v1.7.5

Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#1625 )
Bump golang.org/x/sys from 0.4.0 to 0.5.0 (#1626 )
2025-08-23 10:06:48 +08:00 · 2023-02-08 17:20:24 +08:00 · 2023-02-08 07:58:18 +00:00 · 2023-02-08 07:57:05 +00:00 · 2023-02-08 14:59:14 +08:00 · 2023-02-08 14:51:15 +08:00
100 changed files with 825 additions and 271 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -123,7 +123,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: 1.19
+          go-version: '1.20'
          check-latest: true
      - name: Get project dependencies
@@ -173,12 +173,11 @@ jobs:
            for i in "${LIST[@]}"
            do
              INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}'))
              LASTEST_TAG="$(curl -sL "https://api.github.com/repos/v2fly/${INFO[0]}/releases/latest" | jq -r ".tag_name" || echo "latest")"
              FILE_NAME="${INFO[2]}.dat"
-              echo -e "Downloading https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat..."
+              echo -e "Downloading https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat..."
-              curl -L "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME}
+              curl -L "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME}
              echo -e "Verifying HASH key..."
-              HASH="$(curl -sL "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')"
+              HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')"
              [ "$(sha256sum "./build_assets/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; }
            done
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -30,7 +30,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: 1.19
+          go-version: '1.20'
          check-latest: true
      - name: Checkout codebase
        uses: actions/checkout@v3
--- a/README.md
+++ b/README.md
@@ -63,7 +63,7 @@ This repo relies on the following third-party projects:
 - In production:
  - [ghodss/yaml](https://github.com/ghodss/yaml)
  - [gorilla/websocket](https://github.com/gorilla/websocket)
-  - [lucas-clemente/quic-go](https://github.com/lucas-clemente/quic-go)
+  - [quic-go/quic-go](https://github.com/quic-go/quic-go)
  - [pelletier/go-toml](https://github.com/pelletier/go-toml)
  - [pires/go-proxyproto](https://github.com/pires/go-proxyproto)
  - [refraction-networking/utls](https://github.com/refraction-networking/utls)
--- a/app/commander/config.pb.go
+++ b/app/commander/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/commander/config.proto
 package commander
--- a/app/dispatcher/config.pb.go
+++ b/app/dispatcher/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/dispatcher/config.proto
 package dispatcher
--- a/app/dns/config.pb.go
+++ b/app/dns/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/dns/config.proto
 package dns
--- a/app/dns/fakedns/fakedns.pb.go
+++ b/app/dns/fakedns/fakedns.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/dns/fakedns/fakedns.proto
 package fakedns
--- a/app/dns/nameserver_quic.go
+++ b/app/dns/nameserver_quic.go
@@ -7,7 +7,7 @@ import (
 	"sync/atomic"
 	"time"
-	"github.com/lucas-clemente/quic-go"
+	"github.com/quic-go/quic-go"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/log"
--- a/app/log/command/config.pb.go
+++ b/app/log/command/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/log/command/config.proto
 package command
--- a/app/log/command/config_grpc.pb.go
+++ b/app/log/command/config_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.18.0
+// - protoc             v3.21.12
 // source: app/log/command/config.proto
 package command
--- a/app/log/config.pb.go
+++ b/app/log/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/log/config.proto
 package log
--- a/app/metrics/config.pb.go
+++ b/app/metrics/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/metrics/config.proto
 package metrics
--- a/app/observatory/command/command.pb.go
+++ b/app/observatory/command/command.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/observatory/command/command.proto
 package command
--- a/app/observatory/command/command_grpc.pb.go
+++ b/app/observatory/command/command_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.18.0
+// - protoc             v3.21.12
 // source: app/observatory/command/command.proto
 package command
--- a/app/observatory/config.pb.go
+++ b/app/observatory/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/observatory/config.proto
 package observatory
--- a/app/policy/config.pb.go
+++ b/app/policy/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/policy/config.proto
 package policy
--- a/app/proxyman/command/command.pb.go
+++ b/app/proxyman/command/command.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/proxyman/command/command.proto
 package command
--- a/app/proxyman/command/command_grpc.pb.go
+++ b/app/proxyman/command/command_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.18.0
+// - protoc             v3.21.12
 // source: app/proxyman/command/command.proto
 package command
--- a/app/proxyman/config.pb.go
+++ b/app/proxyman/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/proxyman/config.proto
 package proxyman
--- a/app/reverse/config.pb.go
+++ b/app/reverse/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/reverse/config.proto
 package reverse
--- a/app/router/command/command.pb.go
+++ b/app/router/command/command.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/router/command/command.proto
 package command
--- a/app/router/command/command_grpc.pb.go
+++ b/app/router/command/command_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.18.0
+// - protoc             v3.21.12
 // source: app/router/command/command.proto
 package command
--- a/app/router/config.pb.go
+++ b/app/router/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/router/config.proto
 package router
--- a/app/stats/command/command.pb.go
+++ b/app/stats/command/command.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/stats/command/command.proto
 package command
--- a/app/stats/command/command_grpc.pb.go
+++ b/app/stats/command/command_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.18.0
+// - protoc             v3.21.12
 // source: app/stats/command/command.proto
 package command
--- a/app/stats/config.pb.go
+++ b/app/stats/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: app/stats/config.proto
 package stats
--- a/common/buf/buffer.go
+++ b/common/buf/buffer.go
@@ -160,6 +160,19 @@ func (b *Buffer) BytesTo(to int32) []byte {
 	return b.v[b.start : b.start+to]
 }
 // Check makes sure that 0 <= b.start <= b.end.
 func (b *Buffer) Check() {
 	if b.start < 0 {
 		b.start = 0
 	}
 	if b.end < 0 {
 		b.end = 0
 	}
 	if b.start > b.end {
 		b.start = b.end
 	}
 }
 // Resize cuts the buffer at the given position.
 func (b *Buffer) Resize(from, to int32) {
 	if from < 0 {
@@ -173,6 +186,7 @@ func (b *Buffer) Resize(from, to int32) {
 	}
 	b.end = b.start + to
 	b.start += from
 	b.Check()
 }
 // Advance cuts the buffer at the given position.
@@ -181,6 +195,7 @@ func (b *Buffer) Advance(from int32) {
 		from += b.Len()
 	}
 	b.start += from
 	b.Check()
 }
 // Len returns the length of the buffer content.
--- a/common/log/log.pb.go
+++ b/common/log/log.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: common/log/log.proto
 package log
--- a/common/net/address.pb.go
+++ b/common/net/address.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: common/net/address.proto
 package net
--- a/common/net/destination.pb.go
+++ b/common/net/destination.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: common/net/destination.proto
 package net
--- a/common/net/network.pb.go
+++ b/common/net/network.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: common/net/network.proto
 package net
--- a/common/net/port.pb.go
+++ b/common/net/port.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: common/net/port.proto
 package net
--- a/common/protocol/headers.go
+++ b/common/protocol/headers.go
@@ -3,6 +3,8 @@ package protocol
 import (
 	"runtime"
 	"golang.org/x/sys/cpu"
 	"github.com/xtls/xray-core/common/bitmask"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/uuid"
@@ -79,9 +81,21 @@ type CommandSwitchAccount struct {
 	ValidMin byte
 }
 var (
 	hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
 	hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
 	// Keep in sync with crypto/aes/cipher_s390x.go.
 	hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR &&
 		(cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
 	hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 ||
 		runtime.GOARCH == "arm64" && hasGCMAsmARM64 ||
 		runtime.GOARCH == "s390x" && hasGCMAsmS390X
 )
 func (sc *SecurityConfig) GetSecurityType() SecurityType {
 	if sc == nil || sc.Type == SecurityType_AUTO {
-		if runtime.GOARCH == "amd64" || runtime.GOARCH == "s390x" || runtime.GOARCH == "arm64" {
+		if hasAESGCMHardwareSupport {
 			return SecurityType_AES128_GCM
 		}
 		return SecurityType_CHACHA20_POLY1305
--- a/common/protocol/headers.pb.go
+++ b/common/protocol/headers.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: common/protocol/headers.proto
 package protocol
--- a/common/protocol/quic/qtls_go118.go
+++ b/common/protocol/quic/qtls_go118.go
@@ -1,16 +1,18 @@
 package quic
 import (
 	"crypto"
 	"crypto/cipher"
-
+	_ "crypto/tls"
-	"github.com/marten-seemann/qtls-go1-18"
+	_ "unsafe"
 )
-type (
+type CipherSuiteTLS13 struct {
-	// A CipherSuiteTLS13 is a cipher suite for TLS 1.3
+	ID     uint16
-	CipherSuiteTLS13 = qtls.CipherSuiteTLS13
+	KeyLen int
-)
+	AEAD   func(key, fixedNonce []byte) cipher.AEAD
-
+	Hash   crypto.Hash
 func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD {
 	return qtls.AEADAESGCMTLS13(key, fixedNonce)
 }
 //go:linkname AEADAESGCMTLS13 crypto/tls.aeadAESGCMTLS13
 func AEADAESGCMTLS13(key, nonceMask []byte) cipher.AEAD
--- a/common/protocol/quic/sniff.go
+++ b/common/protocol/quic/sniff.go
@@ -7,7 +7,7 @@ import (
 	"encoding/binary"
 	"io"
-	"github.com/lucas-clemente/quic-go/quicvarint"
+	"github.com/quic-go/quic-go/quicvarint"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/errors"
--- a/common/protocol/server_spec.pb.go
+++ b/common/protocol/server_spec.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: common/protocol/server_spec.proto
 package protocol
--- a/common/protocol/user.pb.go
+++ b/common/protocol/user.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: common/protocol/user.proto
 package protocol
--- a/common/serial/typed_message.pb.go
+++ b/common/serial/typed_message.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: common/serial/typed_message.proto
 package serial
--- a/core/config.pb.go
+++ b/core/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: core/config.proto
 package core
--- a/core/core.go
+++ b/core/core.go
@@ -18,7 +18,7 @@ import (
 )
 var (
-	version  = "1.7.0"
+	version  = "1.7.5"
 	build    = "Custom"
 	codename = "Xray, Penetrates Everything."
 	intro    = "A unified platform for anti-censorship."
--- a/go.mod
+++ b/go.mod
@@ -1,32 +1,31 @@
 module github.com/xtls/xray-core
-go 1.19
+go 1.20
 require (
-	github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
+	github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344
 	github.com/golang/mock v1.6.0
 	github.com/golang/protobuf v1.5.2
 	github.com/google/go-cmp v0.5.9
 	github.com/gorilla/websocket v1.5.0
 	github.com/lucas-clemente/quic-go v0.31.1
 	github.com/marten-seemann/qtls-go1-18 v0.1.4
 	github.com/miekg/dns v1.1.50
 	github.com/pelletier/go-toml v1.9.5
 	github.com/pires/go-proxyproto v0.6.2
-	github.com/refraction-networking/utls v1.2.0
+	github.com/quic-go/quic-go v0.32.0
-	github.com/sagernet/sing v0.1.1
+	github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849
-	github.com/sagernet/sing-shadowsocks v0.1.0
+	github.com/sagernet/sing v0.1.6
 	github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7
 	github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c
 	github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb
 	github.com/stretchr/testify v1.8.1
 	github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e
-	github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837
+	github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3
-	go.starlark.net v0.0.0-20221205180719-3fd0dac74452
+	go.starlark.net v0.0.0-20230128213706-3f75dec8e403
-	golang.org/x/crypto v0.4.0
+	golang.org/x/crypto v0.5.0
-	golang.org/x/net v0.4.0
+	golang.org/x/net v0.5.0
 	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.3.0
+	golang.org/x/sys v0.5.0
-	google.golang.org/grpc v1.51.0
+	google.golang.org/grpc v1.53.0
 	google.golang.org/protobuf v1.28.1
 	gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c
 	h12.io/socks v1.0.3
@@ -39,22 +38,22 @@ require (
 	github.com/francoispqt/gojay v1.2.13 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
 	github.com/google/btree v1.1.2 // indirect
-	github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 // indirect
+	github.com/google/pprof v0.0.0-20230207041349-798e818bf904 // indirect
-	github.com/klauspost/compress v1.15.13 // indirect
+	github.com/klauspost/compress v1.15.15 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.2 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.3 // indirect
-	github.com/kr/pretty v0.3.1 // indirect
+	github.com/onsi/ginkgo/v2 v2.8.0 // indirect
 	github.com/marten-seemann/qtls-go1-19 v0.1.2 // indirect
 	github.com/onsi/ginkgo/v2 v2.6.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/quic-go/qtls-go1-18 v0.2.0 // indirect
 	github.com/quic-go/qtls-go1-19 v0.2.0 // indirect
 	github.com/quic-go/qtls-go1-20 v0.1.0 // indirect
 	github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
-	golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 // indirect
+	golang.org/x/exp v0.0.0-20230206171751-46f607a40771 // indirect
 	golang.org/x/mod v0.7.0 // indirect
-	golang.org/x/text v0.5.0 // indirect
+	golang.org/x/text v0.6.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.4.0 // indirect
+	golang.org/x/tools v0.5.0 // indirect
-	google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect
+	google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	lukechampine.com/blake3 v1.1.7 // indirect
--- a/go.sum
+++ b/go.sum
@@ -20,7 +20,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -35,8 +34,8 @@ github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJn
 github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 h1:Mn26/9ZMNWSw9C9ERFA1PUxfmGpolnw2v0bKOREu5ew=
+github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3A65HN+7CMjSDP/gofXL4CZt1V4=
-github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I=
+github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
@@ -77,10 +76,8 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20221203041831-ce31453925ec h1:fR20TYVVwhK4O7r7y+McjRYyaTH6/vjwJOajE+XhlzM=
+github.com/google/pprof v0.0.0-20230207041349-798e818bf904 h1:4/hN5RUoecvl+RmJRE2YxKWtnnQls6rQjjW5oV7qg2U=
-github.com/google/pprof v0.0.0-20221203041831-ce31453925ec/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
+github.com/google/pprof v0.0.0-20230207041349-798e818bf904/go.mod h1:uglQLonpP8qtYCYyzA+8c/9qtqgA3qsXGYqCPKARAFg=
 github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 h1:wORs2YN3R3ona/CXYuTvLM31QlgoNKHvlCNuArCDDCU=
 github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
 github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
 github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -94,32 +91,19 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.15.13 h1:NFn1Wr8cfnenSJSA46lLq4wHCcBzKTSjnBIexDMMOV0=
+github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw=
-github.com/klauspost/compress v1.15.13/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
+github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.2 h1:xPMwiykqNK9VK0NYC3+jTMYv9I6Vl3YdjZgPZKG3zO0=
+github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU=
-github.com/klauspost/cpuid/v2 v2.2.2/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
+github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/lucas-clemente/quic-go v0.31.1 h1:O8Od7hfioqq0PMYHDyBkxU2aA7iZ2W9pjbrWuja2YR4=
 github.com/lucas-clemente/quic-go v0.31.1/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI=
 github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
 github.com/marten-seemann/qtls-go1-18 v0.1.4 h1:ogomB+lWV3Vmwiu6RTwDVTMGx+9j7SEi98e8QB35Its=
 github.com/marten-seemann/qtls-go1-18 v0.1.4/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
 github.com/marten-seemann/qtls-go1-19 v0.1.1 h1:mnbxeq3oEyQxQXwI4ReCgW9DPoPR94sNlqWoDZnjRIE=
 github.com/marten-seemann/qtls-go1-19 v0.1.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI=
 github.com/marten-seemann/qtls-go1-19 v0.1.2 h1:ZevAEqKXH0bZmoOBPiqX2h5rhQ7cbZi+X+rlq2JUbCE=
 github.com/marten-seemann/qtls-go1-19 v0.1.2/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
 github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
@@ -128,12 +112,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
 github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
-github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc=
+github.com/onsi/ginkgo/v2 v2.8.0 h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI=
-github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc=
+github.com/onsi/ginkgo/v2 v2.8.0/go.mod h1:6JsQiECmxCa3V5st74AL/AmsV482EDdVrGaVW6z3oYU=
-github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q=
+github.com/onsi/gomega v1.25.0 h1:Vw7br2PCDYijJHSfBOWhov+8cAnUf8MfMaIOV323l6Y=
 github.com/onsi/ginkgo/v2 v2.6.1/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo=
 github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg=
 github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E=
 github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
@@ -141,7 +122,6 @@ github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoU
 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
 github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8=
 github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -150,17 +130,23 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/refraction-networking/utls v1.2.0 h1:U5f8wkij2NVinfLuJdFP3gCMwIHs+EzvhxmYdXgiapo=
+github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U=
-github.com/refraction-networking/utls v1.2.0/go.mod h1:NPq+cVqzH7D1BeOkmOcb5O/8iVewAsiVt2x1/eO0hgQ=
+github.com/quic-go/qtls-go1-18 v0.2.0/go.mod h1:moGulGHK7o6O8lSPSZNoOwcLvJKJ85vVNc7oJFD65bc=
 github.com/quic-go/qtls-go1-19 v0.2.0 h1:Cvn2WdhyViFUHoOqK52i51k4nDX8EwIh5VJiVM4nttk=
 github.com/quic-go/qtls-go1-19 v0.2.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
 github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV54oAI=
 github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
 github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA=
 github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo=
 github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849 h1:vNEcNapWFwnYJTBcVkHJa8VrdL40PNDLDbSGVY+ZV7I=
 github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/sagernet/sing v0.1.1 h1:wtCGreL9UNtoLcDvSLoZQWf1dtqmLWogbcwRAD9nz4E=
+github.com/sagernet/sing v0.1.6 h1:Qy63OUfKpcqKjfd5rPmUlj0RGjHZSK/PJn0duyCCsRg=
-github.com/sagernet/sing v0.1.1/go.mod h1:zvgDYKI+vCAW9RyfyrKTgleI+DOa8lzHMPC7VZo3OL4=
+github.com/sagernet/sing v0.1.6/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w=
-github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4=
+github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 h1:Plup6oEiyLzY3HDqQ+QsUBzgBGdVmcsgf3t8h940z9U=
-github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms=
+github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms=
 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo=
 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI=
 github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb h1:XfLJSPIOUX+osiMraVgIrMR27uMXnRJWGm1+GL8/63U=
@@ -205,12 +191,12 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF
 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
 github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
-github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 h1:AHhUwwFJGl27E46OpdJHplZkK09m7aETNBNzhT6t15M=
+github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM=
-github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY=
+github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
-go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA=
+go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U=
-go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
+go.starlark.net v0.0.0-20230128213706-3f75dec8e403/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
@@ -219,13 +205,11 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
+golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
-golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
+golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20221211140036-ad323defaf05 h1:T8EldfGCcveFMewH5xAYxxoX3PSQMrsechlUGVFlQBU=
+golang.org/x/exp v0.0.0-20230206171751-46f607a40771 h1:xP7rWLUr1e1n2xkK5YB4LI0hPEy3LJC6Wk+D4pGlOJg=
-golang.org/x/exp v0.0.0-20221211140036-ad323defaf05/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20230206171751-46f607a40771/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w=
 golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -246,8 +230,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
+golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
-golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -275,16 +259,16 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
+golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
-golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
@@ -299,8 +283,8 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4=
+golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4=
-golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
+golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -319,16 +303,16 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk
 google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70=
+google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 h1:vArvWooPH749rNHpBGgVl+U9B9dATjiEhJzcWGlovNs=
-google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230202175211-008b39050e57/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U=
+google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
-google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
+google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -342,8 +326,7 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
--- a/infra/conf/transport_internet.go
+++ b/infra/conf/transport_internet.go
@@ -379,6 +379,9 @@ func (c *TLSConfig) Build() (proto.Message, error) {
 	config.CipherSuites = c.CipherSuites
 	config.PreferServerCipherSuites = c.PreferServerCipherSuites
 	config.Fingerprint = strings.ToLower(c.Fingerprint)
 	if config.Fingerprint != "" && tls.GetFingerprint(config.Fingerprint) == nil {
 		return nil, newError(`unknown fingerprint: `, config.Fingerprint)
 	}
 	config.RejectUnknownSni = c.RejectUnknownSNI
 	if c.PinnedPeerCertificateChainSha256 != nil {
@@ -455,6 +458,7 @@ type XTLSConfig struct {
 	MaxVersion                       string            `json:"maxVersion"`
 	CipherSuites                     string            `json:"cipherSuites"`
 	PreferServerCipherSuites         bool              `json:"preferServerCipherSuites"`
 	Fingerprint                      string            `json:"fingerprint"`
 	RejectUnknownSNI                 bool              `json:"rejectUnknownSni"`
 	PinnedPeerCertificateChainSha256 *[]string         `json:"pinnedPeerCertificateChainSha256"`
 }
@@ -484,6 +488,9 @@ func (c *XTLSConfig) Build() (proto.Message, error) {
 	config.MaxVersion = c.MaxVersion
 	config.CipherSuites = c.CipherSuites
 	config.PreferServerCipherSuites = c.PreferServerCipherSuites
 	if c.Fingerprint != "" {
 		return nil, newError(`Old version of XTLS does not support fingerprint. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`)
 	}
 	config.RejectUnknownSni = c.RejectUnknownSNI
 	if c.PinnedPeerCertificateChainSha256 != nil {
@@ -497,6 +504,8 @@ func (c *XTLSConfig) Build() (proto.Message, error) {
 		}
 	}
 	newError(`You are using an old version of XTLS, which is deprecated now and will be removed soon. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`).AtWarning().WriteToLog()
 	return config, nil
 }
@@ -534,6 +543,7 @@ type SocketConfig struct {
 	TCPKeepAliveInterval int32       `json:"tcpKeepAliveInterval"`
 	TCPKeepAliveIdle     int32       `json:"tcpKeepAliveIdle"`
 	TCPCongestion        string      `json:"tcpCongestion"`
 	Interface            string      `json:"interface"`
 }
 // Build implements Buildable.
@@ -583,6 +593,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) {
 		TcpKeepAliveInterval: c.TCPKeepAliveInterval,
 		TcpKeepAliveIdle:     c.TCPKeepAliveIdle,
 		TcpCongestion:        c.TCPCongestion,
 		Interface:            c.Interface,
 	}, nil
 }
--- a/proxy/blackhole/config.pb.go
+++ b/proxy/blackhole/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/blackhole/config.proto
 package blackhole
--- a/proxy/dns/config.pb.go
+++ b/proxy/dns/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/dns/config.proto
 package dns
--- a/proxy/dokodemo/config.pb.go
+++ b/proxy/dokodemo/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/dokodemo/config.proto
 package dokodemo
--- a/proxy/freedom/config.pb.go
+++ b/proxy/freedom/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/freedom/config.proto
 package freedom
--- a/proxy/http/config.pb.go
+++ b/proxy/http/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/http/config.proto
 package http
--- a/proxy/loopback/config.pb.go
+++ b/proxy/loopback/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/loopback/config.proto
 package loopback
--- a/proxy/mtproto/config.pb.go
+++ b/proxy/mtproto/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/mtproto/config.proto
 package mtproto
--- a/proxy/shadowsocks/config.pb.go
+++ b/proxy/shadowsocks/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/shadowsocks/config.proto
 package shadowsocks
--- a/proxy/shadowsocks_2022/config.pb.go
+++ b/proxy/shadowsocks_2022/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/shadowsocks_2022/config.proto
 package shadowsocks_2022
--- a/proxy/socks/config.pb.go
+++ b/proxy/socks/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/socks/config.proto
 package socks
--- a/proxy/trojan/config.pb.go
+++ b/proxy/trojan/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/trojan/config.proto
 package trojan
--- a/proxy/trojan/server.go
+++ b/proxy/trojan/server.go
@@ -155,9 +155,8 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con
 		return newError("unable to set read deadline").Base(err).AtWarning()
 	}
-	first := buf.New()
+	first := buf.FromBytes(make([]byte, buf.Size))
-	defer first.Release()
+	first.Clear()
 	firstLen, err := first.ReadFrom(conn)
 	if err != nil {
 		return newError("failed to read first request").Base(err)
--- a/proxy/vless/account.pb.go
+++ b/proxy/vless/account.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/vless/account.proto
 package vless
--- a/proxy/vless/encoding/addons.pb.go
+++ b/proxy/vless/encoding/addons.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/vless/encoding/addons.proto
 package encoding
--- a/proxy/vless/encoding/encoding.go
+++ b/proxy/vless/encoding/encoding.go
@@ -250,6 +250,7 @@ func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, c
 // XtlsRead filter and read xtls protocol
 func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn,
 	input *bytes.Reader, rawInput *bytes.Buffer,
 	counter stats.Counter, ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool,
 	isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32,
 ) error {
@@ -301,6 +302,17 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater
 						} else if currentCommand == 2 {
 							filterUUID = false
 							shouldSwitchToDirectCopy = true
 							// XTLS Vision processes struct TLS Conn's input and rawInput
 							if inputBuffer, err := buf.ReadFrom(input); err == nil {
 								if !inputBuffer.IsEmpty() {
 									buffer, _ = buf.MergeMulti(buffer, inputBuffer)
 								}
 							}
 							if rawInputBuffer, err := buf.ReadFrom(rawInput); err == nil {
 								if !rawInputBuffer.IsEmpty() {
 									buffer, _ = buf.MergeMulti(buffer, rawInputBuffer)
 								}
 							}
 						} else if currentCommand != 0 {
 							newError("XtlsRead unknown command ", currentCommand, buffer.Len()).WriteToLog(session.ExportIDToError(ctx))
 						}
@@ -494,25 +506,31 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu
 // XtlsPadding add padding to eliminate length siganature during tls handshake
 func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, ctx context.Context) *buf.Buffer {
-	var length int32 = 0
+	var contantLen int32 = 0
-	if b.Len() < 900 {
+	var paddingLen int32 = 0
 	if b != nil {
 		contantLen = b.Len()
 	}
 	if contantLen < 900 {
 		l, err := rand.Int(rand.Reader, big.NewInt(500))
 		if err != nil {
 			newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx))
 		}
-		length = int32(l.Int64()) + 900 - b.Len()
+		paddingLen = int32(l.Int64()) + 900 - contantLen
 	}
 	newbuffer := buf.New()
 	if userUUID != nil {
 		newbuffer.Write(*userUUID)
 		*userUUID = nil
 	}
-	newbuffer.Write([]byte{command, byte(b.Len() >> 8), byte(b.Len()), byte(length >> 8), byte(length)})
+	newbuffer.Write([]byte{command, byte(contantLen >> 8), byte(contantLen), byte(paddingLen >> 8), byte(paddingLen)})
-	newbuffer.Write(b.Bytes())
+	if (b != nil) {
-	newbuffer.Extend(length)
+		newbuffer.Write(b.Bytes())
-	newError("XtlsPadding ", b.Len(), " ", length, " ", command).WriteToLog(session.ExportIDToError(ctx))
+		b.Release()
-	b.Release()
+		b = nil
-	b = nil
+	}
 	newbuffer.Extend(paddingLen)
 	newError("XtlsPadding ", contantLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx))
 	return newbuffer
 }
--- a/proxy/vless/inbound/config.pb.go
+++ b/proxy/vless/inbound/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/vless/inbound/config.proto
 package inbound
--- a/proxy/vless/inbound/inbound.go
+++ b/proxy/vless/inbound/inbound.go
@@ -3,13 +3,18 @@ package inbound
 //go:generate go run github.com/xtls/xray-core/common/errors/errorgen
 import (
 	"bytes"
 	"context"
 	gotls "crypto/tls"
 	"io"
 	"reflect"
 	"strconv"
 	"strings"
 	"syscall"
 	"time"
 	"unsafe"
 	"github.com/pires/go-proxyproto"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/errors"
@@ -149,6 +154,19 @@ func New(ctx context.Context, config *Config, dc dns.Client) (*Handler, error) {
 	return handler, nil
 }
 func isMuxAndNotXUDP(request *protocol.RequestHeader, first *buf.Buffer) bool {
 	if request.Command != protocol.RequestCommandMux {
 		return false
 	}
 	if first.Len() < 7 {
 		return true
 	}
 	firstBytes := first.Bytes()
 	return !(firstBytes[2] == 0 && // ID high
 		firstBytes[3] == 0 && // ID low
 		firstBytes[6] == 2) // Network type: UDP
 }
 // Close implements common.Closable.Close().
 func (h *Handler) Close() error {
 	return errors.Combine(common.Close(h.validator))
@@ -184,9 +202,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 		return newError("unable to set read deadline").Base(err).AtWarning()
 	}
-	first := buf.New()
+	first := buf.FromBytes(make([]byte, buf.Size))
-	defer first.Release()
+	first.Clear()
 	firstLen, _ := first.ReadFrom(connection)
 	newError("firstLen = ", firstLen).AtInfo().WriteToLog(sid)
@@ -441,6 +458,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 	var netConn net.Conn
 	var rawConn syscall.RawConn
 	var input *bytes.Reader
 	var rawInput *bytes.Buffer
 	allowNoneFlow := false
 	accountFlow := account.Flow
 	flows := strings.Split(account.Flow, ",")
@@ -462,11 +481,19 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 				return newError(requestAddons.Flow + " doesn't support UDP").AtWarning()
 			case protocol.RequestCommandTCP:
 				if requestAddons.Flow == vless.XRV {
 					var t reflect.Type
 					var p uintptr
 					if tlsConn, ok := iConn.(*tls.Conn); ok {
-						netConn = tlsConn.NetConn()
+						if tlsConn.ConnectionState().Version != gotls.VersionTLS13 {
-						if sc, ok := netConn.(syscall.Conn); ok {
+							return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning()
 							rawConn, _ = sc.SyscallConn()
 						}
 						netConn = tlsConn.NetConn()
 						if pc, ok := netConn.(*proxyproto.Conn); ok {
 							netConn = pc.Raw()
 							// 8192 > 4096, there is no need to process pc's bufReader
 						}
 						t = reflect.TypeOf(tlsConn.Conn).Elem()
 						p = uintptr(unsafe.Pointer(tlsConn.Conn))
 					} else if _, ok := iConn.(*tls.UConn); ok {
 						return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning()
 					} else if _, ok := iConn.(*xtls.Conn); ok {
@@ -474,6 +501,13 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 					} else {
 						return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning()
 					}
 					if sc, ok := netConn.(syscall.Conn); ok {
 						rawConn, _ = sc.SyscallConn()
 					}
 					i, _ := t.FieldByName("input")
 					r, _ := t.FieldByName("rawInput")
 					input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset))
 					rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset))
 				} else if xtlsConn, ok := iConn.(*xtls.Conn); ok {
 					xtlsConn.RPRX = true
 					xtlsConn.SHOW = xtls_show
@@ -492,7 +526,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 			return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
 		}
 	case "", "none":
-		if accountFlow == vless.XRV && !allowNoneFlow && request.Command == protocol.RequestCommandTCP {
+		if accountFlow == vless.XRV && !allowNoneFlow && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) {
 			return newError(account.ID.String() + " is not able to use " + vless.XRV +
 				". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning()
 		}
@@ -545,7 +579,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 			// TODO enable splice
 			ctx = session.ContextWithInbound(ctx, nil)
 			if requestAddons.Flow == vless.XRV {
-				err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(),
+				err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(),
 					&numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello)
 			} else {
 				err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter, ctx)
--- a/proxy/vless/outbound/config.pb.go
+++ b/proxy/vless/outbound/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/vless/outbound/config.proto
 package outbound
--- a/proxy/vless/outbound/outbound.go
+++ b/proxy/vless/outbound/outbound.go
@@ -3,10 +3,15 @@ package outbound
 //go:generate go run github.com/xtls/xray-core/common/errors/errorgen
 import (
 	"bytes"
 	"context"
 	gotls "crypto/tls"
 	"reflect"
 	"syscall"
 	"time"
 	"unsafe"
 	utls "github.com/refraction-networking/utls"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/net"
@@ -130,6 +135,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 	var netConn net.Conn
 	var rawConn syscall.RawConn
 	var input *bytes.Reader
 	var rawInput *bytes.Buffer
 	allowUDP443 := false
 	switch requestAddons.Flow {
 	case vless.XRO + "-udp443", vless.XRD + "-udp443", vless.XRS + "-udp443", vless.XRV + "-udp443":
@@ -147,21 +154,28 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 			requestAddons.Flow = ""
 		case protocol.RequestCommandTCP:
 			if requestAddons.Flow == vless.XRV {
 				var t reflect.Type
 				var p uintptr
 				if tlsConn, ok := iConn.(*tls.Conn); ok {
 					netConn = tlsConn.NetConn()
-					if sc, ok := netConn.(syscall.Conn); ok {
+					t = reflect.TypeOf(tlsConn.Conn).Elem()
-						rawConn, _ = sc.SyscallConn()
+					p = uintptr(unsafe.Pointer(tlsConn.Conn))
 					}
 				} else if utlsConn, ok := iConn.(*tls.UConn); ok {
-					netConn = utlsConn.Conn.NetConn()
+					netConn = utlsConn.NetConn()
-					if sc, ok := netConn.(syscall.Conn); ok {
+					t = reflect.TypeOf(utlsConn.Conn).Elem()
-						rawConn, _ = sc.SyscallConn()
+					p = uintptr(unsafe.Pointer(utlsConn.Conn))
 					}
 				} else if _, ok := iConn.(*xtls.Conn); ok {
 					return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls"`).AtWarning()
 				} else {
 					return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning()
 				}
 				if sc, ok := netConn.(syscall.Conn); ok {
 					rawConn, _ = sc.SyscallConn()
 				}
 				i, _ := t.FieldByName("input")
 				r, _ := t.FieldByName("rawInput")
 				input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset))
 				rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset))
 			} else if xtlsConn, ok := iConn.(*xtls.Conn); ok {
 				xtlsConn.RPRX = true
 				xtlsConn.SHOW = xtls_show
@@ -235,6 +249,13 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 				}
 			} else if err1 != buf.ErrReadTimeout {
 				return err1
 			} else if requestAddons.Flow == vless.XRV {
 				mb := make(buf.MultiBuffer, 1)
 				mb[0] = encoding.XtlsPadding(nil, 0x01, &userUUID, ctx) // it must not be tls so padding finish with it (command 1)
 				newError("Insert padding with empty content to camouflage VLESS header ", mb.Len()).WriteToLog(session.ExportIDToError(ctx))
 				if err := serverWriter.WriteMultiBuffer(mb); err != nil {
 					return err
 				}
 			}
 		} else {
 			newError("Reader is not timeout reader, will send out vless header separately from first payload").AtDebug().WriteToLog(session.ExportIDToError(ctx))
@@ -246,6 +267,15 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 		var err error
 		if rawConn != nil && requestAddons.Flow == vless.XRV {
 			if tlsConn, ok := iConn.(*tls.Conn); ok {
 				if tlsConn.ConnectionState().Version != gotls.VersionTLS13 {
 					return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning()
 				}
 			} else if utlsConn, ok := iConn.(*tls.UConn); ok {
 				if utlsConn.ConnectionState().Version != utls.VersionTLS13 {
 					return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, utlsConn.ConnectionState().Version).AtWarning()
 				}
 			}
 			var counter stats.Counter
 			if statConn != nil {
 				counter = statConn.WriteCounter
@@ -287,7 +317,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 				counter = statConn.ReadCounter
 			}
 			if requestAddons.Flow == vless.XRV {
-				err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(),
+				err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(),
 					&numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello)
 			} else {
 				if requestAddons.Flow != vless.XRS {
--- a/proxy/vmess/account.pb.go
+++ b/proxy/vmess/account.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/vmess/account.proto
 package vmess
--- a/proxy/vmess/inbound/config.pb.go
+++ b/proxy/vmess/inbound/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/vmess/inbound/config.proto
 package inbound
--- a/proxy/vmess/outbound/config.pb.go
+++ b/proxy/vmess/outbound/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: proxy/vmess/outbound/config.proto
 package outbound
--- a/proxy/wireguard/config.pb.go
+++ b/proxy/wireguard/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.21.9
+// 	protoc        v3.21.12
 // source: proxy/wireguard/config.proto
 package wireguard
--- a/testing/scenarios/tls_test.go
+++ b/testing/scenarios/tls_test.go
@@ -928,3 +928,316 @@ func TestSimpleTLSConnectionPinned(t *testing.T) {
 		t.Fatal(err)
 	}
 }
 func TestSimpleTLSConnectionPinnedWrongCert(t *testing.T) {
 	tcpServer := tcp.Server{
 		MsgProcessor: xor,
 	}
 	dest, err := tcpServer.Start()
 	common.Must(err)
 	defer tcpServer.Close()
 	certificateDer := cert.MustGenerate(nil)
 	certificate := tls.ParseCertificate(certificateDer)
 	certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate})
 	certHash[1] += 1
 	userID := protocol.NewID(uuid.New())
 	serverPort := tcp.PickPort()
 	serverConfig := &core.Config{
 		Inbound: []*core.InboundHandlerConfig{
 			{
 				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
 					PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}},
 					Listen:   net.NewIPOrDomain(net.LocalHostIP),
 					StreamSettings: &internet.StreamConfig{
 						SecurityType: serial.GetMessageType(&tls.Config{}),
 						SecuritySettings: []*serial.TypedMessage{
 							serial.ToTypedMessage(&tls.Config{
 								Certificate: []*tls.Certificate{certificate},
 							}),
 						},
 					},
 				}),
 				ProxySettings: serial.ToTypedMessage(&inbound.Config{
 					User: []*protocol.User{
 						{
 							Account: serial.ToTypedMessage(&vmess.Account{
 								Id: userID.String(),
 							}),
 						},
 					},
 				}),
 			},
 		},
 		Outbound: []*core.OutboundHandlerConfig{
 			{
 				ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
 			},
 		},
 	}
 	clientPort := tcp.PickPort()
 	clientConfig := &core.Config{
 		Inbound: []*core.InboundHandlerConfig{
 			{
 				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
 					PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}},
 					Listen:   net.NewIPOrDomain(net.LocalHostIP),
 				}),
 				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
 					Address: net.NewIPOrDomain(dest.Address),
 					Port:    uint32(dest.Port),
 					NetworkList: &net.NetworkList{
 						Network: []net.Network{net.Network_TCP},
 					},
 				}),
 			},
 		},
 		Outbound: []*core.OutboundHandlerConfig{
 			{
 				ProxySettings: serial.ToTypedMessage(&outbound.Config{
 					Receiver: []*protocol.ServerEndpoint{
 						{
 							Address: net.NewIPOrDomain(net.LocalHostIP),
 							Port:    uint32(serverPort),
 							User: []*protocol.User{
 								{
 									Account: serial.ToTypedMessage(&vmess.Account{
 										Id: userID.String(),
 									}),
 								},
 							},
 						},
 					},
 				}),
 				SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
 					StreamSettings: &internet.StreamConfig{
 						SecurityType: serial.GetMessageType(&tls.Config{}),
 						SecuritySettings: []*serial.TypedMessage{
 							serial.ToTypedMessage(&tls.Config{
 								AllowInsecure:                    true,
 								PinnedPeerCertificateChainSha256: [][]byte{certHash},
 							}),
 						},
 					},
 				}),
 			},
 		},
 	}
 	servers, err := InitializeServerConfigs(serverConfig, clientConfig)
 	common.Must(err)
 	defer CloseAllServers(servers)
 	if err := testTCPConn(clientPort, 1024, time.Second*20)(); err == nil {
 		t.Fatal(err)
 	}
 }
 func TestUTLSConnectionPinned(t *testing.T) {
 	tcpServer := tcp.Server{
 		MsgProcessor: xor,
 	}
 	dest, err := tcpServer.Start()
 	common.Must(err)
 	defer tcpServer.Close()
 	certificateDer := cert.MustGenerate(nil)
 	certificate := tls.ParseCertificate(certificateDer)
 	certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate})
 	userID := protocol.NewID(uuid.New())
 	serverPort := tcp.PickPort()
 	serverConfig := &core.Config{
 		Inbound: []*core.InboundHandlerConfig{
 			{
 				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
 					PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}},
 					Listen:   net.NewIPOrDomain(net.LocalHostIP),
 					StreamSettings: &internet.StreamConfig{
 						SecurityType: serial.GetMessageType(&tls.Config{}),
 						SecuritySettings: []*serial.TypedMessage{
 							serial.ToTypedMessage(&tls.Config{
 								Certificate: []*tls.Certificate{certificate},
 							}),
 						},
 					},
 				}),
 				ProxySettings: serial.ToTypedMessage(&inbound.Config{
 					User: []*protocol.User{
 						{
 							Account: serial.ToTypedMessage(&vmess.Account{
 								Id: userID.String(),
 							}),
 						},
 					},
 				}),
 			},
 		},
 		Outbound: []*core.OutboundHandlerConfig{
 			{
 				ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
 			},
 		},
 	}
 	clientPort := tcp.PickPort()
 	clientConfig := &core.Config{
 		Inbound: []*core.InboundHandlerConfig{
 			{
 				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
 					PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}},
 					Listen:   net.NewIPOrDomain(net.LocalHostIP),
 				}),
 				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
 					Address: net.NewIPOrDomain(dest.Address),
 					Port:    uint32(dest.Port),
 					NetworkList: &net.NetworkList{
 						Network: []net.Network{net.Network_TCP},
 					},
 				}),
 			},
 		},
 		Outbound: []*core.OutboundHandlerConfig{
 			{
 				ProxySettings: serial.ToTypedMessage(&outbound.Config{
 					Receiver: []*protocol.ServerEndpoint{
 						{
 							Address: net.NewIPOrDomain(net.LocalHostIP),
 							Port:    uint32(serverPort),
 							User: []*protocol.User{
 								{
 									Account: serial.ToTypedMessage(&vmess.Account{
 										Id: userID.String(),
 									}),
 								},
 							},
 						},
 					},
 				}),
 				SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
 					StreamSettings: &internet.StreamConfig{
 						SecurityType: serial.GetMessageType(&tls.Config{}),
 						SecuritySettings: []*serial.TypedMessage{
 							serial.ToTypedMessage(&tls.Config{
 								Fingerprint:                      "random",
 								AllowInsecure:                    true,
 								PinnedPeerCertificateChainSha256: [][]byte{certHash},
 							}),
 						},
 					},
 				}),
 			},
 		},
 	}
 	servers, err := InitializeServerConfigs(serverConfig, clientConfig)
 	common.Must(err)
 	defer CloseAllServers(servers)
 	if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil {
 		t.Fatal(err)
 	}
 }
 func TestUTLSConnectionPinnedWrongCert(t *testing.T) {
 	tcpServer := tcp.Server{
 		MsgProcessor: xor,
 	}
 	dest, err := tcpServer.Start()
 	common.Must(err)
 	defer tcpServer.Close()
 	certificateDer := cert.MustGenerate(nil)
 	certificate := tls.ParseCertificate(certificateDer)
 	certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate})
 	certHash[1] += 1
 	userID := protocol.NewID(uuid.New())
 	serverPort := tcp.PickPort()
 	serverConfig := &core.Config{
 		Inbound: []*core.InboundHandlerConfig{
 			{
 				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
 					PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}},
 					Listen:   net.NewIPOrDomain(net.LocalHostIP),
 					StreamSettings: &internet.StreamConfig{
 						SecurityType: serial.GetMessageType(&tls.Config{}),
 						SecuritySettings: []*serial.TypedMessage{
 							serial.ToTypedMessage(&tls.Config{
 								Certificate: []*tls.Certificate{certificate},
 							}),
 						},
 					},
 				}),
 				ProxySettings: serial.ToTypedMessage(&inbound.Config{
 					User: []*protocol.User{
 						{
 							Account: serial.ToTypedMessage(&vmess.Account{
 								Id: userID.String(),
 							}),
 						},
 					},
 				}),
 			},
 		},
 		Outbound: []*core.OutboundHandlerConfig{
 			{
 				ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
 			},
 		},
 	}
 	clientPort := tcp.PickPort()
 	clientConfig := &core.Config{
 		Inbound: []*core.InboundHandlerConfig{
 			{
 				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
 					PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}},
 					Listen:   net.NewIPOrDomain(net.LocalHostIP),
 				}),
 				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
 					Address: net.NewIPOrDomain(dest.Address),
 					Port:    uint32(dest.Port),
 					NetworkList: &net.NetworkList{
 						Network: []net.Network{net.Network_TCP},
 					},
 				}),
 			},
 		},
 		Outbound: []*core.OutboundHandlerConfig{
 			{
 				ProxySettings: serial.ToTypedMessage(&outbound.Config{
 					Receiver: []*protocol.ServerEndpoint{
 						{
 							Address: net.NewIPOrDomain(net.LocalHostIP),
 							Port:    uint32(serverPort),
 							User: []*protocol.User{
 								{
 									Account: serial.ToTypedMessage(&vmess.Account{
 										Id: userID.String(),
 									}),
 								},
 							},
 						},
 					},
 				}),
 				SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
 					StreamSettings: &internet.StreamConfig{
 						SecurityType: serial.GetMessageType(&tls.Config{}),
 						SecuritySettings: []*serial.TypedMessage{
 							serial.ToTypedMessage(&tls.Config{
 								Fingerprint:                      "random",
 								AllowInsecure:                    true,
 								PinnedPeerCertificateChainSha256: [][]byte{certHash},
 							}),
 						},
 					},
 				}),
 			},
 		},
 	}
 	servers, err := InitializeServerConfigs(serverConfig, clientConfig)
 	common.Must(err)
 	defer CloseAllServers(servers)
 	if err := testTCPConn(clientPort, 1024, time.Second*20)(); err == nil {
 		t.Fatal(err)
 	}
 }
--- a/transport/global/config.pb.go
+++ b/transport/global/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/global/config.proto
 package global
--- a/transport/internet/config.pb.go
+++ b/transport/internet/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/config.proto
 package internet
@@ -425,6 +425,7 @@ type SocketConfig struct {
 	TcpKeepAliveInterval       int32          `protobuf:"varint,10,opt,name=tcp_keep_alive_interval,json=tcpKeepAliveInterval,proto3" json:"tcp_keep_alive_interval,omitempty"`
 	TcpKeepAliveIdle           int32          `protobuf:"varint,11,opt,name=tcp_keep_alive_idle,json=tcpKeepAliveIdle,proto3" json:"tcp_keep_alive_idle,omitempty"`
 	TcpCongestion              string         `protobuf:"bytes,12,opt,name=tcp_congestion,json=tcpCongestion,proto3" json:"tcp_congestion,omitempty"`
 	Interface                  string         `protobuf:"bytes,13,opt,name=interface,proto3" json:"interface,omitempty"`
 }
 func (x *SocketConfig) Reset() {
@@ -543,6 +544,13 @@ func (x *SocketConfig) GetTcpCongestion() string {
 	return ""
 }
 func (x *SocketConfig) GetInterface() string {
 	if x != nil {
 		return x.Interface
 	}
 	return ""
 }
 var File_transport_internet_config_proto protoreflect.FileDescriptor
 var file_transport_internet_config_proto_rawDesc = []byte{
@@ -595,7 +603,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{
 	0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79,
 	0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74,
 	0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f,
-	0x78, 0x79, 0x22, 0xe8, 0x04, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e,
+	0x78, 0x79, 0x22, 0x86, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e,
 	0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28,
 	0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02,
 	0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72,
@@ -630,27 +638,29 @@ var file_transport_internet_config_proto_rawDesc = []byte{
 	0x01, 0x28, 0x05, 0x52, 0x10, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x41, 0x6c, 0x69, 0x76,
 	0x65, 0x49, 0x64, 0x6c, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6f, 0x6e,
 	0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74,
-	0x63, 0x70, 0x43, 0x6f, 0x6e, 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x2f, 0x0a, 0x0a,
+	0x63, 0x70, 0x43, 0x6f, 0x6e, 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09,
-	0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12,
+	0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50,
-	0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a,
+	0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10,
-	0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
+	0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a,
-	0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55,
+	0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54,
-	0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d,
+	0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
-	0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a,
+	0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50,
-	0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69,
+	0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09,
-	0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d,
+	0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48,
-	0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41,
+	0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53,
-	0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50,
+	0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69,
-	0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12,
+	0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f,
-	0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b,
+	0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01,
-	0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f,
+	0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a,
-	0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67,
+	0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78,
+	0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74,
-	0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74,
-	0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72,
+	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61,
-	0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74,
+	0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74,
-	0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79,
 	0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72,
 	0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 var (
--- a/transport/internet/config.proto
+++ b/transport/internet/config.proto
@@ -98,4 +98,6 @@ message SocketConfig {
  int32 tcp_keep_alive_idle = 11;
  string tcp_congestion = 12;
  string interface = 13;
 }
--- a/transport/internet/domainsocket/config.pb.go
+++ b/transport/internet/domainsocket/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/domainsocket/config.proto
 package domainsocket
--- a/transport/internet/grpc/config.pb.go
+++ b/transport/internet/grpc/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/grpc/config.proto
 package grpc
--- a/transport/internet/grpc/dial.go
+++ b/transport/internet/grpc/dial.go
@@ -122,7 +122,7 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in
 	if tlsConfig != nil {
 		var transportCredential credentials.TransportCredentials
-		if fingerprint, exists := tls.Fingerprints[tlsConfig.Fingerprint]; exists {
+		if fingerprint := tls.GetFingerprint(tlsConfig.Fingerprint); fingerprint != nil {
 			transportCredential = tls.NewGrpcUtls(tlsConfig.GetTLSConfig(), fingerprint)
 		} else { // Fallback to normal gRPC TLS
 			transportCredential = credentials.NewTLS(tlsConfig.GetTLSConfig())
--- a/transport/internet/grpc/encoding/stream.pb.go
+++ b/transport/internet/grpc/encoding/stream.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/grpc/encoding/stream.proto
 package encoding
--- a/transport/internet/grpc/encoding/stream_grpc.pb.go
+++ b/transport/internet/grpc/encoding/stream_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.18.0
+// - protoc             v3.21.12
 // source: transport/internet/grpc/encoding/stream.proto
 package encoding
--- a/transport/internet/headers/http/config.pb.go
+++ b/transport/internet/headers/http/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/headers/http/config.proto
 package http
--- a/transport/internet/headers/noop/config.pb.go
+++ b/transport/internet/headers/noop/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/headers/noop/config.proto
 package noop
--- a/transport/internet/headers/srtp/config.pb.go
+++ b/transport/internet/headers/srtp/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/headers/srtp/config.proto
 package srtp
--- a/transport/internet/headers/tls/config.pb.go
+++ b/transport/internet/headers/tls/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/headers/tls/config.proto
 package tls
--- a/transport/internet/headers/utp/config.pb.go
+++ b/transport/internet/headers/utp/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/headers/utp/config.proto
 package utp
--- a/transport/internet/headers/wechat/config.pb.go
+++ b/transport/internet/headers/wechat/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/headers/wechat/config.proto
 package wechat
--- a/transport/internet/headers/wireguard/config.pb.go
+++ b/transport/internet/headers/wireguard/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/headers/wireguard/config.proto
 package wireguard
--- a/transport/internet/http/config.pb.go
+++ b/transport/internet/http/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/http/config.proto
 package http
--- a/transport/internet/http/dialer.go
+++ b/transport/internet/http/dialer.go
@@ -75,7 +75,7 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in
 			}
 			var cn tls.Interface
-			if fingerprint, ok := tls.Fingerprints[tlsConfigs.Fingerprint]; ok {
+			if fingerprint := tls.GetFingerprint(tlsConfigs.Fingerprint); fingerprint != nil {
 				cn = tls.UClient(pconn, tlsConfig, fingerprint).(*tls.UConn)
 			} else {
 				cn = tls.Client(pconn, tlsConfig).(*tls.Conn)
--- a/transport/internet/kcp/config.pb.go
+++ b/transport/internet/kcp/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/kcp/config.proto
 package kcp
--- a/transport/internet/quic/config.pb.go
+++ b/transport/internet/quic/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/quic/config.proto
 package quic
--- a/transport/internet/quic/conn.go
+++ b/transport/internet/quic/conn.go
@@ -7,7 +7,7 @@ import (
 	"syscall"
 	"time"
-	"github.com/lucas-clemente/quic-go"
+	"github.com/quic-go/quic-go"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/net"
--- a/transport/internet/quic/dialer.go
+++ b/transport/internet/quic/dialer.go
@@ -6,9 +6,9 @@ import (
 	"sync"
 	"time"
-	"github.com/lucas-clemente/quic-go"
+	"github.com/quic-go/quic-go"
-	"github.com/lucas-clemente/quic-go/logging"
+	"github.com/quic-go/quic-go/logging"
-	"github.com/lucas-clemente/quic-go/qlog"
+	"github.com/quic-go/quic-go/qlog"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/task"
--- a/transport/internet/quic/hub.go
+++ b/transport/internet/quic/hub.go
@@ -5,9 +5,9 @@ import (
 	"io"
 	"time"
-	"github.com/lucas-clemente/quic-go"
+	"github.com/quic-go/quic-go"
-	"github.com/lucas-clemente/quic-go/logging"
+	"github.com/quic-go/quic-go/logging"
-	"github.com/lucas-clemente/quic-go/qlog"
+	"github.com/quic-go/quic-go/qlog"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol/tls/cert"
--- a/transport/internet/sockopt_linux.go
+++ b/transport/internet/sockopt_linux.go
@@ -46,6 +46,12 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf
 			return newError("failed to set SO_MARK").Base(err)
 		}
 	}
 	if  config.Interface != "" {
                if err := syscall.BindToDevice(int(fd), config.Interface); err != nil {
                        return newError("failed to set Interface").Base(err)
                }
        }
 	if isTCPSocket(network) {
 		tfo := config.ParseTFOValue()
--- a/transport/internet/tcp/config.pb.go
+++ b/transport/internet/tcp/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/tcp/config.proto
 package tcp
--- a/transport/internet/tcp/dialer.go
+++ b/transport/internet/tcp/dialer.go
@@ -22,7 +22,7 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me
 	if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
 		tlsConfig := config.GetTLSConfig(tls.WithDestination(dest))
-		if fingerprint, ok := tls.Fingerprints[config.Fingerprint]; ok {
+		if fingerprint := tls.GetFingerprint(config.Fingerprint); fingerprint != nil {
 			conn = tls.UClient(conn, tlsConfig, fingerprint)
 			if err := conn.(*tls.UConn).Handshake(); err != nil {
 				return nil, err
--- a/transport/internet/tls/config.pb.go
+++ b/transport/internet/tls/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/tls/config.proto
 package tls
--- a/transport/internet/tls/tls.go
+++ b/transport/internet/tls/tls.go
@@ -1,7 +1,9 @@
 package tls
 import (
 	"crypto/rand"
 	"crypto/tls"
 	"math/big"
 	utls "github.com/refraction-networking/utls"
 	"github.com/xtls/xray-core/common/buf"
@@ -10,6 +12,13 @@ import (
 //go:generate go run github.com/xtls/xray-core/common/errors/errorgen
 type Interface interface {
 	net.Conn
 	Handshake() error
 	VerifyHostname(host string) error
 	NegotiatedProtocol() (name string, mutual bool)
 }
 var _ buf.Writer = (*Conn)(nil)
 type Conn struct {
@@ -105,22 +114,106 @@ func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) ne
 func copyConfig(c *tls.Config) *utls.Config {
 	return &utls.Config{
-		RootCAs:            c.RootCAs,
+		RootCAs:               c.RootCAs,
-		ServerName:         c.ServerName,
+		ServerName:            c.ServerName,
-		InsecureSkipVerify: c.InsecureSkipVerify,
+		InsecureSkipVerify:    c.InsecureSkipVerify,
 		VerifyPeerCertificate: c.VerifyPeerCertificate,
 	}
 }
-var Fingerprints = map[string]*utls.ClientHelloID{
+func init() {
-	"chrome":     &utls.HelloChrome_Auto,
+	bigInt, _ := rand.Int(rand.Reader, big.NewInt(int64(len(ModernFingerprints))))
-	"firefox":    &utls.HelloFirefox_Auto,
+	stopAt := int(bigInt.Int64())
-	"safari":     &utls.HelloIOS_Auto,
+	i := 0
-	"randomized": &utls.HelloRandomized,
+	for _, v := range ModernFingerprints {
 		if i == stopAt {
 			PresetFingerprints["random"] = v
 			break
 		}
 		i++
 	}
 	weights := utls.DefaultWeights
 	weights.TLSVersMax_Set_VersionTLS13 = 1
 	weights.FirstKeyShare_Set_CurveP256 = 0
 	randomized := utls.HelloRandomized
 	randomized.Seed, _ = utls.NewPRNGSeed()
 	randomized.Weights = &weights
 	PresetFingerprints["randomized"] = &randomized
 }
-type Interface interface {
+func GetFingerprint(name string) (fingerprint *utls.ClientHelloID) {
-	net.Conn
+	if name == "" {
-	Handshake() error
+		return
-	VerifyHostname(host string) error
+	}
-	NegotiatedProtocol() (name string, mutual bool)
+	if fingerprint = PresetFingerprints[name]; fingerprint != nil {
 		return
 	}
 	if fingerprint = ModernFingerprints[name]; fingerprint != nil {
 		return
 	}
 	if fingerprint = OtherFingerprints[name]; fingerprint != nil {
 		return
 	}
 	return
 }
 var PresetFingerprints = map[string]*utls.ClientHelloID{
 	// Recommended preset options in GUI clients
 	"chrome":     &utls.HelloChrome_Auto,
 	"firefox":    &utls.HelloFirefox_Auto,
 	"safari":     &utls.HelloSafari_Auto,
 	"ios":        &utls.HelloIOS_Auto,
 	"android":    &utls.HelloAndroid_11_OkHttp,
 	"edge":       &utls.HelloEdge_Auto,
 	"360":        &utls.Hello360_Auto,
 	"qq":         &utls.HelloQQ_Auto,
 	"random":     nil,
 	"randomized": nil,
 }
 var ModernFingerprints = map[string]*utls.ClientHelloID{
 	// One of these will be chosen as `random` at startup
 	"hellofirefox_auto":       &utls.HelloFirefox_Auto,
 	"hellofirefox_99":         &utls.HelloFirefox_99,
 	"hellofirefox_102":        &utls.HelloFirefox_102,
 	"hellofirefox_105":        &utls.HelloFirefox_105,
 	"hellochrome_auto":        &utls.HelloChrome_Auto,
 	"hellochrome_83":          &utls.HelloChrome_83,
 	"hellochrome_87":          &utls.HelloChrome_87,
 	"hellochrome_96":          &utls.HelloChrome_96,
 	"hellochrome_100":         &utls.HelloChrome_100,
 	"hellochrome_102":         &utls.HelloChrome_102,
 	"hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle,
 	"helloios_auto":           &utls.HelloIOS_Auto,
 	"helloios_12_1":           &utls.HelloIOS_12_1,
 	"helloios_13":             &utls.HelloIOS_13,
 	"helloios_14":             &utls.HelloIOS_14,
 	"helloandroid_11_okhttp":  &utls.HelloAndroid_11_OkHttp,
 	"helloedge_auto":          &utls.HelloEdge_Auto,
 	"helloedge_85":            &utls.HelloEdge_85,
 	"helloedge_106":           &utls.HelloEdge_106,
 	"hellosafari_auto":        &utls.HelloSafari_Auto,
 	"hellosafari_16_0":        &utls.HelloSafari_16_0,
 	"hello360_auto":           &utls.Hello360_Auto,
 	"hello360_11_0":           &utls.Hello360_11_0,
 	"helloqq_auto":            &utls.HelloQQ_Auto,
 	"helloqq_11_1":            &utls.HelloQQ_11_1,
 }
 var OtherFingerprints = map[string]*utls.ClientHelloID{
 	// Golang, randomized, and fingerprints that are more than 4 years old
 	"hellogolang":           &utls.HelloGolang,
 	"hellorandomized":       &utls.HelloRandomized,
 	"hellorandomizedalpn":   &utls.HelloRandomizedALPN,
 	"hellorandomizednoalpn": &utls.HelloRandomizedNoALPN,
 	"hellofirefox_55":       &utls.HelloFirefox_55,
 	"hellofirefox_56":       &utls.HelloFirefox_56,
 	"hellofirefox_63":       &utls.HelloFirefox_63,
 	"hellofirefox_65":       &utls.HelloFirefox_65,
 	"hellochrome_58":        &utls.HelloChrome_58,
 	"hellochrome_62":        &utls.HelloChrome_62,
 	"hellochrome_70":        &utls.HelloChrome_70,
 	"hellochrome_72":        &utls.HelloChrome_72,
 	"helloios_11_1":         &utls.HelloIOS_11_1,
 	"hello360_7_5":          &utls.Hello360_7_5,
 }
--- a/transport/internet/udp/config.pb.go
+++ b/transport/internet/udp/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/udp/config.proto
 package udp
--- a/transport/internet/udp/dispatcher.go
+++ b/transport/internet/udp/dispatcher.go
@@ -31,6 +31,7 @@ type Dispatcher struct {
 	conns      map[net.Destination]*connEntry
 	dispatcher routing.Dispatcher
 	callback   ResponseCallback
 	callClose  func() error
 }
 func NewDispatcher(dispatcher routing.Dispatcher, callback ResponseCallback) *Dispatcher {
@@ -51,12 +52,12 @@ func (v *Dispatcher) RemoveRay(dest net.Destination) {
 	}
 }
-func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) *connEntry {
+func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) (*connEntry, error) {
 	v.Lock()
 	defer v.Unlock()
 	if entry, found := v.conns[dest]; found {
-		return entry
+		return entry, nil
 	}
 	newError("establishing new connection for ", dest).WriteToLog()
@@ -67,22 +68,31 @@ func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) *c
 		v.RemoveRay(dest)
 	}
 	timer := signal.CancelAfterInactivity(ctx, removeRay, time.Minute)
-	link, _ := v.dispatcher.Dispatch(ctx, dest)
+
 	link, err := v.dispatcher.Dispatch(ctx, dest)
 	if err != nil {
 		return nil, newError("failed to dispatch request to ", dest).Base(err)
 	}
 	entry := &connEntry{
 		link:   link,
 		timer:  timer,
 		cancel: removeRay,
 	}
 	v.conns[dest] = entry
-	go handleInput(ctx, entry, dest, v.callback)
+	go handleInput(ctx, entry, dest, v.callback, v.callClose)
-	return entry
+	return entry, nil
 }
 func (v *Dispatcher) Dispatch(ctx context.Context, destination net.Destination, payload *buf.Buffer) {
 	// TODO: Add user to destString
 	newError("dispatch request to: ", destination).AtDebug().WriteToLog(session.ExportIDToError(ctx))
-	conn := v.getInboundRay(ctx, destination)
+	conn, err := v.getInboundRay(ctx, destination)
 	if err != nil {
 		newError("failed to get inbound").Base(err).WriteToLog(session.ExportIDToError(ctx))
 		return
 	}
 	outputStream := conn.link.Writer
 	if outputStream != nil {
 		if err := outputStream.WriteMultiBuffer(buf.MultiBuffer{payload}); err != nil {
@@ -93,8 +103,13 @@ func (v *Dispatcher) Dispatch(ctx context.Context, destination net.Destination,
 	}
 }
-func handleInput(ctx context.Context, conn *connEntry, dest net.Destination, callback ResponseCallback) {
+func handleInput(ctx context.Context, conn *connEntry, dest net.Destination, callback ResponseCallback, callClose func() error) {
-	defer conn.cancel()
+	defer func() {
 		conn.cancel()
 		if callClose != nil {
 			callClose()
 		}
 	}()
 	input := conn.link.Reader
 	timer := conn.timer
@@ -135,7 +150,12 @@ func DialDispatcher(ctx context.Context, dispatcher routing.Dispatcher) (net.Pac
 		done:  done.New(),
 	}
-	d := NewDispatcher(dispatcher, c.callback)
+	d := &Dispatcher{
 		conns:      make(map[net.Destination]*connEntry),
 		dispatcher: dispatcher,
 		callback:   c.callback,
 		callClose:  c.Close,
 	}
 	c.dispatcher = d
 	return c, nil
 }
@@ -153,16 +173,22 @@ func (c *dispatcherConn) callback(ctx context.Context, packet *udp.Packet) {
 }
 func (c *dispatcherConn) ReadFrom(p []byte) (int, net.Addr, error) {
 	var packet *udp.Packet
 s:
 	select {
 	case <-c.done.Wait():
-		return 0, nil, io.EOF
+		select {
-	case packet := <-c.cache:
+		case packet = <-c.cache:
-		n := copy(p, packet.Payload.Bytes())
+			break s
-		return n, &net.UDPAddr{
+		default:
-			IP:   packet.Source.Address.IP(),
+			return 0, nil, io.EOF
-			Port: int(packet.Source.Port),
+		}
-		}, nil
+	case packet = <-c.cache:
 	}
 	return copy(p, packet.Payload.Bytes()), &net.UDPAddr{
 		IP:   packet.Source.Address.IP(),
 		Port: int(packet.Source.Port),
 	}, nil
 }
 func (c *dispatcherConn) WriteTo(p []byte, addr net.Addr) (int, error) {
--- a/transport/internet/websocket/config.pb.go
+++ b/transport/internet/websocket/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/websocket/config.proto
 package websocket
--- a/transport/internet/websocket/dialer.go
+++ b/transport/internet/websocket/dialer.go
@@ -86,7 +86,7 @@ func dialWebSocket(ctx context.Context, dest net.Destination, streamSettings *in
 		protocol = "wss"
 		tlsConfig := config.GetTLSConfig(tls.WithDestination(dest), tls.WithNextProto("http/1.1"))
 		dialer.TLSClientConfig = tlsConfig
-		if fingerprint, exists := tls.Fingerprints[config.Fingerprint]; exists {
+		if fingerprint := tls.GetFingerprint(config.Fingerprint); fingerprint != nil {
 			dialer.NetDialTLSContext = func(_ context.Context, _, addr string) (gonet.Conn, error) {
 				// Like the NetDial in the dialer
 				pconn, err := internet.DialSystem(ctx, dest, streamSettings.SocketSettings)
--- a/transport/internet/xtls/config.pb.go
+++ b/transport/internet/xtls/config.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.18.0
+// 	protoc        v3.21.12
 // source: transport/internet/xtls/config.proto
 package xtls
Author	SHA1	Message	Date
RPRX	15999e5c2a	v1.7.5	2023-02-08 17:20:24 +08:00
dependabot[bot]	48ff0d92c9	Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#1625 )	2023-02-08 07:58:18 +00:00
dependabot[bot]	229e2513b5	Bump golang.org/x/sys from 0.4.0 to 0.5.0 (#1626 )	2023-02-08 07:57:05 +00:00
RPRX	9046eda5ce	Add callClose to UDP Dispatcher Fixes https://github.com/XTLS/Xray-core/issues/1611	2023-02-08 14:59:14 +08:00
RPRX	f32921df30	Refine randomized But we should avoid using it unless we have to, see https://github.com/refraction-networking/utls/pull/157#issuecomment-1417156797	2023-02-08 14:51:15 +08:00
yuhan6665	c3faa8b7ac	Insert padding with empty content to camouflage VLESS header (#1610 ) This only affects the Vision client for protocols expecting server to send data first. The change is compatible with existing version of Vision server.	2023-02-06 06:45:09 +00:00
RPRX	00c9576118	Use go:linkname in qtls_go118.go Once and for all, whatever	2023-02-04 21:27:13 +08:00
RPRX	fa7300e910	Add warning on using old version of XTLS And checks param `fingerprint` also	2023-02-03 23:29:46 +08:00
RPRX	b57d3fa869	1.20 -> '1.20'	2023-02-02 06:26:07 +00:00
RPRX	53833c2323	Update workflows to use Go 1.20	2023-02-02 05:59:58 +00:00
RPRX	f176ec54ee	v1.7.3	2023-02-02 05:50:21 +00:00
pocketW	bf35e9dcd6	fix: handle error raised by dispatcher	2023-02-01 10:17:42 -05:00
RPRX	dc72cf2c78	Refine fingerprints Fixes https://github.com/XTLS/Xray-core/issues/1577	2023-02-01 12:58:17 +00:00
RPRX	74416570d4	Format VLESS inbound.go and outbound.go	2023-01-31 18:02:12 +00:00
RPRX	b70912799b	Generate *.pb.go files with protoc v3.21.12 https://github.com/protocolbuffers/protobuf/releases/tag/v21.12 go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28 go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2 go run ./infra/vprotogen	2023-01-30 04:35:30 +00:00
yuhan6665	15bb23e4ec	XTLS Vision rejects Mux except for XUDP (#1567 ) * Xtls vision reject vless-tcp-tls+Mux * Address review comment	2023-01-28 05:39:36 +00:00
dependabot[bot]	915690b9ef	Bump google.golang.org/grpc from 1.52.0 to 1.52.3 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.52.0 to 1.52.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.52.0...v1.52.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-27 23:09:53 -05:00
mra9776	f571aa72df	uTLS PinnedPeerCertificateChainSha256 (#1556 ) * Add tests for utls PinnedPeerCertificateChain * Fix utls not checking PinnedPeerCertificate Co-authored-by: ahmadi <ahmadi@meshkan.com>	2023-01-27 04:19:49 +00:00
yuhan6665	fb212905bd	XTLS Vision checks outer TLS version (#1554 )	2023-01-27 03:43:58 +00:00
yuhan6665	3fb67f065a	Add fingerprint xray_random (#1540 ) * Add fingerprint xray_random xray_random means to pick a random uTLS fingerprint at the core startup This way, the fingerprint is stable for a user for some days. While there is no identifiable signature for the whole xray community * Fingerprint "random" refine Exclude old fingerprint from RNG	2023-01-20 23:36:08 -05:00
MP	77d2f9edd7	Revise the Code per XTLS#1515 (#1536 ) * Use buf.FromBytes(make([]byte, 0, buf.Size)) to create `first` Fixes https://github.com/XTLS/Xray-core/issues/1515 * Update server.go * Update inbound.go Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>	2023-01-16 22:18:58 -05:00
dependabot[bot]	7added2693	Bump github.com/sagernet/sing from 0.1.5 to 0.1.6 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.5 to 0.1.6. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.5...v0.1.6) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-16 21:45:32 -05:00
dependabot[bot]	f536359367	Bump github.com/sagernet/sing from 0.1.3 to 0.1.5 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.3 to 0.1.5. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.3...v0.1.5) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-12 00:24:53 -05:00
dependabot[bot]	0d5c62e44d	Bump google.golang.org/grpc from 1.51.0 to 1.52.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.51.0 to 1.52.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.51.0...v1.52.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-10 23:29:10 -05:00
aeeq	620eb63c1b	Add sockopt interface setting for binding outbound to a particular device like "eth0" (#1494 ) * Update sockopt_linux.go add Interface Name * Update config.pb.go add Interface Name * Update transport_internet.go add Interface Name * Update config.pb.go * update config.proto add interface * Update config.pb.go	2023-01-09 09:45:30 -05:00
yuhan6665	32ce7cd730	Add new uTLS fingerprints - correct safari - new format is the variable name in https://github.com/refraction-networking/utls/blob/master/u_common.go#L163 - notable ones "HelloChrome_106_Shuffle", "Hello360_Auto", "HelloQQ_Auto"	2023-01-09 09:19:53 -05:00
Hellojack	717518cb5f	Refine the logic of security type AUTO (#1509 )	2023-01-09 11:14:03 +00:00
RPRX	7b8ff01114	Make sure that 0 <= b.start <= b.end Fixes https://github.com/XTLS/Xray-core/issues/1501	2023-01-09 08:51:51 +00:00
dependabot[bot]	ed960cc885	Bump github.com/sagernet/sing from 0.1.2 to 0.1.3 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.2 to 0.1.3. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.2...v0.1.3) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-08 22:19:25 -05:00
RPRX	1bf3a632ca	v1.7.2	2023-01-07 17:51:40 +00:00
RPRX	ff5ce767df	Revert "add file soft link path resolve support (#1482 )" (#1495 ) This reverts commit `eaf401eda9`.	2023-01-07 15:11:23 +00:00
RPRX	8c0d3c0257	XTLS Vision supports acceptProxyProtocol (test needed) Fixes https://github.com/XTLS/Xray-core/issues/1339	2023-01-07 11:01:53 +00:00
yuhan6665	9bc1564b0a	Update v1.7.1 and dependencies	2023-01-06 21:10:47 -05:00
dependabot[bot]	6a85682716	Bump golang.org/x/crypto from 0.4.0 to 0.5.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-06 20:16:38 -05:00
RPRX	6f61021f7a	XTLS Vision processes struct TLS Conn's input and rawInput Fixes https://github.com/XTLS/Xray-core/issues/1444	2023-01-06 05:37:16 +00:00
dependabot[bot]	c0ceebe709	Bump github.com/sagernet/sing from 0.1.1 to 0.1.2 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.1 to 0.1.2. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.1...v0.1.2) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-03 19:44:22 -05:00
Nanyu	eaf401eda9	add file soft link path resolve support (#1482 ) * add file soft link path resolve * add configuration file soft link path resolve support	2023-01-03 10:52:11 -05:00
Senis John	11ec77bc76	update: release.yml Replace old download URL	2022-12-29 23:50:36 -05:00
thank243	3b2ff95a9b	update: release.yml (#1464 ) * update: release.yml * update: release.yml	2022-12-29 22:34:49 -05:00