v1.7.3

Fixes https://github.com/XTLS/Xray-core/issues/1577

.github/dependabot.yml

@@ -9,3 +9,7 @@ updates:
     directory: "/" # Location of package manifests
     schedule:
       interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/release.yml

@@ -21,6 +21,8 @@ on:
       - ".github/workflows/*.yml"
 jobs:
   build:
+    permissions:
+      contents: write
     strategy:
       matrix:
         # Include amd64 on all platforms.
@@ -110,20 +112,19 @@ jobs:
       CGO_ENABLED: 0
     steps:
       - name: Checkout codebase
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Show workflow information 
-        id: get_filename
         run: |
           export _NAME=$(jq ".[\"$GOOS-$GOARCH$GOARM$GOMIPS\"].friendlyName" -r < .github/build/friendly-filenames.json)
           echo "GOOS: $GOOS, GOARCH: $GOARCH, GOARM: $GOARM, GOMIPS: $GOMIPS, RELEASE_NAME: $_NAME"
-          echo "::set-output name=ASSET_NAME::$_NAME"
           echo "ASSET_NAME=$_NAME" >> $GITHUB_ENV
 
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
-          go-version: ^1.17.5
+          go-version: 1.19
+          check-latest: true
 
       - name: Get project dependencies
         run: go mod download
@@ -143,6 +144,11 @@ jobs:
           mkdir -p build_assets
           go build -v -o build_assets/xray -trimpath -ldflags "-s -w -buildid=" ./main
 
+      - name: Build background Xray on Windows 
+        if: matrix.goos == 'windows'
+        run: |
+          go build -v -o build_assets/wxray.exe -trimpath -ldflags "-s -w -H windowsgui -buildid=" ./main
+    
       - name: Build Mips softfloat Xray
         if: matrix.goarch == 'mips' || matrix.goarch == 'mipsle'
         run: |
@@ -155,19 +161,23 @@ jobs:
           mv xray xray.exe
 
       - name: Prepare to release
-        run: |
+        uses: nick-fields/retry@v2
+        with:
+          timeout_minutes: 60
+          retry_wait_seconds: 60
+          max_attempts: 60
+          command: |
             cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md
             cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE
             LIST=('geoip geoip geoip' 'domain-list-community dlc geosite')
             for i in "${LIST[@]}"
             do
               INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}'))
-            LASTEST_TAG="$(curl -sL "https://api.github.com/repos/v2fly/${INFO[0]}/releases" | jq -r ".[0].tag_name" || echo "latest")"
               FILE_NAME="${INFO[2]}.dat"
-            echo -e "Downloading ${FILE_NAME}..."
-            curl -L "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME}
+              echo -e "Downloading https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat..."
+              curl -L "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME}
               echo -e "Verifying HASH key..."
-            HASH="$(curl -sL "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')"
+              HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')"
               [ "$(sha256sum "./build_assets/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; }
             done
 
@@ -176,9 +186,9 @@ jobs:
         run: |
           pushd build_assets || exit 1
           touch -mt $(date +%Y01010000) *
-          zip -9vr ../Xray-$ASSET_NAME.zip .
+          zip -9vr ../Xray-${{ env.ASSET_NAME }}.zip .
           popd || exit 1
-          FILE=./Xray-$ASSET_NAME.zip
+          FILE=./Xray-${{ env.ASSET_NAME }}.zip
           DGST=$FILE.dgst
           for METHOD in {"md5","sha1","sha256","sha512"}
           do
@@ -187,20 +197,20 @@ jobs:
 
       - name: Change the name
         run: |
-          mv build_assets Xray-$ASSET_NAME
+          mv build_assets Xray-${{ env.ASSET_NAME }}
 
       - name: Upload files to Artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
-          name: Xray-${{ steps.get_filename.outputs.ASSET_NAME }}
+          name: Xray-${{ env.ASSET_NAME }}
           path: |
-            ./Xray-${{ steps.get_filename.outputs.ASSET_NAME }}/*
+            ./Xray-${{ env.ASSET_NAME }}/*
 
       - name: Upload binaries to release
         uses: svenstaro/upload-release-action@v2
         if: github.event_name == 'release'
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
-          file: ./Xray-${{ steps.get_filename.outputs.ASSET_NAME }}.zip*
+          file: ./Xray-${{ env.ASSET_NAME }}.zip*
           tag: ${{ github.ref }}
           file_glob: true

.github/workflows/test.yml

@@ -19,6 +19,8 @@ on:
 
 jobs:
   test:
+    permissions:
+      contents: read
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
@@ -26,11 +28,12 @@ jobs:
         os: [windows-latest, ubuntu-latest, macos-latest]
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
-          go-version: ^1.17.5
+          go-version: 1.19
+          check-latest: true
       - name: Checkout codebase
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Prepare geo*dat
         if: ${{ matrix.os != 'windows-latest' }}

.gitignore

@@ -18,8 +18,7 @@
 .idea
 *.zip
 *.tar.gz
-v2ray
-v2ctl
+xray
 mockgen
 vprotogen
 !infra/vprotogen/

README.md

@@ -1,6 +1,6 @@
 # Project X
 
-[Project X](https://github.com/XTLS) originates from XTLS protocol, provides a set of network tools such as [Xray-core](https://github.com/XTLS/Xray-core) and [Xray-flutter](https://github.com/XTLS/Xray-flutter).
+[Project X](https://github.com/XTLS) originates from XTLS protocol, provides a set of network tools such as [Xray-core](https://github.com/XTLS/Xray-core).
 
 ## License
 
@@ -13,7 +13,6 @@
   - [Xray-script](https://github.com/kirin10000/Xray-script)
 - Docker
   - [teddysun/xray](https://hub.docker.com/r/teddysun/xray)
-  - Xray-docker
 - One Click
   - [ProxySU](https://github.com/proxysu/ProxySU)
   - [v2ray-agent](https://github.com/mack-a/v2ray-agent)
@@ -44,15 +43,16 @@
 - Windows
   - [v2rayN](https://github.com/2dust/v2rayN)
   - [Qv2ray](https://github.com/Qv2ray/Qv2ray) (This project had been archived and currently inactive)
-  - [Netch (NetFilter & TUN/TAP)](https://github.com/NetchX/Netch)
+  - [Netch (NetFilter & TUN/TAP)](https://github.com/NetchX/Netch) (This project had been archived and currently inactive)
 - Android
   - [v2rayNG](https://github.com/2dust/v2rayNG)
-  - [AnXray](https://github.com/XTLS/AnXray)
   - [Kitsunebi](https://github.com/rurirei/Kitsunebi/tree/release_xtls)
 - iOS & macOS (with M1 chip)
   - [Shadowrocket](https://apps.apple.com/app/shadowrocket/id932747118)
+  - [Stash](https://apps.apple.com/app/stash/id1596063349)
 - macOS (Intel chip & M1 chip)
   - [Qv2ray](https://github.com/Qv2ray/Qv2ray) (This project had been archived and currently inactive)
+  - [V2RayXS](https://github.com/tzmax/V2RayXS)
 
 ## Credits
 
@@ -61,13 +61,17 @@ This repo relies on the following third-party projects:
 - Special thanks:
   - [v2fly/v2ray-core](https://github.com/v2fly/v2ray-core)
 - In production:
+  - [ghodss/yaml](https://github.com/ghodss/yaml)
   - [gorilla/websocket](https://github.com/gorilla/websocket)
-  - [lucas-clemente/quic-go](https://github.com/lucas-clemente/quic-go)
+  - [quic-go/quic-go](https://github.com/quic-go/quic-go)
+  - [pelletier/go-toml](https://github.com/pelletier/go-toml)
   - [pires/go-proxyproto](https://github.com/pires/go-proxyproto)
+  - [refraction-networking/utls](https://github.com/refraction-networking/utls)
   - [seiflotfy/cuckoofilter](https://github.com/seiflotfy/cuckoofilter)
   - [google/starlark-go](https://github.com/google/starlark-go)
 - For testing only:
   - [miekg/dns](https://github.com/miekg/dns)
+  - [stretchr/testify](https://github.com/stretchr/testify)
   - [h12w/socks](https://github.com/h12w/socks)
 
 ## Compilation

app/commander/commander.go

@@ -7,12 +7,11 @@ import (
 	"net"
 	"sync"
 
-	"google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/signal/done"
 	core "github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/outbound"
+	"google.golang.org/grpc"
 )
 
 // Commander is a Xray feature that provides gRPC methods to external clients.

app/commander/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/commander/config.proto
 
 package commander

app/commander/outbound.go

@@ -37,7 +37,7 @@ func (l *OutboundListener) Accept() (net.Conn, error) {
 	}
 }
 
-// Close implement net.Listener.
+// Close implements net.Listener.
 func (l *OutboundListener) Close() error {
 	common.Must(l.done.Close())
 L:

app/commander/service.go

@@ -3,10 +3,9 @@ package commander
 import (
 	"context"
 
+	"github.com/xtls/xray-core/common"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/reflection"
-
-	"github.com/xtls/xray-core/common"
 )
 
 // Service is a Commander service.

app/dispatcher/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/dispatcher/config.proto
 
 package dispatcher

app/dispatcher/default.go

@@ -4,6 +4,7 @@ package dispatcher
 
 import (
 	"context"
+	"fmt"
 	"strings"
 	"sync"
 	"time"
@@ -92,13 +93,17 @@ type DefaultDispatcher struct {
 	router routing.Router
 	policy policy.Manager
 	stats  stats.Manager
-	hosts  dns.HostsLookup
+	dns    dns.Client
+	fdns   dns.FakeDNSEngine
 }
 
 func init() {
 	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
 		d := new(DefaultDispatcher)
 		if err := core.RequireFeatures(ctx, func(om outbound.Manager, router routing.Router, pm policy.Manager, sm stats.Manager, dc dns.Client) error {
+			core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) {
+				d.fdns = fdns
+			})
 			return d.Init(config.(*Config), om, router, pm, sm, dc)
 		}); err != nil {
 			return nil, err
@@ -108,14 +113,12 @@ func init() {
 }
 
 // Init initializes DefaultDispatcher.
-func (d *DefaultDispatcher) Init(config *Config, om outbound.Manager, router routing.Router, pm policy.Manager, sm stats.Manager, dc dns.Client) error {
+func (d *DefaultDispatcher) Init(config *Config, om outbound.Manager, router routing.Router, pm policy.Manager, sm stats.Manager, dns dns.Client) error {
 	d.ohm = om
 	d.router = router
 	d.policy = pm
 	d.stats = sm
-	if hosts, ok := dc.(dns.HostsLookup); ok {
-		d.hosts = hosts
-	}
+	d.dns = dns
 	return nil
 }
 
@@ -132,10 +135,77 @@ func (*DefaultDispatcher) Start() error {
 // Close implements common.Closable.
 func (*DefaultDispatcher) Close() error { return nil }
 
-func (d *DefaultDispatcher) getLink(ctx context.Context) (*transport.Link, *transport.Link) {
-	opt := pipe.OptionsFromContext(ctx)
-	uplinkReader, uplinkWriter := pipe.New(opt...)
-	downlinkReader, downlinkWriter := pipe.New(opt...)
+func (d *DefaultDispatcher) getLink(ctx context.Context, network net.Network, sniffing session.SniffingRequest) (*transport.Link, *transport.Link) {
+	downOpt := pipe.OptionsFromContext(ctx)
+	upOpt := downOpt
+
+	if network == net.Network_UDP {
+		var ip2domain *sync.Map // net.IP.String() => domain, this map is used by server side when client turn on fakedns
+		// Client will send domain address in the buffer.UDP.Address, server record all possible target IP addrs.
+		// When target replies, server will restore the domain and send back to client.
+		// Note: this map is not global but per connection context
+		upOpt = append(upOpt, pipe.OnTransmission(func(mb buf.MultiBuffer) buf.MultiBuffer {
+			for i, buffer := range mb {
+				if buffer.UDP == nil {
+					continue
+				}
+				addr := buffer.UDP.Address
+				if addr.Family().IsIP() {
+					if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && fkr0.IsIPInIPPool(addr) && sniffing.Enabled {
+						domain := fkr0.GetDomainFromFakeDNS(addr)
+						if len(domain) > 0 {
+							buffer.UDP.Address = net.DomainAddress(domain)
+							newError("[fakedns client] override with domain: ", domain, " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx))
+						} else {
+							newError("[fakedns client] failed to find domain! :", addr.String(), " for xUDP buffer at ", i).AtWarning().WriteToLog(session.ExportIDToError(ctx))
+						}
+					}
+				} else {
+					if ip2domain == nil {
+						ip2domain = new(sync.Map)
+						newError("[fakedns client] create a new map").WriteToLog(session.ExportIDToError(ctx))
+					}
+					domain := addr.Domain()
+					ips, err := d.dns.LookupIP(domain, dns.IPOption{true, true, false})
+					if err == nil {
+						for _, ip := range ips {
+							ip2domain.Store(ip.String(), domain)
+						}
+						newError("[fakedns client] candidate ip: "+fmt.Sprintf("%v", ips), " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx))
+					} else {
+						newError("[fakedns client] failed to look up IP for ", domain, " for xUDP buffer at ", i).Base(err).WriteToLog(session.ExportIDToError(ctx))
+					}
+				}
+			}
+			return mb
+		}))
+		downOpt = append(downOpt, pipe.OnTransmission(func(mb buf.MultiBuffer) buf.MultiBuffer {
+			for i, buffer := range mb {
+				if buffer.UDP == nil {
+					continue
+				}
+				addr := buffer.UDP.Address
+				if addr.Family().IsIP() {
+					if ip2domain == nil {
+						continue
+					}
+					if domain, found := ip2domain.Load(addr.IP().String()); found {
+						buffer.UDP.Address = net.DomainAddress(domain.(string))
+						newError("[fakedns client] restore domain: ", domain.(string), " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx))
+					}
+				} else {
+					if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok {
+						fakeIp := fkr0.GetFakeIPForDomain(addr.Domain())
+						buffer.UDP.Address = fakeIp[0]
+						newError("[fakedns client] restore FakeIP: ", buffer.UDP, fmt.Sprintf("%v", fakeIp), " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx))
+					}
+				}
+			}
+			return mb
+		}))
+	}
+	uplinkReader, uplinkWriter := pipe.New(upOpt...)
+	downlinkReader, downlinkWriter := pipe.New(downOpt...)
 
 	inboundLink := &transport.Link{
 		Reader: downlinkReader,
@@ -178,17 +248,16 @@ func (d *DefaultDispatcher) getLink(ctx context.Context) (*transport.Link, *tran
 	return inboundLink, outboundLink
 }
 
-func shouldOverride(ctx context.Context, result SniffResult, request session.SniffingRequest, destination net.Destination) bool {
+func (d *DefaultDispatcher) shouldOverride(ctx context.Context, result SniffResult, request session.SniffingRequest, destination net.Destination) bool {
 	domain := result.Domain()
+	if domain == "" {
+		return false
+	}
 	for _, d := range request.ExcludeForDomain {
 		if strings.ToLower(domain) == d {
 			return false
 		}
 	}
-	var fakeDNSEngine dns.FakeDNSEngine
-	core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) {
-		fakeDNSEngine = fdns
-	})
 	protocolString := result.Protocol()
 	if resComp, ok := result.(SnifferResultComposite); ok {
 		protocolString = resComp.ProtocolForDomainResult()
@@ -197,7 +266,7 @@ func shouldOverride(ctx context.Context, result SniffResult, request session.Sni
 		if strings.HasPrefix(protocolString, p) {
 			return true
 		}
-		if fkr0, ok := fakeDNSEngine.(dns.FakeDNSEngineRev0); ok && protocolString != "bittorrent" && p == "fakedns" &&
+		if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && protocolString != "bittorrent" && p == "fakedns" &&
 			destination.Address.Family().IsIP() && fkr0.IsIPInIPPool(destination.Address) {
 			newError("Using sniffer ", protocolString, " since the fake DNS missed").WriteToLog(session.ExportIDToError(ctx))
 			return true
@@ -221,45 +290,27 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin
 		Target: destination,
 	}
 	ctx = session.ContextWithOutbound(ctx, ob)
-
-	inbound, outbound := d.getLink(ctx)
 	content := session.ContentFromContext(ctx)
 	if content == nil {
 		content = new(session.Content)
 		ctx = session.ContextWithContent(ctx, content)
 	}
+
 	sniffingRequest := content.SniffingRequest
-	switch {
-	case !sniffingRequest.Enabled:
+	inbound, outbound := d.getLink(ctx, destination.Network, sniffingRequest)
+	if !sniffingRequest.Enabled {
 		go d.routedDispatch(ctx, outbound, destination)
-	case destination.Network != net.Network_TCP:
-		// Only metadata sniff will be used for non tcp connection
-		result, err := sniffer(ctx, nil, true)
-		if err == nil {
-			content.Protocol = result.Protocol()
-			if shouldOverride(ctx, result, sniffingRequest, destination) {
-				domain := result.Domain()
-				newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx))
-				destination.Address = net.ParseAddress(domain)
-				if sniffingRequest.RouteOnly && result.Protocol() != "fakedns" {
-					ob.RouteTarget = destination
 	} else {
-					ob.Target = destination
-				}
-			}
-		}
-		go d.routedDispatch(ctx, outbound, destination)
-	default:
 		go func() {
 			cReader := &cachedReader{
 				reader: outbound.Reader.(*pipe.Reader),
 			}
 			outbound.Reader = cReader
-			result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly)
+			result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly, destination.Network)
 			if err == nil {
 				content.Protocol = result.Protocol()
 			}
-			if err == nil && shouldOverride(ctx, result, sniffingRequest, destination) {
+			if err == nil && d.shouldOverride(ctx, result, sniffingRequest, destination) {
 				domain := result.Domain()
 				newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx))
 				destination.Address = net.ParseAddress(domain)
@@ -290,37 +341,19 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De
 		ctx = session.ContextWithContent(ctx, content)
 	}
 	sniffingRequest := content.SniffingRequest
-	switch {
-	case !sniffingRequest.Enabled:
+	if !sniffingRequest.Enabled {
 		go d.routedDispatch(ctx, outbound, destination)
-	case destination.Network != net.Network_TCP:
-		// Only metadata sniff will be used for non tcp connection
-		result, err := sniffer(ctx, nil, true)
-		if err == nil {
-			content.Protocol = result.Protocol()
-			if shouldOverride(ctx, result, sniffingRequest, destination) {
-				domain := result.Domain()
-				newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx))
-				destination.Address = net.ParseAddress(domain)
-				if sniffingRequest.RouteOnly && result.Protocol() != "fakedns" {
-					ob.RouteTarget = destination
 	} else {
-					ob.Target = destination
-				}
-			}
-		}
-		go d.routedDispatch(ctx, outbound, destination)
-	default:
 		go func() {
 			cReader := &cachedReader{
 				reader: outbound.Reader.(*pipe.Reader),
 			}
 			outbound.Reader = cReader
-			result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly)
+			result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly, destination.Network)
 			if err == nil {
 				content.Protocol = result.Protocol()
 			}
-			if err == nil && shouldOverride(ctx, result, sniffingRequest, destination) {
+			if err == nil && d.shouldOverride(ctx, result, sniffingRequest, destination) {
 				domain := result.Domain()
 				newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx))
 				destination.Address = net.ParseAddress(domain)
@@ -333,10 +366,11 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De
 			d.routedDispatch(ctx, outbound, destination)
 		}()
 	}
+
 	return nil
 }
 
-func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool) (SniffResult, error) {
+func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool, network net.Network) (SniffResult, error) {
 	payload := buf.New()
 	defer payload.Release()
 
@@ -362,7 +396,7 @@ func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool) (Sni
 
 				cReader.Cache(payload)
 				if !payload.IsEmpty() {
-					result, err := sniffer.Sniff(ctx, payload.Bytes())
+					result, err := sniffer.Sniff(ctx, payload.Bytes(), network)
 					if err != common.ErrNoClue {
 						return result, err
 					}
@@ -384,8 +418,8 @@ func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool) (Sni
 
 func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.Link, destination net.Destination) {
 	ob := session.OutboundFromContext(ctx)
-	if d.hosts != nil && destination.Address.Family().IsDomain() {
-		proxied := d.hosts.LookupHosts(ob.Target.String())
+	if hosts, ok := d.dns.(dns.HostsLookup); ok && destination.Address.Family().IsDomain() {
+		proxied := hosts.LookupHosts(ob.Target.String())
 		if proxied != nil {
 			ro := ob.RouteTarget == destination
 			destination.Address = *proxied
@@ -399,9 +433,13 @@ func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.
 
 	var handler outbound.Handler
 
+	routingLink := routing_session.AsRoutingContext(ctx)
+	inTag := routingLink.GetInboundTag()
+	isPickRoute := 0
 	if forcedOutboundTag := session.GetForcedOutboundTagFromContext(ctx); forcedOutboundTag != "" {
 		ctx = session.SetForcedOutboundTagToContext(ctx, "")
 		if h := d.ohm.GetHandler(forcedOutboundTag); h != nil {
+			isPickRoute = 1
 			newError("taking platform initialized detour [", forcedOutboundTag, "] for [", destination, "]").WriteToLog(session.ExportIDToError(ctx))
 			handler = h
 		} else {
@@ -411,13 +449,14 @@ func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.
 			return
 		}
 	} else if d.router != nil {
-		if route, err := d.router.PickRoute(routing_session.AsRoutingContext(ctx)); err == nil {
-			tag := route.GetOutboundTag()
-			if h := d.ohm.GetHandler(tag); h != nil {
-				newError("taking detour [", tag, "] for [", destination, "]").WriteToLog(session.ExportIDToError(ctx))
+		if route, err := d.router.PickRoute(routingLink); err == nil {
+			outTag := route.GetOutboundTag()
+			if h := d.ohm.GetHandler(outTag); h != nil {
+				isPickRoute = 2
+				newError("taking detour [", outTag, "] for [", destination, "]").WriteToLog(session.ExportIDToError(ctx))
 				handler = h
 			} else {
-				newError("non existing outTag: ", tag).AtWarning().WriteToLog(session.ExportIDToError(ctx))
+				newError("non existing outTag: ", outTag).AtWarning().WriteToLog(session.ExportIDToError(ctx))
 			}
 		} else {
 			newError("default route for ", destination).WriteToLog(session.ExportIDToError(ctx))
@@ -437,7 +476,15 @@ func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.
 
 	if accessMessage := log.AccessMessageFromContext(ctx); accessMessage != nil {
 		if tag := handler.Tag(); tag != "" {
+			if inTag == "" {
 				accessMessage.Detour = tag
+			} else if isPickRoute == 1 {
+				accessMessage.Detour = inTag + " ==> " + tag
+			} else if isPickRoute == 2 {
+				accessMessage.Detour = inTag + " -> " + tag
+			} else {
+				accessMessage.Detour = inTag + " >> " + tag
+			}
 		}
 		log.Record(accessMessage)
 	}

app/dispatcher/fakednssniffer.go

@@ -11,15 +11,16 @@ import (
 	"github.com/xtls/xray-core/features/dns"
 )
 
-// newFakeDNSSniffer Create a Fake DNS metadata sniffer
+// newFakeDNSSniffer Creates a Fake DNS metadata sniffer
 func newFakeDNSSniffer(ctx context.Context) (protocolSnifferWithMetadata, error) {
 	var fakeDNSEngine dns.FakeDNSEngine
-	err := core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) {
-		fakeDNSEngine = fdns
-	})
-	if err != nil {
-		return protocolSnifferWithMetadata{}, err
+	{
+		fakeDNSEngineFeat := core.MustFromContext(ctx).GetFeature((*dns.FakeDNSEngine)(nil))
+		if fakeDNSEngineFeat != nil {
+			fakeDNSEngine = fakeDNSEngineFeat.(dns.FakeDNSEngine)
 		}
+	}
+
 	if fakeDNSEngine == nil {
 		errNotInit := newError("FakeDNSEngine is not initialized, but such a sniffer is used").AtError()
 		return protocolSnifferWithMetadata{}, errNotInit
@@ -84,7 +85,8 @@ func (f DNSThenOthersSniffResult) Domain() string {
 }
 
 func newFakeDNSThenOthers(ctx context.Context, fakeDNSSniffer protocolSnifferWithMetadata, others []protocolSnifferWithMetadata) (
-	protocolSnifferWithMetadata, error) { // nolint: unparam
+	protocolSnifferWithMetadata, error,
+) { // nolint: unparam
 	// ctx may be used in the future
 	_ = ctx
 	return protocolSnifferWithMetadata{

app/dispatcher/sniffer.go

@@ -4,8 +4,10 @@ import (
 	"context"
 
 	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol/bittorrent"
 	"github.com/xtls/xray-core/common/protocol/http"
+	"github.com/xtls/xray-core/common/protocol/quic"
 	"github.com/xtls/xray-core/common/protocol/tls"
 )
 
@@ -22,6 +24,7 @@ type protocolSnifferWithMetadata struct {
 	// for both TCP and UDP connections
 	// It will not be shown as a traffic type for routing unless there is no other successful sniffing.
 	metadataSniffer bool
+	network         net.Network
 }
 
 type Sniffer struct {
@@ -31,9 +34,11 @@ type Sniffer struct {
 func NewSniffer(ctx context.Context) *Sniffer {
 	ret := &Sniffer{
 		sniffer: []protocolSnifferWithMetadata{
-			{func(c context.Context, b []byte) (SniffResult, error) { return http.SniffHTTP(b) }, false},
-			{func(c context.Context, b []byte) (SniffResult, error) { return tls.SniffTLS(b) }, false},
-			{func(c context.Context, b []byte) (SniffResult, error) { return bittorrent.SniffBittorrent(b) }, false},
+			{func(c context.Context, b []byte) (SniffResult, error) { return http.SniffHTTP(b) }, false, net.Network_TCP},
+			{func(c context.Context, b []byte) (SniffResult, error) { return tls.SniffTLS(b) }, false, net.Network_TCP},
+			{func(c context.Context, b []byte) (SniffResult, error) { return bittorrent.SniffBittorrent(b) }, false, net.Network_TCP},
+			{func(c context.Context, b []byte) (SniffResult, error) { return quic.SniffQUIC(b) }, false, net.Network_UDP},
+			{func(c context.Context, b []byte) (SniffResult, error) { return bittorrent.SniffUTP(b) }, false, net.Network_UDP},
 		},
 	}
 	if sniffer, err := newFakeDNSSniffer(ctx); err == nil {
@@ -49,11 +54,11 @@ func NewSniffer(ctx context.Context) *Sniffer {
 
 var errUnknownContent = newError("unknown content")
 
-func (s *Sniffer) Sniff(c context.Context, payload []byte) (SniffResult, error) {
+func (s *Sniffer) Sniff(c context.Context, payload []byte, network net.Network) (SniffResult, error) {
 	var pendingSniffer []protocolSnifferWithMetadata
 	for _, si := range s.sniffer {
 		s := si.protocolSniffer
-		if si.metadataSniffer {
+		if si.metadataSniffer || si.network != network {
 			continue
 		}
 		result, err := s(c, payload)

app/dns/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/dns/config.proto
 
 package dns

app/dns/dns_test.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/miekg/dns"
-
 	"github.com/xtls/xray-core/app/dispatcher"
 	. "github.com/xtls/xray-core/app/dns"
 	"github.com/xtls/xray-core/app/policy"

app/dns/dnscommon.go

@@ -1,19 +1,22 @@
 package dns
 
 import (
+	"context"
 	"encoding/binary"
 	"strings"
 	"time"
 
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/errors"
+	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/common/session"
+	"github.com/xtls/xray-core/core"
 	dns_feature "github.com/xtls/xray-core/features/dns"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
-// Fqdn normalize domain make sure it ends with '.'
+// Fqdn normalizes domain make sure it ends with '.'
 func Fqdn(domain string) string {
 	if len(domain) > 0 && strings.HasSuffix(domain, ".") {
 		return domain
@@ -163,7 +166,7 @@ func buildReqMsgs(domain string, option dns_feature.IPOption, reqIDGen func() ui
 	return reqs
 }
 
-// parseResponse parse DNS answers from the returned payload
+// parseResponse parses DNS answers from the returned payload
 func parseResponse(payload []byte) (*IPRecord, error) {
 	var parser dnsmessage.Parser
 	h, err := parser.Start(payload)
@@ -226,3 +229,19 @@ L:
 
 	return ipRecord, nil
 }
+
+// toDnsContext create a new background context with parent inbound, session and dns log
+func toDnsContext(ctx context.Context, addr string) context.Context {
+	dnsCtx := core.ToBackgroundDetachedContext(ctx)
+	if inbound := session.InboundFromContext(ctx); inbound != nil {
+		dnsCtx = session.ContextWithInbound(dnsCtx, inbound)
+	}
+	dnsCtx = session.ContextWithContent(dnsCtx, session.ContentFromContext(ctx))
+	dnsCtx = log.ContextWithAccessMessage(dnsCtx, &log.AccessMessage{
+		From:   "DNS",
+		To:     addr,
+		Status: log.AccessAccepted,
+		Reason: "",
+	})
+	return dnsCtx
+}

app/dns/dnscommon_test.go

@@ -7,11 +7,10 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/miekg/dns"
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"
 	dns_feature "github.com/xtls/xray-core/features/dns"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 func Test_parseResponse(t *testing.T) {

app/dns/fakedns/fake.go

@@ -5,6 +5,7 @@ import (
 	"math"
 	"math/big"
 	gonet "net"
+	"sync"
 	"time"
 
 	"github.com/xtls/xray-core/common"
@@ -16,6 +17,7 @@ import (
 type Holder struct {
 	domainToIP cache.Lru
 	ipRange    *gonet.IPNet
+	mu         *sync.Mutex
 
 	config *FakeDnsPool
 }
@@ -49,6 +51,7 @@ func (fkdns *Holder) Start() error {
 func (fkdns *Holder) Close() error {
 	fkdns.domainToIP = nil
 	fkdns.ipRange = nil
+	fkdns.mu = nil
 	return nil
 }
 
@@ -67,7 +70,7 @@ func NewFakeDNSHolder() (*Holder, error) {
 }
 
 func NewFakeDNSHolderConfigOnly(conf *FakeDnsPool) (*Holder, error) {
-	return &Holder{nil, nil, conf}, nil
+	return &Holder{nil, nil, nil, conf}, nil
 }
 
 func (fkdns *Holder) initializeFromConfig() error {
@@ -89,11 +92,14 @@ func (fkdns *Holder) initialize(ipPoolCidr string, lruSize int) error {
 	}
 	fkdns.domainToIP = cache.NewLru(lruSize)
 	fkdns.ipRange = ipRange
+	fkdns.mu = new(sync.Mutex)
 	return nil
 }
 
-// GetFakeIPForDomain check and generate a fake IP for a domain name
+// GetFakeIPForDomain checks and generates a fake IP for a domain name
 func (fkdns *Holder) GetFakeIPForDomain(domain string) []net.Address {
+	fkdns.mu.Lock()
+	defer fkdns.mu.Unlock()
 	if v, ok := fkdns.domainToIP.Get(domain); ok {
 		return []net.Address{v.(net.Address)}
 	}
@@ -123,7 +129,7 @@ func (fkdns *Holder) GetFakeIPForDomain(domain string) []net.Address {
 	return []net.Address{ip}
 }
 
-// GetDomainFromFakeDNS check if an IP is a fake IP and have corresponding domain name
+// GetDomainFromFakeDNS checks if an IP is a fake IP and have corresponding domain name
 func (fkdns *Holder) GetDomainFromFakeDNS(ip net.Address) string {
 	if !ip.Family().IsIP() || !fkdns.ipRange.Contains(ip.IP()) {
 		return ""

app/dns/fakedns/fakedns.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/dns/fakedns/fakedns.proto
 
 package fakedns

app/dns/fakedns/fakedns_test.go

@@ -2,14 +2,15 @@ package fakedns
 
 import (
 	gonet "net"
+	"strconv"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/uuid"
 	"github.com/xtls/xray-core/features/dns"
+	"golang.org/x/sync/errgroup"
 )
 
 var ipPrefix = "198.1"
@@ -66,6 +67,31 @@ func TestFakeDnsHolderCreateMappingManySingleDomain(t *testing.T) {
 	assert.Equal(t, addr[0].IP().String(), addr2[0].IP().String())
 }
 
+func TestGetFakeIPForDomainConcurrently(t *testing.T) {
+	fkdns, err := NewFakeDNSHolder()
+	common.Must(err)
+
+	total := 200
+	addr := make([][]net.Address, total)
+	var errg errgroup.Group
+	for i := 0; i < total; i++ {
+		errg.Go(testGetFakeIP(i, addr, fkdns))
+	}
+	errg.Wait()
+	for i := 0; i < total; i++ {
+		for j := i + 1; j < total; j++ {
+			assert.NotEqual(t, addr[i][0].IP().String(), addr[j][0].IP().String())
+		}
+	}
+}
+
+func testGetFakeIP(index int, addr [][]net.Address, fkdns *Holder) func() error {
+	return func() error {
+		addr[index] = fkdns.GetFakeIPForDomain("fakednstest" + strconv.Itoa(index) + ".example.com")
+		return nil
+	}
+}
+
 func TestFakeDnsHolderCreateMappingAndRollOver(t *testing.T) {
 	fkdns, err := NewFakeDNSHolderConfigOnly(&FakeDnsPool{
 		IpPool:  dns.FakeIPv4Pool,
@@ -147,31 +173,31 @@ func TestFakeDNSMulti(t *testing.T) {
 	})
 
 	t.Run("allocateTwoAddressForTwoPool", func(t *testing.T) {
-		address := fakeMulti.GetFakeIPForDomain("fakednstest.v2fly.org")
+		address := fakeMulti.GetFakeIPForDomain("fakednstest.example.com")
 		assert.Len(t, address, 2, "should be 2 address one for each pool")
 		t.Run("eachOfThemShouldResolve:0", func(t *testing.T) {
 			domain := fakeMulti.GetDomainFromFakeDNS(address[0])
-			assert.Equal(t, "fakednstest.v2fly.org", domain)
+			assert.Equal(t, "fakednstest.example.com", domain)
 		})
 		t.Run("eachOfThemShouldResolve:1", func(t *testing.T) {
 			domain := fakeMulti.GetDomainFromFakeDNS(address[1])
-			assert.Equal(t, "fakednstest.v2fly.org", domain)
+			assert.Equal(t, "fakednstest.example.com", domain)
 		})
 	})
 
 	t.Run("understandIPTypeSelector", func(t *testing.T) {
 		t.Run("ipv4", func(t *testing.T) {
-			address := fakeMulti.GetFakeIPForDomain3("fakednstestipv4.v2fly.org", true, false)
+			address := fakeMulti.GetFakeIPForDomain3("fakednstestipv4.example.com", true, false)
 			assert.Len(t, address, 1, "should be 1 address")
 			assert.True(t, address[0].Family().IsIPv4())
 		})
 		t.Run("ipv6", func(t *testing.T) {
-			address := fakeMulti.GetFakeIPForDomain3("fakednstestipv6.v2fly.org", false, true)
+			address := fakeMulti.GetFakeIPForDomain3("fakednstestipv6.example.com", false, true)
 			assert.Len(t, address, 1, "should be 1 address")
 			assert.True(t, address[0].Family().IsIPv6())
 		})
 		t.Run("ipv46", func(t *testing.T) {
-			address := fakeMulti.GetFakeIPForDomain3("fakednstestipv46.v2fly.org", true, true)
+			address := fakeMulti.GetFakeIPForDomain3("fakednstestipv46.example.com", true, true)
 			assert.Len(t, address, 2, "should be 2 address")
 			assert.True(t, address[0].Family().IsIPv4())
 			assert.True(t, address[1].Family().IsIPv6())

app/dns/hosts_test.go

@@ -4,7 +4,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/app/dns"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/dns/nameserver.go

@@ -186,7 +186,7 @@ func (c *Client) Name() string {
 	return c.server.Name()
 }
 
-// QueryIP send DNS query to the name server with the client's IP.
+// QueryIP sends DNS query to the name server with the client's IP.
 func (c *Client) QueryIP(ctx context.Context, domain string, option dns.IPOption, disableCache bool) ([]net.IP, error) {
 	ctx, cancel := context.WithTimeout(ctx, 4*time.Second)
 	ips, err := c.server.QueryIP(ctx, domain, c.clientIP, option, disableCache)

app/dns/nameserver_doh.go

@@ -11,8 +11,6 @@ import (
 	"sync/atomic"
 	"time"
 
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
@@ -24,6 +22,7 @@ import (
 	dns_feature "github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/transport/internet"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 // DoHNameServer implemented DNS over HTTPS (RFC8484) Wire Format,
@@ -53,23 +52,11 @@ func NewDoHNameServer(url *url.URL, dispatcher routing.Dispatcher) (*DoHNameServ
 		TLSHandshakeTimeout: 30 * time.Second,
 		ForceAttemptHTTP2:   true,
 		DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
-			dispatcherCtx := context.Background()
-
 			dest, err := net.ParseDestination(network + ":" + addr)
 			if err != nil {
 				return nil, err
 			}
-
-			dispatcherCtx = session.ContextWithContent(dispatcherCtx, session.ContentFromContext(ctx))
-			dispatcherCtx = session.ContextWithInbound(dispatcherCtx, session.InboundFromContext(ctx))
-			dispatcherCtx = log.ContextWithAccessMessage(dispatcherCtx, &log.AccessMessage{
-				From:   "DoH",
-				To:     s.dohURL,
-				Status: log.AccessAccepted,
-				Reason: "",
-			})
-
-			link, err := s.dispatcher.Dispatch(dispatcherCtx, dest)
+			link, err := s.dispatcher.Dispatch(toDnsContext(ctx, s.dohURL), dest)
 			select {
 			case <-ctx.Done():
 				return nil, ctx.Err()
@@ -116,7 +103,7 @@ func NewDoHLocalNameServer(url *url.URL) *DoHNameServer {
 			}
 			conn, err := internet.DialSystem(ctx, dest, nil)
 			log.Record(&log.AccessMessage{
-				From:   "DoH",
+				From:   "DNS",
 				To:     s.dohURL,
 				Status: log.AccessAccepted,
 				Detour: "local",

app/dns/nameserver_doh_test.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/app/dns"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/dns/nameserver_local.go

@@ -3,7 +3,9 @@ package dns
 import (
 	"context"
 	"strings"
+	"time"
 
+	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/features/dns/localdns"
@@ -18,6 +20,7 @@ const errEmptyResponse = "No address associated with hostname"
 
 // QueryIP implements Server.
 func (s *LocalNameServer) QueryIP(_ context.Context, domain string, _ net.IP, option dns.IPOption, _ bool) (ips []net.IP, err error) {
+	start := time.Now()
 	ips, err = s.client.LookupIP(domain, option)
 
 	if err != nil && strings.HasSuffix(err.Error(), errEmptyResponse) {
@@ -26,6 +29,7 @@ func (s *LocalNameServer) QueryIP(_ context.Context, domain string, _ net.IP, op
 
 	if len(ips) > 0 {
 		newError("Localhost got answer: ", domain, " -> ", ips).AtInfo().WriteToLog()
+		log.Record(&log.DNSLog{Server: s.Name(), Domain: domain, Result: ips, Status: log.DNSQueried, Elapsed: time.Since(start), Error: err})
 	}
 
 	return

app/dns/nameserver_quic.go

@@ -7,12 +7,10 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/lucas-clemente/quic-go"
-	"golang.org/x/net/dns/dnsmessage"
-	"golang.org/x/net/http2"
-
+	"github.com/quic-go/quic-go"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
+	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol/dns"
 	"github.com/xtls/xray-core/common/session"
@@ -20,6 +18,8 @@ import (
 	"github.com/xtls/xray-core/common/task"
 	dns_feature "github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/transport/internet/tls"
+	"golang.org/x/net/dns/dnsmessage"
+	"golang.org/x/net/http2"
 )
 
 // NextProtoDQ - During connection establishment, DNS/QUIC support is indicated
@@ -37,7 +37,7 @@ type QUICNameServer struct {
 	reqID       uint32
 	name        string
 	destination *net.Destination
-	session     quic.Session
+	connection  quic.Connection
 }
 
 // NewQUICNameServer creates DNS-over-QUIC client object for local resolving
@@ -194,7 +194,7 @@ func (s *QUICNameServer) sendQuery(ctx context.Context, domain string, clientIP
 
 			conn, err := s.openStream(dnsCtx)
 			if err != nil {
-				newError("failed to open quic session").Base(err).AtError().WriteToLog()
+				newError("failed to open quic connection").Base(err).AtError().WriteToLog()
 				return
 			}
 
@@ -276,6 +276,7 @@ func (s *QUICNameServer) QueryIP(ctx context.Context, domain string, clientIP ne
 		ips, err := s.findIPsForDomain(fqdn, option)
 		if err != errRecordNotFound {
 			newError(s.name, " cache HIT ", domain, " -> ", ips).Base(err).AtDebug().WriteToLog()
+			log.Record(&log.DNSLog{Server: s.name, Domain: domain, Result: ips, Status: log.DNSCacheHit, Elapsed: 0, Error: err})
 			return ips, err
 		}
 	}
@@ -307,10 +308,12 @@ func (s *QUICNameServer) QueryIP(ctx context.Context, domain string, clientIP ne
 		close(done)
 	}()
 	s.sendQuery(ctx, fqdn, clientIP, option)
+	start := time.Now()
 
 	for {
 		ips, err := s.findIPsForDomain(fqdn, option)
 		if err != errRecordNotFound {
+			log.Record(&log.DNSLog{Server: s.name, Domain: domain, Result: ips, Status: log.DNSQueried, Elapsed: time.Since(start), Error: err})
 			return ips, err
 		}
 
@@ -322,7 +325,7 @@ func (s *QUICNameServer) QueryIP(ctx context.Context, domain string, clientIP ne
 	}
 }
 
-func isActive(s quic.Session) bool {
+func isActive(s quic.Connection) bool {
 	select {
 	case <-s.Context().Done():
 		return false
@@ -331,17 +334,17 @@ func isActive(s quic.Session) bool {
 	}
 }
 
-func (s *QUICNameServer) getSession() (quic.Session, error) {
-	var session quic.Session
+func (s *QUICNameServer) getConnection() (quic.Connection, error) {
+	var conn quic.Connection
 	s.RLock()
-	session = s.session
-	if session != nil && isActive(session) {
+	conn = s.connection
+	if conn != nil && isActive(conn) {
 		s.RUnlock()
-		return session, nil
+		return conn, nil
 	}
-	if session != nil {
-		// we're recreating the session, let's create a new one
-		_ = session.CloseWithError(0, "")
+	if conn != nil {
+		// we're recreating the connection, let's create a new one
+		_ = conn.CloseWithError(0, "")
 	}
 	s.RUnlock()
 
@@ -349,42 +352,48 @@ func (s *QUICNameServer) getSession() (quic.Session, error) {
 	defer s.Unlock()
 
 	var err error
-	session, err = s.openSession()
+	conn, err = s.openConnection()
 	if err != nil {
 		// This does not look too nice, but QUIC (or maybe quic-go)
 		// doesn't seem stable enough.
 		// Maybe retransmissions aren't fully implemented in quic-go?
 		// Anyways, the simple solution is to make a second try when
-		// it fails to open the QUIC session.
-		session, err = s.openSession()
+		// it fails to open the QUIC connection.
+		conn, err = s.openConnection()
 		if err != nil {
 			return nil, err
 		}
 	}
-	s.session = session
-	return session, nil
+	s.connection = conn
+	return conn, nil
 }
 
-func (s *QUICNameServer) openSession() (quic.Session, error) {
+func (s *QUICNameServer) openConnection() (quic.Connection, error) {
 	tlsConfig := tls.Config{}
 	quicConfig := &quic.Config{
 		HandshakeIdleTimeout: handshakeTimeout,
 	}
 
-	session, err := quic.DialAddrContext(context.Background(), s.destination.NetAddr(), tlsConfig.GetTLSConfig(tls.WithNextProto("http/1.1", http2.NextProtoTLS, NextProtoDQ)), quicConfig)
+	conn, err := quic.DialAddrContext(context.Background(), s.destination.NetAddr(), tlsConfig.GetTLSConfig(tls.WithNextProto("http/1.1", http2.NextProtoTLS, NextProtoDQ)), quicConfig)
+	log.Record(&log.AccessMessage{
+		From:   "DNS",
+		To:     s.destination,
+		Status: log.AccessAccepted,
+		Detour: "local",
+	})
 	if err != nil {
 		return nil, err
 	}
 
-	return session, nil
+	return conn, nil
 }
 
 func (s *QUICNameServer) openStream(ctx context.Context) (quic.Stream, error) {
-	session, err := s.getSession()
+	conn, err := s.getConnection()
 	if err != nil {
 		return nil, err
 	}
 
 	// open a new stream
-	return session.OpenStreamSync(ctx)
+	return conn.OpenStreamSync(ctx)
 }

app/dns/nameserver_quic_test.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/app/dns"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/dns/nameserver_tcp.go

@@ -9,10 +9,9 @@ import (
 	"sync/atomic"
 	"time"
 
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
+	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/net/cnc"
 	"github.com/xtls/xray-core/common/protocol/dns"
@@ -22,6 +21,7 @@ import (
 	dns_feature "github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/transport/internet"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 // TCPNameServer implemented DNS over TCP (RFC7766).
@@ -44,7 +44,7 @@ func NewTCPNameServer(url *url.URL, dispatcher routing.Dispatcher) (*TCPNameServ
 	}
 
 	s.dial = func(ctx context.Context) (net.Conn, error) {
-		link, err := dispatcher.Dispatch(ctx, *s.destination)
+		link, err := dispatcher.Dispatch(toDnsContext(ctx, s.destination.String()), *s.destination)
 		if err != nil {
 			return nil, err
 		}
@@ -315,6 +315,7 @@ func (s *TCPNameServer) QueryIP(ctx context.Context, domain string, clientIP net
 		ips, err := s.findIPsForDomain(fqdn, option)
 		if err != errRecordNotFound {
 			newError(s.name, " cache HIT ", domain, " -> ", ips).Base(err).AtDebug().WriteToLog()
+			log.Record(&log.DNSLog{Server: s.name, Domain: domain, Result: ips, Status: log.DNSCacheHit, Elapsed: 0, Error: err})
 			return ips, err
 		}
 	}
@@ -346,10 +347,12 @@ func (s *TCPNameServer) QueryIP(ctx context.Context, domain string, clientIP net
 		close(done)
 	}()
 	s.sendQuery(ctx, fqdn, clientIP, option)
+	start := time.Now()
 
 	for {
 		ips, err := s.findIPsForDomain(fqdn, option)
 		if err != errRecordNotFound {
+			log.Record(&log.DNSLog{Server: s.name, Domain: domain, Result: ips, Status: log.DNSQueried, Elapsed: time.Since(start), Error: err})
 			return ips, err
 		}
 

app/dns/nameserver_tcp_test.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/app/dns"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/dns/nameserver_udp.go

@@ -7,8 +7,6 @@ import (
 	"sync/atomic"
 	"time"
 
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
@@ -20,6 +18,7 @@ import (
 	dns_feature "github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/transport/internet/udp"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 // ClassicNameServer implemented traditional UDP DNS.
@@ -195,21 +194,7 @@ func (s *ClassicNameServer) sendQuery(ctx context.Context, domain string, client
 	for _, req := range reqs {
 		s.addPendingRequest(req)
 		b, _ := dns.PackMessage(req.msg)
-		udpCtx := context.Background()
-		if inbound := session.InboundFromContext(ctx); inbound != nil {
-			udpCtx = session.ContextWithInbound(udpCtx, inbound)
-		}
-
-		udpCtx = session.ContextWithContent(udpCtx, &session.Content{
-			Protocol: "dns",
-		})
-		udpCtx = log.ContextWithAccessMessage(udpCtx, &log.AccessMessage{
-			From:   "DNS",
-			To:     s.address,
-			Status: log.AccessAccepted,
-			Reason: "",
-		})
-		s.udpServer.Dispatch(udpCtx, *s.address, b)
+		s.udpServer.Dispatch(toDnsContext(ctx, s.address.String()), *s.address, b)
 	}
 }
 

app/log/command/command.go

@@ -5,11 +5,10 @@ package command
 import (
 	"context"
 
-	grpc "google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/app/log"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/core"
+	grpc "google.golang.org/grpc"
 )
 
 type LoggerServer struct {

app/log/command/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/log/command/config.proto
 
 package command

app/log/command/config_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.21.12
+// source: app/log/command/config.proto
 
 package command
 

app/log/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/log/config.proto
 
 package log

app/log/log_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/golang/mock/gomock"
-
 	"github.com/xtls/xray-core/app/log"
 	"github.com/xtls/xray-core/common"
 	clog "github.com/xtls/xray-core/common/log"

app/metrics/config.pb.go

@@ -0,0 +1,149 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
+// source: app/metrics/config.proto
+
+package metrics
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Config is the settings for metrics.
+type Config struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Tag of the outbound handler that handles metrics http connections.
+	Tag string `protobuf:"bytes,1,opt,name=tag,proto3" json:"tag,omitempty"`
+}
+
+func (x *Config) Reset() {
+	*x = Config{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_app_metrics_config_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Config) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Config) ProtoMessage() {}
+
+func (x *Config) ProtoReflect() protoreflect.Message {
+	mi := &file_app_metrics_config_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Config.ProtoReflect.Descriptor instead.
+func (*Config) Descriptor() ([]byte, []int) {
+	return file_app_metrics_config_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Config) GetTag() string {
+	if x != nil {
+		return x.Tag
+	}
+	return ""
+}
+
+var File_app_metrics_config_proto protoreflect.FileDescriptor
+
+var file_app_metrics_config_proto_rawDesc = []byte{
+	0x0a, 0x18, 0x61, 0x70, 0x70, 0x2f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x2f, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x78, 0x72, 0x61, 0x79,
+	0x2e, 0x61, 0x70, 0x70, 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x22, 0x1a, 0x0a, 0x06,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x61, 0x67, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x03, 0x74, 0x61, 0x67, 0x42, 0x52, 0x0a, 0x14, 0x63, 0x6f, 0x6d, 0x2e,
+	0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73,
+	0x50, 0x01, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78,
+	0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x70,
+	0x70, 0x2f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0xaa, 0x02, 0x10, 0x58, 0x72, 0x61, 0x79,
+	0x2e, 0x41, 0x70, 0x70, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_app_metrics_config_proto_rawDescOnce sync.Once
+	file_app_metrics_config_proto_rawDescData = file_app_metrics_config_proto_rawDesc
+)
+
+func file_app_metrics_config_proto_rawDescGZIP() []byte {
+	file_app_metrics_config_proto_rawDescOnce.Do(func() {
+		file_app_metrics_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_app_metrics_config_proto_rawDescData)
+	})
+	return file_app_metrics_config_proto_rawDescData
+}
+
+var file_app_metrics_config_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_app_metrics_config_proto_goTypes = []interface{}{
+	(*Config)(nil), // 0: xray.app.metrics.Config
+}
+var file_app_metrics_config_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_app_metrics_config_proto_init() }
+func file_app_metrics_config_proto_init() {
+	if File_app_metrics_config_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_app_metrics_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Config); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_app_metrics_config_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_app_metrics_config_proto_goTypes,
+		DependencyIndexes: file_app_metrics_config_proto_depIdxs,
+		MessageInfos:      file_app_metrics_config_proto_msgTypes,
+	}.Build()
+	File_app_metrics_config_proto = out.File
+	file_app_metrics_config_proto_rawDesc = nil
+	file_app_metrics_config_proto_goTypes = nil
+	file_app_metrics_config_proto_depIdxs = nil
+}

app/metrics/config.proto

@@ -0,0 +1,13 @@
+syntax = "proto3";
+
+package xray.app.metrics;
+option csharp_namespace = "Xray.App.Metrics";
+option go_package = "github.com/xtls/xray-core/app/metrics";
+option java_package = "com.xray.app.metrics";
+option java_multiple_files = true;
+
+// Config is the settings for metrics.
+message Config {
+  // Tag of the outbound handler that handles metrics http connections.
+  string tag = 1;
+}

app/metrics/errors.generated.go

@@ -0,0 +1,9 @@
+package metrics
+
+import "github.com/xtls/xray-core/common/errors"
+
+type errPathObjHolder struct{}
+
+func newError(values ...interface{}) *errors.Error {
+	return errors.New(values...).WithPathObj(errPathObjHolder{})
+}

app/metrics/metrics.go

@@ -0,0 +1,118 @@
+package metrics
+
+import (
+	"context"
+	"expvar"
+	"net/http"
+	_ "net/http/pprof"
+	"strings"
+
+	"github.com/xtls/xray-core/app/observatory"
+	"github.com/xtls/xray-core/app/stats"
+	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/common/signal/done"
+	"github.com/xtls/xray-core/core"
+	"github.com/xtls/xray-core/features/extension"
+	"github.com/xtls/xray-core/features/outbound"
+	feature_stats "github.com/xtls/xray-core/features/stats"
+)
+
+type MetricsHandler struct {
+	ohm          outbound.Manager
+	statsManager feature_stats.Manager
+	observatory  extension.Observatory
+	tag          string
+}
+
+// NewMetricsHandler creates a new MetricsHandler based on the given config.
+func NewMetricsHandler(ctx context.Context, config *Config) (*MetricsHandler, error) {
+	c := &MetricsHandler{
+		tag: config.Tag,
+	}
+	common.Must(core.RequireFeatures(ctx, func(om outbound.Manager, sm feature_stats.Manager) {
+		c.statsManager = sm
+		c.ohm = om
+	}))
+	expvar.Publish("stats", expvar.Func(func() interface{} {
+		manager, ok := c.statsManager.(*stats.Manager)
+		if !ok {
+			return nil
+		}
+		resp := map[string]map[string]map[string]int64{
+			"inbound":  {},
+			"outbound": {},
+			"user":     {},
+		}
+		manager.VisitCounters(func(name string, counter feature_stats.Counter) bool {
+			nameSplit := strings.Split(name, ">>>")
+			typeName, tagOrUser, direction := nameSplit[0], nameSplit[1], nameSplit[3]
+			if item, found := resp[typeName][tagOrUser]; found {
+				item[direction] = counter.Value()
+			} else {
+				resp[typeName][tagOrUser] = map[string]int64{
+					direction: counter.Value(),
+				}
+			}
+			return true
+		})
+		return resp
+	}))
+	expvar.Publish("observatory", expvar.Func(func() interface{} {
+		if c.observatory == nil {
+			common.Must(core.RequireFeatures(ctx, func(observatory extension.Observatory) error {
+				c.observatory = observatory
+				return nil
+			}))
+			if c.observatory == nil {
+				return nil
+			}
+		}
+		resp := map[string]*observatory.OutboundStatus{}
+		if o, err := c.observatory.GetObservation(context.Background()); err != nil {
+			return err
+		} else {
+			for _, x := range o.(*observatory.ObservationResult).GetStatus() {
+				resp[x.OutboundTag] = x
+			}
+		}
+		return resp
+	}))
+	return c, nil
+}
+
+func (p *MetricsHandler) Type() interface{} {
+	return (*MetricsHandler)(nil)
+}
+
+func (p *MetricsHandler) Start() error {
+	listener := &OutboundListener{
+		buffer: make(chan net.Conn, 4),
+		done:   done.New(),
+	}
+
+	go func() {
+		if err := http.Serve(listener, http.DefaultServeMux); err != nil {
+			newError("failed to start metrics server").Base(err).AtError().WriteToLog()
+		}
+	}()
+
+	if err := p.ohm.RemoveHandler(context.Background(), p.tag); err != nil {
+		newError("failed to remove existing handler").WriteToLog()
+	}
+
+	return p.ohm.AddHandler(context.Background(), &Outbound{
+		tag:      p.tag,
+		listener: listener,
+	})
+}
+
+func (p *MetricsHandler) Close() error {
+	return nil
+}
+
+func init() {
+	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, cfg interface{}) (interface{}, error) {
+		return NewMetricsHandler(ctx, cfg.(*Config))
+	}))
+}

app/metrics/outbound.go

@@ -0,0 +1,109 @@
+package metrics
+
+import (
+	"context"
+	"sync"
+
+	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/common/net/cnc"
+	"github.com/xtls/xray-core/common/signal/done"
+	"github.com/xtls/xray-core/transport"
+)
+
+// OutboundListener is a net.Listener for listening metrics http connections.
+type OutboundListener struct {
+	buffer chan net.Conn
+	done   *done.Instance
+}
+
+func (l *OutboundListener) add(conn net.Conn) {
+	select {
+	case l.buffer <- conn:
+	case <-l.done.Wait():
+		conn.Close()
+	default:
+		conn.Close()
+	}
+}
+
+// Accept implements net.Listener.
+func (l *OutboundListener) Accept() (net.Conn, error) {
+	select {
+	case <-l.done.Wait():
+		return nil, newError("listen closed")
+	case c := <-l.buffer:
+		return c, nil
+	}
+}
+
+// Close implement net.Listener.
+func (l *OutboundListener) Close() error {
+	common.Must(l.done.Close())
+L:
+	for {
+		select {
+		case c := <-l.buffer:
+			c.Close()
+		default:
+			break L
+		}
+	}
+	return nil
+}
+
+// Addr implements net.Listener.
+func (l *OutboundListener) Addr() net.Addr {
+	return &net.TCPAddr{
+		IP:   net.IP{0, 0, 0, 0},
+		Port: 0,
+	}
+}
+
+// Outbound is an outbound.Handler that handles metrics http connections.
+type Outbound struct {
+	tag      string
+	listener *OutboundListener
+	access   sync.RWMutex
+	closed   bool
+}
+
+// Dispatch implements outbound.Handler.
+func (co *Outbound) Dispatch(ctx context.Context, link *transport.Link) {
+	co.access.RLock()
+
+	if co.closed {
+		common.Interrupt(link.Reader)
+		common.Interrupt(link.Writer)
+		co.access.RUnlock()
+		return
+	}
+
+	closeSignal := done.New()
+	c := cnc.NewConnection(cnc.ConnectionInputMulti(link.Writer), cnc.ConnectionOutputMulti(link.Reader), cnc.ConnectionOnClose(closeSignal))
+	co.listener.add(c)
+	co.access.RUnlock()
+	<-closeSignal.Wait()
+}
+
+// Tag implements outbound.Handler.
+func (co *Outbound) Tag() string {
+	return co.tag
+}
+
+// Start implements common.Runnable.
+func (co *Outbound) Start() error {
+	co.access.Lock()
+	co.closed = false
+	co.access.Unlock()
+	return nil
+}
+
+// Close implements common.Closable.
+func (co *Outbound) Close() error {
+	co.access.Lock()
+	defer co.access.Unlock()
+
+	co.closed = true
+	return co.listener.Close()
+}

app/observatory/command/command.go

@@ -6,12 +6,11 @@ package command
 import (
 	"context"
 
-	"google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/app/observatory"
 	"github.com/xtls/xray-core/common"
 	core "github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/extension"
+	"google.golang.org/grpc"
 )
 
 type service struct {

app/observatory/command/command.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/observatory/command/command.proto
 
 package command

app/observatory/command/command_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.21.12
+// source: app/observatory/command/command.proto
 
 package command
 

app/observatory/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/observatory/config.proto
 
 package observatory

app/observatory/observer.go

@@ -10,7 +10,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-
 	"github.com/xtls/xray-core/common"
 	v2net "github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/session"

app/policy/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/policy/config.proto
 
 package policy

app/proxyman/command/command.go

@@ -3,13 +3,12 @@ package command
 import (
 	"context"
 
-	grpc "google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/inbound"
 	"github.com/xtls/xray-core/features/outbound"
 	"github.com/xtls/xray-core/proxy"
+	grpc "google.golang.org/grpc"
 )
 
 // InboundOperation is the interface for operations that applies to inbound handlers.

app/proxyman/command/command.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/proxyman/command/command.proto
 
 package command

app/proxyman/command/command_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.21.12
+// source: app/proxyman/command/command.proto
 
 package command
 

app/proxyman/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/proxyman/config.proto
 
 package proxyman

app/proxyman/inbound/always.go

@@ -144,7 +144,6 @@ func NewAlwaysOnInboundHandler(ctx context.Context, tag string, receiverConfig *
 				}
 			}
 		}
-
 	}
 
 	return h, nil

app/proxyman/inbound/dynamic.go

@@ -87,7 +87,6 @@ func (h *DynamicInboundHandler) allocatePort() net.Port {
 			return port
 		}
 	}
-
 }
 
 func (h *DynamicInboundHandler) closeWorkers(workers []worker) {

app/proxyman/inbound/worker.go

@@ -108,9 +108,7 @@ func (w *tcpWorker) callback(conn stat.Connection) {
 		newError("connection ends").Base(err).WriteToLog(session.ExportIDToError(ctx))
 	}
 	cancel()
-	if err := conn.Close(); err != nil {
-		newError("failed to close connection").Base(err).WriteToLog(session.ExportIDToError(ctx))
-	}
+	conn.Close()
 }
 
 func (w *tcpWorker) Proxy() proxy.Inbound {

app/proxyman/outbound/handler.go

@@ -2,6 +2,9 @@ package outbound
 
 import (
 	"context"
+	"errors"
+	"io"
+	"os"
 
 	"github.com/xtls/xray-core/app/proxyman"
 	"github.com/xtls/xray-core/common"
@@ -58,7 +61,7 @@ type Handler struct {
 	downlinkCounter stats.Counter
 }
 
-// NewHandler create a new Handler based on the given configuration.
+// NewHandler creates a new Handler based on the given configuration.
 func NewHandler(ctx context.Context, config *core.OutboundHandlerConfig) (outbound.Handler, error) {
 	v := core.MustFromContext(ctx)
 	uplinkCounter, downlinkCounter := getStatCounter(v, config.Tag)
@@ -141,7 +144,13 @@ func (h *Handler) Dispatch(ctx context.Context, link *transport.Link) {
 			common.Interrupt(link.Writer)
 		}
 	} else {
-		if err := h.proxy.Process(ctx, link, h); err != nil {
+		err := h.proxy.Process(ctx, link, h)
+		if err != nil {
+			if errors.Is(err, io.EOF) || errors.Is(err, io.ErrClosedPipe) || errors.Is(err, context.Canceled) {
+				err = nil
+			}
+		}
+		if err != nil {
 			// Ensure outbound ray is properly closed.
 			err := newError("failed to process outbound traffic").Base(err)
 			session.SubmitOutboundErrorToOriginator(ctx, err)
@@ -202,6 +211,10 @@ func (h *Handler) Dial(ctx context.Context, dest net.Destination) (stat.Connecti
 		}
 	}
 
+	if conn, err := h.getUoTConnection(ctx, dest); err != os.ErrInvalid {
+		return conn, err
+	}
+
 	conn, err := internet.Dial(ctx, dest, h.streamSettings)
 	return h.getStatCouterConnection(conn), err
 }

app/proxyman/outbound/uot.go

@@ -0,0 +1,23 @@
+package outbound
+
+import (
+	"context"
+	"os"
+
+	"github.com/sagernet/sing/common/uot"
+	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/transport/internet"
+	"github.com/xtls/xray-core/transport/internet/stat"
+)
+
+func (h *Handler) getUoTConnection(ctx context.Context, dest net.Destination) (stat.Connection, error) {
+	if !dest.Address.Family().IsDomain() || dest.Address.Domain() != uot.UOTMagicAddress {
+		return nil, os.ErrInvalid
+	}
+	packetConn, err := internet.ListenSystemPacket(ctx, &net.UDPAddr{IP: net.AnyIP.IP(), Port: 0}, h.streamSettings.SocketSettings)
+	if err != nil {
+		return nil, newError("unable to listen socket").Base(err)
+	}
+	conn := uot.NewServerConn(packetConn)
+	return h.getStatCouterConnection(conn), nil
+}

app/reverse/bridge.go

@@ -5,7 +5,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-
 	"github.com/xtls/xray-core/common/mux"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/session"

app/reverse/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/reverse/config.proto
 
 package reverse

app/reverse/portal.go

@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/mux"

app/reverse/reverse.go

@@ -14,7 +14,7 @@ import (
 )
 
 const (
-	internalDomain = "reverse.internal.example.com"
+	internalDomain = "reverse.internal.v2fly.org" // make reverse proxy compatible with v2fly
 )
 
 func isDomain(dest net.Destination, domain string) bool {

app/router/balancing.go

@@ -44,6 +44,7 @@ func (b *Balancer) PickOutbound() (string, error) {
 	}
 	return tag, nil
 }
+
 func (b *Balancer) InjectContext(ctx context.Context) {
 	if contextReceiver, ok := b.strategy.(extension.ContextReceiver); ok {
 		contextReceiver.InjectContext(ctx)

app/router/command/command.go

@@ -6,12 +6,11 @@ import (
 	"context"
 	"time"
 
-	"google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/features/stats"
+	"google.golang.org/grpc"
 )
 
 // routingServer is an implementation of RoutingService.

app/router/command/command.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/router/command/command.proto
 
 package command
@@ -175,6 +175,7 @@ func (x *RoutingContext) GetOutboundTag() string {
 //   - attributes: Select connection's additional attributes.
 //   - outbound: Equivalent as "outbound" and "outbound_group", select both
 //     outbound tag and outbound group tags.
+//
 // * If FieldSelectors is left empty, all fields will be returned.
 type SubscribeRoutingStatsRequest struct {
 	state         protoimpl.MessageState

app/router/command/command_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.21.12
+// source: app/router/command/command.proto
 
 package command
 

app/router/command/command_test.go

@@ -8,9 +8,6 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/test/bufconn"
-
 	"github.com/xtls/xray-core/app/router"
 	. "github.com/xtls/xray-core/app/router/command"
 	"github.com/xtls/xray-core/app/stats"
@@ -18,6 +15,8 @@ import (
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/testing/mocks"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/test/bufconn"
 )
 
 func TestServiceSubscribeRoutingStats(t *testing.T) {

app/router/condition.go

@@ -3,12 +3,11 @@ package router
 import (
 	"strings"
 
-	"go.starlark.net/starlark"
-	"go.starlark.net/syntax"
-
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/strmatcher"
 	"github.com/xtls/xray-core/features/routing"
+	"go.starlark.net/starlark"
+	"go.starlark.net/syntax"
 )
 
 type Condition interface {

app/router/condition_geoip_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/golang/protobuf/proto"
-
 	"github.com/xtls/xray-core/app/router"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/router/condition_test.go

@@ -7,7 +7,6 @@ import (
 	"testing"
 
 	"github.com/golang/protobuf/proto"
-
 	. "github.com/xtls/xray-core/app/router"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/errors"

app/router/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/router/config.proto
 
 package router
@@ -477,6 +477,7 @@ type RoutingRule struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to TargetTag:
+	//
 	//	*RoutingRule_Tag
 	//	*RoutingRule_BalancingTag
 	TargetTag isRoutingRule_TargetTag `protobuf_oneof:"target_tag"`
@@ -834,6 +835,7 @@ type Domain_Attribute struct {
 
 	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
 	// Types that are assignable to TypedValue:
+	//
 	//	*Domain_Attribute_BoolValue
 	//	*Domain_Attribute_IntValue
 	TypedValue isDomain_Attribute_TypedValue `protobuf_oneof:"typed_value"`

app/router/router.go

@@ -122,7 +122,7 @@ func (*Router) Close() error {
 	return nil
 }
 
-// Type implement common.HasType.
+// Type implements common.HasType.
 func (*Router) Type() interface{} {
 	return routing.RouterType()
 }

app/router/router_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/golang/mock/gomock"
-
 	. "github.com/xtls/xray-core/app/router"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/stats/command/command.go

@@ -7,13 +7,12 @@ import (
 	"runtime"
 	"time"
 
-	grpc "google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/app/stats"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/strmatcher"
 	"github.com/xtls/xray-core/core"
 	feature_stats "github.com/xtls/xray-core/features/stats"
+	grpc "google.golang.org/grpc"
 )
 
 // statsServer is an implementation of StatsService.

app/stats/command/command.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/stats/command/command.proto
 
 package command

app/stats/command/command_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.21.12
+// source: app/stats/command/command.proto
 
 package command
 

app/stats/command/command_test.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-
 	"github.com/xtls/xray-core/app/stats"
 	. "github.com/xtls/xray-core/app/stats/command"
 	"github.com/xtls/xray-core/common"

app/stats/config.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: app/stats/config.proto
 
 package stats

common/antireplay/replayfilter.go

@@ -9,7 +9,7 @@ import (
 
 const replayFilterCapacity = 100000
 
-// ReplayFilter check for replay attacks.
+// ReplayFilter checks for replay attacks.
 type ReplayFilter struct {
 	lock     sync.Mutex
 	poolA    *cuckoo.Filter
@@ -31,7 +31,7 @@ func (filter *ReplayFilter) Interval() int64 {
 	return filter.interval
 }
 
-// Check determine if there are duplicate records.
+// Check determines if there are duplicate records.
 func (filter *ReplayFilter) Check(sum []byte) bool {
 	filter.lock.Lock()
 	defer filter.lock.Unlock()

common/buf/buffer.go

@@ -21,6 +21,7 @@ type Buffer struct {
 	v         []byte
 	start     int32
 	end       int32
+	unmanaged bool
 	UDP       *net.Destination
 }
 
@@ -38,6 +39,7 @@ func New() *Buffer {
 	}
 }
 
+// NewExisted creates a managed, standard size Buffer with an existed bytearray
 func NewExisted(b []byte) *Buffer {
 	if cap(b) < Size {
 		panic("Invalid buffer")
@@ -54,6 +56,15 @@ func NewExisted(b []byte) *Buffer {
 	}
 }
 
+// FromBytes creates a Buffer with an existed bytearray
+func FromBytes(b []byte) *Buffer {
+	return &Buffer{
+		v:         b,
+		end:       int32(len(b)),
+		unmanaged: true,
+	}
+}
+
 // StackNew creates a new Buffer object on stack.
 // This method is for buffers that is released in the same function.
 func StackNew() Buffer {
@@ -71,7 +82,7 @@ func StackNew() Buffer {
 
 // Release recycles the buffer into an internal buffer pool.
 func (b *Buffer) Release() {
-	if b == nil || b.v == nil {
+	if b == nil || b.v == nil || b.unmanaged {
 		return
 	}
 
@@ -149,6 +160,19 @@ func (b *Buffer) BytesTo(to int32) []byte {
 	return b.v[b.start : b.start+to]
 }
 
+// Check makes sure that 0 <= b.start <= b.end.
+func (b *Buffer) Check() {
+	if b.start < 0 {
+		b.start = 0
+	}
+	if b.end < 0 {
+		b.end = 0
+	}
+	if b.start > b.end {
+		b.start = b.end
+	}
+}
+
 // Resize cuts the buffer at the given position.
 func (b *Buffer) Resize(from, to int32) {
 	if from < 0 {
@@ -162,6 +186,7 @@ func (b *Buffer) Resize(from, to int32) {
 	}
 	b.end = b.start + to
 	b.start += from
+	b.Check()
 }
 
 // Advance cuts the buffer at the given position.
@@ -170,6 +195,7 @@ func (b *Buffer) Advance(from int32) {
 		from += b.Len()
 	}
 	b.start += from
+	b.Check()
 }
 
 // Len returns the length of the buffer content.
@@ -212,6 +238,28 @@ func (b *Buffer) WriteString(s string) (int, error) {
 	return b.Write([]byte(s))
 }
 
+// ReadByte implements io.ByteReader
+func (b *Buffer) ReadByte() (byte, error) {
+	if b.start == b.end {
+		return 0, io.EOF
+	}
+
+	nb := b.v[b.start]
+	b.start++
+	return nb, nil
+}
+
+// ReadBytes implements bufio.Reader.ReadBytes
+func (b *Buffer) ReadBytes(length int32) ([]byte, error) {
+	if b.end-b.start < length {
+		return nil, io.EOF
+	}
+
+	nb := b.v[b.start : b.start+length]
+	b.start += length
+	return nb, nil
+}
+
 // Read implements io.Reader.Read().
 func (b *Buffer) Read(data []byte) (int, error) {
 	if b.Len() == 0 {

common/buf/buffer_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/buf"
 )

common/buf/copy.go

@@ -48,7 +48,7 @@ func (e readError) Error() string {
 	return e.error.Error()
 }
 
-func (e readError) Inner() error {
+func (e readError) Unwrap() error {
 	return e.error
 }
 
@@ -66,7 +66,7 @@ func (e writeError) Error() string {
 	return e.error.Error()
 }
 
-func (e writeError) Inner() error {
+func (e writeError) Unwrap() error {
 	return e.error
 }
 

common/buf/copy_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/golang/mock/gomock"
-
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/testing/mocks"

common/buf/multi_buffer.go

@@ -53,7 +53,7 @@ func MergeBytes(dest MultiBuffer, src []byte) MultiBuffer {
 	return dest
 }
 
-// ReleaseMulti release all content of the MultiBuffer, and returns an empty MultiBuffer.
+// ReleaseMulti releases all content of the MultiBuffer, and returns an empty MultiBuffer.
 func ReleaseMulti(mb MultiBuffer) MultiBuffer {
 	for i := range mb {
 		mb[i].Release()
@@ -203,6 +203,19 @@ func SplitSize(mb MultiBuffer, size int32) (MultiBuffer, MultiBuffer) {
 	return mb, r
 }
 
+// SplitMulti splits the beginning of the MultiBuffer into first one, the index i and after into second one
+func SplitMulti(mb MultiBuffer, i int) (MultiBuffer, MultiBuffer) {
+	mb2 := make(MultiBuffer, 0, len(mb))
+	if i < len(mb) && i >= 0 {
+		mb2 = append(mb2, mb[i:]...)
+		for j := i; j < len(mb); j++ {
+			mb[j] = nil
+		}
+		mb = mb[:i]
+	}
+	return mb, mb2
+}
+
 // WriteMultiBuffer writes all buffers from the MultiBuffer to the Writer one by one, and return error if any, with leftover MultiBuffer.
 func WriteMultiBuffer(writer io.Writer, mb MultiBuffer) (MultiBuffer, error) {
 	for {
@@ -235,7 +248,7 @@ func (mb MultiBuffer) Len() int32 {
 	return size
 }
 
-// IsEmpty return true if the MultiBuffer has no content.
+// IsEmpty returns true if the MultiBuffer has no content.
 func (mb MultiBuffer) IsEmpty() bool {
 	for _, b := range mb {
 		if !b.IsEmpty() {
@@ -283,14 +296,14 @@ func (c *MultiBufferContainer) Write(b []byte) (int, error) {
 	return len(b), nil
 }
 
-// WriteMultiBuffer implement Writer.
+// WriteMultiBuffer implements Writer.
 func (c *MultiBufferContainer) WriteMultiBuffer(b MultiBuffer) error {
 	mb, _ := MergeMulti(c.MultiBuffer, b)
 	c.MultiBuffer = mb
 	return nil
 }
 
-// Close implement io.Closer.
+// Close implements io.Closer.
 func (c *MultiBufferContainer) Close() error {
 	c.MultiBuffer = ReleaseMulti(c.MultiBuffer)
 	return nil

common/buf/multi_buffer_test.go

@@ -8,7 +8,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/buf"
 )

common/buf/readv_test.go

@@ -9,11 +9,10 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	"golang.org/x/sync/errgroup"
-
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/testing/servers/tcp"
+	"golang.org/x/sync/errgroup"
 )
 
 func TestReadvReader(t *testing.T) {

common/buf/writer_test.go

@@ -8,7 +8,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/transport/pipe"

common/cache/lru.go

@@ -26,7 +26,7 @@ type lruElement struct {
 	value interface{}
 }
 
-// NewLru init a lru cache
+// NewLru initializes a lru cache
 func NewLru(cap int) Lru {
 	return &lru{
 		capacity:         cap,

common/crypto/auth.go

@@ -2,8 +2,8 @@ package crypto
 
 import (
 	"crypto/cipher"
+	"crypto/rand"
 	"io"
-	"math/rand"
 
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
@@ -265,7 +265,8 @@ func (w *AuthenticationWriter) seal(b []byte) (*buf.Buffer, error) {
 		return nil, err
 	}
 	if paddingSize > 0 {
-		// With size of the chunk and padding length encrypted, the content of padding doesn't matter much.
+		// These paddings will send in clear text.
+		// To avoid leakage of PRNG internal state, a cryptographically secure PRNG should be used.
 		paddingBytes := eb.Extend(paddingSize)
 		common.Must2(rand.Read(paddingBytes))
 	}

common/crypto/auth_test.go

@@ -9,7 +9,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	. "github.com/xtls/xray-core/common/crypto"

common/crypto/chacha20_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/crypto"
 )

common/errors/errors.go

@@ -2,7 +2,6 @@
 package errors // import "github.com/xtls/xray-core/common/errors"
 
 import (
-	"os"
 	"reflect"
 	"strings"
 
@@ -13,8 +12,8 @@ import (
 const trim = len("github.com/xtls/xray-core/")
 
 type hasInnerError interface {
-	// Inner returns the underlying error of this one.
-	Inner() error
+	// Unwrap returns the underlying error of this one.
+	Unwrap() error
 }
 
 type hasSeverity interface {
@@ -72,8 +71,8 @@ func (err *Error) Error() string {
 	return builder.String()
 }
 
-// Inner implements hasInnerError.Inner()
-func (err *Error) Inner() error {
+// Unwrap implements hasInnerError.Unwrap()
+func (err *Error) Unwrap() error {
 	if err.inner == nil {
 		return nil
 	}
@@ -171,20 +170,10 @@ L:
 	for {
 		switch inner := err.(type) {
 		case hasInnerError:
-			if inner.Inner() == nil {
+			if inner.Unwrap() == nil {
 				break L
 			}
-			err = inner.Inner()
-		case *os.PathError:
-			if inner.Err == nil {
-				break L
-			}
-			err = inner.Err
-		case *os.SyscallError:
-			if inner.Err == nil {
-				break L
-			}
-			err = inner.Err
+			err = inner.Unwrap()
 		default:
 			break L
 		}

common/errors/errors_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/common/log"
 )

common/log/log.go

@@ -34,7 +34,7 @@ func Record(msg Message) {
 
 var logHandler syncHandler
 
-// RegisterHandler register a new handler as current log handler. Previous registered handler will be discarded.
+// RegisterHandler registers a new handler as current log handler. Previous registered handler will be discarded.
 func RegisterHandler(handler Handler) {
 	if handler == nil {
 		panic("Log handler is nil")

common/log/log.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: common/log/log.proto
 
 package log

common/log/log_test.go

@@ -4,7 +4,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
 )

common/mux/client.go

@@ -355,6 +355,7 @@ func (m *ClientWorker) handleStatusEnd(meta *FrameMetadata, reader *buf.Buffered
 			common.Interrupt(s.input)
 			common.Interrupt(s.output)
 		}
+		common.Interrupt(s.input)
 		s.Close()
 	}
 	if meta.Option.Has(OptionData) {

common/mux/client_test.go

@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/golang/mock/gomock"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/common/mux"

common/mux/mux_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	. "github.com/xtls/xray-core/common/mux"

common/mux/server.go

@@ -202,6 +202,7 @@ func (w *ServerWorker) handleStatusEnd(meta *FrameMetadata, reader *buf.Buffered
 			common.Interrupt(s.input)
 			common.Interrupt(s.output)
 		}
+		common.Interrupt(s.input)
 		s.Close()
 	}
 	if meta.Option.Has(OptionData) {

common/net/address.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: common/net/address.proto
 
 package net
@@ -28,6 +28,7 @@ type IPOrDomain struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to Address:
+	//
 	//	*IPOrDomain_Ip
 	//	*IPOrDomain_Domain
 	Address isIPOrDomain_Address `protobuf_oneof:"address"`

common/net/address_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/common/net"
 )
 

common/net/destination.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.18.0
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.12
 // source: common/net/destination.proto
 
 package net