PacketConn
-	if err = w.init(ctx); err != nil {
+	w.startOnce.Do(func() {
+		w.startErr = w.tunDevice.Start()
+	})
+	if w.startErr != nil {
+		return nil, w.startErr
+	}
+	if err != nil {
 		return nil, err
 	}
 	if (!metadata.Resolved() || w.resolver != nil) && metadata.Host != "" {
@@ -611,11 +444,18 @@ func (r *refProxyAdapter) SupportUDP() bool {
 	return false
 }

-func (r *refProxyAdapter) ProxyInfo() C.ProxyInfo {
+func (r *refProxyAdapter) SupportXUDP() bool {
 	if r.proxyAdapter != nil {
-		return r.proxyAdapter.ProxyInfo()
+		return r.proxyAdapter.SupportXUDP()
 	}
-	return C.ProxyInfo{}
+	return false
+}
+
+func (r *refProxyAdapter) SupportTFO() bool {
+	if r.proxyAdapter != nil {
+		return r.proxyAdapter.SupportTFO()
+	}
+	return false
 }

 func (r *refProxyAdapter) MarshalJSON() ([]byte, error) {
--- a/adapter/outbound/wireguard_test.go
+++ b/adapter/outbound/wireguard_test.go
@@ -1,45 +0,0 @@
-//go:build with_gvisor
-
-package outbound
-
-import (
-	"context"
-	"runtime"
-	"testing"
-	"time"
-)
-
-func TestWireGuardGC(t *testing.T) {
-	option := WireGuardOption{}
-	option.Server = "162.159.192.1"
-	option.Port = 2408
-	option.PrivateKey = "iOx7749AdqH3IqluG7+0YbGKd0m1mcEXAfGRzpy9rG8="
-	option.PublicKey = "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo="
-	option.Ip = "172.16.0.2"
-	option.Ipv6 = "2606:4700:110:8d29:be92:3a6a:f4:c437"
-	option.Reserved = []uint8{51, 69, 125}
-	wg, err := NewWireGuard(option)
-	if err != nil {
-		t.Error(err)
-	}
-	closeCh := make(chan struct{})
-	wg.closeCh = closeCh
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
-	defer cancel()
-	err = wg.init(ctx)
-	if err != nil {
-		t.Error(err)
-		return
-	}
-	// must do a small sleep before test GC
-	// because it maybe deadlocks if w.device.Close call too fast after w.device.Start
-	time.Sleep(10 * time.Millisecond)
-	wg = nil
-	runtime.GC()
-	select {
-	case <-closeCh:
-		return
-	case <-ctx.Done():
-		t.Error("timeout not GC")
-	}
-}
--- a/adapter/outboundgroup/fallback.go
+++ b/adapter/outboundgroup/fallback.go
@@ -21,8 +21,6 @@ type Fallback struct {
 	testUrl        string
 	selected       string
 	expectedStatus string
-	Hidden         bool
-	Icon           string
 }

 func (f *Fallback) Now() string {
@@ -92,8 +90,6 @@ func (f *Fallback) MarshalJSON() ([]byte, error) {
 		"testUrl":        f.testUrl,
 		"expectedStatus": f.expectedStatus,
 		"fixed":          f.selected,
-		"hidden":         f.Hidden,
-		"icon":           f.Icon,
 	})
 }

@@ -141,7 +137,7 @@ func (f *Fallback) Set(name string) error {
 	if !p.AliveForTestUrl(f.testUrl) {
 		ctx, cancel := context.WithTimeout(context.Background(), time.Millisecond*time.Duration(5000))
 		defer cancel()
-		expectedStatus, _ := utils.NewUnsignedRanges[uint16](f.expectedStatus)
+		expectedStatus, _ := utils.NewIntRanges[uint16](f.expectedStatus)
 		_, _ = p.URLTest(ctx, f.testUrl, expectedStatus)
 	}

@@ -164,14 +160,10 @@ func NewFallback(option *GroupCommonOption, providers []provider.ProxyProvider)
 			option.Filter,
 			option.ExcludeFilter,
 			option.ExcludeType,
-			option.TestTimeout,
-			option.MaxFailedTimes,
 			providers,
 		}),
 		disableUDP:     option.DisableUDP,
 		testUrl:        option.URL,
 		expectedStatus: option.ExpectedStatus,
-		Hidden:         option.Hidden,
-		Icon:           option.Icon,
 	}
 }
--- a/adapter/outboundgroup/groupbase.go
+++ b/adapter/outboundgroup/groupbase.go
@@ -31,24 +31,20 @@ type GroupBase struct {
 	failedTesting    atomic.Bool
 	proxies          [][]C.Proxy
 	versions         []atomic.Uint32
-	TestTimeout      int
-	maxFailedTimes   int
 }

 type GroupBaseOption struct {
 	outbound.BaseOption
-	filter         string
-	excludeFilter  string
-	excludeType    string
-	TestTimeout    int
-	maxFailedTimes int
-	providers      []provider.ProxyProvider
+	filter        string
+	excludeFilter string
+	excludeType   string
+	providers     []provider.ProxyProvider
 }

 func NewGroupBase(opt GroupBaseOption) *GroupBase {
 	var excludeFilterReg *regexp2.Regexp
 	if opt.excludeFilter != "" {
-		excludeFilterReg = regexp2.MustCompile(opt.excludeFilter, regexp2.None)
+		excludeFilterReg = regexp2.MustCompile(opt.excludeFilter, 0)
 	}
 	var excludeTypeArray []string
 	if opt.excludeType != "" {
@@ -58,7 +54,7 @@ func NewGroupBase(opt GroupBaseOption) *GroupBase {
 	var filterRegs []*regexp2.Regexp
 	if opt.filter != "" {
 		for _, filter := range strings.Split(opt.filter, "`") {
-			filterReg := regexp2.MustCompile(filter, regexp2.None)
+			filterReg := regexp2.MustCompile(filter, 0)
 			filterRegs = append(filterRegs, filterReg)
 		}
 	}
@@ -70,15 +66,6 @@ func NewGroupBase(opt GroupBaseOption) *GroupBase {
 		excludeTypeArray: excludeTypeArray,
 		providers:        opt.providers,
 		failedTesting:    atomic.NewBool(false),
-		TestTimeout:      opt.TestTimeout,
-		maxFailedTimes:   opt.maxFailedTimes,
-	}
-
-	if gb.TestTimeout == 0 {
-		gb.TestTimeout = 5000
-	}
-	if gb.maxFailedTimes == 0 {
-		gb.maxFailedTimes = 5
 	}

 	gb.proxies = make([][]C.Proxy, len(opt.providers))
@@ -126,7 +113,7 @@ func (gb *GroupBase) GetProxies(touch bool) []C.Proxy {
 				for _, filterReg := range gb.filterRegs {
 					for _, p := range proxies {
 						name := p.Name()
-						if mat, _ := filterReg.MatchString(name); mat {
+						if mat, _ := filterReg.FindStringMatch(name); mat != nil {
 							if _, ok := proxiesSet[name]; !ok {
 								proxiesSet[name] = struct{}{}
 								newProxies = append(newProxies, p)
@@ -150,7 +137,7 @@ func (gb *GroupBase) GetProxies(touch bool) []C.Proxy {
 		for _, filterReg := range gb.filterRegs {
 			for _, p := range proxies {
 				name := p.Name()
-				if mat, _ := filterReg.MatchString(name); mat {
+				if mat, _ := filterReg.FindStringMatch(name); mat != nil {
 					if _, ok := proxiesSet[name]; !ok {
 						proxiesSet[name] = struct{}{}
 						newProxies = append(newProxies, p)
@@ -191,7 +178,7 @@ func (gb *GroupBase) GetProxies(touch bool) []C.Proxy {
 		var newProxies []C.Proxy
 		for _, p := range proxies {
 			name := p.Name()
-			if mat, _ := gb.excludeFilterReg.MatchString(name); mat {
+			if mat, _ := gb.excludeFilterReg.FindStringMatch(name); mat != nil {
 				continue
 			}
 			newProxies = append(newProxies, p)
@@ -253,13 +240,13 @@ func (gb *GroupBase) onDialFailed(adapterType C.AdapterType, err error) {
 			log.Debugln("ProxyGroup: %s first failed", gb.Name())
 			gb.failedTime = time.Now()
 		} else {
-			if time.Since(gb.failedTime) > time.Duration(gb.TestTimeout)*time.Millisecond {
+			if time.Since(gb.failedTime) > gb.failedTimeoutInterval() {
 				gb.failedTimes = 0
 				return
 			}

 			log.Debugln("ProxyGroup: %s failed count: %d", gb.Name(), gb.failedTimes)
-			if gb.failedTimes >= gb.maxFailedTimes {
+			if gb.failedTimes >= gb.maxFailedTimes() {
 				log.Warnln("because %s failed multiple times, active health check", gb.Name())
 				gb.healthCheck()
 			}
@@ -288,8 +275,20 @@ func (gb *GroupBase) healthCheck() {
 	gb.failedTimes = 0
 }

+func (gb *GroupBase) failedIntervalTime() int64 {
+	return 5 * time.Second.Milliseconds()
+}
+
 func (gb *GroupBase) onDialSuccess() {
 	if !gb.failedTesting.Load() {
 		gb.failedTimes = 0
 	}
 }
+
+func (gb *GroupBase) maxFailedTimes() int {
+	return 5
+}
+
+func (gb *GroupBase) failedTimeoutInterval() time.Duration {
+	return 5 * time.Second
+}
--- a/adapter/outboundgroup/loadbalance.go
+++ b/adapter/outboundgroup/loadbalance.go
@@ -29,8 +29,6 @@ type LoadBalance struct {
 	strategyFn     strategyFn
 	testUrl        string
 	expectedStatus string
-	Hidden         bool
-	Icon           string
 }

 var errStrategy = errors.New("unsupported strategy")
@@ -204,7 +202,8 @@ func strategyStickySessions(url string) strategyFn {
 		for i := 1; i < maxRetry; i++ {
 			proxy := proxies[nowIdx]
 			if proxy.AliveForTestUrl(url) {
-				if !has || nowIdx != idx {
+				if nowIdx != idx {
+					lruCache.Delete(key)
 					lruCache.Set(key, nowIdx)
 				}

@@ -214,6 +213,7 @@ func strategyStickySessions(url string) strategyFn {
 			}
 		}

+		lruCache.Delete(key)
 		lruCache.Set(key, 0)
 		return proxies[0]
 	}
@@ -236,8 +236,6 @@ func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
 		"all":            all,
 		"testUrl":        lb.testUrl,
 		"expectedStatus": lb.expectedStatus,
-		"hidden":         lb.Hidden,
-		"icon":           lb.Icon,
 	})
 }

@@ -264,15 +262,11 @@ func NewLoadBalance(option *GroupCommonOption, providers []provider.ProxyProvide
 			option.Filter,
 			option.ExcludeFilter,
 			option.ExcludeType,
-			option.TestTimeout,
-			option.MaxFailedTimes,
 			providers,
 		}),
 		strategyFn:     strategyFn,
 		disableUDP:     option.DisableUDP,
 		testUrl:        option.URL,
 		expectedStatus: option.ExpectedStatus,
-		Hidden:         option.Hidden,
-		Icon:           option.Icon,
 	}, nil
 }
--- a/adapter/outboundgroup/parser.go
+++ b/adapter/outboundgroup/parser.go
@@ -5,8 +5,6 @@ import (
 	"fmt"
 	"strings"

-	"github.com/dlclark/regexp2"
-
 	"github.com/metacubex/mihomo/adapter/outbound"
 	"github.com/metacubex/mihomo/adapter/provider"
 	"github.com/metacubex/mihomo/common/structure"
@@ -30,8 +28,6 @@ type GroupCommonOption struct {
 	Use                 []string `group:"use,omitempty"`
 	URL                 string   `group:"url,omitempty"`
 	Interval            int      `group:"interval,omitempty"`
-	TestTimeout         int      `group:"timeout,omitempty"`
-	MaxFailedTimes      int      `group:"max-failed-times,omitempty"`
 	Lazy                bool     `group:"lazy,omitempty"`
 	DisableUDP          bool     `group:"disable-udp,omitempty"`
 	Filter              string   `group:"filter,omitempty"`
@@ -41,8 +37,6 @@ type GroupCommonOption struct {
 	IncludeAll          bool     `group:"include-all,omitempty"`
 	IncludeAllProxies   bool     `group:"include-all-proxies,omitempty"`
 	IncludeAllProviders bool     `group:"include-all-providers,omitempty"`
-	Hidden              bool     `group:"hidden,omitempty"`
-	Icon                string   `group:"icon,omitempty"`
 }

 func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, providersMap map[string]types.ProxyProvider, AllProxies []string, AllProviders []string) (C.ProxyAdapter, error) {
@@ -67,37 +61,24 @@ func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, provide
 		groupOption.IncludeAllProviders = true
 		groupOption.IncludeAllProxies = true
 	}
-
+	var GroupUse []string
+	var GroupProxies []string
 	if groupOption.IncludeAllProviders {
-		groupOption.Use = AllProviders
+		GroupUse = append(GroupUse, AllProviders...)
+	} else {
+		GroupUse = groupOption.Use
 	}
 	if groupOption.IncludeAllProxies {
-		if groupOption.Filter != "" {
-			var filterRegs []*regexp2.Regexp
-			for _, filter := range strings.Split(groupOption.Filter, "`") {
-				filterReg := regexp2.MustCompile(filter, regexp2.None)
-				filterRegs = append(filterRegs, filterReg)
-			}
-			for _, p := range AllProxies {
-				for _, filterReg := range filterRegs {
-					if mat, _ := filterReg.MatchString(p); mat {
-						groupOption.Proxies = append(groupOption.Proxies, p)
-					}
-				}
-			}
-		} else {
-			groupOption.Proxies = append(groupOption.Proxies, AllProxies...)
-		}
-		if len(groupOption.Proxies) == 0 && len(groupOption.Use) == 0 {
-			groupOption.Proxies = []string{"COMPATIBLE"}
-		}
+		GroupProxies = append(groupOption.Proxies, AllProxies...)
+	} else {
+		GroupProxies = groupOption.Proxies
 	}

-	if len(groupOption.Proxies) == 0 && len(groupOption.Use) == 0 {
+	if len(GroupProxies) == 0 && len(GroupUse) == 0 {
 		return nil, fmt.Errorf("%s: %w", groupName, errMissProxy)
 	}

-	expectedStatus, err := utils.NewUnsignedRanges[uint16](groupOption.ExpectedStatus)
+	expectedStatus, err := utils.NewIntRanges[uint16](groupOption.ExpectedStatus)
 	if err != nil {
 		return nil, fmt.Errorf("%s: %w", groupName, err)
 	}
@@ -107,32 +88,15 @@ func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, provide
 		status = "*"
 	}
 	groupOption.ExpectedStatus = status
+	testUrl := groupOption.URL

-	if len(groupOption.Use) != 0 {
-		PDs, err := getProviders(providersMap, groupOption.Use)
-		if err != nil {
-			return nil, fmt.Errorf("%s: %w", groupName, err)
-		}
-
-		// if test URL is empty, use the first health check URL of providers
-		if groupOption.URL == "" {
-			for _, pd := range PDs {
-				if pd.HealthCheckURL() != "" {
-					groupOption.URL = pd.HealthCheckURL()
-					break
-				}
-			}
-			if groupOption.URL == "" {
-				groupOption.URL = C.DefaultTestURL
-			}
-		} else {
-			addTestUrlToProviders(PDs, groupOption.URL, expectedStatus, groupOption.Filter, uint(groupOption.Interval))
-		}
-		providers = append(providers, PDs...)
+	if groupOption.URL == "" {
+		groupOption.URL = C.DefaultTestURL
+		testUrl = groupOption.URL
 	}

-	if len(groupOption.Proxies) != 0 {
-		ps, err := getProxies(proxyMap, groupOption.Proxies)
+	if len(GroupProxies) != 0 {
+		ps, err := getProxies(proxyMap, GroupProxies)
 		if err != nil {
 			return nil, fmt.Errorf("%s: %w", groupName, err)
 		}
@@ -141,28 +105,38 @@ func ParseProxyGroup(config map[string]any, proxyMap map[string]C.Proxy, provide
 			return nil, fmt.Errorf("%s: %w", groupName, errDuplicateProvider)
 		}

-		if groupOption.URL == "" {
-			groupOption.URL = C.DefaultTestURL
-		}
-
-		// select don't need auto health check
+		// select don't need health check
 		if groupOption.Type != "select" && groupOption.Type != "relay" {
 			if groupOption.Interval == 0 {
 				groupOption.Interval = 300
 			}
 		}

-		hc := provider.NewHealthCheck(ps, groupOption.URL, uint(groupOption.TestTimeout), uint(groupOption.Interval), groupOption.Lazy, expectedStatus)
+		hc := provider.NewHealthCheck(ps, testUrl, uint(groupOption.Interval), groupOption.Lazy, expectedStatus)

 		pd, err := provider.NewCompatibleProvider(groupName, ps, hc)
 		if err != nil {
 			return nil, fmt.Errorf("%s: %w", groupName, err)
 		}

-		providers = append([]types.ProxyProvider{pd}, providers...)
+		providers = append(providers, pd)
 		providersMap[groupName] = pd
 	}

+	if len(GroupUse) != 0 {
+		list, err := getProviders(providersMap, GroupUse)
+		if err != nil {
+			return nil, fmt.Errorf("%s: %w", groupName, err)
+		}
+
+		// different proxy groups use different test URL
+		addTestUrlToProviders(list, testUrl, expectedStatus, groupOption.Filter, uint(groupOption.Interval))
+
+		providers = append(providers, list...)
+	} else {
+		groupOption.Filter = ""
+	}
+
 	var group C.ProxyAdapter
 	switch groupOption.Type {
 	case "url-test":
--- a/adapter/outboundgroup/relay.go
+++ b/adapter/outboundgroup/relay.go
@@ -3,19 +3,15 @@ package outboundgroup
 import (
 	"context"
 	"encoding/json"
-
 	"github.com/metacubex/mihomo/adapter/outbound"
 	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/proxydialer"
 	C "github.com/metacubex/mihomo/constant"
 	"github.com/metacubex/mihomo/constant/provider"
-	"github.com/metacubex/mihomo/log"
 )

 type Relay struct {
 	*GroupBase
-	Hidden bool
-	Icon   string
 }

 // DialContext implements C.ProxyAdapter
@@ -110,10 +106,8 @@ func (r *Relay) MarshalJSON() ([]byte, error) {
 		all = append(all, proxy.Name())
 	}
 	return json.Marshal(map[string]any{
-		"type":   r.Type().String(),
-		"all":    all,
-		"hidden": r.Hidden,
-		"icon":   r.Icon,
+		"type": r.Type().String(),
+		"all":  all,
 	})
 }

@@ -150,7 +144,6 @@ func (r *Relay) Addr() string {
 }

 func NewRelay(option *GroupCommonOption, providers []provider.ProxyProvider) *Relay {
-	log.Warnln("The group [%s] with relay type is deprecated, please using dialer-proxy instead", option.Name)
 	return &Relay{
 		GroupBase: NewGroupBase(GroupBaseOption{
 			outbound.BaseOption{
@@ -162,11 +155,7 @@ func NewRelay(option *GroupCommonOption, providers []provider.ProxyProvider) *Re
 			"",
 			"",
 			"",
-			5000,
-			5,
 			providers,
 		}),
-		Hidden: option.Hidden,
-		Icon:   option.Icon,
 	}
 }
--- a/adapter/outboundgroup/selector.go
+++ b/adapter/outboundgroup/selector.go
@@ -15,8 +15,6 @@ type Selector struct {
 	*GroupBase
 	disableUDP bool
 	selected   string
-	Hidden     bool
-	Icon       string
 }

 // DialContext implements C.ProxyAdapter
@@ -59,11 +57,9 @@ func (s *Selector) MarshalJSON() ([]byte, error) {
 	}

 	return json.Marshal(map[string]any{
-		"type":   s.Type().String(),
-		"now":    s.Now(),
-		"all":    all,
-		"hidden": s.Hidden,
-		"icon":   s.Icon,
+		"type": s.Type().String(),
+		"now":  s.Now(),
+		"all":  all,
 	})
 }

@@ -114,13 +110,9 @@ func NewSelector(option *GroupCommonOption, providers []provider.ProxyProvider)
 			option.Filter,
 			option.ExcludeFilter,
 			option.ExcludeType,
-			option.TestTimeout,
-			option.MaxFailedTimes,
 			providers,
 		}),
 		selected:   "COMPATIBLE",
 		disableUDP: option.DisableUDP,
-		Hidden:     option.Hidden,
-		Icon:       option.Icon,
 	}
 }
--- a/adapter/outboundgroup/urltest.go
+++ b/adapter/outboundgroup/urltest.go
@@ -33,8 +33,6 @@ type URLTest struct {
 	expectedStatus string
 	tolerance      uint16
 	disableUDP     bool
-	Hidden         bool
-	Icon           string
 	fastNode       C.Proxy
 	fastSingle     *singledo.Single[C.Proxy]
 }
@@ -176,8 +174,6 @@ func (u *URLTest) MarshalJSON() ([]byte, error) {
 		"testUrl":        u.testUrl,
 		"expectedStatus": u.expectedStatus,
 		"fixed":          u.selected,
-		"hidden":         u.Hidden,
-		"icon":           u.Icon,
 	})
 }

@@ -235,16 +231,12 @@ func NewURLTest(option *GroupCommonOption, providers []provider.ProxyProvider, o
 			option.Filter,
 			option.ExcludeFilter,
 			option.ExcludeType,
-			option.TestTimeout,
-			option.MaxFailedTimes,
 			providers,
 		}),
 		fastSingle:     singledo.NewSingle[C.Proxy](time.Second * 10),
 		disableUDP:     option.DisableUDP,
 		testUrl:        option.URL,
 		expectedStatus: option.ExpectedStatus,
-		Hidden:         option.Hidden,
-		Icon:           option.Icon,
 	}

 	for _, option := range options {
--- a/adapter/outboundgroup/util.go
+++ b/adapter/outboundgroup/util.go
@@ -4,7 +4,3 @@ type SelectAble interface {
 	Set(string) error
 	ForceSet(name string)
 }
-
-var _ SelectAble = (*Fallback)(nil)
-var _ SelectAble = (*URLTest)(nil)
-var _ SelectAble = (*Selector)(nil)
--- a/adapter/parser.go
+++ b/adapter/parser.go
@@ -120,13 +120,6 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 			break
 		}
 		proxy = outbound.NewDirectWithOption(*directOption)
-	case "dns":
-		dnsOptions := &outbound.DnsOption{}
-		err = decoder.Decode(mapping, dnsOptions)
-		if err != nil {
-			break
-		}
-		proxy = outbound.NewDnsWithOption(*dnsOptions)
 	case "reject":
 		rejectOption := &outbound.RejectOption{}
 		err = decoder.Decode(mapping, rejectOption)
@@ -134,20 +127,6 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 			break
 		}
 		proxy = outbound.NewRejectWithOption(*rejectOption)
-	case "ssh":
-		sshOption := &outbound.SshOption{}
-		err = decoder.Decode(mapping, sshOption)
-		if err != nil {
-			break
-		}
-		proxy, err = outbound.NewSsh(*sshOption)
-	case "mieru":
-		mieruOption := &outbound.MieruOption{}
-		err = decoder.Decode(mapping, mieruOption)
-		if err != nil {
-			break
-		}
-		proxy, err = outbound.NewMieru(*mieruOption)
 	default:
 		return nil, fmt.Errorf("unsupport proxy type: %s", proxyType)
 	}
--- a/adapter/provider/healthcheck.go
+++ b/adapter/provider/healthcheck.go
@@ -16,6 +16,10 @@ import (
 	"github.com/dlclark/regexp2"
 )

+const (
+	defaultURLTestTimeout = time.Second * 5
+)
+
 type HealthCheckOption struct {
 	URL      string
 	Interval uint
@@ -27,8 +31,6 @@ type extraOption struct {
 }

 type HealthCheck struct {
-	ctx            context.Context
-	ctxCancel      context.CancelFunc
 	url            string
 	extra          map[string]*extraOption
 	mu             sync.Mutex
@@ -38,8 +40,8 @@ type HealthCheck struct {
 	lazy           bool
 	expectedStatus utils.IntRanges[uint16]
 	lastTouch      atomic.TypedValue[time.Time]
+	done           chan struct{}
 	singleDo       *singledo.Single[struct{}]
-	timeout        time.Duration
 }

 func (hc *HealthCheck) process() {
@@ -60,7 +62,7 @@ func (hc *HealthCheck) process() {
 			} else {
 				log.Debugln("Skip once health check because we are lazy")
 			}
-		case <-hc.ctx.Done():
+		case <-hc.done:
 			ticker.Stop()
 			hc.stop()
 			return
@@ -147,7 +149,7 @@ func (hc *HealthCheck) check() {
 	_, _, _ = hc.singleDo.Do(func() (struct{}, error) {
 		id := utils.NewUUIDV4().String()
 		log.Debugln("Start New Health Checking {%s}", id)
-		b, _ := batch.New[bool](hc.ctx, batch.WithConcurrencyNum[bool](10))
+		b, _ := batch.New[bool](context.Background(), batch.WithConcurrencyNum[bool](10))

 		// execute default health check
 		option := &extraOption{filters: nil, expectedStatus: hc.expectedStatus}
@@ -182,21 +184,21 @@ func (hc *HealthCheck) execute(b *batch.Batch[bool], url, uid string, option *ex
 				filters = append(filters, filter)
 			}

-			filterReg = regexp2.MustCompile(strings.Join(filters, "|"), regexp2.None)
+			filterReg = regexp2.MustCompile(strings.Join(filters, "|"), 0)
 		}
 	}

 	for _, proxy := range hc.proxies {
 		// skip proxies that do not require health check
 		if filterReg != nil {
-			if match, _ := filterReg.MatchString(proxy.Name()); !match {
+			if match, _ := filterReg.FindStringMatch(proxy.Name()); match == nil {
 				continue
 			}
 		}

 		p := proxy
 		b.Go(p.Name(), func() (bool, error) {
-			ctx, cancel := context.WithTimeout(hc.ctx, hc.timeout)
+			ctx, cancel := context.WithTimeout(context.Background(), defaultURLTestTimeout)
 			defer cancel()
 			log.Debugln("Health Checking, proxy: %s, url: %s, id: {%s}", p.Name(), url, uid)
 			_, _ = p.URLTest(ctx, url, expectedStatus)
@@ -207,29 +209,23 @@ func (hc *HealthCheck) execute(b *batch.Batch[bool], url, uid string, option *ex
 }

 func (hc *HealthCheck) close() {
-	hc.ctxCancel()
+	hc.done <- struct{}{}
 }

-func NewHealthCheck(proxies []C.Proxy, url string, timeout uint, interval uint, lazy bool, expectedStatus utils.IntRanges[uint16]) *HealthCheck {
+func NewHealthCheck(proxies []C.Proxy, url string, interval uint, lazy bool, expectedStatus utils.IntRanges[uint16]) *HealthCheck {
 	if url == "" {
-		expectedStatus = nil
-		interval = 0
+		// expectedStatus = nil
+		url = C.DefaultTestURL
 	}
-	if timeout == 0 {
-		timeout = 5000
-	}
-	ctx, cancel := context.WithCancel(context.Background())

 	return &HealthCheck{
-		ctx:            ctx,
-		ctxCancel:      cancel,
 		proxies:        proxies,
 		url:            url,
-		timeout:        time.Duration(timeout) * time.Millisecond,
 		extra:          map[string]*extraOption{},
 		interval:       time.Duration(interval) * time.Second,
 		lazy:           lazy,
 		expectedStatus: expectedStatus,
+		done:           make(chan struct{}, 1),
 		singleDo:       singledo.NewSingle[struct{}](time.Second),
 	}
 }
--- a/adapter/provider/parser.go
+++ b/adapter/provider/parser.go
@@ -1,7 +1,6 @@
 package provider

 import (
-	"encoding"
 	"errors"
 	"fmt"
 	"time"
@@ -10,9 +9,8 @@ import (
 	"github.com/metacubex/mihomo/common/utils"
 	"github.com/metacubex/mihomo/component/resource"
 	C "github.com/metacubex/mihomo/constant"
+	"github.com/metacubex/mihomo/constant/features"
 	types "github.com/metacubex/mihomo/constant/provider"
-
-	"github.com/dlclark/regexp2"
 )

 var (
@@ -24,53 +22,33 @@ type healthCheckSchema struct {
 	Enable         bool   `provider:"enable"`
 	URL            string `provider:"url"`
 	Interval       int    `provider:"interval"`
-	TestTimeout    int    `provider:"timeout,omitempty"`
 	Lazy           bool   `provider:"lazy,omitempty"`
 	ExpectedStatus string `provider:"expected-status,omitempty"`
 }

-type OverrideProxyNameSchema struct {
-	// matching expression for regex replacement
-	Pattern *regexp2.Regexp `provider:"pattern"`
-	// the new content after regex matching
-	Target string `provider:"target"`
-}
-
-var _ encoding.TextUnmarshaler = (*regexp2.Regexp)(nil) // ensure *regexp2.Regexp can decode direct by structure package
-
 type OverrideSchema struct {
-	TFO              *bool   `provider:"tfo,omitempty"`
-	MPTcp            *bool   `provider:"mptcp,omitempty"`
-	UDP              *bool   `provider:"udp,omitempty"`
-	UDPOverTCP       *bool   `provider:"udp-over-tcp,omitempty"`
-	Up               *string `provider:"up,omitempty"`
-	Down             *string `provider:"down,omitempty"`
-	DialerProxy      *string `provider:"dialer-proxy,omitempty"`
-	SkipCertVerify   *bool   `provider:"skip-cert-verify,omitempty"`
-	Interface        *string `provider:"interface-name,omitempty"`
-	RoutingMark      *int    `provider:"routing-mark,omitempty"`
-	IPVersion        *string `provider:"ip-version,omitempty"`
-	AdditionalPrefix *string `provider:"additional-prefix,omitempty"`
-	AdditionalSuffix *string `provider:"additional-suffix,omitempty"`
-
-	ProxyName []OverrideProxyNameSchema `provider:"proxy-name,omitempty"`
+	UDP            *bool   `provider:"udp,omitempty"`
+	Up             *string `provider:"up,omitempty"`
+	Down           *string `provider:"down,omitempty"`
+	DialerProxy    *string `provider:"dialer-proxy,omitempty"`
+	SkipCertVerify *bool   `provider:"skip-cert-verify,omitempty"`
+	Interface      *string `provider:"interface-name,omitempty"`
+	RoutingMark    *int    `provider:"routing-mark,omitempty"`
+	IPVersion      *string `provider:"ip-version,omitempty"`
 }

 type proxyProviderSchema struct {
 	Type          string `provider:"type"`
 	Path          string `provider:"path,omitempty"`
 	URL           string `provider:"url,omitempty"`
-	Proxy         string `provider:"proxy,omitempty"`
 	Interval      int    `provider:"interval,omitempty"`
 	Filter        string `provider:"filter,omitempty"`
 	ExcludeFilter string `provider:"exclude-filter,omitempty"`
 	ExcludeType   string `provider:"exclude-type,omitempty"`
 	DialerProxy   string `provider:"dialer-proxy,omitempty"`
-	SizeLimit     int64  `provider:"size-limit,omitempty"`

-	HealthCheck healthCheckSchema   `provider:"health-check,omitempty"`
-	Override    OverrideSchema      `provider:"override,omitempty"`
-	Header      map[string][]string `provider:"header,omitempty"`
+	HealthCheck healthCheckSchema `provider:"health-check,omitempty"`
+	Override    OverrideSchema    `provider:"override,omitempty"`
 }

 func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvider, error) {
@@ -85,7 +63,7 @@ func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvide
 		return nil, err
 	}

-	expectedStatus, err := utils.NewUnsignedRanges[uint16](schema.HealthCheck.ExpectedStatus)
+	expectedStatus, err := utils.NewIntRanges[uint16](schema.HealthCheck.ExpectedStatus)
 	if err != nil {
 		return nil, err
 	}
@@ -97,7 +75,7 @@ func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvide
 		}
 		hcInterval = uint(schema.HealthCheck.Interval)
 	}
-	hc := NewHealthCheck([]C.Proxy{}, schema.HealthCheck.URL, uint(schema.HealthCheck.TestTimeout), hcInterval, schema.HealthCheck.Lazy, expectedStatus)
+	hc := NewHealthCheck([]C.Proxy{}, schema.HealthCheck.URL, hcInterval, schema.HealthCheck.Lazy, expectedStatus)

 	var vehicle types.Vehicle
 	switch schema.Type {
@@ -105,14 +83,16 @@ func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvide
 		path := C.Path.Resolve(schema.Path)
 		vehicle = resource.NewFileVehicle(path)
 	case "http":
-		path := C.Path.GetPathByHash("proxies", schema.URL)
 		if schema.Path != "" {
-			path = C.Path.Resolve(schema.Path)
-			if !C.Path.IsSafePath(path) {
+			path := C.Path.Resolve(schema.Path)
+			if !features.CMFA && !C.Path.IsSafePath(path) {
 				return nil, fmt.Errorf("%w: %s", errSubPath, path)
 			}
+			vehicle = resource.NewHTTPVehicle(schema.URL, path)
+		} else {
+			path := C.Path.GetPathByHash("proxies", schema.URL)
+			vehicle = resource.NewHTTPVehicle(schema.URL, path)
 		}
-		vehicle = resource.NewHTTPVehicle(schema.URL, path, schema.Proxy, schema.Header, resource.DefaultHttpTimeout, schema.SizeLimit)
 	default:
 		return nil, fmt.Errorf("%w: %s", errVehicleType, schema.Type)
 	}
--- a/adapter/provider/patch_android.go
+++ b/adapter/provider/patch_android.go
@@ -0,0 +1,36 @@
+//go:build android && cmfa
+
+package provider
+
+import (
+	"time"
+)
+
+var (
+	suspended bool
+)
+
+type UpdatableProvider interface {
+	UpdatedAt() time.Time
+}
+
+func (pp *proxySetProvider) UpdatedAt() time.Time {
+	return pp.Fetcher.UpdatedAt
+}
+
+func (pp *proxySetProvider) Close() error {
+	pp.healthCheck.close()
+	pp.Fetcher.Destroy()
+
+	return nil
+}
+
+func (cp *compatibleProvider) Close() error {
+	cp.healthCheck.close()
+
+	return nil
+}
+
+func Suspend(s bool) {
+	suspended = s
+}
--- a/adapter/provider/provider.go
+++ b/adapter/provider/provider.go
@@ -1,10 +1,11 @@
 package provider

 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
-	"reflect"
+	"net/http"
 	"runtime"
 	"strings"
 	"time"
@@ -12,10 +13,11 @@ import (
 	"github.com/metacubex/mihomo/adapter"
 	"github.com/metacubex/mihomo/common/convert"
 	"github.com/metacubex/mihomo/common/utils"
-	"github.com/metacubex/mihomo/component/profile/cachefile"
+	mihomoHttp "github.com/metacubex/mihomo/component/http"
 	"github.com/metacubex/mihomo/component/resource"
 	C "github.com/metacubex/mihomo/constant"
 	types "github.com/metacubex/mihomo/constant/provider"
+	"github.com/metacubex/mihomo/log"
 	"github.com/metacubex/mihomo/tunnel/statistic"

 	"github.com/dlclark/regexp2"
@@ -44,14 +46,19 @@ type proxySetProvider struct {
 }

 func (pp *proxySetProvider) MarshalJSON() ([]byte, error) {
+	expectedStatus := "*"
+	if pp.healthCheck.expectedStatus != nil {
+		expectedStatus = pp.healthCheck.expectedStatus.ToString()
+	}
+
 	return json.Marshal(map[string]any{
 		"name":             pp.Name(),
 		"type":             pp.Type().String(),
 		"vehicleType":      pp.VehicleType().String(),
 		"proxies":          pp.Proxies(),
 		"testUrl":          pp.healthCheck.url,
-		"expectedStatus":   pp.healthCheck.expectedStatus.String(),
-		"updatedAt":        pp.UpdatedAt(),
+		"expectedStatus":   expectedStatus,
+		"updatedAt":        pp.UpdatedAt,
 		"subscriptionInfo": pp.subscriptionInfo,
 	})
 }
@@ -69,18 +76,20 @@ func (pp *proxySetProvider) HealthCheck() {
 }

 func (pp *proxySetProvider) Update() error {
-	_, _, err := pp.Fetcher.Update()
+	elm, same, err := pp.Fetcher.Update()
+	if err == nil && !same {
+		pp.OnUpdate(elm)
+	}
 	return err
 }

 func (pp *proxySetProvider) Initial() error {
-	_, err := pp.Fetcher.Initial()
+	elm, err := pp.Fetcher.Initial()
 	if err != nil {
 		return err
 	}
-	if subscriptionInfo := cachefile.Cache().GetSubscriptionInfo(pp.Name()); subscriptionInfo != "" {
-		pp.SetSubscriptionInfo(subscriptionInfo)
-	}
+	pp.OnUpdate(elm)
+	pp.getSubscriptionInfo()
 	pp.closeAllConnections()
 	return nil
 }
@@ -93,18 +102,10 @@ func (pp *proxySetProvider) Proxies() []C.Proxy {
 	return pp.proxies
 }

-func (pp *proxySetProvider) Count() int {
-	return len(pp.proxies)
-}
-
 func (pp *proxySetProvider) Touch() {
 	pp.healthCheck.touch()
 }

-func (pp *proxySetProvider) HealthCheckURL() string {
-	return pp.healthCheck.url
-}
-
 func (pp *proxySetProvider) RegisterHealthCheckTask(url string, expectedStatus utils.IntRanges[uint16], filter string, interval uint) {
 	pp.healthCheck.registerHealthCheckTask(url, expectedStatus, filter, interval)
 }
@@ -117,14 +118,38 @@ func (pp *proxySetProvider) setProxies(proxies []C.Proxy) {
 	}
 }

-func (pp *proxySetProvider) SetSubscriptionInfo(userInfo string) {
-	pp.subscriptionInfo = NewSubscriptionInfo(userInfo)
-}
-
-func (pp *proxySetProvider) SetProvider(provider types.ProxyProvider) {
-	if httpVehicle, ok := pp.Vehicle().(*resource.HTTPVehicle); ok {
-		httpVehicle.SetProvider(provider)
+func (pp *proxySetProvider) getSubscriptionInfo() {
+	if pp.VehicleType() != types.HTTP {
+		return
 	}
+	go func() {
+		ctx, cancel := context.WithTimeout(context.Background(), time.Second*90)
+		defer cancel()
+		resp, err := mihomoHttp.HttpRequest(ctx, pp.Vehicle().(*resource.HTTPVehicle).Url(),
+			http.MethodGet, http.Header{"User-Agent": {C.UA}}, nil)
+		if err != nil {
+			return
+		}
+		defer resp.Body.Close()
+
+		userInfoStr := strings.TrimSpace(resp.Header.Get("subscription-userinfo"))
+		if userInfoStr == "" {
+			resp2, err := mihomoHttp.HttpRequest(ctx, pp.Vehicle().(*resource.HTTPVehicle).Url(),
+				http.MethodGet, http.Header{"User-Agent": {"Quantumultx"}}, nil)
+			if err != nil {
+				return
+			}
+			defer resp2.Body.Close()
+			userInfoStr = strings.TrimSpace(resp2.Header.Get("subscription-userinfo"))
+			if userInfoStr == "" {
+				return
+			}
+		}
+		pp.subscriptionInfo, err = NewSubscriptionInfo(userInfoStr)
+		if err != nil {
+			log.Warnln("[Provider] get subscription-userinfo: %e", err)
+		}
+	}()
 }

 func (pp *proxySetProvider) closeAllConnections() {
@@ -139,13 +164,13 @@ func (pp *proxySetProvider) closeAllConnections() {
 	})
 }

-func (pp *proxySetProvider) Close() error {
-	pp.healthCheck.close()
-	return pp.Fetcher.Close()
+func stopProxyProvider(pd *ProxySetProvider) {
+	pd.healthCheck.close()
+	_ = pd.Fetcher.Destroy()
 }

 func NewProxySetProvider(name string, interval time.Duration, filter string, excludeFilter string, excludeType string, dialerProxy string, override OverrideSchema, vehicle types.Vehicle, hc *HealthCheck) (*ProxySetProvider, error) {
-	excludeFilterReg, err := regexp2.Compile(excludeFilter, regexp2.None)
+	excludeFilterReg, err := regexp2.Compile(excludeFilter, 0)
 	if err != nil {
 		return nil, fmt.Errorf("invalid excludeFilter regex: %w", err)
 	}
@@ -156,7 +181,7 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, exc

 	var filterRegs []*regexp2.Regexp
 	for _, filter := range strings.Split(filter, "`") {
-		filterReg, err := regexp2.Compile(filter, regexp2.None)
+		filterReg, err := regexp2.Compile(filter, 0)
 		if err != nil {
 			return nil, fmt.Errorf("invalid filter regex: %w", err)
 		}
@@ -175,43 +200,35 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, exc
 	fetcher := resource.NewFetcher[[]C.Proxy](name, interval, vehicle, proxiesParseAndFilter(filter, excludeFilter, excludeTypeArray, filterRegs, excludeFilterReg, dialerProxy, override), proxiesOnUpdate(pd))
 	pd.Fetcher = fetcher
 	wrapper := &ProxySetProvider{pd}
-	if httpVehicle, ok := vehicle.(*resource.HTTPVehicle); ok {
-		httpVehicle.SetProvider(wrapper)
-	}
-	runtime.SetFinalizer(wrapper, (*ProxySetProvider).Close)
+	runtime.SetFinalizer(wrapper, stopProxyProvider)
 	return wrapper, nil
 }

-func (pp *ProxySetProvider) Close() error {
-	runtime.SetFinalizer(pp, nil)
-	return pp.proxySetProvider.Close()
-}
-
-func (pp *ProxySetProvider) SetProvider(provider types.ProxyProvider) {
-	pp.proxySetProvider.SetProvider(provider)
-}
-
 // CompatibleProvider for auto gc
 type CompatibleProvider struct {
 	*compatibleProvider
 }

 type compatibleProvider struct {
-	name             string
-	healthCheck      *HealthCheck
-	subscriptionInfo *SubscriptionInfo
-	proxies          []C.Proxy
-	version          uint32
+	name        string
+	healthCheck *HealthCheck
+	proxies     []C.Proxy
+	version     uint32
 }

 func (cp *compatibleProvider) MarshalJSON() ([]byte, error) {
+	expectedStatus := "*"
+	if cp.healthCheck.expectedStatus != nil {
+		expectedStatus = cp.healthCheck.expectedStatus.ToString()
+	}
+
 	return json.Marshal(map[string]any{
 		"name":           cp.Name(),
 		"type":           cp.Type().String(),
 		"vehicleType":    cp.VehicleType().String(),
 		"proxies":        cp.Proxies(),
 		"testUrl":        cp.healthCheck.url,
-		"expectedStatus": cp.healthCheck.expectedStatus.String(),
+		"expectedStatus": expectedStatus,
 	})
 }

@@ -250,29 +267,16 @@ func (cp *compatibleProvider) Proxies() []C.Proxy {
 	return cp.proxies
 }

-func (cp *compatibleProvider) Count() int {
-	return len(cp.proxies)
-}
-
 func (cp *compatibleProvider) Touch() {
 	cp.healthCheck.touch()
 }

-func (cp *compatibleProvider) HealthCheckURL() string {
-	return cp.healthCheck.url
-}
-
 func (cp *compatibleProvider) RegisterHealthCheckTask(url string, expectedStatus utils.IntRanges[uint16], filter string, interval uint) {
 	cp.healthCheck.registerHealthCheckTask(url, expectedStatus, filter, interval)
 }

-func (cp *compatibleProvider) Close() error {
-	cp.healthCheck.close()
-	return nil
-}
-
-func (cp *compatibleProvider) SetSubscriptionInfo(userInfo string) {
-	cp.subscriptionInfo = NewSubscriptionInfo(userInfo)
+func stopCompatibleProvider(pd *CompatibleProvider) {
+	pd.healthCheck.close()
 }

 func NewCompatibleProvider(name string, proxies []C.Proxy, hc *HealthCheck) (*CompatibleProvider, error) {
@@ -291,19 +295,15 @@ func NewCompatibleProvider(name string, proxies []C.Proxy, hc *HealthCheck) (*Co
 	}

 	wrapper := &CompatibleProvider{pd}
-	runtime.SetFinalizer(wrapper, (*CompatibleProvider).Close)
+	runtime.SetFinalizer(wrapper, stopCompatibleProvider)
 	return wrapper, nil
 }

-func (cp *CompatibleProvider) Close() error {
-	runtime.SetFinalizer(cp, nil)
-	return cp.compatibleProvider.Close()
-}
-
 func proxiesOnUpdate(pd *proxySetProvider) func([]C.Proxy) {
 	return func(elm []C.Proxy) {
 		pd.setProxies(elm)
 		pd.version += 1
+		pd.getSubscriptionInfo()
 	}
 }

@@ -358,12 +358,12 @@ func proxiesParseAndFilter(filter string, excludeFilter string, excludeTypeArray
 					continue
 				}
 				if len(excludeFilter) > 0 {
-					if mat, _ := excludeFilterReg.MatchString(name); mat {
+					if mat, _ := excludeFilterReg.FindStringMatch(name); mat != nil {
 						continue
 					}
 				}
 				if len(filter) > 0 {
-					if mat, _ := filterReg.MatchString(name); !mat {
+					if mat, _ := filterReg.FindStringMatch(name); mat == nil {
 						continue
 					}
 				}
@@ -375,33 +375,29 @@ func proxiesParseAndFilter(filter string, excludeFilter string, excludeTypeArray
 					mapping["dialer-proxy"] = dialerProxy
 				}

-				val := reflect.ValueOf(override)
-				for i := 0; i < val.NumField(); i++ {
-					field := val.Field(i)
-					if field.IsNil() {
-						continue
-					}
-					fieldName := strings.Split(val.Type().Field(i).Tag.Get("provider"), ",")[0]
-					switch fieldName {
-					case "additional-prefix":
-						name := mapping["name"].(string)
-						mapping["name"] = *field.Interface().(*string) + name
-					case "additional-suffix":
-						name := mapping["name"].(string)
-						mapping["name"] = name + *field.Interface().(*string)
-					case "proxy-name":
-						// Iterate through all naming replacement rules and perform the replacements.
-						for _, expr := range override.ProxyName {
-							name := mapping["name"].(string)
-							newName, err := expr.Pattern.Replace(name, expr.Target, 0, -1)
-							if err != nil {
-								return nil, fmt.Errorf("proxy name replace error: %w", err)
-							}
-							mapping["name"] = newName
-						}
-					default:
-						mapping[fieldName] = field.Elem().Interface()
-					}
+				if override.UDP != nil {
+					mapping["udp"] = *override.UDP
+				}
+				if override.Up != nil {
+					mapping["up"] = *override.Up
+				}
+				if override.Down != nil {
+					mapping["down"] = *override.Down
+				}
+				if override.DialerProxy != nil {
+					mapping["dialer-proxy"] = *override.DialerProxy
+				}
+				if override.SkipCertVerify != nil {
+					mapping["skip-cert-verify"] = *override.SkipCertVerify
+				}
+				if override.Interface != nil {
+					mapping["interface-name"] = *override.Interface
+				}
+				if override.RoutingMark != nil {
+					mapping["routing-mark"] = *override.RoutingMark
+				}
+				if override.IPVersion != nil {
+					mapping["ip-version"] = *override.IPVersion
 				}

 				proxy, err := adapter.ParseProxy(mapping)
--- a/adapter/provider/subscription_info.go
+++ b/adapter/provider/subscription_info.go
@@ -1,11 +1,8 @@
 package provider

 import (
-	"fmt"
 	"strconv"
 	"strings"
-
-	"github.com/metacubex/mihomo/log"
 )

 type SubscriptionInfo struct {
@@ -15,45 +12,28 @@ type SubscriptionInfo struct {
 	Expire   int64
 }

-func NewSubscriptionInfo(userinfo string) (si *SubscriptionInfo) {
-	userinfo = strings.ReplaceAll(strings.ToLower(userinfo), " ", "")
+func NewSubscriptionInfo(userinfo string) (si *SubscriptionInfo, err error) {
+	userinfo = strings.ToLower(userinfo)
+	userinfo = strings.ReplaceAll(userinfo, " ", "")
 	si = new(SubscriptionInfo)
-
 	for _, field := range strings.Split(userinfo, ";") {
-		name, value, ok := strings.Cut(field, "=")
-		if !ok {
-			continue
-		}
-
-		intValue, err := parseValue(value)
-		if err != nil {
-			log.Warnln("[Provider] get subscription-userinfo: %e", err)
-			continue
-		}
-
-		switch name {
+		switch name, value, _ := strings.Cut(field, "="); name {
 		case "upload":
-			si.Upload = intValue
+			si.Upload, err = strconv.ParseInt(value, 10, 64)
 		case "download":
-			si.Download = intValue
+			si.Download, err = strconv.ParseInt(value, 10, 64)
 		case "total":
-			si.Total = intValue
+			si.Total, err = strconv.ParseInt(value, 10, 64)
 		case "expire":
-			si.Expire = intValue
+			if value == "" {
+				si.Expire = 0
+			} else {
+				si.Expire, err = strconv.ParseInt(value, 10, 64)
+			}
+		}
+		if err != nil {
+			return
 		}
 	}
-
-	return si
-}
-
-func parseValue(value string) (int64, error) {
-	if intValue, err := strconv.ParseInt(value, 10, 64); err == nil {
-		return intValue, nil
-	}
-
-	if floatValue, err := strconv.ParseFloat(value, 64); err == nil {
-		return int64(floatValue), nil
-	}
-
-	return 0, fmt.Errorf("failed to parse value '%s'", value)
+	return
 }
--- a/android_tz.go
+++ b/android_tz.go
@@ -1,21 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// kanged from https://github.com/golang/mobile/blob/c713f31d574bb632a93f169b2cc99c9e753fef0e/app/android.go#L89
-
-package main
-
-// #include <time.h>
-import "C"
-import "time"
-
-func init() {
-	var currentT C.time_t
-	var currentTM C.struct_tm
-	C.time(&currentT)
-	C.localtime_r(&currentT, &currentTM)
-	tzOffset := int(currentTM.tm_gmtoff)
-	tz := C.GoString(currentTM.tm_zone)
-	time.Local = time.FixedZone(tz, tzOffset)
-}
--- a/common/arc/arc.go
+++ b/common/arc/arc.go
@@ -33,8 +33,15 @@ type ARC[K comparable, V any] struct {

 // New returns a new Adaptive Replacement Cache (ARC).
 func New[K comparable, V any](options ...Option[K, V]) *ARC[K, V] {
-	arc := &ARC[K, V]{}
-	arc.Clear()
+	arc := &ARC[K, V]{
+		p:     0,
+		t1:    list.New[*entry[K, V]](),
+		b1:    list.New[*entry[K, V]](),
+		t2:    list.New[*entry[K, V]](),
+		b2:    list.New[*entry[K, V]](),
+		len:   0,
+		cache: make(map[K]*entry[K, V]),
+	}

 	for _, option := range options {
 		option(arc)
@@ -42,19 +49,6 @@ func New[K comparable, V any](options ...Option[K, V]) *ARC[K, V] {
 	return arc
 }

-func (a *ARC[K, V]) Clear() {
-	a.mutex.Lock()
-	defer a.mutex.Unlock()
-
-	a.p = 0
-	a.t1 = list.New[*entry[K, V]]()
-	a.b1 = list.New[*entry[K, V]]()
-	a.t2 = list.New[*entry[K, V]]()
-	a.b2 = list.New[*entry[K, V]]()
-	a.len = 0
-	a.cache = make(map[K]*entry[K, V])
-}
-
 // Set inserts a new key-value pair into the cache.
 // This optimizes future access to this entry (side effect).
 func (a *ARC[K, V]) Set(key K, value V) {
--- a/common/atomic/value.go
+++ b/common/atomic/value.go
@@ -15,39 +15,28 @@ type TypedValue[T any] struct {
 	value atomic.Value
 }

-// tValue is a struct with determined type to resolve atomic.Value usages with interface types
-// https://github.com/golang/go/issues/22550
-//
-// The intention to have an atomic value store for errors. However, running this code panics:
-// panic: sync/atomic: store of inconsistently typed value into Value
-// This is because atomic.Value requires that the underlying concrete type be the same (which is a reasonable expectation for its implementation).
-// When going through the atomic.Value.Store method call, the fact that both these are of the error interface is lost.
-type tValue[T any] struct {
-	value T
-}
-
 func (t *TypedValue[T]) Load() T {
 	value := t.value.Load()
 	if value == nil {
 		return DefaultValue[T]()
 	}
-	return value.(tValue[T]).value
+	return value.(T)
 }

 func (t *TypedValue[T]) Store(value T) {
-	t.value.Store(tValue[T]{value})
+	t.value.Store(value)
 }

 func (t *TypedValue[T]) Swap(new T) T {
-	old := t.value.Swap(tValue[T]{new})
+	old := t.value.Swap(new)
 	if old == nil {
 		return DefaultValue[T]()
 	}
-	return old.(tValue[T]).value
+	return old.(T)
 }

 func (t *TypedValue[T]) CompareAndSwap(old, new T) bool {
-	return t.value.CompareAndSwap(tValue[T]{old}, tValue[T]{new})
+	return t.value.CompareAndSwap(old, new)
 }

 func (t *TypedValue[T]) MarshalJSON() ([]byte, error) {
--- a/common/convert/converter.go
+++ b/common/convert/converter.go
@@ -68,8 +68,7 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			hysteria["skip-cert-verify"], _ = strconv.ParseBool(query.Get("insecure"))

 			proxies = append(proxies, hysteria)
-
-		case "hysteria2", "hy2":
+		case "hysteria2":
 			urlHysteria2, err := url.Parse(line)
 			if err != nil {
 				continue
@@ -80,7 +79,7 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			hysteria2 := make(map[string]any, 20)

 			hysteria2["name"] = name
-			hysteria2["type"] = "hysteria2"
+			hysteria2["type"] = scheme
 			hysteria2["server"] = urlHysteria2.Hostname()
 			if port := urlHysteria2.Port(); port != "" {
 				hysteria2["port"] = port
@@ -102,7 +101,6 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			hysteria2["up"] = query.Get("up")

 			proxies = append(proxies, hysteria2)
-
 		case "tuic":
 			// A temporary unofficial TUIC share link standard
 			// Modified from https://github.com/daeuniverse/dae/discussions/182
@@ -145,7 +143,7 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			}

 			proxies = append(proxies, tuic)
-
+			
 		case "trojan":
 			urlTrojan, err := url.Parse(line)
 			if err != nil {
@@ -330,38 +328,15 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {

 				vmess["h2-opts"] = h2Opts

-			case "ws", "httpupgrade":
+			case "ws":
 				headers := make(map[string]any)
 				wsOpts := make(map[string]any)
-				wsOpts["path"] = "/"
+				wsOpts["path"] = []string{"/"}
 				if host, ok := values["host"]; ok && host != "" {
 					headers["Host"] = host.(string)
 				}
 				if path, ok := values["path"]; ok && path != "" {
-					path := path.(string)
-					pathURL, err := url.Parse(path)
-					if err == nil {
-						query := pathURL.Query()
-						if earlyData := query.Get("ed"); earlyData != "" {
-							med, err := strconv.Atoi(earlyData)
-							if err == nil {
-								switch network {
-								case "ws":
-									wsOpts["max-early-data"] = med
-									wsOpts["early-data-header-name"] = "Sec-WebSocket-Protocol"
-								case "httpupgrade":
-									wsOpts["v2ray-http-upgrade-fast-open"] = true
-								}
-								query.Del("ed")
-								pathURL.RawQuery = query.Encode()
-								path = pathURL.String()
-							}
-						}
-						if earlyDataHeader := query.Get("eh"); earlyDataHeader != "" {
-							wsOpts["early-data-header-name"] = earlyDataHeader
-						}
-					}
-					wsOpts["path"] = path
+					wsOpts["path"] = path.(string)
 				}
 				wsOpts["headers"] = headers
 				vmess["ws-opts"] = wsOpts
@@ -430,27 +405,14 @@ func ConvertsV2Ray(buf []byte) ([]map[string]any, error) {
 			if query.Get("udp-over-tcp") == "true" || query.Get("uot") == "1" {
 				ss["udp-over-tcp"] = true
 			}
-			plugin := query.Get("plugin")
-			if strings.Contains(plugin, ";") {
-				pluginInfo, _ := url.ParseQuery("pluginName=" + strings.ReplaceAll(plugin, ";", "&"))
-				pluginName := pluginInfo.Get("pluginName")
-				if strings.Contains(pluginName, "obfs") {
-					ss["plugin"] = "obfs"
-					ss["plugin-opts"] = map[string]any{
-						"mode": pluginInfo.Get("obfs"),
-						"host": pluginInfo.Get("obfs-host"),
-					}
-				} else if strings.Contains(pluginName, "v2ray-plugin") {
-					ss["plugin"] = "v2ray-plugin"
-					ss["plugin-opts"] = map[string]any{
-						"mode": pluginInfo.Get("mode"),
-						"host": pluginInfo.Get("host"),
-						"path": pluginInfo.Get("path"),
-						"tls":  strings.Contains(plugin, "tls"),
-					}
+			if strings.Contains(query.Get("plugin"), "obfs") {
+				obfsParams := strings.Split(query.Get("plugin"), ";")
+				ss["plugin"] = "obfs"
+				ss["plugin-opts"] = map[string]any{
+					"host": obfsParams[2][10:],
+					"mode": obfsParams[1][5:],
 				}
 			}
-
 			proxies = append(proxies, ss)

 		case "ssr":
--- a/common/convert/util.go
+++ b/common/convert/util.go
@@ -8,8 +8,8 @@ import (

 	"github.com/metacubex/mihomo/common/utils"

-	"github.com/metacubex/randv2"
 	"github.com/metacubex/sing-shadowsocks/shadowimpl"
+	"github.com/zhangyunhao116/fastrand"
 )

 var hostsSuffix = []string{
@@ -302,11 +302,11 @@ func RandHost() string {
 	prefix += string(buf[6:8]) + "-"
 	prefix += string(buf[len(buf)-8:])

-	return prefix + hostsSuffix[randv2.IntN(hostsLen)]
+	return prefix + hostsSuffix[fastrand.Intn(hostsLen)]
 }

 func RandUserAgent() string {
-	return userAgents[randv2.IntN(uaLen)]
+	return userAgents[fastrand.Intn(uaLen)]
 }

 func SetUserAgent(header http.Header) {
--- a/common/convert/v.go
+++ b/common/convert/v.go
@@ -100,7 +100,7 @@ func handleVShareLink(names map[string]int, url *url.URL, scheme string, proxy m
 		h2Opts["headers"] = headers
 		proxy["h2-opts"] = h2Opts

-	case "ws", "httpupgrade":
+	case "ws":
 		headers := make(map[string]any)
 		wsOpts := make(map[string]any)
 		headers["User-Agent"] = RandUserAgent()
@@ -113,13 +113,7 @@ func handleVShareLink(names map[string]int, url *url.URL, scheme string, proxy m
 			if err != nil {
 				return fmt.Errorf("bad WebSocket max early data size: %v", err)
 			}
-			switch network {
-			case "ws":
-				wsOpts["max-early-data"] = med
-				wsOpts["early-data-header-name"] = "Sec-WebSocket-Protocol"
-			case "httpupgrade":
-				wsOpts["v2ray-http-upgrade-fast-open"] = true
-			}
+			wsOpts["max-early-data"] = med
 		}
 		if earlyDataHeader := query.Get("eh"); earlyDataHeader != "" {
 			wsOpts["early-data-header-name"] = earlyDataHeader
--- a/common/lru/lrucache.go
+++ b/common/lru/lrucache.go
@@ -68,8 +68,10 @@ type LruCache[K comparable, V any] struct {

 // New creates an LruCache
 func New[K comparable, V any](options ...Option[K, V]) *LruCache[K, V] {
-	lc := &LruCache[K, V]{}
-	lc.Clear()
+	lc := &LruCache[K, V]{
+		lru:   list.New[*entry[K, V]](),
+		cache: make(map[K]*list.Element[*entry[K, V]]),
+	}

 	for _, option := range options {
 		option(lc)
@@ -78,14 +80,6 @@ func New[K comparable, V any](options ...Option[K, V]) *LruCache[K, V] {
 	return lc
 }

-func (c *LruCache[K, V]) Clear() {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-
-	c.lru = list.New[*entry[K, V]]()
-	c.cache = make(map[K]*list.Element[*entry[K, V]])
-}
-
 // Get returns any representation of a cached response and a bool
 // set to true if the key was found.
 func (c *LruCache[K, V]) Get(key K) (V, bool) {
@@ -229,10 +223,6 @@ func (c *LruCache[K, V]) Delete(key K) {
 	c.mu.Lock()
 	defer c.mu.Unlock()

-	c.delete(key)
-}
-
-func (c *LruCache[K, V]) delete(key K) {
 	if le, ok := c.cache[key]; ok {
 		c.deleteElement(le)
 	}
@@ -256,32 +246,13 @@ func (c *LruCache[K, V]) deleteElement(le *list.Element[*entry[K, V]]) {
 	}
 }

-// Compute either sets the computed new value for the key or deletes
-// the value for the key. When the delete result of the valueFn function
-// is set to true, the value will be deleted, if it exists. When delete
-// is set to false, the value is updated to the newValue.
-// The ok result indicates whether value was computed and stored, thus, is
-// present in the map. The actual result contains the new value in cases where
-// the value was computed and stored.
-func (c *LruCache[K, V]) Compute(
-	key K,
-	valueFn func(oldValue V, loaded bool) (newValue V, delete bool),
-) (actual V, ok bool) {
+func (c *LruCache[K, V]) Clear() error {
 	c.mu.Lock()
 	defer c.mu.Unlock()

-	if el := c.get(key); el != nil {
-		actual, ok = el.value, true
-	}
-	if newValue, del := valueFn(actual, ok); del {
-		if ok { // data not in cache, so needn't delete
-			c.delete(key)
-		}
-		return lo.Empty[V](), false
-	} else {
-		c.set(key, newValue)
-		return newValue, true
-	}
+	c.cache = make(map[K]*list.Element[*entry[K, V]])
+
+	return nil
 }

 type entry[K comparable, V any] struct {
--- a/common/net/deadline/conn.go
+++ b/common/net/deadline/conn.go
@@ -26,11 +26,6 @@ type Conn struct {
 	resultCh     chan *connReadResult
 }

-func IsConn(conn any) bool {
-	_, ok := conn.(*Conn)
-	return ok
-}
-
 func NewConn(conn net.Conn) *Conn {
 	c := &Conn{
 		ExtendedConn: bufio.NewExtendedConn(conn),
--- a/common/net/deadline/pipe_sing.go
+++ b/common/net/deadline/pipe_sing.go
@@ -1,222 +0,0 @@
-package deadline
-
-import (
-	"io"
-	"net"
-	"os"
-	"sync"
-	"time"
-
-	"github.com/sagernet/sing/common/buf"
-	N "github.com/sagernet/sing/common/network"
-)
-
-type pipeAddr struct{}
-
-func (pipeAddr) Network() string { return "pipe" }
-func (pipeAddr) String() string  { return "pipe" }
-
-type pipe struct {
-	wrMu sync.Mutex // Serialize Write operations
-
-	// Used by local Read to interact with remote Write.
-	// Successful receive on rdRx is always followed by send on rdTx.
-	rdRx <-chan []byte
-	rdTx chan<- int
-
-	// Used by local Write to interact with remote Read.
-	// Successful send on wrTx is always followed by receive on wrRx.
-	wrTx chan<- []byte
-	wrRx <-chan int
-
-	once       sync.Once // Protects closing localDone
-	localDone  chan struct{}
-	remoteDone <-chan struct{}
-
-	readDeadline  pipeDeadline
-	writeDeadline pipeDeadline
-
-	readWaitOptions N.ReadWaitOptions
-}
-
-// Pipe creates a synchronous, in-memory, full duplex
-// network connection; both ends implement the Conn interface.
-// Reads on one end are matched with writes on the other,
-// copying data directly between the two; there is no internal
-// buffering.
-func Pipe() (net.Conn, net.Conn) {
-	cb1 := make(chan []byte)
-	cb2 := make(chan []byte)
-	cn1 := make(chan int)
-	cn2 := make(chan int)
-	done1 := make(chan struct{})
-	done2 := make(chan struct{})
-
-	p1 := &pipe{
-		rdRx: cb1, rdTx: cn1,
-		wrTx: cb2, wrRx: cn2,
-		localDone: done1, remoteDone: done2,
-		readDeadline:  makePipeDeadline(),
-		writeDeadline: makePipeDeadline(),
-	}
-	p2 := &pipe{
-		rdRx: cb2, rdTx: cn2,
-		wrTx: cb1, wrRx: cn1,
-		localDone: done2, remoteDone: done1,
-		readDeadline:  makePipeDeadline(),
-		writeDeadline: makePipeDeadline(),
-	}
-	return p1, p2
-}
-
-func (*pipe) LocalAddr() net.Addr  { return pipeAddr{} }
-func (*pipe) RemoteAddr() net.Addr { return pipeAddr{} }
-
-func (p *pipe) Read(b []byte) (int, error) {
-	n, err := p.read(b)
-	if err != nil && err != io.EOF && err != io.ErrClosedPipe {
-		err = &net.OpError{Op: "read", Net: "pipe", Err: err}
-	}
-	return n, err
-}
-
-func (p *pipe) read(b []byte) (n int, err error) {
-	switch {
-	case isClosedChan(p.localDone):
-		return 0, io.ErrClosedPipe
-	case isClosedChan(p.remoteDone):
-		return 0, io.EOF
-	case isClosedChan(p.readDeadline.wait()):
-		return 0, os.ErrDeadlineExceeded
-	}
-
-	select {
-	case bw := <-p.rdRx:
-		nr := copy(b, bw)
-		p.rdTx <- nr
-		return nr, nil
-	case <-p.localDone:
-		return 0, io.ErrClosedPipe
-	case <-p.remoteDone:
-		return 0, io.EOF
-	case <-p.readDeadline.wait():
-		return 0, os.ErrDeadlineExceeded
-	}
-}
-
-func (p *pipe) Write(b []byte) (int, error) {
-	n, err := p.write(b)
-	if err != nil && err != io.ErrClosedPipe {
-		err = &net.OpError{Op: "write", Net: "pipe", Err: err}
-	}
-	return n, err
-}
-
-func (p *pipe) write(b []byte) (n int, err error) {
-	switch {
-	case isClosedChan(p.localDone):
-		return 0, io.ErrClosedPipe
-	case isClosedChan(p.remoteDone):
-		return 0, io.ErrClosedPipe
-	case isClosedChan(p.writeDeadline.wait()):
-		return 0, os.ErrDeadlineExceeded
-	}
-
-	p.wrMu.Lock() // Ensure entirety of b is written together
-	defer p.wrMu.Unlock()
-	for once := true; once || len(b) > 0; once = false {
-		select {
-		case p.wrTx <- b:
-			nw := <-p.wrRx
-			b = b[nw:]
-			n += nw
-		case <-p.localDone:
-			return n, io.ErrClosedPipe
-		case <-p.remoteDone:
-			return n, io.ErrClosedPipe
-		case <-p.writeDeadline.wait():
-			return n, os.ErrDeadlineExceeded
-		}
-	}
-	return n, nil
-}
-
-func (p *pipe) SetDeadline(t time.Time) error {
-	if isClosedChan(p.localDone) || isClosedChan(p.remoteDone) {
-		return io.ErrClosedPipe
-	}
-	p.readDeadline.set(t)
-	p.writeDeadline.set(t)
-	return nil
-}
-
-func (p *pipe) SetReadDeadline(t time.Time) error {
-	if isClosedChan(p.localDone) || isClosedChan(p.remoteDone) {
-		return io.ErrClosedPipe
-	}
-	p.readDeadline.set(t)
-	return nil
-}
-
-func (p *pipe) SetWriteDeadline(t time.Time) error {
-	if isClosedChan(p.localDone) || isClosedChan(p.remoteDone) {
-		return io.ErrClosedPipe
-	}
-	p.writeDeadline.set(t)
-	return nil
-}
-
-func (p *pipe) Close() error {
-	p.once.Do(func() { close(p.localDone) })
-	return nil
-}
-
-var _ N.ReadWaiter = (*pipe)(nil)
-
-func (p *pipe) InitializeReadWaiter(options N.ReadWaitOptions) (needCopy bool) {
-	p.readWaitOptions = options
-	return false
-}
-
-func (p *pipe) WaitReadBuffer() (buffer *buf.Buffer, err error) {
-	buffer, err = p.waitReadBuffer()
-	if err != nil && err != io.EOF && err != io.ErrClosedPipe {
-		err = &net.OpError{Op: "read", Net: "pipe", Err: err}
-	}
-	return
-}
-
-func (p *pipe) waitReadBuffer() (buffer *buf.Buffer, err error) {
-	switch {
-	case isClosedChan(p.localDone):
-		return nil, io.ErrClosedPipe
-	case isClosedChan(p.remoteDone):
-		return nil, io.EOF
-	case isClosedChan(p.readDeadline.wait()):
-		return nil, os.ErrDeadlineExceeded
-	}
-	select {
-	case bw := <-p.rdRx:
-		buffer = p.readWaitOptions.NewBuffer()
-		var nr int
-		nr, err = buffer.Write(bw)
-		if err != nil {
-			buffer.Release()
-			return
-		}
-		p.readWaitOptions.PostReturn(buffer)
-		p.rdTx <- nr
-		return
-	case <-p.localDone:
-		return nil, io.ErrClosedPipe
-	case <-p.remoteDone:
-		return nil, io.EOF
-	case <-p.readDeadline.wait():
-		return nil, os.ErrDeadlineExceeded
-	}
-}
-
-func IsPipe(conn any) bool {
-	_, ok := conn.(*pipe)
-	return ok
-}
--- a/common/net/earlyconn.go
+++ b/common/net/earlyconn.go
@@ -3,9 +3,10 @@ package net
 import (
 	"net"
 	"sync"
+	"sync/atomic"
+	"unsafe"

 	"github.com/metacubex/mihomo/common/buf"
-	"github.com/metacubex/mihomo/common/once"
 )

 type earlyConn struct {
@@ -43,7 +44,8 @@ func (conn *earlyConn) Upstream() any {
 }

 func (conn *earlyConn) Success() bool {
-	return once.Done(&conn.resOnce) && conn.resErr == nil
+	// atomic visit sync.Once.done
+	return atomic.LoadUint32((*uint32)(unsafe.Pointer(&conn.resOnce))) == 1 && conn.resErr == nil
 }

 func (conn *earlyConn) ReaderReplaceable() bool {
--- a/common/net/sing.go
+++ b/common/net/sing.go
@@ -23,12 +23,6 @@ type ExtendedReader = network.ExtendedReader
 var WriteBuffer = bufio.WriteBuffer

 func NewDeadlineConn(conn net.Conn) ExtendedConn {
-	if deadline.IsPipe(conn) || deadline.IsPipe(network.UnwrapReader(conn)) {
-		return NewExtendedConn(conn) // pipe always have correctly deadline implement
-	}
-	if deadline.IsConn(conn) || deadline.IsConn(network.UnwrapReader(conn)) {
-		return NewExtendedConn(conn) // was a *deadline.Conn
-	}
 	return deadline.NewConn(conn)
 }

@@ -41,8 +35,6 @@ func NeedHandshake(conn any) bool {

 type CountFunc = network.CountFunc

-var Pipe = deadline.Pipe
-
 // Relay copies between left and right bidirectionally.
 func Relay(leftConn, rightConn net.Conn) {
 	defer runtime.KeepAlive(leftConn)
--- a/common/net/tcpip.go
+++ b/common/net/tcpip.go
@@ -4,8 +4,11 @@ import (
 	"fmt"
 	"net"
 	"strings"
+	"time"
 )

+var KeepAliveInterval = 15 * time.Second
+
 func SplitNetworkType(s string) (string, string, error) {
 	var (
 		shecme   string
@@ -44,3 +47,10 @@ func SplitHostPort(s string) (host, port string, hasPort bool, err error) {
 	host, port, err = net.SplitHostPort(temp)
 	return
 }
+
+func TCPKeepAlive(c net.Conn) {
+	if tcp, ok := c.(*net.TCPConn); ok {
+		_ = tcp.SetKeepAlive(true)
+		_ = tcp.SetKeepAlivePeriod(KeepAliveInterval)
+	}
+}
--- a/common/nnip/netip.go
+++ b/common/nnip/netip.go
@@ -51,23 +51,3 @@ func UnMasked(p netip.Prefix) netip.Addr {
 	}
 	return addr
 }
-
-// PrefixCompare returns an integer comparing two prefixes.
-// The result will be 0 if p == p2, -1 if p < p2, and +1 if p > p2.
-// modify from https://github.com/golang/go/issues/61642#issuecomment-1848587909
-func PrefixCompare(p, p2 netip.Prefix) int {
-	// compare by validity, address family and prefix base address
-	if c := p.Masked().Addr().Compare(p2.Masked().Addr()); c != 0 {
-		return c
-	}
-	// compare by prefix length
-	f1, f2 := p.Bits(), p2.Bits()
-	if f1 < f2 {
-		return -1
-	}
-	if f1 > f2 {
-		return 1
-	}
-	// compare by prefix address
-	return p.Addr().Compare(p2.Addr())
-}
--- a/common/once/once_go120.go
+++ b/common/once/once_go120.go
@@ -1,26 +0,0 @@
-//go:build !go1.22
-
-package once
-
-import (
-	"sync"
-	"sync/atomic"
-	"unsafe"
-)
-
-type Once struct {
-	done uint32
-	m    sync.Mutex
-}
-
-func Done(once *sync.Once) bool {
-	// atomic visit sync.Once.done
-	return atomic.LoadUint32((*uint32)(unsafe.Pointer(once))) == 1
-}
-
-func Reset(once *sync.Once) {
-	o := (*Once)(unsafe.Pointer(once))
-	o.m.Lock()
-	defer o.m.Unlock()
-	atomic.StoreUint32(&o.done, 0)
-}
--- a/common/once/once_go122.go
+++ b/common/once/once_go122.go
@@ -1,26 +0,0 @@
-//go:build go1.22
-
-package once
-
-import (
-	"sync"
-	"sync/atomic"
-	"unsafe"
-)
-
-type Once struct {
-	done atomic.Uint32
-	m    sync.Mutex
-}
-
-func Done(once *sync.Once) bool {
-	// atomic visit sync.Once.done
-	return (*atomic.Uint32)(unsafe.Pointer(once)).Load() == 1
-}
-
-func Reset(once *sync.Once) {
-	o := (*Once)(unsafe.Pointer(once))
-	o.m.Lock()
-	defer o.m.Unlock()
-	o.done.Store(0)
-}
--- a/common/pool/alloc_test.go
+++ b/common/pool/alloc_test.go
@@ -3,8 +3,8 @@ package pool
 import (
 	"testing"

-	"github.com/metacubex/randv2"
 	"github.com/stretchr/testify/assert"
+	"github.com/zhangyunhao116/fastrand"
 )

 func TestAllocGet(t *testing.T) {
@@ -43,6 +43,6 @@ func TestAllocPutThenGet(t *testing.T) {

 func BenchmarkMSB(b *testing.B) {
 	for i := 0; i < b.N; i++ {
-		msb(randv2.Int())
+		msb(fastrand.Int())
 	}
 }
--- a/common/queue/queue.go
+++ b/common/queue/queue.go
@@ -59,8 +59,8 @@ func (q *Queue[T]) Copy() []T {

 // Len returns the number of items in this queue.
 func (q *Queue[T]) Len() int64 {
-	q.lock.RLock()
-	defer q.lock.RUnlock()
+	q.lock.Lock()
+	defer q.lock.Unlock()

 	return int64(len(q.items))
 }
--- a/common/singleflight/singleflight.go
+++ b/common/singleflight/singleflight.go
@@ -1,224 +0,0 @@
-// copy and modify from "golang.org/x/sync/singleflight"
-
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package singleflight provides a duplicate function call suppression
-// mechanism.
-package singleflight
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"runtime"
-	"runtime/debug"
-	"sync"
-)
-
-// errGoexit indicates the runtime.Goexit was called in
-// the user given function.
-var errGoexit = errors.New("runtime.Goexit was called")
-
-// A panicError is an arbitrary value recovered from a panic
-// with the stack trace during the execution of given function.
-type panicError struct {
-	value interface{}
-	stack []byte
-}
-
-// Error implements error interface.
-func (p *panicError) Error() string {
-	return fmt.Sprintf("%v\n\n%s", p.value, p.stack)
-}
-
-func (p *panicError) Unwrap() error {
-	err, ok := p.value.(error)
-	if !ok {
-		return nil
-	}
-
-	return err
-}
-
-func newPanicError(v interface{}) error {
-	stack := debug.Stack()
-
-	// The first line of the stack trace is of the form "goroutine N [status]:"
-	// but by the time the panic reaches Do the goroutine may no longer exist
-	// and its status will have changed. Trim out the misleading line.
-	if line := bytes.IndexByte(stack[:], '\n'); line >= 0 {
-		stack = stack[line+1:]
-	}
-	return &panicError{value: v, stack: stack}
-}
-
-// call is an in-flight or completed singleflight.Do call
-type call[T any] struct {
-	wg sync.WaitGroup
-
-	// These fields are written once before the WaitGroup is done
-	// and are only read after the WaitGroup is done.
-	val T
-	err error
-
-	// These fields are read and written with the singleflight
-	// mutex held before the WaitGroup is done, and are read but
-	// not written after the WaitGroup is done.
-	dups  int
-	chans []chan<- Result[T]
-}
-
-// Group represents a class of work and forms a namespace in
-// which units of work can be executed with duplicate suppression.
-type Group[T any] struct {
-	mu sync.Mutex          // protects m
-	m  map[string]*call[T] // lazily initialized
-
-	StoreResult bool
-}
-
-// Result holds the results of Do, so they can be passed
-// on a channel.
-type Result[T any] struct {
-	Val    T
-	Err    error
-	Shared bool
-}
-
-// Do executes and returns the results of the given function, making
-// sure that only one execution is in-flight for a given key at a
-// time. If a duplicate comes in, the duplicate caller waits for the
-// original to complete and receives the same results.
-// The return value shared indicates whether v was given to multiple callers.
-func (g *Group[T]) Do(key string, fn func() (T, error)) (v T, err error, shared bool) {
-	g.mu.Lock()
-	if g.m == nil {
-		g.m = make(map[string]*call[T])
-	}
-	if c, ok := g.m[key]; ok {
-		c.dups++
-		g.mu.Unlock()
-		c.wg.Wait()
-
-		if e, ok := c.err.(*panicError); ok {
-			panic(e)
-		} else if c.err == errGoexit {
-			runtime.Goexit()
-		}
-		return c.val, c.err, true
-	}
-	c := new(call[T])
-	c.wg.Add(1)
-	g.m[key] = c
-	g.mu.Unlock()
-
-	g.doCall(c, key, fn)
-	return c.val, c.err, c.dups > 0
-}
-
-// DoChan is like Do but returns a channel that will receive the
-// results when they are ready.
-//
-// The returned channel will not be closed.
-func (g *Group[T]) DoChan(key string, fn func() (T, error)) <-chan Result[T] {
-	ch := make(chan Result[T], 1)
-	g.mu.Lock()
-	if g.m == nil {
-		g.m = make(map[string]*call[T])
-	}
-	if c, ok := g.m[key]; ok {
-		c.dups++
-		c.chans = append(c.chans, ch)
-		g.mu.Unlock()
-		return ch
-	}
-	c := &call[T]{chans: []chan<- Result[T]{ch}}
-	c.wg.Add(1)
-	g.m[key] = c
-	g.mu.Unlock()
-
-	go g.doCall(c, key, fn)
-
-	return ch
-}
-
-// doCall handles the single call for a key.
-func (g *Group[T]) doCall(c *call[T], key string, fn func() (T, error)) {
-	normalReturn := false
-	recovered := false
-
-	// use double-defer to distinguish panic from runtime.Goexit,
-	// more details see https://golang.org/cl/134395
-	defer func() {
-		// the given function invoked runtime.Goexit
-		if !normalReturn && !recovered {
-			c.err = errGoexit
-		}
-
-		g.mu.Lock()
-		defer g.mu.Unlock()
-		c.wg.Done()
-		if g.m[key] == c && !g.StoreResult {
-			delete(g.m, key)
-		}
-
-		if e, ok := c.err.(*panicError); ok {
-			// In order to prevent the waiting channels from being blocked forever,
-			// needs to ensure that this panic cannot be recovered.
-			if len(c.chans) > 0 {
-				go panic(e)
-				select {} // Keep this goroutine around so that it will appear in the crash dump.
-			} else {
-				panic(e)
-			}
-		} else if c.err == errGoexit {
-			// Already in the process of goexit, no need to call again
-		} else {
-			// Normal return
-			for _, ch := range c.chans {
-				ch <- Result[T]{c.val, c.err, c.dups > 0}
-			}
-		}
-	}()
-
-	func() {
-		defer func() {
-			if !normalReturn {
-				// Ideally, we would wait to take a stack trace until we've determined
-				// whether this is a panic or a runtime.Goexit.
-				//
-				// Unfortunately, the only way we can distinguish the two is to see
-				// whether the recover stopped the goroutine from terminating, and by
-				// the time we know that, the part of the stack trace relevant to the
-				// panic has been discarded.
-				if r := recover(); r != nil {
-					c.err = newPanicError(r)
-				}
-			}
-		}()
-
-		c.val, c.err = fn()
-		normalReturn = true
-	}()
-
-	if !normalReturn {
-		recovered = true
-	}
-}
-
-// Forget tells the singleflight to forget about a key.  Future calls
-// to Do for this key will call the function rather than waiting for
-// an earlier call to complete.
-func (g *Group[T]) Forget(key string) {
-	g.mu.Lock()
-	delete(g.m, key)
-	g.mu.Unlock()
-}
-
-func (g *Group[T]) Reset() {
-	g.mu.Lock()
-	g.m = nil
-	g.mu.Unlock()
-}
--- a/common/structure/structure.go
+++ b/common/structure/structure.go
@@ -3,7 +3,6 @@ package structure
 // references: https://github.com/mitchellh/mapstructure

 import (
-	"encoding"
 	"encoding/base64"
 	"fmt"
 	"reflect"
@@ -87,41 +86,35 @@ func (d *Decoder) Decode(src map[string]any, dst any) error {
 }

 func (d *Decoder) decode(name string, data any, val reflect.Value) error {
-	for {
-		kind := val.Kind()
-		if kind == reflect.Pointer && val.IsNil() {
+	kind := val.Kind()
+	switch {
+	case isInt(kind):
+		return d.decodeInt(name, data, val)
+	case isUint(kind):
+		return d.decodeUint(name, data, val)
+	case isFloat(kind):
+		return d.decodeFloat(name, data, val)
+	}
+	switch kind {
+	case reflect.Pointer:
+		if val.IsNil() {
 			val.Set(reflect.New(val.Type().Elem()))
 		}
-		if ok, err := d.decodeTextUnmarshaller(name, data, val); ok {
-			return err
-		}
-		switch {
-		case isInt(kind):
-			return d.decodeInt(name, data, val)
-		case isUint(kind):
-			return d.decodeUint(name, data, val)
-		case isFloat(kind):
-			return d.decodeFloat(name, data, val)
-		}
-		switch kind {
-		case reflect.Pointer:
-			val = val.Elem()
-			continue
-		case reflect.String:
-			return d.decodeString(name, data, val)
-		case reflect.Bool:
-			return d.decodeBool(name, data, val)
-		case reflect.Slice:
-			return d.decodeSlice(name, data, val)
-		case reflect.Map:
-			return d.decodeMap(name, data, val)
-		case reflect.Interface:
-			return d.setInterface(name, data, val)
-		case reflect.Struct:
-			return d.decodeStruct(name, data, val)
-		default:
-			return fmt.Errorf("type %s not support", val.Kind().String())
-		}
+		return d.decode(name, data, val.Elem())
+	case reflect.String:
+		return d.decodeString(name, data, val)
+	case reflect.Bool:
+		return d.decodeBool(name, data, val)
+	case reflect.Slice:
+		return d.decodeSlice(name, data, val)
+	case reflect.Map:
+		return d.decodeMap(name, data, val)
+	case reflect.Interface:
+		return d.setInterface(name, data, val)
+	case reflect.Struct:
+		return d.decodeStruct(name, data, val)
+	default:
+		return fmt.Errorf("type %s not support", val.Kind().String())
 	}
 }

@@ -560,25 +553,3 @@ func (d *Decoder) setInterface(name string, data any, val reflect.Value) (err er
 	val.Set(dataVal)
 	return nil
 }
-
-func (d *Decoder) decodeTextUnmarshaller(name string, data any, val reflect.Value) (bool, error) {
-	if !val.CanAddr() {
-		return false, nil
-	}
-	valAddr := val.Addr()
-	if !valAddr.CanInterface() {
-		return false, nil
-	}
-	unmarshaller, ok := valAddr.Interface().(encoding.TextUnmarshaler)
-	if !ok {
-		return false, nil
-	}
-	var str string
-	if err := d.decodeString(name, data, reflect.Indirect(reflect.ValueOf(&str))); err != nil {
-		return false, err
-	}
-	if err := unmarshaller.UnmarshalText([]byte(str)); err != nil {
-		return true, fmt.Errorf("cannot parse '%s' as %s: %s", name, val.Type(), err)
-	}
-	return true, nil
-}
--- a/common/structure/structure_test.go
+++ b/common/structure/structure_test.go
@@ -1,7 +1,6 @@
 package structure

 import (
-	"strconv"
 	"testing"

 	"github.com/stretchr/testify/assert"
@@ -180,90 +179,3 @@ func TestStructure_SliceNilValueComplex(t *testing.T) {
 	err = decoder.Decode(rawMap, ss)
 	assert.NotNil(t, err)
 }
-
-func TestStructure_SliceCap(t *testing.T) {
-	rawMap := map[string]any{
-		"foo": []string{},
-	}
-
-	s := &struct {
-		Foo []string `test:"foo,omitempty"`
-		Bar []string `test:"bar,omitempty"`
-	}{}
-
-	err := decoder.Decode(rawMap, s)
-	assert.Nil(t, err)
-	assert.NotNil(t, s.Foo) // structure's Decode will ensure value not nil when input has value even it was set an empty array
-	assert.Nil(t, s.Bar)
-}
-
-func TestStructure_Base64(t *testing.T) {
-	rawMap := map[string]any{
-		"foo": "AQID",
-	}
-
-	s := &struct {
-		Foo []byte `test:"foo"`
-	}{}
-
-	err := decoder.Decode(rawMap, s)
-	assert.Nil(t, err)
-	assert.Equal(t, []byte{1, 2, 3}, s.Foo)
-}
-
-func TestStructure_Pointer(t *testing.T) {
-	rawMap := map[string]any{
-		"foo": "foo",
-	}
-
-	s := &struct {
-		Foo *string `test:"foo,omitempty"`
-		Bar *string `test:"bar,omitempty"`
-	}{}
-
-	err := decoder.Decode(rawMap, s)
-	assert.Nil(t, err)
-	assert.NotNil(t, s.Foo)
-	assert.Equal(t, "foo", *s.Foo)
-	assert.Nil(t, s.Bar)
-}
-
-type num struct {
-	a int
-}
-
-func (n *num) UnmarshalText(text []byte) (err error) {
-	n.a, err = strconv.Atoi(string(text))
-	return
-}
-
-func TestStructure_TextUnmarshaller(t *testing.T) {
-	rawMap := map[string]any{
-		"num":   "255",
-		"num_p": "127",
-	}
-
-	s := &struct {
-		Num  num  `test:"num"`
-		NumP *num `test:"num_p"`
-	}{}
-
-	err := decoder.Decode(rawMap, s)
-	assert.Nil(t, err)
-	assert.Equal(t, 255, s.Num.a)
-	assert.NotNil(t, s.NumP)
-	assert.Equal(t, s.NumP.a, 127)
-
-	// test WeaklyTypedInput
-	rawMap["num"] = 256
-	err = decoder.Decode(rawMap, s)
-	assert.NotNilf(t, err, "should throw error: %#v", s)
-	err = weakTypeDecoder.Decode(rawMap, s)
-	assert.Nil(t, err)
-	assert.Equal(t, 256, s.Num.a)
-
-	// test invalid input
-	rawMap["num_p"] = "abc"
-	err = decoder.Decode(rawMap, s)
-	assert.NotNilf(t, err, "should throw error: %#v", s)
-}
--- a/common/utils/callback.go
+++ b/common/utils/callback.go
@@ -1,50 +0,0 @@
-package utils
-
-import (
-	"io"
-	"sync"
-
-	list "github.com/bahlo/generic-list-go"
-)
-
-type Callback[T any] struct {
-	list  list.List[func(T)]
-	mutex sync.RWMutex
-}
-
-func NewCallback[T any]() *Callback[T] {
-	return &Callback[T]{}
-}
-
-func (c *Callback[T]) Register(item func(T)) io.Closer {
-	c.mutex.Lock()
-	defer c.mutex.Unlock()
-	element := c.list.PushBack(item)
-	return &callbackCloser[T]{
-		element:  element,
-		callback: c,
-	}
-}
-
-func (c *Callback[T]) Emit(item T) {
-	c.mutex.RLock()
-	defer c.mutex.RUnlock()
-	for element := c.list.Front(); element != nil; element = element.Next() {
-		go element.Value(item)
-	}
-}
-
-type callbackCloser[T any] struct {
-	element  *list.Element[func(T)]
-	callback *Callback[T]
-	once     sync.Once
-}
-
-func (c *callbackCloser[T]) Close() error {
-	c.once.Do(func() {
-		c.callback.mutex.Lock()
-		defer c.callback.mutex.Unlock()
-		c.callback.list.Remove(c.element)
-	})
-	return nil
-}
--- a/common/utils/hash.go
+++ b/common/utils/hash.go
@@ -1,62 +0,0 @@
-package utils
-
-import (
-	"crypto/md5"
-	"encoding/hex"
-	"errors"
-)
-
-// HashType warps hash array inside struct
-// someday can change to other hash algorithm simply
-type HashType struct {
-	md5 [md5.Size]byte // MD5
-}
-
-func MakeHash(data []byte) HashType {
-	return HashType{md5.Sum(data)}
-}
-
-func (h HashType) Equal(hash HashType) bool {
-	return h.md5 == hash.md5
-}
-
-func (h HashType) Bytes() []byte {
-	return h.md5[:]
-}
-
-func (h HashType) String() string {
-	return hex.EncodeToString(h.Bytes())
-}
-
-func (h HashType) MarshalText() ([]byte, error) {
-	return []byte(h.String()), nil
-}
-
-func (h *HashType) UnmarshalText(data []byte) error {
-	if hex.DecodedLen(len(data)) != md5.Size {
-		return errors.New("invalid hash length")
-	}
-	_, err := hex.Decode(h.md5[:], data)
-	return err
-}
-
-func (h HashType) MarshalBinary() ([]byte, error) {
-	return h.md5[:], nil
-}
-
-func (h *HashType) UnmarshalBinary(data []byte) error {
-	if len(data) != md5.Size {
-		return errors.New("invalid hash length")
-	}
-	copy(h.md5[:], data)
-	return nil
-}
-
-func (h HashType) Len() int {
-	return len(h.md5)
-}
-
-func (h HashType) IsValid() bool {
-	var zero HashType
-	return h != zero
-}
--- a/common/utils/ranges.go
+++ b/common/utils/ranges.go
@@ -13,24 +13,22 @@ type IntRanges[T constraints.Integer] []Range[T]

 var errIntRanges = errors.New("intRanges error")

-func newIntRanges[T constraints.Integer](expected string, parseFn func(string) (T, error)) (IntRanges[T], error) {
+func NewIntRanges[T constraints.Integer](expected string) (IntRanges[T], error) {
 	// example: 200 or 200/302 or 200-400 or 200/204/401-429/501-503
 	expected = strings.TrimSpace(expected)
 	if len(expected) == 0 || expected == "*" {
 		return nil, nil
 	}

-	// support: 200,302 or 200,204,401-429,501-503
-	expected = strings.ReplaceAll(expected, ",", "/")
 	list := strings.Split(expected, "/")
 	if len(list) > 28 {
 		return nil, fmt.Errorf("%w, too many ranges to use, maximum support 28 ranges", errIntRanges)
 	}

-	return newIntRangesFromList[T](list, parseFn)
+	return NewIntRangesFromList[T](list)
 }

-func newIntRangesFromList[T constraints.Integer](list []string, parseFn func(string) (T, error)) (IntRanges[T], error) {
+func NewIntRangesFromList[T constraints.Integer](list []string) (IntRanges[T], error) {
 	var ranges IntRanges[T]
 	for _, s := range list {
 		if s == "" {
@@ -43,16 +41,16 @@ func newIntRangesFromList[T constraints.Integer](list []string, parseFn func(str
 			return nil, errIntRanges
 		}

-		start, err := parseFn(strings.Trim(status[0], "[ ]"))
+		start, err := strconv.ParseInt(strings.Trim(status[0], "[ ]"), 10, 64)
 		if err != nil {
 			return nil, errIntRanges
 		}

 		switch statusLen {
-		case 1: // Port range
+		case 1:
 			ranges = append(ranges, NewRange(T(start), T(start)))
-		case 2: // Single port
-			end, err := parseFn(strings.Trim(status[1], "[ ]"))
+		case 2:
+			end, err := strconv.ParseUint(strings.Trim(status[1], "[ ]"), 10, 64)
 			if err != nil {
 				return nil, errIntRanges
 			}
@@ -64,38 +62,6 @@ func newIntRangesFromList[T constraints.Integer](list []string, parseFn func(str
 	return ranges, nil
 }

-func parseUnsigned[T constraints.Unsigned](s string) (T, error) {
-	if val, err := strconv.ParseUint(s, 10, 64); err == nil {
-		return T(val), nil
-	} else {
-		return 0, err
-	}
-}
-
-func NewUnsignedRanges[T constraints.Unsigned](expected string) (IntRanges[T], error) {
-	return newIntRanges(expected, parseUnsigned[T])
-}
-
-func NewUnsignedRangesFromList[T constraints.Unsigned](list []string) (IntRanges[T], error) {
-	return newIntRangesFromList(list, parseUnsigned[T])
-}
-
-func parseSigned[T constraints.Signed](s string) (T, error) {
-	if val, err := strconv.ParseInt(s, 10, 64); err == nil {
-		return T(val), nil
-	} else {
-		return 0, err
-	}
-}
-
-func NewSignedRanges[T constraints.Signed](expected string) (IntRanges[T], error) {
-	return newIntRanges(expected, parseSigned[T])
-}
-
-func NewSignedRangesFromList[T constraints.Signed](list []string) (IntRanges[T], error) {
-	return newIntRangesFromList(list, parseSigned[T])
-}
-
 func (ranges IntRanges[T]) Check(status T) bool {
 	if len(ranges) == 0 {
 		return true
@@ -110,7 +76,7 @@ func (ranges IntRanges[T]) Check(status T) bool {
 	return false
 }

-func (ranges IntRanges[T]) String() string {
+func (ranges IntRanges[T]) ToString() string {
 	if len(ranges) == 0 {
 		return "*"
 	}
@@ -132,17 +98,3 @@ func (ranges IntRanges[T]) String() string {

 	return strings.Join(terms, "/")
 }
-
-func (ranges IntRanges[T]) Range(f func(t T) bool) {
-	if len(ranges) == 0 {
-		return
-	}
-
-	for _, r := range ranges {
-		for i := r.Start(); i <= r.End(); i++ {
-			if !f(i) {
-				return
-			}
-		}
-	}
-}
--- a/common/utils/uuid.go
+++ b/common/utils/uuid.go
@@ -2,39 +2,19 @@ package utils

 import (
 	"github.com/gofrs/uuid/v5"
-	"github.com/metacubex/randv2"
+	"github.com/zhangyunhao116/fastrand"
 )

-type unsafeRandReader struct{}
+type fastRandReader struct{}

-func (r unsafeRandReader) Read(p []byte) (n int, err error) {
-	// modify from https://github.com/golang/go/blob/587c3847da81aa7cfc3b3db2677c8586c94df13a/src/runtime/rand.go#L70-L89
-	// Inspired by wyrand.
-	n = len(p)
-	v := randv2.Uint64()
-	for len(p) > 0 {
-		v ^= 0xa0761d6478bd642f
-		v *= 0xe7037ed1a0b428db
-		size := 8
-		if len(p) < 8 {
-			size = len(p)
-		}
-		for i := 0; i < size; i++ {
-			p[i] ^= byte(v >> (8 * i))
-		}
-		p = p[size:]
-		v = v>>32 | v<<32
-	}
-
-	return
+func (r fastRandReader) Read(p []byte) (int, error) {
+	return fastrand.Read(p)
 }

-var UnsafeRandReader = unsafeRandReader{}
-
-var UnsafeUUIDGenerator = uuid.NewGenWithOptions(uuid.WithRandomReader(UnsafeRandReader))
+var UnsafeUUIDGenerator = uuid.NewGenWithOptions(uuid.WithRandomReader(fastRandReader{}))

 func NewUUIDV1() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV1() // unsafeRandReader wouldn't cause error, so ignore err is safe
+	u, _ := UnsafeUUIDGenerator.NewV1() // fastrand.Read wouldn't cause error, so ignore err is safe
 	return u
 }

@@ -43,7 +23,7 @@ func NewUUIDV3(ns uuid.UUID, name string) uuid.UUID {
 }

 func NewUUIDV4() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV4() // unsafeRandReader wouldn't cause error, so ignore err is safe
+	u, _ := UnsafeUUIDGenerator.NewV4() // fastrand.Read wouldn't cause error, so ignore err is safe
 	return u
 }

@@ -52,12 +32,12 @@ func NewUUIDV5(ns uuid.UUID, name string) uuid.UUID {
 }

 func NewUUIDV6() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV6() // unsafeRandReader wouldn't cause error, so ignore err is safe
+	u, _ := UnsafeUUIDGenerator.NewV6() // fastrand.Read wouldn't cause error, so ignore err is safe
 	return u
 }

 func NewUUIDV7() uuid.UUID {
-	u, _ := UnsafeUUIDGenerator.NewV7() // unsafeRandReader wouldn't cause error, so ignore err is safe
+	u, _ := UnsafeUUIDGenerator.NewV7() // fastrand.Read wouldn't cause error, so ignore err is safe
 	return u
 }

--- a/component/auth/auth.go
+++ b/component/auth/auth.go
@@ -5,11 +5,6 @@ type Authenticator interface {
 	Users() []string
 }

-type AuthStore interface {
-	Authenticator() Authenticator
-	SetAuthenticator(Authenticator)
-}
-
 type AuthUser struct {
 	User string
 	Pass string
--- a/component/ca/ca-certificates.crt
+++ b/component/ca/ca-certificates.crt
--- a/component/ca/config.go
+++ b/component/ca/config.go
@@ -5,16 +5,12 @@ import (
 	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
-	_ "embed"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"os"
-	"strconv"
 	"strings"
 	"sync"
-
-	C "github.com/metacubex/mihomo/constant"
 )

 var trustCerts []*x509.Certificate
@@ -22,11 +18,6 @@ var globalCertPool *x509.CertPool
 var mutex sync.RWMutex
 var errNotMatch = errors.New("certificate fingerprints do not match")

-//go:embed ca-certificates.crt
-var _CaCertificates []byte
-var DisableEmbedCa, _ = strconv.ParseBool(os.Getenv("DISABLE_EMBED_CA"))
-var DisableSystemCa, _ = strconv.ParseBool(os.Getenv("DISABLE_SYSTEM_CA"))
-
 func AddCertificate(certificate string) error {
 	mutex.Lock()
 	defer mutex.Unlock()
@@ -43,20 +34,13 @@ func AddCertificate(certificate string) error {

 func initializeCertPool() {
 	var err error
-	if DisableSystemCa {
+	globalCertPool, err = x509.SystemCertPool()
+	if err != nil {
 		globalCertPool = x509.NewCertPool()
-	} else {
-		globalCertPool, err = x509.SystemCertPool()
-		if err != nil {
-			globalCertPool = x509.NewCertPool()
-		}
 	}
 	for _, cert := range trustCerts {
 		globalCertPool.AddCert(cert)
 	}
-	if !DisableEmbedCa {
-		globalCertPool.AppendCertsFromPEM(_CaCertificates)
-	}
 }

 func ResetCertificate() {
@@ -67,6 +51,9 @@ func ResetCertificate() {
 }

 func getCertPool() *x509.CertPool {
+	if len(trustCerts) == 0 {
+		return nil
+	}
 	if globalCertPool == nil {
 		mutex.Lock()
 		defer mutex.Unlock()
@@ -116,7 +103,7 @@ func GetTLSConfig(tlsConfig *tls.Config, fingerprint string, customCA string, cu
 	var certificate []byte
 	var err error
 	if len(customCA) > 0 {
-		certificate, err = os.ReadFile(C.Path.Resolve(customCA))
+		certificate, err = os.ReadFile(customCA)
 		if err != nil {
 			return nil, fmt.Errorf("load ca error: %w", err)
 		}
--- a/component/ca/fix_windows.go
+++ b/component/ca/fix_windows.go
@@ -1,14 +0,0 @@
-package ca
-
-import (
-	"github.com/metacubex/mihomo/constant/features"
-)
-
-func init() {
-	// crypto/x509: certificate validation in Windows fails to validate IP in SAN
-	// https://github.com/golang/go/issues/37176
-	// As far as I can tell this is still the case on most older versions of Windows (but seems to be fixed in 10)
-	if features.WindowsMajorVersion < 10 && len(_CaCertificates) > 0 {
-		DisableSystemCa = true
-	}
-}
--- a/component/cidr/ipcidr_set.go
+++ b/component/cidr/ipcidr_set.go
@@ -1,90 +0,0 @@
-package cidr
-
-import (
-	"fmt"
-	"net/netip"
-	"unsafe"
-
-	"go4.org/netipx"
-)
-
-type IpCidrSet struct {
-	// must same with netipx.IPSet
-	rr []netipx.IPRange
-}
-
-func NewIpCidrSet() *IpCidrSet {
-	return &IpCidrSet{}
-}
-
-func (set *IpCidrSet) AddIpCidrForString(ipCidr string) error {
-	prefix, err := netip.ParsePrefix(ipCidr)
-	if err != nil {
-		return err
-	}
-	return set.AddIpCidr(prefix)
-}
-
-func (set *IpCidrSet) AddIpCidr(ipCidr netip.Prefix) (err error) {
-	if r := netipx.RangeOfPrefix(ipCidr); r.IsValid() {
-		set.rr = append(set.rr, r)
-	} else {
-		err = fmt.Errorf("not valid ipcidr range: %s", ipCidr)
-	}
-	return
-}
-
-func (set *IpCidrSet) IsContainForString(ipString string) bool {
-	ip, err := netip.ParseAddr(ipString)
-	if err != nil {
-		return false
-	}
-	return set.IsContain(ip)
-}
-
-func (set *IpCidrSet) IsContain(ip netip.Addr) bool {
-	return set.ToIPSet().Contains(ip.WithZone(""))
-}
-
-// MatchIp implements C.IpMatcher
-func (set *IpCidrSet) MatchIp(ip netip.Addr) bool {
-	if set.IsEmpty() {
-		return false
-	}
-	return set.IsContain(ip)
-}
-
-func (set *IpCidrSet) Merge() error {
-	var b netipx.IPSetBuilder
-	b.AddSet(set.ToIPSet())
-	i, err := b.IPSet()
-	if err != nil {
-		return err
-	}
-	set.fromIPSet(i)
-	return nil
-}
-
-func (set *IpCidrSet) IsEmpty() bool {
-	return set == nil || len(set.rr) == 0
-}
-
-func (set *IpCidrSet) Foreach(f func(prefix netip.Prefix) bool) {
-	for _, r := range set.rr {
-		for _, prefix := range r.Prefixes() {
-			if !f(prefix) {
-				return
-			}
-		}
-	}
-}
-
-// ToIPSet not safe convert to *netipx.IPSet
-// be careful, must be used after Merge
-func (set *IpCidrSet) ToIPSet() *netipx.IPSet {
-	return (*netipx.IPSet)(unsafe.Pointer(set))
-}
-
-func (set *IpCidrSet) fromIPSet(i *netipx.IPSet) {
-	*set = *(*IpCidrSet)(unsafe.Pointer(i))
-}
--- a/component/cidr/ipcidr_set_bin.go
+++ b/component/cidr/ipcidr_set_bin.go
@@ -1,77 +0,0 @@
-package cidr
-
-import (
-	"encoding/binary"
-	"errors"
-	"io"
-	"net/netip"
-
-	"go4.org/netipx"
-)
-
-func (ss *IpCidrSet) WriteBin(w io.Writer) (err error) {
-	// version
-	_, err = w.Write([]byte{1})
-	if err != nil {
-		return err
-	}
-
-	// rr
-	err = binary.Write(w, binary.BigEndian, int64(len(ss.rr)))
-	if err != nil {
-		return err
-	}
-	for _, r := range ss.rr {
-		err = binary.Write(w, binary.BigEndian, r.From().As16())
-		if err != nil {
-			return err
-		}
-		err = binary.Write(w, binary.BigEndian, r.To().As16())
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func ReadIpCidrSet(r io.Reader) (ss *IpCidrSet, err error) {
-	// version
-	version := make([]byte, 1)
-	_, err = io.ReadFull(r, version)
-	if err != nil {
-		return nil, err
-	}
-	if version[0] != 1 {
-		return nil, errors.New("version is invalid")
-	}
-
-	ss = NewIpCidrSet()
-	var length int64
-
-	// rr
-	err = binary.Read(r, binary.BigEndian, &length)
-	if err != nil {
-		return nil, err
-	}
-	if length < 1 {
-		return nil, errors.New("length is invalid")
-	}
-	ss.rr = make([]netipx.IPRange, length)
-	for i := int64(0); i < length; i++ {
-		var a16 [16]byte
-		err = binary.Read(r, binary.BigEndian, &a16)
-		if err != nil {
-			return nil, err
-		}
-		from := netip.AddrFrom16(a16).Unmap()
-		err = binary.Read(r, binary.BigEndian, &a16)
-		if err != nil {
-			return nil, err
-		}
-		to := netip.AddrFrom16(a16).Unmap()
-		ss.rr[i] = netipx.IPRangeFrom(from, to)
-	}
-
-	return ss, nil
-}
--- a/component/cidr/ipcidr_set_test.go
+++ b/component/cidr/ipcidr_set_test.go
@@ -1,107 +0,0 @@
-package cidr
-
-import (
-	"testing"
-)
-
-func TestIpv4(t *testing.T) {
-	tests := []struct {
-		name     string
-		ipCidr   string
-		ip       string
-		expected bool
-	}{
-		{
-			name:     "Test Case 1",
-			ipCidr:   "149.154.160.0/20",
-			ip:       "149.154.160.0",
-			expected: true,
-		},
-		{
-			name:     "Test Case 2",
-			ipCidr:   "192.168.0.0/16",
-			ip:       "10.0.0.1",
-			expected: false,
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			set := &IpCidrSet{}
-			set.AddIpCidrForString(test.ipCidr)
-
-			result := set.IsContainForString(test.ip)
-			if result != test.expected {
-				t.Errorf("Expected result: %v, got: %v", test.expected, result)
-			}
-		})
-	}
-}
-
-func TestIpv6(t *testing.T) {
-	tests := []struct {
-		name     string
-		ipCidr   string
-		ip       string
-		expected bool
-	}{
-		{
-			name:     "Test Case 1",
-			ipCidr:   "2409:8000::/20",
-			ip:       "2409:8087:1e03:21::27",
-			expected: true,
-		},
-		{
-			name:     "Test Case 2",
-			ipCidr:   "240e::/16",
-			ip:       "240e:964:ea02:100:1800::71",
-			expected: true,
-		},
-	}
-	// Add more test cases as needed
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			set := &IpCidrSet{}
-			set.AddIpCidrForString(test.ipCidr)
-
-			result := set.IsContainForString(test.ip)
-			if result != test.expected {
-				t.Errorf("Expected result: %v, got: %v", test.expected, result)
-			}
-		})
-	}
-}
-
-func TestMerge(t *testing.T) {
-	tests := []struct {
-		name        string
-		ipCidr1     string
-		ipCidr2     string
-		ipCidr3     string
-		expectedLen int
-	}{
-		{
-			name:        "Test Case 1",
-			ipCidr1:     "2409:8000::/20",
-			ipCidr2:     "2409:8000::/21",
-			ipCidr3:     "2409:8000::/48",
-			expectedLen: 1,
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			set := &IpCidrSet{}
-			set.AddIpCidrForString(test.ipCidr1)
-			set.AddIpCidrForString(test.ipCidr2)
-			set.Merge()
-
-			rangesLen := len(set.rr)
-
-			if rangesLen != test.expectedLen {
-				t.Errorf("Expected len: %v, got: %v", test.expectedLen, rangesLen)
-			}
-		})
-	}
-}
--- a/component/dhcp/conn.go
+++ b/component/dhcp/conn.go
@@ -3,7 +3,6 @@ package dhcp
 import (
 	"context"
 	"net"
-	"net/netip"
 	"runtime"

 	"github.com/metacubex/mihomo/component/dialer"
@@ -25,5 +24,5 @@ func ListenDHCPClient(ctx context.Context, ifaceName string) (net.PacketConn, er
 		options = append(options, dialer.WithFallbackBind(true))
 	}

-	return dialer.ListenPacket(ctx, "udp4", listenAddr, netip.AddrPortFrom(netip.AddrFrom4([4]byte{255, 255, 255, 255}), 67), options...)
+	return dialer.ListenPacket(ctx, "udp4", listenAddr, options...)
 }
--- a/component/dialer/bind.go
+++ b/component/dialer/bind.go
@@ -14,7 +14,6 @@ func LookupLocalAddrFromIfaceName(ifaceName string, network string, destination
 	if err != nil {
 		return nil, err
 	}
-	destination = destination.Unmap()

 	var addr netip.Prefix
 	switch network {
@@ -24,7 +23,7 @@ func LookupLocalAddrFromIfaceName(ifaceName string, network string, destination
 		addr, err = ifaceObj.PickIPv6Addr(destination)
 	default:
 		if destination.IsValid() {
-			if destination.Is4() {
+			if destination.Is4() || destination.Is4In6() {
 				addr, err = ifaceObj.PickIPv4Addr(destination)
 			} else {
 				addr, err = ifaceObj.PickIPv6Addr(destination)
@@ -75,7 +74,7 @@ func fallbackBindIfaceToDialer(ifaceName string, dialer *net.Dialer, network str
 	return nil
 }

-func fallbackBindIfaceToListenConfig(ifaceName string, _ *net.ListenConfig, network, address string, rAddrPort netip.AddrPort) (string, error) {
+func fallbackBindIfaceToListenConfig(ifaceName string, _ *net.ListenConfig, network, address string) (string, error) {
 	_, port, err := net.SplitHostPort(address)
 	if err != nil {
 		port = "0"
--- a/component/dialer/bind_darwin.go
+++ b/component/dialer/bind_darwin.go
@@ -46,7 +46,7 @@ func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, _ string, _ netip.A
 	return nil
 }

-func bindIfaceToListenConfig(ifaceName string, lc *net.ListenConfig, _, address string, rAddrPort netip.AddrPort) (string, error) {
+func bindIfaceToListenConfig(ifaceName string, lc *net.ListenConfig, _, address string) (string, error) {
 	ifaceObj, err := iface.ResolveInterface(ifaceName)
 	if err != nil {
 		return "", err
--- a/component/dialer/bind_linux.go
+++ b/component/dialer/bind_linux.go
@@ -35,7 +35,7 @@ func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, _ string, _ netip.A
 	return nil
 }

-func bindIfaceToListenConfig(ifaceName string, lc *net.ListenConfig, _, address string, rAddrPort netip.AddrPort) (string, error) {
+func bindIfaceToListenConfig(ifaceName string, lc *net.ListenConfig, _, address string) (string, error) {
 	addControlToListenConfig(lc, bindControl(ifaceName))

 	return address, nil
--- a/component/dialer/bind_others.go
+++ b/component/dialer/bind_others.go
@@ -11,8 +11,8 @@ func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, network string, des
 	return fallbackBindIfaceToDialer(ifaceName, dialer, network, destination)
 }

-func bindIfaceToListenConfig(ifaceName string, lc *net.ListenConfig, network, address string, rAddrPort netip.AddrPort) (string, error) {
-	return fallbackBindIfaceToListenConfig(ifaceName, lc, network, address, rAddrPort)
+func bindIfaceToListenConfig(ifaceName string, lc *net.ListenConfig, network, address string) (string, error) {
+	return fallbackBindIfaceToListenConfig(ifaceName, lc, network, address)
 }

 func ParseNetwork(network string, addr netip.Addr) string {
--- a/component/dialer/bind_windows.go
+++ b/component/dialer/bind_windows.go
@@ -36,7 +36,7 @@ func bind6(handle syscall.Handle, ifaceIdx int) error {
 	return err
 }

-func bindControl(ifaceIdx int, rAddrPort netip.AddrPort) controlFn {
+func bindControl(ifaceIdx int) controlFn {
 	return func(ctx context.Context, network, address string, c syscall.RawConn) (err error) {
 		addrPort, err := netip.ParseAddrPort(address)
 		if err == nil && !addrPort.Addr().IsGlobalUnicast() {
@@ -55,7 +55,7 @@ func bindControl(ifaceIdx int, rAddrPort netip.AddrPort) controlFn {
 				innerErr = bind4err
 			case "udp6":
 				// golang will set network to udp6 when listenUDP on wildcard ip (eg: ":0", "")
-				if (!addrPort.Addr().IsValid() || addrPort.Addr().IsUnspecified()) && bind6err != nil && rAddrPort.Addr().Unmap().Is4() {
+				if (!addrPort.Addr().IsValid() || addrPort.Addr().IsUnspecified()) && bind6err != nil {
 					// try bind ipv6, if failed, ignore. it's a workaround for windows disable interface ipv6
 					if bind4err != nil {
 						innerErr = fmt.Errorf("%w (%s)", bind6err, bind4err)
@@ -76,23 +76,23 @@ func bindControl(ifaceIdx int, rAddrPort netip.AddrPort) controlFn {
 	}
 }

-func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, _ string, destination netip.Addr) error {
+func bindIfaceToDialer(ifaceName string, dialer *net.Dialer, _ string, _ netip.Addr) error {
 	ifaceObj, err := iface.ResolveInterface(ifaceName)
 	if err != nil {
 		return err
 	}

-	addControlToDialer(dialer, bindControl(ifaceObj.Index, netip.AddrPortFrom(destination, 0)))
+	addControlToDialer(dialer, bindControl(ifaceObj.Index))
 	return nil
 }

-func bindIfaceToListenConfig(ifaceName string, lc *net.ListenConfig, _, address string, rAddrPort netip.AddrPort) (string, error) {
+func bindIfaceToListenConfig(ifaceName string, lc *net.ListenConfig, _, address string) (string, error) {
 	ifaceObj, err := iface.ResolveInterface(ifaceName)
 	if err != nil {
 		return "", err
 	}

-	addControlToListenConfig(lc, bindControl(ifaceObj.Index, rAddrPort))
+	addControlToListenConfig(lc, bindControl(ifaceObj.Index))
 	return address, nil
 }

--- a/component/dialer/dialer.go
+++ b/component/dialer/dialer.go
@@ -7,26 +7,18 @@ import (
 	"net"
 	"net/netip"
 	"os"
-	"strconv"
 	"strings"
 	"sync"
 	"time"

-	"github.com/metacubex/mihomo/component/keepalive"
 	"github.com/metacubex/mihomo/component/resolver"
-	"github.com/metacubex/mihomo/log"
-)
-
-const (
-	DefaultTCPTimeout = 5 * time.Second
-	DefaultUDPTimeout = DefaultTCPTimeout
+	"github.com/metacubex/mihomo/constant/features"
 )

 type dialFunc func(ctx context.Context, network string, ips []netip.Addr, port string, opt *option) (net.Conn, error)

 var (
 	dialMux                      sync.Mutex
-	IP4PEnable                   bool
 	actualSingleStackDialContext = serialSingleStackDialContext
 	actualDualStackDialContext   = serialDualStackDialContext
 	tcpConcurrent                = false
@@ -78,30 +70,30 @@ func DialContext(ctx context.Context, network, address string, options ...Option
 	}
 }

-func ListenPacket(ctx context.Context, network, address string, rAddrPort netip.AddrPort, options ...Option) (net.PacketConn, error) {
+func ListenPacket(ctx context.Context, network, address string, options ...Option) (net.PacketConn, error) {
+	if features.CMFA && DefaultSocketHook != nil {
+		return listenPacketHooked(ctx, network, address)
+	}
+
 	cfg := applyOptions(options...)

 	lc := &net.ListenConfig{}
+	if cfg.interfaceName != "" {
+		bind := bindIfaceToListenConfig
+		if cfg.fallbackBind {
+			bind = fallbackBindIfaceToListenConfig
+		}
+		addr, err := bind(cfg.interfaceName, lc, network, address)
+		if err != nil {
+			return nil, err
+		}
+		address = addr
+	}
 	if cfg.addrReuse {
 		addrReuseToListenConfig(lc)
 	}
-	if DefaultSocketHook != nil { // ignore interfaceName, routingMark when DefaultSocketHook not null (in CMFA)
-		socketHookToListenConfig(lc)
-	} else {
-		if cfg.interfaceName != "" {
-			bind := bindIfaceToListenConfig
-			if cfg.fallbackBind {
-				bind = fallbackBindIfaceToListenConfig
-			}
-			addr, err := bind(cfg.interfaceName, lc, network, address, rAddrPort)
-			if err != nil {
-				return nil, err
-			}
-			address = addr
-		}
-		if cfg.routingMark != 0 {
-			bindMarkToListenConfig(cfg.routingMark, lc, network, address)
-		}
+	if cfg.routingMark != 0 {
+		bindMarkToListenConfig(cfg.routingMark, lc, network, address)
 	}

 	return lc.ListenPacket(ctx, network, address)
@@ -127,11 +119,11 @@ func GetTcpConcurrent() bool {
 }

 func dialContext(ctx context.Context, network string, destination netip.Addr, port string, opt *option) (net.Conn, error) {
-	var address string
-	if IP4PEnable {
-		destination, port = lookupIP4P(destination, port)
+	if features.CMFA && DefaultSocketHook != nil {
+		return dialContextHooked(ctx, network, destination, port)
 	}
-	address = net.JoinHostPort(destination.String(), port)
+
+	address := net.JoinHostPort(destination.String(), port)

 	netDialer := opt.netDialer
 	switch netDialer.(type) {
@@ -145,31 +137,24 @@ func dialContext(ctx context.Context, network string, destination netip.Addr, po
 	}

 	dialer := netDialer.(*net.Dialer)
-	keepalive.SetNetDialer(dialer)
+	if opt.interfaceName != "" {
+		bind := bindIfaceToDialer
+		if opt.fallbackBind {
+			bind = fallbackBindIfaceToDialer
+		}
+		if err := bind(opt.interfaceName, dialer, network, destination); err != nil {
+			return nil, err
+		}
+	}
+	if opt.routingMark != 0 {
+		bindMarkToDialer(opt.routingMark, dialer, network, destination)
+	}
 	if opt.mpTcp {
 		setMultiPathTCP(dialer)
 	}
-
-	if DefaultSocketHook != nil { // ignore interfaceName, routingMark and tfo when DefaultSocketHook not null (in CMFA)
-		socketHookToToDialer(dialer)
-	} else {
-		if opt.interfaceName != "" {
-			bind := bindIfaceToDialer
-			if opt.fallbackBind {
-				bind = fallbackBindIfaceToDialer
-			}
-			if err := bind(opt.interfaceName, dialer, network, destination); err != nil {
-				return nil, err
-			}
-		}
-		if opt.routingMark != 0 {
-			bindMarkToDialer(opt.routingMark, dialer, network, destination)
-		}
-		if opt.tfo && !DisableTFO {
-			return dialTFO(ctx, *dialer, network, address)
-		}
+	if opt.tfo {
+		return dialTFO(ctx, *dialer, network, address)
 	}
-
 	return dialer.DialContext(ctx, network, address)
 }

@@ -340,18 +325,26 @@ func parseAddr(ctx context.Context, network, address string, preferResolver reso
 		return nil, "-1", err
 	}

-	if preferResolver == nil {
-		preferResolver = resolver.ProxyServerHostResolver
-	}
-
 	var ips []netip.Addr
 	switch network {
 	case "tcp4", "udp4":
-		ips, err = resolver.LookupIPv4WithResolver(ctx, host, preferResolver)
+		if preferResolver == nil {
+			ips, err = resolver.LookupIPv4ProxyServerHost(ctx, host)
+		} else {
+			ips, err = resolver.LookupIPv4WithResolver(ctx, host, preferResolver)
+		}
 	case "tcp6", "udp6":
-		ips, err = resolver.LookupIPv6WithResolver(ctx, host, preferResolver)
+		if preferResolver == nil {
+			ips, err = resolver.LookupIPv6ProxyServerHost(ctx, host)
+		} else {
+			ips, err = resolver.LookupIPv6WithResolver(ctx, host, preferResolver)
+		}
 	default:
-		ips, err = resolver.LookupIPWithResolver(ctx, host, preferResolver)
+		if preferResolver == nil {
+			ips, err = resolver.LookupIPProxyServerHost(ctx, host)
+		} else {
+			ips, err = resolver.LookupIPWithResolver(ctx, host, preferResolver)
+		}
 	}
 	if err != nil {
 		return nil, "-1", fmt.Errorf("dns resolve failed: %w", err)
@@ -373,33 +366,15 @@ func (d Dialer) DialContext(ctx context.Context, network, address string) (net.C
 }

 func (d Dialer) ListenPacket(ctx context.Context, network, address string, rAddrPort netip.AddrPort) (net.PacketConn, error) {
-	opt := d.Opt // make a copy
+	opt := WithOption(d.Opt)
 	if rAddrPort.Addr().Unmap().IsLoopback() {
 		// avoid "The requested address is not valid in its context."
-		WithInterface("")(&opt)
+		opt = WithInterface("")
 	}
-	return ListenPacket(ctx, ParseNetwork(network, rAddrPort.Addr()), address, rAddrPort, WithOption(opt))
+	return ListenPacket(ctx, ParseNetwork(network, rAddrPort.Addr()), address, opt)
 }

 func NewDialer(options ...Option) Dialer {
 	opt := applyOptions(options...)
 	return Dialer{Opt: *opt}
 }
-
-func GetIP4PEnable(enableIP4PConvert bool) {
-	IP4PEnable = enableIP4PConvert
-}
-
-// kanged from https://github.com/heiher/frp/blob/ip4p/client/ip4p.go
-
-func lookupIP4P(addr netip.Addr, port string) (netip.Addr, string) {
-	ip := addr.AsSlice()
-	if ip[0] == 0x20 && ip[1] == 0x01 &&
-		ip[2] == 0x00 && ip[3] == 0x00 {
-		addr = netip.AddrFrom4([4]byte{ip[12], ip[13], ip[14], ip[15]})
-		port = strconv.Itoa(int(ip[10])<<8 + int(ip[11]))
-		log.Debugln("Convert IP4P address %s to %s", ip, net.JoinHostPort(addr.String(), port))
-		return addr, port
-	}
-	return addr, port
-}
--- a/component/dialer/patch_android.go
+++ b/component/dialer/patch_android.go
@@ -0,0 +1,39 @@
+//go:build android && cmfa
+
+package dialer
+
+import (
+	"context"
+	"net"
+	"net/netip"
+	"syscall"
+)
+
+type SocketControl func(network, address string, conn syscall.RawConn) error
+
+var DefaultSocketHook SocketControl
+
+func dialContextHooked(ctx context.Context, network string, destination netip.Addr, port string) (net.Conn, error) {
+	dialer := &net.Dialer{
+		Control: DefaultSocketHook,
+	}
+
+	conn, err := dialer.DialContext(ctx, network, net.JoinHostPort(destination.String(), port))
+	if err != nil {
+		return nil, err
+	}
+
+	if t, ok := conn.(*net.TCPConn); ok {
+		t.SetKeepAlive(false)
+	}
+
+	return conn, nil
+}
+
+func listenPacketHooked(ctx context.Context, network, address string) (net.PacketConn, error) {
+	lc := &net.ListenConfig{
+		Control: DefaultSocketHook,
+	}
+
+	return lc.ListenPacket(ctx, network, address)
+}
--- a/component/dialer/patch_common.go
+++ b/component/dialer/patch_common.go
@@ -0,0 +1,22 @@
+//go:build !(android && cmfa)
+
+package dialer
+
+import (
+	"context"
+	"net"
+	"net/netip"
+	"syscall"
+)
+
+type SocketControl func(network, address string, conn syscall.RawConn) error
+
+var DefaultSocketHook SocketControl
+
+func dialContextHooked(ctx context.Context, network string, destination netip.Addr, port string) (net.Conn, error) {
+	return nil, nil
+}
+
+func listenPacketHooked(ctx context.Context, network, address string) (net.PacketConn, error) {
+	return nil, nil
+}
--- a/component/dialer/resolver.go
+++ b/component/dialer/resolver.go
@@ -0,0 +1,29 @@
+package dialer
+
+import (
+	"context"
+	"net"
+	"net/netip"
+)
+
+func init() {
+	// We must use this DialContext to query DNS
+	// when using net default resolver.
+	net.DefaultResolver.PreferGo = true
+	net.DefaultResolver.Dial = resolverDialContext
+}
+
+func resolverDialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	d := &net.Dialer{}
+
+	interfaceName := DefaultInterface.Load()
+
+	if interfaceName != "" {
+		dstIP, err := netip.ParseAddr(address)
+		if err == nil {
+			_ = bindIfaceToDialer(interfaceName, d, network, dstIP)
+		}
+	}
+
+	return d.DialContext(ctx, network, address)
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Larvan2	dc2108c174	Merge branch 'Alpha' into Meta	2024-01-02 15:21:37 +08:00
wwqgtxx	bda71dbfa1	Merge branch 'Alpha' into Meta	2023-12-03 08:44:30 +08:00
wwqgtxx	253b023442	Merge branch 'Alpha' into Meta	2023-11-03 21:59:44 +08:00
wwqgtxx	8293b7fdae	Merge branch 'Beta' into Meta # Conflicts: # .github/workflows/docker.yaml # .github/workflows/prerelease.yml	2023-02-19 01:25:34 +08:00
wwqgtxx	0ba415866e	Merge branch 'Alpha' into Beta	2023-02-19 01:25:01 +08:00
Larvan2	53b41ca166	Chore: Add action for deleting old workflow	2023-01-30 18:17:22 +08:00
metacubex	8a75f78e63	chore: adjust Dockerfile	2023-01-12 02:24:12 +08:00
metacubex	d9692c6366	Merge branch 'Beta' into Meta	2023-01-12 02:15:14 +08:00
metacubex	f4b0062dfc	Merge branch 'Alpha' into Beta	2023-01-12 02:14:49 +08:00
metacubex	b9ffc82e53	Merge branch 'Beta' into Meta	2023-01-12 01:33:56 +08:00
metacubex	78aaea6a45	Merge branch 'Alpha' into Beta	2023-01-12 01:33:16 +08:00
cubemaze	3645fbf161	Merge pull request #327 from Rasphino/Meta Update flake.nix hash	2023-01-08 00:29:29 +08:00
Rasphino	a1d0f22132	fix: update flake.nix hash	2023-01-07 23:38:32 +08:00
metacubex	fa73b0f4bf	Merge remote-tracking branch 'origin/Beta' into Meta	2023-01-01 19:41:36 +08:00
metacubex	3b76a8b839	Merge remote-tracking branch 'origin/Alpha' into Beta	2023-01-01 19:40:36 +08:00
cubemaze	667f42dcdc	Merge pull request #282 from tdjnodj/Meta Update README.md	2022-12-03 17:23:51 +08:00
tdjnodj	dfbe09860f	Update README.md	2022-12-03 17:17:08 +08:00
metacubex	9e20f9c26a	chore: update dependencies	2022-11-28 20:33:10 +08:00
Skimmle	f968d0cb82	chore: update github action	2022-11-26 20:16:12 +08:00
metacubex	2ad84f4379	Merge branch 'Beta' into Meta	2022-11-02 18:08:22 +08:00
metacubex	c7aa16426f	Merge branch 'Alpha' into Beta	2022-11-02 18:07:29 +08:00
Skyxim	5987f8e3b5	Merge branch 'Beta' into Meta	2022-08-29 13:08:29 +08:00
Skyxim	3a8eb72de2	Merge branch 'Alpha' into Beta	2022-08-29 13:08:22 +08:00
zhudan	33abbdfd24	Merge pull request #174 from MetaCubeX/Alpha Alpha	2022-08-29 11:24:07 +08:00
zhudan	0703d6cbff	Merge pull request #173 from MetaCubeX/Alpha Alpha	2022-08-29 11:22:14 +08:00
Skyxim	10d2d14938	Merge branch 'Beta' into Meta # Conflicts: # rules/provider/classical_strategy.go	2022-07-02 10:41:41 +08:00
wwqgtxx	691cf1d8d6	Merge pull request #94 from bash99/Meta Update README.md	2022-06-15 19:15:51 +08:00
bash99	d1decb8e58	Update README.md add permissions for systemctl services clash-dashboard change to updated one	2022-06-15 14:00:05 +08:00
Skyxim	7d04904109	fix: leak dns when domain in hosts list	2022-06-11 18:51:26 +08:00
Skyxim	a5acd3aa97	refactor: clear linkname,reduce cycle dependencies,transport init geosite function	2022-06-11 18:51:22 +08:00
Skyxim	eea9a12560	fix: 规则匹配默认策略组返回错误	2022-06-09 14:18:35 +08:00
adlyq	0a4570b55c	fix: group filter touch provider	2022-06-09 14:18:29 +08:00