Squashed commit of the following:

commit 3b04b60a965227028fcb402e6b773c4d58fcd810
Author: kitty314 <[email protected]>
Date:   Thu Jun 26 18:26:56 2025 +0800

    11911

commit 5b97527
Author: wwqgtxx <[email protected]>
Date:   Wed Jun 25 16:17:19 2025 +0800

    fix: incorrect checking of strings.Split return value

    strings.Split will never return a slice of length 0 if sep is not empty, so any code that checks if the return value is of length 0 is incorrect and useless.

commit 166392f
Author: ayanamist <[email protected]>
Date:   Tue Jun 24 21:44:26 2025 +0800

    chore: sniffer replace domain only if domain is valid (MetaCubeX#2122)

commit 5c6aa43
Author: ayanamist <[email protected]>
Date:   Tue Jun 24 18:04:42 2025 +0800

    chore: unconditionally allow clients with passwords for password-free socks5 inbound (MetaCubeX#2123)

commit 2c55dc2
Author: xishang0128 <[email protected]>
Date:   Tue Jun 24 17:25:59 2025 +0800

    action: fix run build on pull_request

commit 56c0b08
Author: wwqgtxx <[email protected]>
Date:   Sat Jun 21 22:46:55 2025 +0800

    doc: update path doc

commit 5344e86
Author: Restia-Ashbell <[email protected]>
Date:   Sat Jun 21 12:19:13 2025 +0800

    fix: ssr uri decode (MetaCubeX#2116)

commit 6cfaf15
Author: wwqgtxx <[email protected]>
Date:   Sat Jun 21 12:08:41 2025 +0800

    fix: missing error return

commit 31f0060
Author: wwqgtxx <[email protected]>
Date:   Sat Jun 21 10:28:23 2025 +0800

    fix: chacha20 counter overflow

    the implement it's a not safe chacha20 using but for compatible

commit c60750d
Author: wwqgtxx <[email protected]>
Date:   Sat Jun 14 15:57:54 2025 +0800

    chore: allow tun to skip the system ipv6 check when starting by environment variable `SKIP_SYSTEM_IPV6_CHECK`

commit ebf5918
Author: wwqgtxx <[email protected]>
Date:   Sat Jun 14 12:32:30 2025 +0800

    fix: v2ray-plugin mux maybe not close underlay connection

commit 93ca185
Author: riolurs <[email protected]>
Date:   Fri Jun 13 23:05:06 2025 +0800

    chore: converter support fingerprint for anytls

commit 32d447c
Author: beck <[email protected]>
Date:   Thu Jun 12 17:10:09 2025 +0800

    fix: convert https (MetaCubeX#2102)

commit 617fef8
Author: beck <[email protected]>
Date:   Thu Jun 12 16:17:25 2025 +0800

    feat: converter support anytls/socks/http (MetaCubeX#2100)

commit d191993
Author: wwqgtxx <[email protected]>
Date:   Thu Jun 12 15:33:19 2025 +0800

    action: don't trigger cmfa update on pull request

commit 87795e3
Author: wwqgtxx <[email protected]>
Date:   Thu Jun 12 15:24:17 2025 +0800

    chore: add yaml marshal for common/atomic

commit 85bb40a
Author: wwqgtxx <[email protected]>
Date:   Thu Jun 12 01:23:34 2025 +0800

    chore: add Int32Enum for common/atomic

commit 082bcec
Author: wwqgtxx <[email protected]>
Date:   Thu Jun 12 00:27:51 2025 +0800

    chore: apply find process mode in direct/global mode

commit 9283cb0
Author: wwqgtxx <[email protected]>
Date:   Wed Jun 11 17:45:28 2025 +0800

    feat: add `loopback-address` support for tun

commit ae7967f
Author: wwqgtxx <[email protected]>
Date:   Tue Jun 10 20:11:50 2025 +0800

    chore: the resolve and findProcess behaviors of Logic and SubRules follow the order and needs of the internal rules

commit 01f8f2d
Author: wwqgtxx <[email protected]>
Date:   Tue Jun 10 10:54:08 2025 +0800

    chore: cleanup allocator code

commit 255ff5e
Author: wwqgtxx <[email protected]>
Date:   Tue Jun 10 10:38:05 2025 +0800

    chore: add rate limiting support for reality listener

commit 939e410
Author: wwqgtxx <[email protected]>
Date:   Sat Jun 7 00:38:39 2025 +0800

    chore: write dns reply in single syscall

commit 40587b6
Author: wwqgtxx <[email protected]>
Date:   Fri Jun 6 00:52:12 2025 +0800

    feat: all dns client support `skip-cert-verify` params

commit 85e6d25
Author: wwqgtxx <[email protected]>
Date:   Fri Jun 6 00:45:58 2025 +0800

    feat: all dns client support `ecs` and `ecs-override` params

commit 29a37f4
Author: wwqgtxx <[email protected]>
Date:   Fri Jun 6 00:24:57 2025 +0800

    feat: all dns client support `disable-ipv4` and `disable-ipv6` params

commit 2f9a3b3
Author: wwqgtxx <[email protected]>
Date:   Thu Jun 5 21:20:38 2025 +0800

    chore: cleanup code

commit 40ea0ba
Author: wwqgtxx <[email protected]>
Date:   Thu Jun 5 13:47:26 2025 +0800

    fix: correct constructor for `2022-blake3-chacha8-poly1305`

commit 8d7f947
Author: wwqgtxx <[email protected]>
Date:   Thu Jun 5 13:43:30 2025 +0800

    fix: TypedValue.CompareAndSwap

    tailscale/tailscale@84aa7ff

commit 71a8705
Author: wwqgtxx <[email protected]>
Date:   Sat May 31 22:57:05 2025 +0800

    fix: remote dst parse

commit c0f452b
Author: wwqgtxx <[email protected]>
Date:   Thu May 29 10:14:06 2025 +0800

    chore: more unmap for 4in6 address

commit 6c9abe1
Author: wwqgtxx <[email protected]>
Date:   Wed May 28 21:33:44 2025 +0800

    fix: vmess listener error

commit 213d80c
Author: wwqgtxx <[email protected]>
Date:   Wed May 28 10:01:15 2025 +0800

    fix: quic sniffer should consider skipDomain

commit 1db89da
Author: wwqgtxx <[email protected]>
Date:   Wed May 28 09:22:28 2025 +0800

    fix: quic sniffer should not replace domain when no valid host is read

commit 689c58f
Author: wwqgtxx <[email protected]>
Date:   Tue May 27 22:47:21 2025 +0800

    chore: clear dstIP when overrideDest in sniffer

commit 33590c4
Author: wwqgtxx <[email protected]>
Date:   Tue May 27 18:26:35 2025 +0800

    fix: destination should unmap before find interface

commit 60ae9dc
Author: wwqgtxx <[email protected]>
Date:   Tue May 27 18:10:44 2025 +0800

    chore: recover log leval for preHandleMetadata

commit 4741ac6
Author: wwqgtxx <[email protected]>
Date:   Tue May 27 16:32:42 2025 +0800

    fix: in-port not work with shadowsocks listener

commit ef3d7e4
Author: wwqgtxx <[email protected]>
Date:   Tue May 27 15:04:01 2025 +0800

    chore: remove unneeded dns resolve when proxydialer dial udp

commit a1c7881
Author: wwqgtxx <[email protected]>
Date:   Tue May 27 10:45:26 2025 +0800

    chore: rebuild udp dns resolve

    The DNS resolution of the overall UDP part has been delayed to the connection initiation stage. During the rule matching process, it will only be triggered when the IP rule without no-resolve is matched.

    For direct and wireguard outbound, the same logic as the TCP part will be followed, that is, when direct-nameserver (or DNS configured by wireguard) exists, the result of the matching process will be discarded and the domain name will be re-resolved. This re-resolution logic is only effective for fakeip.

    For reject and DNS outbound, no resolution is required.

    For other outbound, resolution will still be performed when the connection is initiated, and the domain name will not be sent directly to the remote server at present.

commit 12e3952
Author: wwqgtxx <[email protected]>
Date:   Mon May 26 12:33:24 2025 +0800

    chore: code cleanup

commit 88419cb
Author: wwqgtxx <[email protected]>
Date:   Mon May 26 01:12:35 2025 +0800

    chore: better parse remote dst

commit 4ed8303
Author: wwqgtxx <[email protected]>
Date:   Sun May 25 22:22:23 2025 +0800

    chore: remove confused code

commit 3ed6ff9
Author: wwqgtxx <[email protected]>
Date:   Sun May 25 22:07:29 2025 +0800

    chore: export pipeDeadline

commit 34de62d
Author: wwqgtxx <[email protected]>
Date:   Sat May 24 23:19:38 2025 +0800

    chore: better get localAddr

commit d2e255f
Author: wwqgtxx <[email protected]>
Date:   Sat May 24 22:23:10 2025 +0800

    fix: some error in tun

commit a0c46bb
Author: wwqgtxx <[email protected]>
Date:   Sat May 24 15:57:49 2025 +0800

    chore: remove the redundant layer of udpnat in sing-tun to reduce resource usage when processing udp

commit 9e3bf14
Author: wwqgtxx <[email protected]>
Date:   Fri May 23 20:59:02 2025 +0800

    chore: handle two interfaces have the same prefix but different address

commit 28c387a
Author: wwqgtxx <[email protected]>
Date:   Fri May 23 20:19:18 2025 +0800

    chore: restore break change in sing-tun

commit 15eda70
Author: wwqgtxx <[email protected]>
Date:   Fri May 23 20:12:38 2025 +0800

    fix: hysteria2 panic

commit b1d12a1
Author: wwqgtxx <[email protected]>
Date:   Thu May 22 17:42:40 2025 +0800

    chore: proxy's ech should fetch from proxy-nameserver

commit 5a21bf3
Author: wwqgtxx <[email protected]>
Date:   Thu May 22 17:01:24 2025 +0800

    fix: listener close panic

commit 199fb8f
Author: wwqgtxx <[email protected]>
Date:   Thu May 22 10:28:10 2025 +0800

    chore: update quic-go to 0.52.0

commit fd959fe
Author: wwqgtxx <[email protected]>
Date:   Wed May 21 21:37:20 2025 +0800

    chore: update dependencies

commit d5a0390
Author: wwqgtxx <[email protected]>
Date:   Tue May 20 16:15:04 2025 +0800

    fix: race in close grpc transport

commit 257fead
Author: wwqgtxx <[email protected]>
Date:   Tue May 20 11:08:42 2025 +0800

    docs: update config.yaml follow 5cf0f18

commit c489c52
Author: wwqgtxx <[email protected]>
Date:   Tue May 20 10:56:14 2025 +0800

    fix: hysteria2 hop ports init
    MetaCubeX#2056

commit 8f92b1d
Author: wwqgtxx <[email protected]>
Date:   Tue May 20 09:48:05 2025 +0800

    chore: simplify the single root decompression process

commit 9f7a2a3
Author: wwqgtxx <[email protected]>
Date:   Tue May 20 01:57:57 2025 +0800

    chore: unpack externalUI in a separate temporary directory to avoid malicious compressed packages from polluting workdir

commit a934791
Author: wwqgtxx <[email protected]>
Date:   Tue May 20 00:00:07 2025 +0800

    chore: stricter path checking when unpacking zip/tgz

commit ed42c4f
Author: wwqgtxx <[email protected]>
Date:   Mon May 19 23:42:39 2025 +0800

    chore: disallow symlink in unzip

commit 608ddb1
Author: wwqgtxx <[email protected]>
Date:   Mon May 19 23:11:52 2025 +0800

    fix: `external-ui-name` must in local

commit d036d98
Author: wwqgtxx <[email protected]>
Date:   Sun May 18 22:32:25 2025 +0800

    fix: http server does not handle http2 logic correctly

commit d900c71
Author: wwqgtxx <[email protected]>
Date:   Sun May 18 00:50:00 2025 +0800

    fix: shadowtls v2 not work with X25519MLKEM768

commit 1672750
Author: wwqgtxx <[email protected]>
Date:   Sun May 18 00:49:15 2025 +0800

    chore: simplifying the old fingerprint processing method

commit 41b57af
Author: wwqgtxx <[email protected]>
Date:   Sun May 18 00:25:02 2025 +0800

    fix: grpc deadline implement

commit 188372c
Author: wwqgtxx <[email protected]>
Date:   Sat May 17 21:21:02 2025 +0800

    feat: add `tls.ech-key` for `external-controller-tls`

commit a1350d4
Author: wwqgtxx <[email protected]>
Date:   Sat May 17 20:50:21 2025 +0800

    feat: add `ech-key` for listeners

commit dc958e6
Author: wwqgtxx <[email protected]>
Date:   Sat May 17 17:36:25 2025 +0800

    feat: add `ech-opts` for hysteria/hysteria2/tuic outbound

commit 8a5f3b8
Author: wwqgtxx <[email protected]>
Date:   Sat May 17 17:06:38 2025 +0800

    chore: simplify port hop costs

commit c6d7ef8
Author: wwqgtxx <[email protected]>
Date:   Sat May 17 13:53:21 2025 +0800

    feat: add `ech-opts` for anytls/shadowsocks/trojan/vmess/vless outbound

commit bb8c47d
Author: wwqgtxx <[email protected]>
Date:   Thu May 15 18:07:55 2025 +0800

    fix: error typo

commit 5cf0f18
Author: wwqgtxx <[email protected]>
Date:   Thu May 15 10:14:18 2025 +0800

    feat: reality add `support-x25519mlkem768`, it only works with new version server

commit 83213d4
Author: wwqgtxx <[email protected]>
Date:   Wed May 14 21:51:18 2025 +0800

    chore: adjust min backoff from 1s to 10s

commit 90ed01e
Author: wwqgtxx <[email protected]>
Date:   Wed May 14 21:45:12 2025 +0800

    fix: backoff not reset when the file unchanged

commit f91a586
Author: wwqgtxx <[email protected]>
Date:   Tue May 13 19:00:32 2025 +0800

    fix: inline proxy provider's healthcheck not work

commit 266fb03
Author: wwqgtxx <[email protected]>
Date:   Tue May 13 12:09:38 2025 +0800

    chore: update dependencies

commit 76e9607
Author: wwqgtxx <[email protected]>
Date:   Tue May 13 01:10:10 2025 +0800

    chore: move start healthcheck.process() from New to Initial in provider
    avoid panic cause by build-in proxy have not set to tunnel

commit 23e2d3a
Author: wwqgtxx <[email protected]>
Date:   Mon May 12 22:19:49 2025 +0800

    chore: rebuild provider load

commit 6e35cf9
Author: wwqgtxx <[email protected]>
Date:   Mon May 12 12:34:22 2025 +0800

    fix: truncated UDP response in system dns
    MetaCubeX#2031

commit 2116640
Author: wwqgtxx <[email protected]>
Date:   Mon May 12 11:24:56 2025 +0800

    chore: the updateConfigs api also adds a check for `SAFE_PATHS`

commit a4fcd3a
Author: wwqgtxx <[email protected]>
Date:   Mon May 12 09:56:08 2025 +0800

    chore: rollback incompatible changes to updateConfigs api

commit d22a893
Author: wwqgtxx <[email protected]>
Date:   Sun May 11 11:44:12 2025 +0800

    fix: hysteria server port hopping compatibility issues

commit 00cceba
Author: Anya Lin <[email protected]>
Date:   Sat May 10 13:12:45 2025 +0800

    docs: update config.yaml follow 7e7016b (MetaCubeX#2022)

commit 2b4726b
Author: wwqgtxx <[email protected]>
Date:   Sat May 10 12:32:47 2025 +0800

    fix: build on go1.24.3
    golang/go#73617

commit 26e6d83
Author: xishang0128 <[email protected]>
Date:   Wed May 7 17:07:39 2025 +0800

    chore: make select display the specified testUrl
    for MetaCubeX#2013

commit 50d7834
Author: wwqgtxx <[email protected]>
Date:   Mon May 5 01:32:25 2025 +0800

    chore: change the separator of the `SAFE_PATHS` environment variable to the default separator of the operating system platform (i.e., `;` in Windows and `:` in other systems)

commit 86c127d
Author: wwqgtxx <[email protected]>
Date:   Sun May 4 10:39:15 2025 +0800

    fix: missing read waiter for cancelers

commit febb602
Author: wwqgtxx <[email protected]>
Date:   Sun May 4 11:09:40 2025 +0800

    fix: hysteria2 inbound not set UDPTimeout

commit 9e57b29
Author: wwqgtxx <[email protected]>
Date:   Sat May 3 15:06:13 2025 +0800

    chore: update dependencies

commit 791ea5e
Author: wwqgtxx <[email protected]>
Date:   Thu May 1 12:33:21 2025 +0800

    chore: allow setting addition safePaths by environment variable `SAFE_PATHS`
    package managers can allow for pre-defined safe paths without disabling the entire security check feature
    for MetaCubeX#2004

commit 7e7016b
Author: wwqgtxx <[email protected]>
Date:   Thu May 1 01:27:08 2025 +0800

    chore: removed `routing-mark` and `interface-name` of the group, please set it directly on the proxy instead

commit b4fe669
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 30 23:21:13 2025 +0800

    chore: better path checks

commit cad26ac
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 30 17:26:45 2025 +0800

    chore: fetcher will change duration to achieve fast retry when the update failed with a 2x factor step from 1s to `interval`

commit f328203
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 30 16:03:02 2025 +0800

    feat: not inline proxy-provider can also set `payload` as fallback proxies when file/http parsing fails

commit 5c40a63
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 30 14:09:15 2025 +0800

    feat: not inline rule-provider can also set `payload` as fallback rules when file/http parsing fails

commit 61d6a9a
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 30 13:21:42 2025 +0800

    fix: fetcher does not start the pull loop when local file parsing errors occur and the first remote update fails

commit a013ac3
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 29 21:52:44 2025 +0800

    chore: give better error messages for some stupid config files

commit ee5d77c
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 29 21:15:48 2025 +0800

    chore: cleanup tls clientFingerprint code

commit 936df90
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 29 09:01:54 2025 +0800

    chore: update dependencies

commit f774276
Author: Larvan2 <[email protected]>
Date:   Mon Apr 28 03:07:21 2025 +0000

    fix: ensure wait group completes

commit aa51b9f
Author: wwqgtxx <[email protected]>
Date:   Mon Apr 28 10:28:45 2025 +0800

    chore: replace using internal batch package to x/sync/errgroup

    In the original batch implementation, the Go() method will always start a new goroutine and then wait for the concurrency limit, which is unnecessary for the current code. x/sync/errgroup will block Go() until the concurrency limit is met, which can effectively reduce memory usage.
    In addition, the original batch always saves the return value of Go(), but it is not used in the current code, which will also waste a lot of memory space in high concurrency scenarios.

commit d55b047
Author: wwqgtxx <[email protected]>
Date:   Sun Apr 27 09:39:46 2025 +0800

    chore: ignore interfaces not with FlagUp in local interface finding

commit efc7abc
Author: xishang0128 <[email protected]>
Date:   Fri Apr 25 12:10:18 2025 +0800

    actions: fix pacman build

commit c2301f6
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 25 10:34:34 2025 +0800

    chore: rebuild fingerprint and keypair handle

commit 468cfc3
Author: WeidiDeng <[email protected]>
Date:   Thu Apr 24 19:50:16 2025 +0800

    fix: set sni to servername if not specified for trojan outbound (MetaCubeX#1991)

commit 5dce957
Author: xishang0128 <[email protected]>
Date:   Thu Apr 24 17:25:14 2025 +0800

    actions: improve build process

commit 4ecb49b
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 23 12:25:42 2025 +0800

    chore: dynamic fetch remoteAddr in hysteria2 service

commit 7de4af2
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 23 12:10:37 2025 +0800

    fix: shadowtls test

commit 48d8efb
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 23 12:00:10 2025 +0800

    fix: do NOT reset the quic-go internal state when only port is different

commit e6e7aa5
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 22 23:44:55 2025 +0800

    fix: alpn apply on shadowtls

commit 99aa1b0
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 22 20:49:54 2025 +0800

    feat: inbound support shadow-tls

commit 52ad793
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 22 20:09:24 2025 +0800

    fix: shadowtls v1 not work

commit 2fb9331
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 22 10:37:05 2025 +0800

    fix: some resources are not released in listener

commit 793ce45
Author: wwqgtxx <[email protected]>
Date:   Mon Apr 21 22:58:08 2025 +0800

    chore: update quic-go to 0.51.0

commit 39d6a0d
Author: wwqgtxx <[email protected]>
Date:   Mon Apr 21 12:07:33 2025 +0800

    chore: update utls to 1.7.0

commit d5243ad
Author: wwqgtxx <[email protected]>
Date:   Sat Apr 19 02:04:09 2025 +0800

    chore: better global-client-fingerprint handle

commit 6236cb1
Author: wwqgtxx <[email protected]>
Date:   Sat Apr 19 01:32:55 2025 +0800

    chore: cleanup trojan code

commit 619c9dc
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 18 20:16:51 2025 +0800

    chore: apply the default interface/mark of the dialer in the final stage

commit 9c5067e
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 18 19:34:21 2025 +0800

    action: disable MinGW's path conversion in test

commit feee9b3
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 18 16:59:53 2025 +0800

    chore: remove unneeded tls timeout in anytls

commit 63e66f4
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 18 16:59:28 2025 +0800

    chore: cleanup trojan code

commit bad61f9
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 18 11:40:37 2025 +0800

    fix: avoid panic in inbound test

commit 69ce4d0
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 17 23:40:46 2025 +0800

    chore: speed up inbound test

commit b59f11f
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 17 21:07:35 2025 +0800

    chore: add singMux inbound test for shadowsocks/trojan/vless/vmess

commit 30d90d4
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 17 21:06:55 2025 +0800

    chore: update option checks to use IsZeroOptions

commit 76052b5
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 17 12:54:36 2025 +0800

    fix: grpc in trojan not apply client-fingerprint

commit 7d7f5c8
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 17 10:02:48 2025 +0800

    chore: add inbound test for tuic

commit e79465d
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 17 09:26:12 2025 +0800

    chore: add inbound test for hysteria2

commit 345d3d7
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 17 09:01:26 2025 +0800

    chore: add inbound test for anytls

commit 3d806b5
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 17 01:36:14 2025 +0800

    chore: add inbound test for shadowsocks/trojan

commit b5fcd1d
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 17 00:11:24 2025 +0800

    fix: chacha8-ietf-poly1305 not work

commit b21b8ee
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 16 22:22:56 2025 +0800

    fix: panic in ssr packet

commit d0d0c39
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 16 20:44:48 2025 +0800

    chore: add inbound test for vmess/vless

commit a75e570
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 16 20:38:10 2025 +0800

    fix: vision conn read short buffer error

commit 9e0889c
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 16 13:16:11 2025 +0800

    fix: observable test

commit 55cbbf7
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 16 13:13:01 2025 +0800

    fix: singledo test

commit 664b134
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 16 13:02:50 2025 +0800

    fix: websocket data losing

commit ba3c44a
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 16 09:39:52 2025 +0800

    chore: code cleanup

commit dcb20e2
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 16 08:47:44 2025 +0800

    fix: websocket server upgrade in golang1.20

commit 3d2cb99
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 16 01:00:06 2025 +0800

    fix: grpc outbound not apply ca fingerprint

commit 984535f
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 15 21:59:35 2025 +0800

    action: run tests on more platforms

commit 8fa4e81
Author: wwqgtxx <[email protected]>
Date:   Sun Apr 13 03:03:28 2025 +0800

    chore: remove internal crypto/tls fork in reality server

commit 7551c8a
Author: wwqgtxx <[email protected]>
Date:   Sat Apr 12 23:42:57 2025 +0800

    chore: remove unneed code

commit 237e2ed
Author: wwqgtxx <[email protected]>
Date:   Sat Apr 12 22:46:26 2025 +0800

    chore: tun will add firewall rule for Profile ALL on windows system stack

commit fe01033
Author: wwqgtxx <[email protected]>
Date:   Sat Apr 12 22:27:07 2025 +0800

    chore: quic sniffer should use the exact length of crypto stream when assembling

commit 84cd0ef
Author: wwqgtxx <[email protected]>
Date:   Sat Apr 12 20:27:30 2025 +0800

    chore: remove internal crypto/tls fork in shadowtls

commit cedb36d
Author: wwqgtxx <[email protected]>
Date:   Sat Apr 12 11:19:03 2025 +0800

    chore: using SetupContextForConn to reduce the DialContext cannot be cancelled

commit 7a260f7
Author: HiMetre <[email protected]>
Date:   Fri Apr 11 09:20:58 2025 +0800

    fix: udp dial support ip4p (MetaCubeX#1377)

commit 8085c68
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 11 00:33:07 2025 +0800

    chore: decrease direct using *net.TCPConn

commit dbb5b7d
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 10 23:32:26 2025 +0800

    fix: SetupContextForConn should return context error to user

commit bfd06eb
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 10 01:16:54 2025 +0800

    chore: rebuild SetupContextForConn with context.AfterFunc

commit e8af058
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 10 00:13:14 2025 +0800

    fix: websocketWithEarlyDataConn can't close underlay conn when is dialing or not dialed

commit 487d7fa
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 9 17:53:36 2025 +0800

    fix: panic under some stupid input config

commit 4b15568
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 9 12:33:01 2025 +0800

    chore: cleanup metadata code

commit cac2bf7
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 9 11:39:00 2025 +0800

    chore: cleanup netip code

commit b2d2890
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 9 10:32:13 2025 +0800

    chore: cleanup resolveUDPAddr code

commit 8752f80
Author: anytls <[email protected]>
Date:   Wed Apr 9 10:55:53 2025 +0900

    fix: anytls stream read error (MetaCubeX#1970)

    Co-authored-by: anytls <anytls>

commit a6c0c02
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 8 23:42:21 2025 +0800

    chore: ignore interfaces not in IfOperStatusUp when fetch system dns server on windows

commit 2acb0b7
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 8 19:20:29 2025 +0800

    fix: tun IncludeInterface/ExcludeInterface priority

commit 2a40eba
Author: wwqgtxx <[email protected]>
Date:   Tue Apr 8 19:07:39 2025 +0800

    feat: tun add `exclude-src-port`,`exclude-src-port-range`,`exclude-dst-port` and `exclude-dst-port-range` on linux

commit a22efd5
Author: okhowang <[email protected]>
Date:   Tue Apr 8 12:10:30 2025 +0800

    feat: add exclude port and exclude port range options (MetaCubeX#1951)

    Fixes MetaCubeX#1769

commit 9e8f4ad
Author: wwqgtxx <[email protected]>
Date:   Sun Apr 6 10:43:21 2025 +0800

    chore: better addr parsing

commit 09c7ee0
Author: wwqgtxx <[email protected]>
Date:   Sun Apr 6 10:12:57 2025 +0800

    fix: grpc server panic

commit 2a08c44
Author: wwqgtxx <[email protected]>
Date:   Sat Apr 5 10:48:07 2025 +0800

    action: fix run build on pull_request

commit 190047c
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 4 21:05:54 2025 +0800

    fix: grpc transport not apply dial timeout

commit 24a9ff6
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 4 13:33:00 2025 +0800

    fix: disallow dialFunc be called after grpc transport has be closed

commit efa2243
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 4 11:54:19 2025 +0800

    fix: shut it down more aggressively in grpc transport closing

commit b0bd4f4
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 4 11:12:08 2025 +0800

    fix: resources not released when hysteria2 verification failed

commit eaaccff
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 4 10:55:16 2025 +0800

    fix: race in Single.Do

commit e81f3a9
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 4 09:08:52 2025 +0800

    fix: correctly implement references to proxies

commit 323973f
Author: wwqgtxx <[email protected]>
Date:   Fri Apr 4 00:22:52 2025 +0800

    fix: converter judgment conditions

commit ed7533c
Author: 5aaee9 <[email protected]>
Date:   Thu Apr 3 08:52:19 2025 -0700

     fix: tproxy high cpu usage (MetaCubeX#1957)

commit 7de24e2
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 3 23:41:24 2025 +0800

    fix: StreamGunWithConn not synchronously close the incoming net.Conn

commit 622d99d
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 3 22:42:32 2025 +0800

    chore: rebuild outdated proxy auto close mechanism

commit 7f1225b
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 3 22:41:05 2025 +0800

    fix: grpc transport can't be closed

commit 23ffe45
Author: wwqgtxx <[email protected]>
Date:   Thu Apr 3 19:47:49 2025 +0800

    chore: using http/httptrace to get local/remoteAddr for grpc client

commit 7b37fcf
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 2 23:47:34 2025 +0800

    fix: auto_redirect should only hijack DNS requests from local addresses

commit daa592c
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 2 21:13:46 2025 +0800

    fix: converter panic

commit 577f64a
Author: wwqgtxx <[email protected]>
Date:   Wed Apr 2 14:39:07 2025 +0800

    fix: X25519MLKEM768 does not work properly with reality

commit 025ff19
Author: wwqgtxx <[email protected]>
Date:   Fri Mar 28 10:54:11 2025 +0800

    fix: wrong conditional judgment in removeExtraHTTPHostPort
    MetaCubeX#1939

commit f615346
Author: anytls <[email protected]>
Date:   Thu Mar 27 20:25:31 2025 +0800

    chore: anytls protocol version 2 (MetaCubeX#1936)

commit 7b38261
Author: wwqgtxx <[email protected]>
Date:   Tue Mar 25 01:19:39 2025 +0800

    chore: update gvisor

commit 0f32c05
Author: enfein <[email protected]>
Date:   Thu Mar 20 05:58:04 2025 +0000

    feat: support UDP over TCP in mieru (MetaCubeX#1926)

commit 4f8b70c
Author: 5aaee9 <[email protected]>
Date:   Wed Mar 19 12:20:48 2025 +0800

    fix: buffer in tproxy not recycle (MetaCubeX#1923)

commit dcef787
Author: wwqgtxx <[email protected]>
Date:   Tue Mar 18 09:09:54 2025 +0800

    chore: update utls

commit 7c444a9
Author: wwqgtxx <[email protected]>
Date:   Mon Mar 17 23:51:21 2025 +0800

    fix: correctly handle ipv6 zone

commit e3d4ec2
Author: wwqgtxx <[email protected]>
Date:   Mon Mar 17 14:00:51 2025 +0800

    fix: race at interfaceName setting

commit 14217e7
Author: xishang0128 <[email protected]>
Date:   Mon Mar 17 13:21:23 2025 +0800

    chore: update service capabilities to include CAP_SYS_TIME and CAP_DAC_OVERRIDE

commit 68abb13
Author: wwqgtxx <[email protected]>
Date:   Mon Mar 17 10:42:13 2025 +0800

    chore: support longest-prefix matches in local interface finding

commit dee5898
Author: Cesaryuan <[email protected]>
Date:   Sat Mar 15 13:27:29 2025 +0800

    fix: memory leak due to unclosed session (MetaCubeX#1908)

commit 1e22f4d
Author: wwqgtxx <[email protected]>
Date:   Fri Mar 14 12:07:23 2025 +0800

    chore: reduce data copying in quic sniffer and better handle data fragmentation and overlap

commit a7a796b
Author: wwqgtxx <[email protected]>
Date:   Thu Mar 13 16:27:29 2025 +0800

    chore: cleanup quic sniff's code

commit ff89bf0
Author: Cesaryuan <[email protected]>
Date:   Thu Mar 13 13:28:40 2025 +0800

    feat: add gost-plugin in which only ws and mws are currently supported. (MetaCubeX#1896)

commit 801f3c3
Author: 5aaee9 <[email protected]>
Date:   Thu Mar 13 13:19:36 2025 +0800

    feat: support sniff quic fragment data (MetaCubeX#1899)

commit 7ff046a
Author: wwqgtxx <[email protected]>
Date:   Thu Mar 13 08:52:27 2025 +0800

    chore: modify UDPSniff's function signature to prepare for its ability to handle multiple packets.

commit 0ed159e
Author: wwqgtxx <[email protected]>
Date:   Wed Mar 12 13:33:52 2025 +0800

    chore: code cleanup

commit 070eb31
Author: wwqgtxx <[email protected]>
Date:   Wed Mar 12 11:42:57 2025 +0800

    chore: speedup system stack in tun

commit f318b80
Author: wwqgtxx <[email protected]>
Date:   Tue Mar 11 22:50:55 2025 +0800

    chore: better cache implement for group's getProxies

commit c0de3c0
Author: wwqgtxx <[email protected]>
Date:   Mon Mar 10 11:10:39 2025 +0800

    fix: some default value in dialer not restore in tun when config reload

commit 4bd3ae5
Author: wwqgtxx <[email protected]>
Date:   Mon Mar 10 10:45:07 2025 +0800

    chore: dialer will consider the routing of the local interface when auto-detect-interface in tun is enabled
    for MetaCubeX#1881 MetaCubeX#1819

commit 00e6466
Author: Skyxim <[email protected]>
Date:   Mon Mar 10 09:13:38 2025 +0800

    chore: update checksum generation step

commit c94b442
Author: Skyxim <[email protected]>
Date:   Mon Mar 10 09:02:08 2025 +0800

    chore: add checksum generation for production artifacts

Author: kitty314

.github/workflows/trigger-cmfa-update.yml

@@ -10,9 +10,6 @@ on:
       - Alpha
     tags:
       - "v*"
-  pull_request_target:
-    branches:
-      - Alpha
 
 jobs:
   # Send "core-updated" to MetaCubeX/ClashMetaForAndroid to trigger update-dependencies

adapter/adapter.go

@@ -7,9 +7,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
-	"net/netip"
 	"net/url"
-	"strconv"
 	"strings"
 	"time"
 
@@ -316,15 +314,7 @@ func urlToMetadata(rawURL string) (addr C.Metadata, err error) {
 			return
 		}
 	}
-	uintPort, err := strconv.ParseUint(port, 10, 16)
-	if err != nil {
-		return
-	}
 
-	addr = C.Metadata{
-		Host:    u.Hostname(),
-		DstIP:   netip.Addr{},
-		DstPort: uint16(uintPort),
-	}
+	err = addr.SetRemoteAddress(net.JoinHostPort(u.Hostname(), port))
 	return
 }

adapter/inbound/util.go

@@ -4,7 +4,6 @@ import (
 	"net"
 	"net/http"
 	"net/netip"
-	"strconv"
 	"strings"
 
 	C "github.com/metacubex/clash/constant"
@@ -41,23 +40,8 @@ func parseHTTPAddr(request *http.Request) *C.Metadata {
 	// trim FQDN (#737)
 	host = strings.TrimRight(host, ".")
 
-	var uint16Port uint16
-	if port, err := strconv.ParseUint(port, 10, 16); err == nil {
-		uint16Port = uint16(port)
-	}
-
-	metadata := &C.Metadata{
-		NetWork: C.TCP,
-		Host:    host,
-		DstIP:   netip.Addr{},
-		DstPort: uint16Port,
-	}
-
-	ip, err := netip.ParseAddr(host)
-	if err == nil {
-		metadata.DstIP = ip
-	}
-
+	metadata := &C.Metadata{}
+	_ = metadata.SetRemoteAddress(net.JoinHostPort(host, port))
 	return metadata
 }
 

adapter/outbound/anytls.go

@@ -2,15 +2,13 @@ package outbound
 
 import (
 	"context"
-	"errors"
 	"net"
 	"strconv"
 	"time"
 
 	CN "github.com/metacubex/clash/common/net"
 	"github.com/metacubex/clash/component/dialer"
 	"github.com/metacubex/clash/component/proxydialer"
-	"github.com/metacubex/clash/component/resolver"
 	C "github.com/metacubex/clash/constant"
 	"github.com/metacubex/clash/transport/anytls"
 	"github.com/metacubex/clash/transport/vmess"
@@ -28,19 +26,20 @@ type AnyTLS struct {
 
 type AnyTLSOption struct {
 	BasicOption
-	Name                     string   `proxy:"name"`
-	Server                   string   `proxy:"server"`
-	Port                     int      `proxy:"port"`
-	Password                 string   `proxy:"password"`
-	ALPN                     []string `proxy:"alpn,omitempty"`
-	SNI                      string   `proxy:"sni,omitempty"`
-	ClientFingerprint        string   `proxy:"client-fingerprint,omitempty"`
-	SkipCertVerify           bool     `proxy:"skip-cert-verify,omitempty"`
-	Fingerprint              string   `proxy:"fingerprint,omitempty"`
-	UDP                      bool     `proxy:"udp,omitempty"`
-	IdleSessionCheckInterval int      `proxy:"idle-session-check-interval,omitempty"`
-	IdleSessionTimeout       int      `proxy:"idle-session-timeout,omitempty"`
-	MinIdleSession           int      `proxy:"min-idle-session,omitempty"`
+	Name                     string     `proxy:"name"`
+	Server                   string     `proxy:"server"`
+	Port                     int        `proxy:"port"`
+	Password                 string     `proxy:"password"`
+	ALPN                     []string   `proxy:"alpn,omitempty"`
+	SNI                      string     `proxy:"sni,omitempty"`
+	ECHOpts                  ECHOptions `proxy:"ech-opts,omitempty"`
+	ClientFingerprint        string     `proxy:"client-fingerprint,omitempty"`
+	SkipCertVerify           bool       `proxy:"skip-cert-verify,omitempty"`
+	Fingerprint              string     `proxy:"fingerprint,omitempty"`
+	UDP                      bool       `proxy:"udp,omitempty"`
+	IdleSessionCheckInterval int        `proxy:"idle-session-check-interval,omitempty"`
+	IdleSessionTimeout       int        `proxy:"idle-session-timeout,omitempty"`
+	MinIdleSession           int        `proxy:"min-idle-session,omitempty"`
 }
 
 func (t *AnyTLS) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Conn, err error) {
@@ -52,20 +51,17 @@ func (t *AnyTLS) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Con
 }
 
 func (t *AnyTLS) ListenPacketContext(ctx context.Context, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	if err = t.ResolveUDP(ctx, metadata); err != nil {
+		return nil, err
+	}
+
 	// create tcp
 	c, err := t.client.CreateProxy(ctx, uot.RequestDestination(2))
 	if err != nil {
 		return nil, err
 	}
 
 	// create uot on tcp
-	if !metadata.Resolved() {
-		ip, err := resolver.ResolveIP(ctx, metadata.Host)
-		if err != nil {
-			return nil, errors.New("can't resolve ip")
-		}
-		metadata.DstIP = ip
-	}
 	destination := M.SocksaddrFromNet(metadata.UDPAddr())
 	return newPacketConn(CN.NewThreadSafePacketConn(uot.NewLazyConn(c, uot.Request{Destination: destination})), t), nil
 }
@@ -115,12 +111,17 @@ func NewAnyTLS(option AnyTLSOption) (*AnyTLS, error) {
 		IdleSessionTimeout:       time.Duration(option.IdleSessionTimeout) * time.Second,
 		MinIdleSession:           option.MinIdleSession,
 	}
+	echConfig, err := option.ECHOpts.Parse()
+	if err != nil {
+		return nil, err
+	}
 	tlsConfig := &vmess.TLSConfig{
 		Host:              option.SNI,
 		SkipCertVerify:    option.SkipCertVerify,
 		NextProtos:        option.ALPN,
 		FingerPrint:       option.Fingerprint,
 		ClientFingerprint: option.ClientFingerprint,
+		ECH:               echConfig,
 	}
 	if tlsConfig.Host == "" {
 		tlsConfig.Host = option.Server

adapter/outbound/base.go

@@ -3,22 +3,24 @@ package outbound
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net"
 	"runtime"
-	"strings"
 	"sync"
 	"syscall"
 
 	N "github.com/metacubex/clash/common/net"
 	"github.com/metacubex/clash/common/utils"
 	"github.com/metacubex/clash/component/dialer"
+	"github.com/metacubex/clash/component/resolver"
 	C "github.com/metacubex/clash/constant"
 	"github.com/metacubex/clash/log"
 )
 
 type ProxyAdapter interface {
 	C.ProxyAdapter
 	DialOptions() []dialer.Option
+	ResolveUDP(ctx context.Context, metadata *C.Metadata) error
 }
 
 type Base struct {
@@ -160,6 +162,17 @@ func (b *Base) DialOptions() (opts []dialer.Option) {
 	return opts
 }
 
+func (b *Base) ResolveUDP(ctx context.Context, metadata *C.Metadata) error {
+	if !metadata.Resolved() {
+		ip, err := resolver.ResolveIP(ctx, metadata.Host)
+		if err != nil {
+			return fmt.Errorf("can't resolve ip: %w", err)
+		}
+		metadata.DstIP = ip
+	}
+	return nil
+}
+
 func (b *Base) Close() error {
 	return nil
 }
@@ -203,12 +216,21 @@ func NewBase(opt BaseOption) *Base {
 
 type conn struct {
 	N.ExtendedConn
-	chain                   C.Chain
-	actualRemoteDestination string
+	chain       C.Chain
+	adapterAddr string
 }
 
 func (c *conn) RemoteDestination() string {
-	return c.actualRemoteDestination
+	if remoteAddr := c.RemoteAddr(); remoteAddr != nil {
+		m := C.Metadata{}
+		if err := m.SetRemoteAddr(remoteAddr); err == nil {
+			if m.Valid() {
+				return m.String()
+			}
+		}
+	}
+	host, _, _ := net.SplitHostPort(c.adapterAddr)
+	return host
 }
 
 // Chains implements C.Connection
@@ -241,19 +263,25 @@ func NewConn(c net.Conn, a C.ProxyAdapter) C.Conn {
 	if _, ok := c.(syscall.Conn); !ok { // exclusion system conn like *net.TCPConn
 		c = N.NewDeadlineConn(c) // most conn from outbound can't handle readDeadline correctly
 	}
-	return &conn{N.NewExtendedConn(c), []string{a.Name()}, parseRemoteDestination(a.Addr())}
+	return &conn{N.NewExtendedConn(c), []string{a.Name()}, a.Addr()}
 }
 
 type packetConn struct {
 	N.EnhancePacketConn
-	chain                   C.Chain
-	adapterName             string
-	connID                  string
-	actualRemoteDestination string
+	chain       C.Chain
+	adapterName string
+	connID      string
+	adapterAddr string
+	resolveUDP  func(ctx context.Context, metadata *C.Metadata) error
+}
+
+func (c *packetConn) ResolveUDP(ctx context.Context, metadata *C.Metadata) error {
+	return c.resolveUDP(ctx, metadata)
 }
 
 func (c *packetConn) RemoteDestination() string {
-	return c.actualRemoteDestination
+	host, _, _ := net.SplitHostPort(c.adapterAddr)
+	return host
 }
 
 // Chains implements C.Connection
@@ -287,24 +315,12 @@ func (c *packetConn) AddRef(ref any) {
 	c.EnhancePacketConn = N.NewRefPacketConn(c.EnhancePacketConn, ref) // add ref for autoCloseProxyAdapter
 }
 
-func newPacketConn(pc net.PacketConn, a C.ProxyAdapter) C.PacketConn {
+func newPacketConn(pc net.PacketConn, a ProxyAdapter) C.PacketConn {
 	epc := N.NewEnhancePacketConn(pc)
 	if _, ok := pc.(syscall.Conn); !ok { // exclusion system conn like *net.UDPConn
 		epc = N.NewDeadlineEnhancePacketConn(epc) // most conn from outbound can't handle readDeadline correctly
 	}
-	return &packetConn{epc, []string{a.Name()}, a.Name(), utils.NewUUIDV4().String(), parseRemoteDestination(a.Addr())}
-}
-
-func parseRemoteDestination(addr string) string {
-	if dst, _, err := net.SplitHostPort(addr); err == nil {
-		return dst
-	} else {
-		if addrError, ok := err.(*net.AddrError); ok && strings.Contains(addrError.Err, "missing port") {
-			return dst
-		} else {
-			return ""
-		}
-	}
+	return &packetConn{epc, []string{a.Name()}, a.Name(), utils.NewUUIDV4().String(), a.Addr(), a.ResolveUDP}
 }
 
 type AddRef interface {

adapter/outbound/direct.go

@@ -2,7 +2,8 @@ package outbound
 
 import (
 	"context"
-	"errors"
+	"fmt"
+
 	"github.com/metacubex/clash/component/dialer"
 	"github.com/metacubex/clash/component/loopback"
 	"github.com/metacubex/clash/component/resolver"
@@ -38,13 +39,8 @@ func (d *Direct) ListenPacketContext(ctx context.Context, metadata *C.Metadata)
 	if err := d.loopBack.CheckPacketConn(metadata); err != nil {
 		return nil, err
 	}
-	// net.UDPConn.WriteTo only working with *net.UDPAddr, so we need a net.UDPAddr
-	if !metadata.Resolved() {
-		ip, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, resolver.DirectHostResolver)
-		if err != nil {
-			return nil, errors.New("can't resolve ip")
-		}
-		metadata.DstIP = ip
+	if err := d.ResolveUDP(ctx, metadata); err != nil {
+		return nil, err
 	}
 	pc, err := dialer.NewDialer(d.DialOptions()...).ListenPacket(ctx, "udp", "", metadata.AddrPort())
 	if err != nil {
@@ -53,6 +49,17 @@ func (d *Direct) ListenPacketContext(ctx context.Context, metadata *C.Metadata)
 	return d.loopBack.NewPacketConn(newPacketConn(pc, d)), nil
 }
 
+func (d *Direct) ResolveUDP(ctx context.Context, metadata *C.Metadata) error {
+	if (!metadata.Resolved() || resolver.DirectHostResolver != resolver.DefaultResolver) && metadata.Host != "" {
+		ip, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, resolver.DirectHostResolver)
+		if err != nil {
+			return fmt.Errorf("can't resolve ip: %w", err)
+		}
+		metadata.DstIP = ip
+	}
+	return nil
+}
+
 func (d *Direct) IsL3Protocol(metadata *C.Metadata) bool {
 	return true // tell DNSDialer don't send domain to DialContext, avoid lookback to DefaultResolver
 }

adapter/outbound/dns.go

@@ -3,6 +3,7 @@ package outbound
 import (
 	"context"
 	"net"
+	"net/netip"
 	"time"
 
 	N "github.com/metacubex/clash/common/net"
@@ -31,6 +32,9 @@ func (d *Dns) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, er
 // ListenPacketContext implements C.ProxyAdapter
 func (d *Dns) ListenPacketContext(ctx context.Context, metadata *C.Metadata) (C.PacketConn, error) {
 	log.Debugln("[DNS] hijack udp:%s from %s", metadata.RemoteAddress(), metadata.SourceAddrPort())
+	if err := d.ResolveUDP(ctx, metadata); err != nil {
+		return nil, err
+	}
 
 	ctx, cancel := context.WithCancel(context.Background())
 
@@ -41,6 +45,13 @@ func (d *Dns) ListenPacketContext(ctx context.Context, metadata *C.Metadata) (C.
 	}, d), nil
 }
 
+func (d *Dns) ResolveUDP(ctx context.Context, metadata *C.Metadata) error {
+	if !metadata.Resolved() {
+		metadata.DstIP = netip.AddrFrom4([4]byte{127, 0, 0, 2})
+	}
+	return nil
+}
+
 type dnsPacket struct {
 	data []byte
 	put  func()