documentation: Bump version

sing-quic: Fix missing user context in packet connections
documentation: Fix typo
2025-06-13 21:54:13 +08:00 · 2023-11-23 23:15:49 +08:00 · 2023-11-23 23:05:27 +08:00 · 2023-11-23 23:04:40 +08:00 · 2023-11-21 17:42:16 +08:00 · 2023-11-21 10:30:03 +08:00
206 changed files with 3987 additions and 2261 deletions
--- a/10
+++ b/10
@ -14,7 +14,7 @@ MAIN_PARAMS = $(PARAMS) -tags $(TAGS)
 MAIN = ./cmd/sing-box
 PREFIX ?= $(shell go env GOPATH)
-.PHONY: test release
+.PHONY: test release docs
 build:
 	go build $(MAIN_PARAMS) $(MAIN)
@ -182,6 +182,14 @@ lib_install:
 	go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.0.0-20230915142329-c6740b6d2950
 	go install -v github.com/sagernet/gomobile/cmd/gobind@v0.0.0-20230915142329-c6740b6d2950
 docs:
 	mkdocs serve
 publish_docs:
 	mkdocs gh-deploy -m "Update" --force --ignore-version --no-history
 docs_install:
 	pip install --force-reinstall mkdocs-material=="9.*" mkdocs-static-i18n=="1.2.*"
 clean:
 	rm -rf bin dist sing-box
 	rm -f $(shell go env GOPATH)/sing-box
--- a/adapter/conn_router.go
+++ b/adapter/conn_router.go
@ -0,0 +1,104 @@
 package adapter
 import (
 	"context"
 	"net"
 	"github.com/sagernet/sing/common/logger"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 )
 type ConnectionRouter interface {
 	RouteConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
 	RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
 }
 func NewRouteHandler(
 	metadata InboundContext,
 	router ConnectionRouter,
 	logger logger.ContextLogger,
 ) UpstreamHandlerAdapter {
 	return &routeHandlerWrapper{
 		metadata: metadata,
 		router:   router,
 		logger:   logger,
 	}
 }
 func NewRouteContextHandler(
 	router ConnectionRouter,
 	logger logger.ContextLogger,
 ) UpstreamHandlerAdapter {
 	return &routeContextHandlerWrapper{
 		router: router,
 		logger: logger,
 	}
 }
 var _ UpstreamHandlerAdapter = (*routeHandlerWrapper)(nil)
 type routeHandlerWrapper struct {
 	metadata InboundContext
 	router   ConnectionRouter
 	logger   logger.ContextLogger
 }
 func (w *routeHandlerWrapper) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
 	myMetadata := w.metadata
 	if metadata.Source.IsValid() {
 		myMetadata.Source = metadata.Source
 	}
 	if metadata.Destination.IsValid() {
 		myMetadata.Destination = metadata.Destination
 	}
 	return w.router.RouteConnection(ctx, conn, myMetadata)
 }
 func (w *routeHandlerWrapper) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
 	myMetadata := w.metadata
 	if metadata.Source.IsValid() {
 		myMetadata.Source = metadata.Source
 	}
 	if metadata.Destination.IsValid() {
 		myMetadata.Destination = metadata.Destination
 	}
 	return w.router.RoutePacketConnection(ctx, conn, myMetadata)
 }
 func (w *routeHandlerWrapper) NewError(ctx context.Context, err error) {
 	w.logger.ErrorContext(ctx, err)
 }
 var _ UpstreamHandlerAdapter = (*routeContextHandlerWrapper)(nil)
 type routeContextHandlerWrapper struct {
 	router ConnectionRouter
 	logger logger.ContextLogger
 }
 func (w *routeContextHandlerWrapper) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
 	myMetadata := ContextFrom(ctx)
 	if metadata.Source.IsValid() {
 		myMetadata.Source = metadata.Source
 	}
 	if metadata.Destination.IsValid() {
 		myMetadata.Destination = metadata.Destination
 	}
 	return w.router.RouteConnection(ctx, conn, *myMetadata)
 }
 func (w *routeContextHandlerWrapper) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
 	myMetadata := ContextFrom(ctx)
 	if metadata.Source.IsValid() {
 		myMetadata.Source = metadata.Source
 	}
 	if metadata.Destination.IsValid() {
 		myMetadata.Destination = metadata.Destination
 	}
 	return w.router.RoutePacketConnection(ctx, conn, *myMetadata)
 }
 func (w *routeContextHandlerWrapper) NewError(ctx context.Context, err error) {
 	w.logger.ErrorContext(ctx, err)
 }
--- a/adapter/router.go
+++ b/adapter/router.go
@ -2,14 +2,12 @@ package adapter
 import (
 	"context"
 	"net"
 	"net/netip"
 	"github.com/sagernet/sing-box/common/geoip"
 	"github.com/sagernet/sing-dns"
 	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common/control"
 	N "github.com/sagernet/sing/common/network"
 	"github.com/sagernet/sing/service"
 	mdns "github.com/miekg/dns"
@ -24,8 +22,7 @@ type Router interface {
 	FakeIPStore() FakeIPStore
-	RouteConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
+	ConnectionRouter
 	RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
 	GeoIPReader() *geoip.Reader
 	LoadGeosite(code string) (Rule, error)
@ -44,6 +41,7 @@ type Router interface {
 	NetworkMonitor() tun.NetworkUpdateMonitor
 	InterfaceMonitor() tun.DefaultInterfaceMonitor
 	PackageManager() tun.PackageManager
 	WIFIState() WIFIState
 	Rules() []Rule
 	ClashServer() ClashServer
@ -81,3 +79,8 @@ type DNSRule interface {
 type InterfaceUpdateListener interface {
 	InterfaceUpdated()
 }
 type WIFIState struct {
 	SSID  string
 	BSSID string
 }
--- a/common/dialer/detour.go
+++ b/common/dialer/detour.go
@ -6,6 +6,7 @@ import (
 	"sync"
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing/common/bufio/deadline"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
@ -44,7 +45,14 @@ func (d *DetourDialer) DialContext(ctx context.Context, network string, destinat
 	if err != nil {
 		return nil, err
 	}
-	return dialer.DialContext(ctx, network, destination)
+	conn, err := dialer.DialContext(ctx, network, destination)
 	if err != nil {
 		return nil, err
 	}
 	if deadline.NeedAdditionalReadDeadline(conn) {
 		conn = deadline.NewConn(conn)
 	}
 	return conn, nil
 }
 func (d *DetourDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
--- a/common/mux/client.go
+++ b/common/mux/client.go
@ -1,21 +1,42 @@
 package mux
 import (
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-mux"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
 	N "github.com/sagernet/sing/common/network"
 )
-func NewClientWithOptions(dialer N.Dialer, options option.MultiplexOptions) (*Client, error) {
+type Client = mux.Client
 func NewClientWithOptions(dialer N.Dialer, logger logger.Logger, options option.OutboundMultiplexOptions) (*Client, error) {
 	if !options.Enabled {
 		return nil, nil
 	}
 	var brutalOptions mux.BrutalOptions
 	if options.Brutal != nil && options.Brutal.Enabled {
 		brutalOptions = mux.BrutalOptions{
 			Enabled:    true,
 			SendBPS:    uint64(options.Brutal.UpMbps * C.MbpsToBps),
 			ReceiveBPS: uint64(options.Brutal.DownMbps * C.MbpsToBps),
 		}
 		if brutalOptions.SendBPS < mux.BrutalMinSpeedBPS {
 			return nil, E.New("brutal: invalid upload speed")
 		}
 		if brutalOptions.ReceiveBPS < mux.BrutalMinSpeedBPS {
 			return nil, E.New("brutal: invalid download speed")
 		}
 	}
 	return mux.NewClient(mux.Options{
 		Dialer:         dialer,
 		Logger:         logger,
 		Protocol:       options.Protocol,
 		MaxConnections: options.MaxConnections,
 		MinStreams:     options.MinStreams,
 		MaxStreams:     options.MaxStreams,
 		Padding:        options.Padding,
 		Brutal:         brutalOptions,
 	})
 }
--- a/common/mux/protocol.go
+++ b/common/mux/protocol.go
@ -1,14 +0,0 @@
 package mux
 import (
 	"github.com/sagernet/sing-mux"
 )
 type (
 	Client = mux.Client
 )
 var (
 	Destination      = mux.Destination
 	HandleConnection = mux.HandleConnection
 )
--- a/common/mux/router.go
+++ b/common/mux/router.go
@ -0,0 +1,65 @@
 package mux
 import (
 	"context"
 	"net"
 	"github.com/sagernet/sing-box/adapter"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-mux"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
 	N "github.com/sagernet/sing/common/network"
 )
 type Router struct {
 	router  adapter.ConnectionRouter
 	service *mux.Service
 }
 func NewRouterWithOptions(router adapter.ConnectionRouter, logger logger.ContextLogger, options option.InboundMultiplexOptions) (adapter.ConnectionRouter, error) {
 	if !options.Enabled {
 		return router, nil
 	}
 	var brutalOptions mux.BrutalOptions
 	if options.Brutal != nil && options.Brutal.Enabled {
 		brutalOptions = mux.BrutalOptions{
 			Enabled:    true,
 			SendBPS:    uint64(options.Brutal.UpMbps * C.MbpsToBps),
 			ReceiveBPS: uint64(options.Brutal.DownMbps * C.MbpsToBps),
 		}
 		if brutalOptions.SendBPS < mux.BrutalMinSpeedBPS {
 			return nil, E.New("brutal: invalid upload speed")
 		}
 		if brutalOptions.ReceiveBPS < mux.BrutalMinSpeedBPS {
 			return nil, E.New("brutal: invalid download speed")
 		}
 	}
 	service, err := mux.NewService(mux.ServiceOptions{
 		NewStreamContext: func(ctx context.Context, conn net.Conn) context.Context {
 			return log.ContextWithNewID(ctx)
 		},
 		Logger:  logger,
 		Handler: adapter.NewRouteContextHandler(router, logger),
 		Padding: options.Padding,
 		Brutal:  brutalOptions,
 	})
 	if err != nil {
 		return nil, err
 	}
 	return &Router{router, service}, nil
 }
 func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
 	if metadata.Destination == mux.Destination {
 		return r.service.NewConnection(adapter.WithContext(ctx, &metadata), conn, adapter.UpstreamMetadata(metadata))
 	} else {
 		return r.router.RouteConnection(ctx, conn, metadata)
 	}
 }
 func (r *Router) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
 	return r.router.RoutePacketConnection(ctx, conn, metadata)
 }
--- a/common/mux/v2ray_legacy.go
+++ b/common/mux/v2ray_legacy.go
@ -0,0 +1,32 @@
 package mux
 import (
 	"context"
 	"net"
 	"github.com/sagernet/sing-box/adapter"
 	vmess "github.com/sagernet/sing-vmess"
 	"github.com/sagernet/sing/common/logger"
 	N "github.com/sagernet/sing/common/network"
 )
 type V2RayLegacyRouter struct {
 	router adapter.ConnectionRouter
 	logger logger.ContextLogger
 }
 func NewV2RayLegacyRouter(router adapter.ConnectionRouter, logger logger.ContextLogger) adapter.ConnectionRouter {
 	return &V2RayLegacyRouter{router, logger}
 }
 func (r *V2RayLegacyRouter) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
 	if metadata.Destination.Fqdn == vmess.MuxDestination.Fqdn {
 		r.logger.InfoContext(ctx, "inbound legacy multiplex connection")
 		return vmess.HandleMuxConnection(ctx, conn, adapter.NewRouteHandler(metadata, r.router, r.logger))
 	}
 	return r.router.RouteConnection(ctx, conn, metadata)
 }
 func (r *V2RayLegacyRouter) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
 	return r.router.RoutePacketConnection(ctx, conn, metadata)
 }
--- a/common/uot/router.go
+++ b/common/uot/router.go
@ -0,0 +1,53 @@
 package uot
 import (
 	"context"
 	"net"
 	"net/netip"
 	"github.com/sagernet/sing-box/adapter"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 	"github.com/sagernet/sing/common/uot"
 )
 var _ adapter.ConnectionRouter = (*Router)(nil)
 type Router struct {
 	router adapter.ConnectionRouter
 	logger logger.ContextLogger
 }
 func NewRouter(router adapter.ConnectionRouter, logger logger.ContextLogger) *Router {
 	return &Router{router, logger}
 }
 func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
 	switch metadata.Destination.Fqdn {
 	case uot.MagicAddress:
 		request, err := uot.ReadRequest(conn)
 		if err != nil {
 			return E.Cause(err, "read UoT request")
 		}
 		if request.IsConnect {
 			r.logger.InfoContext(ctx, "inbound UoT connect connection to ", request.Destination)
 		} else {
 			r.logger.InfoContext(ctx, "inbound UoT connection to ", request.Destination)
 		}
 		metadata.Domain = metadata.Destination.Fqdn
 		metadata.Destination = request.Destination
 		return r.router.RoutePacketConnection(ctx, uot.NewConn(conn, *request), metadata)
 	case uot.LegacyMagicAddress:
 		r.logger.InfoContext(ctx, "inbound legacy UoT connection")
 		metadata.Domain = metadata.Destination.Fqdn
 		metadata.Destination = M.Socksaddr{Addr: netip.IPv4Unspecified()}
 		return r.RoutePacketConnection(ctx, uot.NewConn(conn, uot.Request{}), metadata)
 	}
 	return r.router.RouteConnection(ctx, conn, metadata)
 }
 func (r *Router) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
 	return r.router.RoutePacketConnection(ctx, conn, metadata)
 }
--- a/constant/speed.go
+++ b/constant/speed.go
@ -0,0 +1,3 @@
 package constant
 const MbpsToBps = 125000
--- a/constant/v2ray.go
+++ b/constant/v2ray.go
@ -1,8 +1,9 @@
 package constant
 const (
-	V2RayTransportTypeHTTP      = "http"
+	V2RayTransportTypeHTTP        = "http"
-	V2RayTransportTypeWebsocket = "ws"
+	V2RayTransportTypeWebsocket   = "ws"
-	V2RayTransportTypeQUIC      = "quic"
+	V2RayTransportTypeQUIC        = "quic"
-	V2RayTransportTypeGRPC      = "grpc"
+	V2RayTransportTypeGRPC        = "grpc"
 	V2RayTransportTypeHTTPUpgrade = "httpupgrade"
 )
--- a/docs/changelog.md
+++ b/docs/changelog.md
@ -1,21 +1,76 @@
 ---
 icon: material/alert-decagram
 ---
 # ChangeLog
 #### 1.7.0-rc.2
 * Fix missing UDP user context on TUIC/Hysteria2 inbounds
 * macOS: Add button for uninstall SystemExtension in the standalone graphical client
 #### 1.6.6
 * Fixes and improvements
 #### 1.7.0-rc.1
 * Fixes and improvements
 #### 1.7.0-beta.5
 * Update gVisor to 20231113.0
 * Fixes and improvements
 #### 1.7.0-beta.4
 * Add `wifi_ssid` and `wifi_bssid` route and DNS rules **1**
 * Fixes and improvements
 **1**:
 Only supported in graphical clients on Android and iOS.
 #### 1.7.0-beta.3
 * Fix zero TTL was incorrectly reset
 * Fixes and improvements
 #### 1.6.5
 * Fix crash if TUIC inbound authentication failed
 * Fixes and improvements
 #### 1.7.0-beta.2
 * Fix crash if TUIC inbound authentication failed
 * Update quic-go to v0.40.0
 * Fixes and improvements
 #### 1.6.4
 * Fixes and improvements
 #### 1.7.0-beta.1
 * Fixes and improvements
 #### 1.6.3
 * iOS/Android: Fix profile auto update
 * Fixes and improvements
 #### 1.7.0-alpha.11
 * iOS/Android: Fix profile auto update
 * Fixes and improvements
 #### 1.7.0-alpha.10
 * Fix tcp-brutal not working with TLS
 * Fix Android client not closing in some cases
 * Fixes and improvements
 #### 1.6.2
 * Fixes and improvements
@ -25,6 +80,34 @@
 * Our [Android client](/installation/clients/sfa) is now available in the Google Play Store ▶️
 * Fixes and improvements
 #### 1.7.0-alpha.6
 * Fixes and improvements
 #### 1.7.0-alpha.4
 * Migrate multiplex and UoT server to inbound **1**
 * Add TCP Brutal support for multiplex **2**
 **1**:
 Starting in 1.7.0, multiplexing support is no longer enabled by default and needs to be turned on explicitly in inbound options.
 **2**
 Hysteria Brutal Congestion Control Algorithm in TCP. A kernel module needs to be installed on the Linux server, see [TCP Brutal](/configuration/shared/tcp-brutal) for details.
 #### 1.7.0-alpha.3
 * Add [HTTPUpgrade V2Ray transport](/configuration/shared/v2ray-transport#HTTPUpgrade) support **1**
 * Fixes and improvements
 **1**:
 Introduced in V2Ray 5.10.0.
 The new HTTPUpgrade transport has better performance than WebSocket and is better suited for CDN abuse.
 #### 1.6.0
 * Fixes and improvements
@ -49,6 +132,23 @@ This update is intended to address the multi-send defects of the old implementat
 Based on discussions with the original author, the brutal CC and QUIC protocol parameters of
 the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
 #### 1.7.0-alpha.2
 * Fix bugs introduced in 1.7.0-alpha.1
 #### 1.7.0-alpha.1
 * Add [exclude route support](/configuration/inbound/tun) for TUN inbound
 * Add `udp_disable_domain_unmapping` [inbound listen option](/configuration/shared/listen) **1**
 * Fixes and improvements
 **1**:
 If enabled, for UDP proxy requests addressed to a domain,
 the original packet address will be sent in the response instead of the mapped domain.
 This option is used for compatibility with clients that
 do not support receiving UDP packets with domain addresses, such as Surge.
 #### 1.5.5
@ -110,6 +210,24 @@ the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
 * Update golang.org/x/net to v0.17.0
 * Fixes and improvements
 #### 1.6.0-beta.3
 * Update the legacy Hysteria protocol **1**
 * Fixes and improvements
 **1**
 Based on discussions with the original author, the brutal CC and QUIC protocol parameters of
 the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
 #### 1.6.0-beta.2
 * Add TLS self sign key pair generate command
 * Update brutal congestion control for Hysteria2
 * Fix Clash cache crash on arm32 devices
 * Update golang.org/x/net to v0.17.0
 * Fixes and improvements
 #### 1.5.3
 * Fix compatibility with Android 14
--- a/docs/clients/android/features.md
+++ b/docs/clients/android/features.md
@ -0,0 +1,64 @@
 # :material-decagram: Features
 #### UI options
 * Display realtime network speed in the notification
 #### Service
 SFA allows you to run sing-box through ForegroundService or VpnService (when TUN is required).
 #### TUN
 SFA provides an unprivileged TUN implementation through Android VpnService.
 | TUN inbound option            | Available        | Note               |
 |-------------------------------|------------------|--------------------|
 | `interface_name`              | :material-close: | Managed by Android |
 | `inet4_address`               | :material-check: | /                  |
 | `inet6_address`               | :material-check: | /                  |
 | `mtu`                         | :material-check: | /                  |
 | `auto_route`                  | :material-check: | /                  |
 | `strict_route`                | :material-close: | Not implemented    |
 | `inet4_route_address`         | :material-check: | /                  |
 | `inet6_route_address`         | :material-check: | /                  |
 | `inet4_route_exclude_address` | :material-check: | /                  |
 | `inet6_route_exclude_address` | :material-check: | /                  |
 | `endpoint_independent_nat`    | :material-check: | /                  |
 | `stack`                       | :material-check: | /                  |
 | `include_interface`           | :material-close: | No permission      |
 | `exclude_interface`           | :material-close: | No permission      |
 | `include_uid`                 | :material-close: | No permission      |
 | `exclude_uid`                 | :material-close: | No permission      |
 | `include_android_user`        | :material-close: | No permission      |
 | `include_package`             | :material-check: | /                  |
 | `exclude_package`             | :material-check: | /                  |
 | `platform`                    | :material-check: | /                  |
 | Route/DNS rule option | Available        | Note                              |
 |-----------------------|------------------|-----------------------------------|
 | `process_name`        | :material-close: | No permission                     |
 | `process_path`        | :material-close: | No permission                     |
 | `package_name`        | :material-check: | /                                 |
 | `user`                | :material-close: | Use `package_name` instead        |
 | `user_id`             | :material-close: | Use `package_name` instead        |
 | `wifi_ssid`           | :material-check: | Fine location permission required |
 | `wifi_bssid`          | :material-check: | Fine location permission required |
 ### Override
 Overrides profile configuration items with platform-specific values.
 #### Per-app proxy
 SFA allows you to select a list of Android apps that require proxying or bypassing in the graphical interface to
 override the `include_package` and `exclude_package` configuration items.
 In particular, the selector also provides the “China apps” scanning feature, providing Chinese users with an excellent
 experience to bypass apps that do not require a proxy. Specifically, by scanning China application or SDK
 characteristics through dex class path and other means, there will be almost no missed reports.
 ### Chore
 * The working directory is located at `/sdcard/Android/data/io.nekohasekai.sfa/files` (External files directory)
 * Crash logs is located in `$working_directory/stderr.log`
--- a/docs/clients/android/index.md
+++ b/docs/clients/android/index.md
@ -0,0 +1,22 @@
 ---
 icon: material/android
 ---
 # sing-box for Android
 SFA allows users to manage and run local or remote sing-box configuration files, and provides
 platform-specific function implementation, such as TUN transparent proxy implementation.
 ## :material-graph: Requirements
 * Android 5.0+
 ## :material-download: Download
 * [Play Store](https://play.google.com/store/apps/details?id=io.nekohasekai.sfa)
 * [Play Store (Beta)](https://play.google.com/apps/testing/io.nekohasekai.sfa)
 * [GitHub Releases](https://github.com/SagerNet/sing-box/releases)
 ## :material-source-repository: Source code
 * [GitHub](https://github.com/SagerNet/sing-box-for-android)
--- a/docs/clients/apple/features.md
+++ b/docs/clients/apple/features.md
@ -0,0 +1,52 @@
 # :material-decagram: Features
 #### UI options
 * Always On
 * Include All Networks (Proxy traffic for LAN and cellular services)
 * (Apple tvOS) Import profile from iPhone/iPad
 #### Service
 SFI/SFM/SFT allows you to run sing-box through NetworkExtension with Application Extension or System Extension.
 #### TUN
 SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension.
 | TUN inbound option            | Available | Note              |
 |-------------------------------|-----------|-------------------|
 | `interface_name`              | ✖️        | Managed by Darwin |
 | `inet4_address`               | ✔️        | /                 |
 | `inet6_address`               | ✔️        | /                 |
 | `mtu`                         | ✔️        | /                 |
 | `auto_route`                  | ✔️        | /                 |
 | `strict_route`                | ✖️        | Not implemented   |
 | `inet4_route_address`         | ✔️        | /                 |
 | `inet6_route_address`         | ✔️        | /                 |
 | `inet4_route_exclude_address` | ✔️        | /                 |
 | `inet6_route_exclude_address` | ✔️        | /                 |
 | `endpoint_independent_nat`    | ✔️        | /                 |
 | `stack`                       | ✔️        | /                 |
 | `include_interface`           | ✖️        | Not implemented   |
 | `exclude_interface`           | ✖️        | Not implemented   |
 | `include_uid`                 | ✖️        | Not implemented   |
 | `exclude_uid`                 | ✖️        | Not implemented   |
 | `include_android_user`        | ✖️        | Not implemented   |
 | `include_package`             | ✖️        | Not implemented   |
 | `exclude_package`             | ✖️        | Not implemented   |
 | `platform`                    | ✔️        | /                 |
 | Route/DNS rule option | Available        | Note                  |
 |-----------------------|------------------|-----------------------|
 | `process_name`        | :material-close: | No permission         |
 | `process_path`        | :material-close: | No permission         |
 | `package_name`        | :material-close: | /                     |
 | `user`                | :material-close: | No permission         |
 | `user_id`             | :material-close: | No permission         |
 | `wifi_ssid`           | :material-alert: | Only supported on iOS |
 | `wifi_bssid`          | :material-alert: | Only supported on iOS |
 ### Chore
 * Crash logs is located in `Settings` -> `View Service Log`
--- a/docs/clients/apple/index.md
+++ b/docs/clients/apple/index.md
@ -0,0 +1,32 @@
 ---
 icon: material/apple
 ---
 # sing-box for Apple platforms
 SFI/SFM/SFT allows users to manage and run local or remote sing-box configuration files, and provides
 platform-specific function implementation, such as TUN transparent proxy implementation.
 ## :material-graph: Requirements
 * iOS 15.0+ / macOS 13.0+ / Apple tvOS 17.0+
 * An Apple account outside of mainland China
 ## :material-download: Download
 * [App Store](https://apps.apple.com/us/app/sing-box/id6451272673)
 * [TestFlight (Beta)](https://testflight.apple.com/join/AcqO44FH)
 ## :material-file-download: Download (macOS standalone version)
 * [Homebrew Cask](https://formulae.brew.sh/cask/sfm)
 ```bash
 brew install sfm
 ```
 * [GitHub Releases](https://github.com/SagerNet/sing-box/releases)
 ## :material-source-repository: Source code
 * [GitHub](https://github.com/SagerNet/sing-box-for-apple)
--- a/docs/clients/general.md
+++ b/docs/clients/general.md
@ -0,0 +1,63 @@
 ---
 icon: material/pencil-ruler
 ---
 # General
 Describes and explains the functions implemented uniformly by sing-box graphical clients.
 ### Profile
 Profile describes a sing-box configuration file and its state.
 #### Local
 * Local Profile represents a local sing-box configuration with minimal state
 * The graphical client must provide an editor to modify configuration content
 #### iCloud (on iOS and macOS)
 * iCloud Profile represents a remote sing-box configuration with iCloud as the update source
 * The configuration file is stored in the sing-box folder under iCloud
 * The graphical client must provide an editor to modify configuration content
 #### Remote
 * Remote Profile represents a remote sing-box configuration with a URL as the update source.
 * The graphical client should provide a configuration content viewer
 * The graphical client must implement automatic profile update (default interval is 60 minutes) and HTTP Basic
  authorization.
 At the same time, the graphical client must provide support for importing remote profiles
 through a specific URL Scheme. The URL is defined as follows:
 ```
 sing-box://import-remote-profile?url=urlEncodedURL#urlEncodedName
 ```
 ### Dashboard
 While the sing-box service is running, the graphical client should provide a Dashboard interface to manage the service.
 #### Status
 Dashboard should display status information such as memory, connection, and traffic.
 #### Mode
 Dashboard should provide a Mode selector for switching when the configuration uses at least two `clash_mode` values.
 #### Groups
 When the configuration includes group outbounds (specifically, Selector or URLTest),
 the dashboard should provide a Group selector for status display or switching.
 ### Chore
 #### Core
 Graphical clients should provide a Core region:
 * Display the current sing-box version
 * Provides a button to clean the working directory
 * Provides a memory limiter switch
--- a/docs/clients/index.md
+++ b/docs/clients/index.md
@ -0,0 +1,13 @@
 # :material-cellphone-link: Graphical Clients
 Maintained by Project S to provide a unified experience and platform-specific functionality.
 | Platform                              | Client                                  |
 |---------------------------------------|-----------------------------------------|
 | :material-android: Android            | [sing-box for Android](./android)       |
 | :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple) |
 | :material-laptop: Desktop             | Working in progress                     |
 Some third-party projects that claim to use sing-box or use sing-box as a selling point are not listed here. The core
 motivation of the maintainers of such projects is to acquire more users, and even though they provide friendly VPN
 client features, the code is usually of poor quality and contains ads.
--- a/docs/clients/index.zh.md
+++ b/docs/clients/index.zh.md
@ -0,0 +1,12 @@
 # :material-cellphone-link: 图形界面客户端
 由 Project S 维护，提供统一的体验与平台特定的功能。
 | 平台                                    | 客户端                                     |
 |---------------------------------------|-----------------------------------------|
 | :material-android: Android            | [sing-box for Android](./android)       |
 | :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple) |
 | :material-laptop: Desktop             | 施工中                                     |
 此处没有列出一些声称使用或以 sing-box 为卖点的第三方项目。此类项目维护者的动机是获得更多用户，即使它们提供友好的商业
 VPN 客户端功能， 但代码质量很差且包含广告。
--- a/docs/clients/privacy.md
+++ b/docs/clients/privacy.md
@ -0,0 +1,8 @@
 ---
 icon: material/security
 ---
 # Privacy policy
 sing-box and official graphics clients do not collect or share personal data,
 and the data generated by the software is always on your device.
--- a/docs/configuration/dns/rule.md
+++ b/docs/configuration/dns/rule.md
@ -79,6 +79,12 @@
          1000
        ],
        "clash_mode": "direct",
        "wifi_ssid": [
          "My WIFI"
        ],
        "wifi_bssid": [
          "00:00:00:00:00:00"
        ],
        "invert": false,
        "outbound": [
          "direct"
@ -188,7 +194,7 @@ Match port range.
 #### process_name
-!!! error ""
+!!! quote ""
    Only supported on Linux, Windows, and macOS.
@ -196,7 +202,7 @@ Match process name.
 #### process_path
-!!! error ""
+!!! quote ""
    Only supported on Linux, Windows, and macOS.
@ -208,7 +214,7 @@ Match android package name.
 #### user
-!!! error ""
+!!! quote ""
    Only supported on Linux.
@ -216,7 +222,7 @@ Match user name.
 #### user_id
-!!! error ""
+!!! quote ""
    Only supported on Linux.
@ -226,6 +232,24 @@ Match user id.
 Match Clash mode.
 #### wifi_ssid
 <!-- md:version 1.7.0-beta.4 -->
 !!! quote ""
    Only supported in graphical clients on Android and iOS.
 Match WiFi SSID.
 #### wifi_bssid
 !!! quote ""
    Only supported in graphical clients on Android and iOS.
 Match WiFi BSSID.
 #### invert
 Invert match result.
--- a/docs/configuration/dns/rule.zh.md
+++ b/docs/configuration/dns/rule.zh.md
@ -78,6 +78,12 @@
          1000
        ],
        "clash_mode": "direct",
        "wifi_ssid": [
          "My WIFI"
        ],
        "wifi_bssid": [
          "00:00:00:00:00:00"
        ],
        "invert": false,
        "outbound": [
          "direct"
@ -185,7 +191,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
 #### process_name
-!!! error ""
+!!! quote ""
    仅支持 Linux、Windows 和 macOS.
@ -193,7 +199,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
 #### process_path
-!!! error ""
+!!! quote ""
    仅支持 Linux、Windows 和 macOS.
@ -205,7 +211,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
 #### user
-!!! error ""
+!!! quote ""
    仅支持 Linux。
@ -213,7 +219,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
 #### user_id
-!!! error ""
+!!! quote ""
    仅支持 Linux。
@ -223,6 +229,22 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
 匹配 Clash 模式。
 #### wifi_ssid
 !!! quote ""
    仅在 Android 与 iOS 的图形客户端中支持。
 匹配 WiFi SSID。
 #### wifi_bssid
 !!! quote ""
    仅在 Android 与 iOS 的图形客户端中支持。
 匹配 WiFi BSSID。
 #### invert
 反选匹配结果。
--- a/docs/configuration/dns/server.md
+++ b/docs/configuration/dns/server.md
@ -49,7 +49,7 @@ The address of the dns server.
 !!! warning ""
-    QUIC and HTTP3 transport is not included by default, see [Installation](/#installation).
+    QUIC and HTTP3 transport is not included by default, see [Installation](./#installation).
 !!! info ""
@ -57,7 +57,7 @@ The address of the dns server.
 !!! warning ""
-    DHCP transport is not included by default, see [Installation](/#installation).
+    DHCP transport is not included by default, see [Installation](./#installation).
 | RCode             | Description           | 
 |-------------------|-----------------------|
--- a/docs/configuration/experimental/index.md
+++ b/docs/configuration/experimental/index.md
@ -44,9 +44,9 @@
 ### Clash API Fields
-!!! error ""
+!!! quote ""
-    Clash API is not included by default, see [Installation](/#installation).
+    Clash API is not included by default, see [Installation](./#installation).
 #### external_controller
@ -110,9 +110,9 @@ If not empty, `store_selected` will use a separate store keyed by it.
 ### V2Ray API Fields
-!!! error ""
+!!! quote ""
-    V2Ray API is not included by default, see [Installation](/#installation).
+    V2Ray API is not included by default, see [Installation](./#installation).
 #### listen
--- a/docs/configuration/experimental/index.zh.md
+++ b/docs/configuration/experimental/index.zh.md
@ -44,7 +44,7 @@
 ### Clash API 字段
-!!! error ""
+!!! quote ""
    默认安装不包含 Clash API，参阅 [安装](/zh/#_2)。
@ -108,7 +108,7 @@ Clash 中的默认模式，默认使用 `Rule`。
 ### V2Ray API 字段
-!!! error ""
+!!! quote ""
    默认安装不包含 V2Ray API，参阅 [安装](/zh/#_2)。
--- a/docs/configuration/inbound/http.md
+++ b/docs/configuration/inbound/http.md
@ -36,7 +36,7 @@ No authentication required if empty.
 #### set_system_proxy
-!!! error ""
+!!! quote ""
    Only supported on Linux, Android, Windows, and macOS.
--- a/docs/configuration/inbound/http.zh.md
+++ b/docs/configuration/inbound/http.zh.md
@ -36,7 +36,7 @@ HTTP 用户
 #### set_system_proxy
-!!! error ""
+!!! quote ""
    仅支持 Linux、Android、Windows 和 macOS。
--- a/docs/configuration/inbound/hysteria.md
+++ b/docs/configuration/inbound/hysteria.md
@ -31,7 +31,7 @@
 !!! warning ""
-    QUIC, which is required by hysteria is not included by default, see [Installation](/#installation).
+    QUIC, which is required by hysteria is not included by default, see [Installation](./#installation).
 ### Listen Fields
--- a/docs/configuration/inbound/hysteria2.md
+++ b/docs/configuration/inbound/hysteria2.md
@ -4,8 +4,8 @@
 {
  "type": "hysteria2",
  "tag": "hy2-in",
-  
+  ...
-  ... // Listen Fields
+  // Listen Fields
  "up_mbps": 100,
  "down_mbps": 100,
@ -28,7 +28,14 @@
 !!! warning ""
-    QUIC, which is required by Hysteria2 is not included by default, see [Installation](/#installation).
+    QUIC, which is required by Hysteria2 is not included by default, see [Installation](./#installation).
 !!! warning "Difference from official Hysteria2"
    The official program supports an authentication method called **userpass**,
    which essentially uses a combination of `<username>:<password>` as the actual password,
    while sing-box does not provide this alias.
    To use sing-box with the official program, you need to fill in that combination as the actual password.
 ### Listen Fields
--- a/docs/configuration/inbound/hysteria2.zh.md
+++ b/docs/configuration/inbound/hysteria2.zh.md
@ -4,8 +4,8 @@
 {
  "type": "hysteria2",
  "tag": "hy2-in",
-  
+  ...
-  ... // 监听字段
+  // 监听字段
  "up_mbps": 100,
  "down_mbps": 100,
@ -30,6 +30,12 @@
    默认安装不包含被 Hysteria2 依赖的 QUIC，参阅 [安装](/zh/#_2)。
 !!! warning "与官方 Hysteria2 的区别"
    官方程序支持一种名为 **userpass** 的验证方式，
    本质上上是将用户名与密码的组合 `<username>:<password>` 作为实际上的密码，而 sing-box 不提供此别名。
    要将 sing-box 与官方程序一起使用， 您需要填写该组合作为实际密码。
 ### 监听字段
 参阅 [监听字段](/zh/configuration/shared/listen/)。
@ -62,7 +68,7 @@ Hysteria 用户
 #### ignore_client_bandwidth
-命令客户端使用 BBR 流量控制算法而不是 Hysteria CC。
+命令客户端使用 BBR 拥塞控制算法而不是 Hysteria CC。
 与 `up_mbps` 和 `down_mbps` 冲突。
--- a/docs/configuration/inbound/mixed.md
+++ b/docs/configuration/inbound/mixed.md
@ -33,7 +33,7 @@ No authentication required if empty.
 #### set_system_proxy
-!!! error ""
+!!! quote ""
    Only supported on Linux, Android, Windows, and macOS.
--- a/docs/configuration/inbound/mixed.zh.md
+++ b/docs/configuration/inbound/mixed.zh.md
@ -33,7 +33,7 @@ SOCKS 和 HTTP 用户
 #### set_system_proxy
-!!! error ""
+!!! quote ""
    仅支持 Linux、Android、Windows 和 macOS。
--- a/docs/configuration/inbound/naive.md
+++ b/docs/configuration/inbound/naive.md
@ -20,7 +20,7 @@
 !!! warning ""
-    HTTP3 transport is not included by default, see [Installation](/#installation).
+    HTTP3 transport is not included by default, see [Installation](./#installation).
 ### Listen Fields
--- a/docs/configuration/inbound/redirect.md
+++ b/docs/configuration/inbound/redirect.md
@ -1,4 +1,4 @@
-!!! error ""
+!!! quote ""
    Only supported on Linux and macOS.
--- a/docs/configuration/inbound/redirect.zh.md
+++ b/docs/configuration/inbound/redirect.zh.md
@ -1,4 +1,4 @@
-!!! error ""
+!!! quote ""
    仅支持 Linux 和 macOS。
--- a/docs/configuration/inbound/shadowsocks.md
+++ b/docs/configuration/inbound/shadowsocks.md
@ -8,7 +8,8 @@
  ... // Listen Fields
  "method": "2022-blake3-aes-128-gcm",
-  "password": "8JCsPssfgS8tiRwiMlhARg=="
+  "password": "8JCsPssfgS8tiRwiMlhARg==",
  "multiplex": {}
 }
 ```
@ -23,7 +24,8 @@
      "name": "sekai",
      "password": "PCD2Z4o12bKUoFa3cC97Hw=="
    }
-  ]
+  ],
  "multiplex": {}
 }
 ```
@ -41,7 +43,8 @@
      "server_port": 8080,
      "password": "PCD2Z4o12bKUoFa3cC97Hw=="
    }
-  ]
+  ],
  "multiplex": {}
 }
 ```
@ -82,3 +85,7 @@ Both if empty.
 | none          | /                                              |
 | 2022 methods  | `sing-box generate rand --base64 <Key Length>` |
 | other methods | any string                                     |
 #### multiplex
 See [Multiplex](/configuration/shared/multiplex#inbound) for details.
--- a/docs/configuration/inbound/shadowsocks.zh.md
+++ b/docs/configuration/inbound/shadowsocks.zh.md
@ -8,7 +8,8 @@
  ... // 监听字段
  "method": "2022-blake3-aes-128-gcm",
-  "password": "8JCsPssfgS8tiRwiMlhARg=="
+  "password": "8JCsPssfgS8tiRwiMlhARg==",
  "multiplex": {}
 }
 ```
@ -23,7 +24,8 @@
      "name": "sekai",
      "password": "PCD2Z4o12bKUoFa3cC97Hw=="
    }
-  ]
+  ],
  "multiplex": {}
 }
 ```
@ -41,7 +43,8 @@
      "server_port": 8080,
      "password": "PCD2Z4o12bKUoFa3cC97Hw=="
    }
-  ]
+  ],
  "multiplex": {}
 }
 ```
@ -82,3 +85,7 @@ See [Listen Fields](/configuration/shared/listen) for details.
 | none          | /                                        |
 | 2022 methods  | `sing-box generate rand --base64 <密钥长度>` |
 | other methods | 任意字符串                                    |
 #### multiplex
 参阅 [多路复用](/zh/configuration/shared/multiplex#inbound)。
--- a/docs/configuration/inbound/tproxy.md
+++ b/docs/configuration/inbound/tproxy.md
@ -1,4 +1,4 @@
-!!! error ""
+!!! quote ""
    Only supported on Linux.
--- a/docs/configuration/inbound/tproxy.zh.md
+++ b/docs/configuration/inbound/tproxy.zh.md
@ -1,4 +1,4 @@
-!!! error ""
+!!! quote ""
    仅支持 Linux。
--- a/docs/configuration/inbound/trojan.md
+++ b/docs/configuration/inbound/trojan.md
@ -24,6 +24,7 @@
      "server_port": 8081
    }
  },
  "multiplex": {},
  "transport": {}
 }
 ```
@ -46,7 +47,7 @@ TLS configuration, see [TLS](/configuration/shared/tls/#inbound).
 #### fallback
-!!! error ""
+!!! quote ""
    There is no evidence that GFW detects and blocks Trojan servers based on HTTP responses, and opening the standard http/s port on the server is a much bigger signature.
@ -58,6 +59,10 @@ Fallback server configuration for specified ALPN.
 If not empty, TLS fallback requests with ALPN not in this table will be rejected.
 #### multiplex
 See [Multiplex](/configuration/shared/multiplex#inbound) for details.
 #### transport
 V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
--- a/docs/configuration/inbound/trojan.zh.md
+++ b/docs/configuration/inbound/trojan.zh.md
@ -24,6 +24,7 @@
      "server_port": 8081
    }
  },
  "multiplex": {},
  "transport": {}
 }
 ```
@ -48,7 +49,7 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。
 #### fallback
-!!! error ""
+!!! quote ""
    没有证据表明 GFW 基于 HTTP 响应检测并阻止 Trojan 服务器，并且在服务器上打开标准 http/s 端口是一个更大的特征。
@ -60,6 +61,10 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。
 如果不为空，ALPN 不在此列表中的 TLS 回退请求将被拒绝。
 #### multiplex
 参阅 [多路复用](/zh/configuration/shared/multiplex#inbound)。
 #### transport
 V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
--- a/docs/configuration/inbound/tuic.md
+++ b/docs/configuration/inbound/tuic.md
@ -24,7 +24,7 @@
 !!! warning ""
-    QUIC, which is required by TUIC is not included by default, see [Installation](/#installation).
+    QUIC, which is required by TUIC is not included by default, see [Installation](./#installation).
 ### Listen Fields
--- a/docs/configuration/inbound/tuic.zh.md
+++ b/docs/configuration/inbound/tuic.zh.md
@ -48,7 +48,7 @@ TUIC 用户密码
 #### congestion_control
-QUIC 流量控制算法
+QUIC 拥塞控制算法
 可选值: `cubic`, `new_reno`, `bbr`
--- a/docs/configuration/inbound/tun.md
+++ b/docs/configuration/inbound/tun.md
@ -1,4 +1,4 @@
-!!! error ""
+!!! quote ""
    Only supported on Linux, Windows and macOS.
@ -22,6 +22,12 @@
    "::/1",
    "8000::/1"
  ],
  "inet4_route_exclude_address": [
    "192.168.0.0/16"
  ],
  "inet6_route_exclude_address": [
    "fc00::/7"
  ],
  "endpoint_independent_nat": false,
  "stack": "system",
  "include_interface": [
@ -96,7 +102,7 @@ The maximum transmission unit.
 Set the default route to the Tun.
-!!! error ""
+!!! quote ""
    To avoid traffic loopback, set `route.auto_detect_interface` or `route.default_interface` or `outbound.bind_interface`
@ -130,6 +136,14 @@ Use custom routes instead of default when `auto_route` is enabled.
 Use custom routes instead of default when `auto_route` is enabled.
 #### inet4_route_exclude_address
 Exclude custom routes when `auto_route` is enabled.
 #### inet6_route_exclude_address
 Exclude custom routes when `auto_route` is enabled.
 #### endpoint_independent_nat
 !!! info ""
@ -157,11 +171,11 @@ TCP/IP stack.
 !!! warning ""
-    gVisor and LWIP stacks is not included by default, see [Installation](/#installation).
+    gVisor and LWIP stacks is not included by default, see [Installation](./#installation).
 #### include_interface
-!!! error ""
+!!! quote ""
    Interface rules are only supported on Linux and require auto_route.
@ -177,7 +191,7 @@ Conflict with `include_interface`.
 #### include_uid
-!!! error ""
+!!! quote ""
    UID rules are only supported on Linux and require auto_route.
@ -197,7 +211,7 @@ Exclude users in route, but in range.
 #### include_android_user
-!!! error ""
+!!! quote ""
    Android user and package rules are only supported on Android and require auto_route.
--- a/docs/configuration/inbound/tun.zh.md
+++ b/docs/configuration/inbound/tun.zh.md
@ -1,4 +1,4 @@
-!!! error ""
+!!! quote ""
    仅支持 Linux、Windows 和 macOS。
@ -22,6 +22,12 @@
    "::/1",
    "8000::/1"
  ],
  "inet4_route_exclude_address": [
    "192.168.0.0/16"
  ],
  "inet6_route_exclude_address": [
    "fc00::/7"
  ],
  "endpoint_independent_nat": false,
  "stack": "system",
  "include_interface": [
@ -96,7 +102,7 @@ tun 接口的 IPv6 前缀。
 设置到 Tun 的默认路由。
-!!! error ""
+!!! quote ""
    为避免流量环回，请设置 `route.auto_detect_interface` 或 `route.default_interface` 或 `outbound.bind_interface`。
@ -131,6 +137,14 @@ tun 接口的 IPv6 前缀。
 启用 `auto_route` 时使用自定义路由而不是默认路由。
 #### inet4_route_exclude_address
 启用 `auto_route` 时排除自定义路由。
 #### inet6_route_exclude_address
 启用 `auto_route` 时排除自定义路由。
 #### endpoint_independent_nat
 启用独立于端点的 NAT。
@ -157,7 +171,7 @@ TCP/IP 栈。
 #### include_interface
-!!! error ""
+!!! quote ""
    接口规则仅在 Linux 下被支持，并且需要 `auto_route`。
@ -173,7 +187,7 @@ TCP/IP 栈。
 #### include_uid
-!!! error ""
+!!! quote ""
    UID 规则仅在 Linux 下被支持，并且需要 `auto_route`。
@ -193,7 +207,7 @@ TCP/IP 栈。
 #### include_android_user
-!!! error ""
+!!! quote ""
    Android 用户和应用规则仅在 Android 下被支持，并且需要 `auto_route`。
--- a/docs/configuration/inbound/vless.md
+++ b/docs/configuration/inbound/vless.md
@ -15,6 +15,7 @@
    }
  ],
  "tls": {},
  "multiplex": {},
  "transport": {}
 }
 ```
@ -49,6 +50,10 @@ Available values:
 TLS configuration, see [TLS](/configuration/shared/tls/#inbound).
 #### multiplex
 See [Multiplex](/configuration/shared/multiplex#inbound) for details.
 #### transport
 V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
--- a/docs/configuration/inbound/vless.zh.md
+++ b/docs/configuration/inbound/vless.zh.md
@ -15,6 +15,7 @@
    }
  ],
  "tls": {},
  "multiplex": {},
  "transport": {}
 }
 ```
@ -49,6 +50,10 @@ VLESS 子协议。
 TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。
 #### multiplex
 参阅 [多路复用](/zh/configuration/shared/multiplex#inbound)。
 #### transport
 V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
--- a/docs/configuration/inbound/vmess.md
+++ b/docs/configuration/inbound/vmess.md
@ -15,6 +15,7 @@
    }
  ],
  "tls": {},
  "multiplex": {},
  "transport": {}
 }
 ```
@ -44,6 +45,10 @@ VMess users.
 TLS configuration, see [TLS](/configuration/shared/tls/#inbound).
 #### multiplex
 See [Multiplex](/configuration/shared/multiplex#inbound) for details.
 #### transport
 V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
--- a/docs/configuration/inbound/vmess.zh.md
+++ b/docs/configuration/inbound/vmess.zh.md
@ -15,6 +15,7 @@
    }
  ],
  "tls": {},
  "multiplex": {},
  "transport": {}
 }
 ```
@ -44,6 +45,10 @@ VMess 用户。
 TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。
 #### multiplex
 参阅 [多路复用](/zh/configuration/shared/multiplex#inbound)。
 #### transport
 V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
--- a/docs/configuration/outbound/hysteria.md
+++ b/docs/configuration/outbound/hysteria.md
@ -26,7 +26,7 @@
 !!! warning ""
-    QUIC, which is required by hysteria is not included by default, see [Installation](/#installation).
+    QUIC, which is required by hysteria is not included by default, see [Installation](./#installation).
 ### Fields
--- a/docs/configuration/outbound/hysteria2.md
+++ b/docs/configuration/outbound/hysteria2.md
@ -24,7 +24,15 @@
 !!! warning ""
-    QUIC, which is required by Hysteria2 is not included by default, see [Installation](/#installation).
+    QUIC, which is required by Hysteria2 is not included by default, see [Installation](./#installation).
 !!! warning "Difference from official Hysteria2"
    The official Hysteria2 supports an authentication method called **userpass**,
    which essentially uses a combination of `<username>:<password>` as the actual password,
    while sing-box does not provide this alias.
    If you are planning to use sing-box with the official program,
    please note that you will need to fill the combination as the password.
 ### Fields
--- a/docs/configuration/outbound/hysteria2.zh.md
+++ b/docs/configuration/outbound/hysteria2.zh.md
@ -26,6 +26,12 @@
    默认安装不包含被 Hysteria2 依赖的 QUIC，参阅 [安装](/zh/#_2)。
 !!! warning "与官方 Hysteria2 的区别"
    官方程序支持一种名为 **userpass** 的验证方式，
    本质上上是将用户名与密码的组合 `<username>:<password>` 作为实际上的密码，而 sing-box 不提供此别名。
    要将 sing-box 与官方程序一起使用， 您需要填写该组合作为实际密码。
 ### 字段
 #### server
@ -44,7 +50,7 @@
 最大带宽。
-如果为空，将使用 BBR 流量控制算法而不是 Hysteria CC。
+如果为空，将使用 BBR 拥塞控制算法而不是 Hysteria CC。
 #### obfs.type
--- a/docs/configuration/outbound/selector.md
+++ b/docs/configuration/outbound/selector.md
@ -15,7 +15,7 @@
 }
 ```
-!!! error ""
+!!! quote ""
    The selector can only be controlled through the [Clash API](/configuration/experimental#clash-api-fields) currently.
--- a/docs/configuration/outbound/selector.zh.md
+++ b/docs/configuration/outbound/selector.zh.md
@ -15,7 +15,7 @@
 }
 ```
-!!! error ""
+!!! quote ""
    选择器目前只能通过 [Clash API](/zh/configuration/experimental#clash-api) 来控制。
--- a/docs/configuration/outbound/shadowsocks.md
+++ b/docs/configuration/outbound/shadowsocks.md
@ -95,7 +95,7 @@ Conflict with `multiplex`.
 #### multiplex
-Multiplex configuration, see [Multiplex](/configuration/shared/multiplex).
+See [Multiplex](/configuration/shared/multiplex#outbound) for details.
 ### Dial Fields
--- a/docs/configuration/outbound/shadowsocks.zh.md
+++ b/docs/configuration/outbound/shadowsocks.zh.md
@ -95,7 +95,7 @@ UDP over TCP 配置。
 #### multiplex
-多路复用配置, 参阅 [多路复用](/zh/configuration/shared/multiplex)。
+参阅 [多路复用](/zh/configuration/shared/multiplex#outbound)。
 ### 拨号字段
--- a/docs/configuration/outbound/shadowsocksr.md
+++ b/docs/configuration/outbound/shadowsocksr.md
@ -25,7 +25,7 @@
 !!! warning ""
-    ShadowsocksR is not included by default, see [Installation](/#installation).
+    ShadowsocksR is not included by default, see [Installation](./#installation).
 ### Fields
--- a/docs/configuration/outbound/tor.md
+++ b/docs/configuration/outbound/tor.md
@ -18,7 +18,7 @@
 !!! info ""
-    Embedded tor is not included by default, see [Installation](/#installation).
+    Embedded tor is not included by default, see [Installation](./#installation).
 ### Fields
--- a/docs/configuration/outbound/trojan.md
+++ b/docs/configuration/outbound/trojan.md
@ -51,7 +51,7 @@ TLS configuration, see [TLS](/configuration/shared/tls/#outbound).
 #### multiplex
-Multiplex configuration, see [Multiplex](/configuration/shared/multiplex).
+See [Multiplex](/configuration/shared/multiplex#outbound) for details.
 #### transport
--- a/docs/configuration/outbound/trojan.zh.md
+++ b/docs/configuration/outbound/trojan.zh.md
@ -51,7 +51,7 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#outbound)。
 #### multiplex
-多路复用配置, 参阅 [多路复用](/zh/configuration/shared/multiplex)。
+参阅 [多路复用](/zh/configuration/shared/multiplex#outbound)。
 #### transport
--- a/docs/configuration/outbound/tuic.md
+++ b/docs/configuration/outbound/tuic.md
@ -23,7 +23,7 @@
 !!! warning ""
-    QUIC, which is required by TUIC is not included by default, see [Installation](/#installation).
+    QUIC, which is required by TUIC is not included by default, see [Installation](./#installation).
 ### Fields
--- a/docs/configuration/outbound/tuic.zh.md
+++ b/docs/configuration/outbound/tuic.zh.md
@ -51,7 +51,7 @@ TUIC 用户密码
 #### congestion_control
-QUIC 流量控制算法
+QUIC 拥塞控制算法
 可选值: `cubic`, `new_reno`, `bbr`
--- a/docs/configuration/outbound/vless.md
+++ b/docs/configuration/outbound/vless.md
@ -12,6 +12,7 @@
  "network": "tcp",
  "tls": {},
  "packet_encoding": "",
  "multiplex": {},
  "transport": {},
  ... // Dial Fields
@ -68,6 +69,10 @@ UDP packet encoding, xudp is used by default.
 | packetaddr | Supported by v2ray 5+ |
 | xudp       | Supported by xray     |
 #### multiplex
 See [Multiplex](/configuration/shared/multiplex#outbound) for details.
 #### transport
 V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
--- a/docs/configuration/outbound/vless.zh.md
+++ b/docs/configuration/outbound/vless.zh.md
@ -12,6 +12,7 @@
  "network": "tcp",
  "tls": {},
  "packet_encoding": "",
  "multiplex": {},
  "transport": {},
  ... // 拨号字段
@ -68,6 +69,10 @@ UDP 包编码，默认使用 xudp。
 | packetaddr | 由 v2ray 5+ 支持 |
 | xudp       | 由 xray 支持     |
 #### multiplex
 参阅 [多路复用](/zh/configuration/shared/multiplex#outbound)。
 #### transport
 V2Ray 传输配置，参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
--- a/docs/configuration/outbound/vmess.md
+++ b/docs/configuration/outbound/vmess.md
@ -15,8 +15,8 @@
  "network": "tcp",
  "tls": {},
  "packet_encoding": "",
  "multiplex": {},
  "transport": {},
  "multiplex": {},
  ... // Dial Fields
 }
@ -96,7 +96,7 @@ UDP packet encoding.
 #### multiplex
-Multiplex configuration, see [Multiplex](/configuration/shared/multiplex).
+See [Multiplex](/configuration/shared/multiplex#outbound) for details.
 #### transport
--- a/docs/configuration/outbound/vmess.zh.md
+++ b/docs/configuration/outbound/vmess.zh.md
@ -96,7 +96,7 @@ UDP 包编码。
 #### multiplex
-多路复用配置, 参阅 [多路复用](/zh/configuration/shared/multiplex)。
+参阅 [多路复用](/zh/configuration/shared/multiplex#outbound)。
 #### transport
--- a/docs/configuration/outbound/wireguard.md
+++ b/docs/configuration/outbound/wireguard.md
@ -38,11 +38,11 @@
 !!! warning ""
-    WireGuard is not included by default, see [Installation](/#installation).
+    WireGuard is not included by default, see [Installation](./#installation).
 !!! warning ""
-    gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](/#installation).
+    gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](./#installation).
 ### Fields
--- a/docs/configuration/route/index.md
+++ b/docs/configuration/route/index.md
@ -31,7 +31,7 @@ Default outbound tag. the first outbound will be used if empty.
 #### auto_detect_interface
-!!! error ""
+!!! quote ""
    Only supported on Linux, Windows and macOS.
@ -41,7 +41,7 @@ Takes no effect if `outbound.bind_interface` is set.
 #### override_android_vpn
-!!! error ""
+!!! quote ""
    Only supported on Android.
@ -49,7 +49,7 @@ Accept Android VPN as upstream NIC when `auto_detect_interface` enabled.
 #### default_interface
-!!! error ""
+!!! quote ""
    Only supported on Linux, Windows and macOS.
@ -59,7 +59,7 @@ Takes no effect if `auto_detect_interface` is set.
 #### default_mark
-!!! error ""
+!!! quote ""
    Only supported on Linux.
--- a/docs/configuration/route/index.zh.md
+++ b/docs/configuration/route/index.zh.md
@ -32,7 +32,7 @@
 #### auto_detect_interface
-!!! error ""
+!!! quote ""
    仅支持 Linux、Windows 和 macOS。
@ -42,7 +42,7 @@
 #### override_android_vpn
-!!! error ""
+!!! quote ""
    仅支持 Android。
@ -50,7 +50,7 @@
 #### default_interface
-!!! error ""
+!!! quote ""
    仅支持 Linux、Windows 和 macOS。
@ -60,7 +60,7 @@
 #### default_mark
-!!! error ""
+!!! quote ""
    仅支持 Linux。
--- a/docs/configuration/route/rule.md
+++ b/docs/configuration/route/rule.md
@ -83,6 +83,12 @@
          1000
        ],
        "clash_mode": "direct",
        "wifi_ssid": [
          "My WIFI"
        ],
        "wifi_bssid": [
          "00:00:00:00:00:00"
        ],
        "invert": false,
        "outbound": "direct"
      },
@ -190,7 +196,7 @@ Match port range.
 #### process_name
-!!! error ""
+!!! quote ""
    Only supported on Linux, Windows, and macOS.
@ -198,7 +204,7 @@ Match process name.
 #### process_path
-!!! error ""
+!!! quote ""
    Only supported on Linux, Windows, and macOS.
@ -210,7 +216,7 @@ Match android package name.
 #### user
-!!! error ""
+!!! quote ""
    Only supported on Linux.
@ -218,7 +224,7 @@ Match user name.
 #### user_id
-!!! error ""
+!!! quote ""
    Only supported on Linux.
@ -228,6 +234,22 @@ Match user id.
 Match Clash mode.
 #### wifi_ssid
 !!! quote ""
    Only supported in graphical clients on Android and iOS.
 Match WiFi SSID.
 #### wifi_bssid
 !!! quote ""
    Only supported in graphical clients on Android and iOS.
 Match WiFi BSSID.
 #### invert
 Invert match result.
--- a/docs/configuration/route/rule.zh.md
+++ b/docs/configuration/route/rule.zh.md
@ -81,6 +81,12 @@
          1000
        ],
        "clash_mode": "direct",
        "wifi_ssid": [
          "My WIFI"
        ],
        "wifi_bssid": [
          "00:00:00:00:00:00"
        ],
        "invert": false,
        "outbound": "direct"
      },
@ -188,7 +194,7 @@
 #### process_name
-!!! error ""
+!!! quote ""
    仅支持 Linux、Windows 和 macOS。
@ -196,7 +202,7 @@
 #### process_path
-!!! error ""
+!!! quote ""
    仅支持 Linux、Windows 和 macOS.
@ -208,7 +214,7 @@
 #### user
-!!! error ""
+!!! quote ""
    仅支持 Linux.
@ -216,7 +222,7 @@
 #### user_id
-!!! error ""
+!!! quote ""
    仅支持 Linux.
@ -226,6 +232,22 @@
 匹配 Clash 模式。
 #### wifi_ssid
 !!! quote ""
    仅在 Android 与 iOS 的图形客户端中支持。
 匹配 WiFi SSID。
 #### wifi_bssid
 !!! quote ""
    仅在 Android 与 iOS 的图形客户端中支持。
 匹配 WiFi BSSID。
 #### invert
 反选匹配结果。
--- a/docs/configuration/shared/dial.md
+++ b/docs/configuration/shared/dial.md
@ -41,7 +41,7 @@ The IPv6 address to bind to.
 #### routing_mark
-!!! error ""
+!!! quote ""
    Only supported on Linux.
--- a/docs/configuration/shared/dial.zh.md
+++ b/docs/configuration/shared/dial.zh.md
@ -44,7 +44,7 @@
 #### routing_mark
-!!! error ""
+!!! quote ""
    仅支持 Linux。
--- a/docs/configuration/shared/listen.md
+++ b/docs/configuration/shared/listen.md
@ -7,28 +7,26 @@
  "tcp_fast_open": false,
  "tcp_multi_path": false,
  "udp_fragment": false,
  "udp_timeout": 300,
  "detour": "another-in",
  "sniff": false,
  "sniff_override_destination": false,
  "sniff_timeout": "300ms",
  "domain_strategy": "prefer_ipv6",
-  "udp_timeout": 300,
+  "udp_disable_domain_unmapping": false
  "proxy_protocol": false,
  "proxy_protocol_accept_no_header": false,
  "detour": "another-in"
 }
 ```
 ### Fields
-| Field                             | Available Context                                                 |
+| Field                          | Available Context                                                 |
-|-----------------------------------|-------------------------------------------------------------------|
+|--------------------------------|-------------------------------------------------------------------|
-| `listen`                          | Needs to listen on TCP or UDP.                                    |
+| `listen`                       | Needs to listen on TCP or UDP.                                    |
-| `listen_port`                     | Needs to listen on TCP or UDP.                                    |
+| `listen_port`                  | Needs to listen on TCP or UDP.                                    |
-| `tcp_fast_open`                   | Needs to listen on TCP.                                           |
+| `tcp_fast_open`                | Needs to listen on TCP.                                           |
-| `tcp_multi_path`                  | Needs to listen on TCP.                                           |
+| `tcp_multi_path`               | Needs to listen on TCP.                                           |
-| `udp_timeout`                     | Needs to assemble UDP connections, currently Tun and Shadowsocks. |
+| `udp_timeout`                  | Needs to assemble UDP connections, currently Tun and Shadowsocks. |
-| `proxy_protocol`                  | Needs to listen on TCP.                                           |
+| `udp_disable_domain_unmapping` | Needs to listen on UDP and accept domain UDP addresses.           |
 | `proxy_protocol_accept_no_header` | When `proxy_protocol` enabled                                     |
 #### listen
@ -56,6 +54,16 @@ Enable TCP Multi Path.
 Enable UDP fragmentation.
 #### udp_timeout
 UDP NAT expiration time in seconds, default is 300 (5 minutes).
 #### detour
 If set, connections will be forwarded to the specified inbound.
 Requires target inbound support, see [Injectable](/configuration/inbound/#fields).
 #### sniff
 Enable sniffing.
@ -82,20 +90,10 @@ If set, the requested domain name will be resolved to IP before routing.
 If `sniff_override_destination` is in effect, its value will be taken as a fallback.
-#### udp_timeout
+#### udp_disable_domain_unmapping
-UDP NAT expiration time in seconds, default is 300 (5 minutes).
+If enabled, for UDP proxy requests addressed to a domain, 
 the original packet address will be sent in the response instead of the mapped domain.
-#### proxy_protocol
+This option is used for compatibility with clients that 
-
+do not support receiving UDP packets with domain addresses, such as Surge.
 Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header.
 #### proxy_protocol_accept_no_header
 Accept connections without Proxy Protocol header.
 #### detour
 If set, connections will be forwarded to the specified inbound.
 Requires target inbound support, see [Injectable](/configuration/inbound/#fields).
--- a/docs/configuration/shared/listen.zh.md
+++ b/docs/configuration/shared/listen.zh.md
@ -7,14 +7,13 @@
  "tcp_fast_open": false,
  "tcp_multi_path": false,
  "udp_fragment": false,
  "udp_timeout": 300,
  "detour": "another-in",
  "sniff": false,
  "sniff_override_destination": false,
  "sniff_timeout": "300ms",
  "domain_strategy": "prefer_ipv6",
-  "udp_timeout": 300,
+  "udp_disable_domain_unmapping": false
  "proxy_protocol": false,
  "proxy_protocol_accept_no_header": false,
  "detour": "another-in"
 }
 ```
@ -26,8 +25,7 @@
 | `tcp_fast_open`                   | 需要监听 TCP。                           |
 | `tcp_multi_path`                  | 需要监听 TCP。                           |
 | `udp_timeout`                     | 需要组装 UDP 连接, 当前为 Tun 和 Shadowsocks。 |
-| `proxy_protocol`                  | 需要监听 TCP。                           |
+| 
 | `proxy_protocol_accept_no_header` | `proxy_protocol` 启用时                |
 ### 字段
@ -57,6 +55,16 @@
 启用 UDP 分段。
 #### udp_timeout
 UDP NAT 过期时间，以秒为单位，默认为 300（5 分钟）。
 #### detour
 如果设置，连接将被转发到指定的入站。
 需要目标入站支持，参阅 [注入支持](/zh/configuration/inbound/#_3)。
 #### sniff
 启用协议探测。
@ -83,20 +91,8 @@
 如果 `sniff_override_destination` 生效，它的值将作为后备。
-#### udp_timeout
+#### udp_disable_domain_unmapping
-UDP NAT 过期时间，以秒为单位，默认为 300（5 分钟）。
+如果启用，对于地址为域的 UDP 代理请求，将在响应中发送原始包地址而不是映射的域。
-#### proxy_protocol
+此选项用于兼容不支持接收带有域地址的 UDP 包的客户端，如 Surge。
 解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。
 #### proxy_protocol_accept_no_header
 接受没有代理协议标头的连接。
 #### detour
 如果设置，连接将被转发到指定的入站。
 需要目标入站支持，参阅 [注入支持](/zh/configuration/inbound/#_3)。
--- a/docs/configuration/shared/multiplex.md
+++ b/docs/configuration/shared/multiplex.md
@ -1,8 +1,14 @@
-### Server Requirements
+### Inbound
-`sing-box` :)
+```json
 {
  "enabled": true,
  "padding": false,
  "brutal": {}
 }
 ```
-### Structure
+### Outbound
 ```json
 {
@ -11,11 +17,27 @@
  "max_connections": 4,
  "min_streams": 4,
  "max_streams": 0,
-  "padding": false
+  "padding": false,
  "brutal": {}
 }
 ```
-### Fields
+
 ### Inbound Fields
 #### enabled
 Enable multiplex support.
 #### padding
 If enabled, non-padded connections will be rejected.
 #### brutal
 See [TCP Brutal](/configuration/shared/tcp-brutal) for details.
 ### Outbound Fields
 #### enabled
@ -59,3 +81,6 @@ Conflict with `max_connections` and `min_streams`.
 Enable padding.
 #### brutal
 See [TCP Brutal](/configuration/shared/tcp-brutal) for details.
--- a/docs/configuration/shared/multiplex.zh.md
+++ b/docs/configuration/shared/multiplex.zh.md
@ -1,8 +1,14 @@
-### 服务器要求
+### 入站
-`sing-box` :)
+```json
 {
  "enabled": true,
  "padding": false,
  "brutal": {}
 }
 ```
-### 结构
+### 出站
 ```json
 {
@ -10,11 +16,27 @@
  "protocol": "smux",
  "max_connections": 4,
  "min_streams": 4,
-  "max_streams": 0
+  "max_streams": 0,
  "padding": false,
  "brutal": {}
 }
 ```
-### 字段
+### 入站字段
 #### enabled
 启用多路复用支持。
 #### padding
 如果启用，将拒绝非填充连接。
 #### brutal
 参阅 [TCP Brutal](/zh/configuration/shared/tcp-brutal)。
 ### 出站字段
 #### enabled
@ -58,3 +80,6 @@
 启用填充。
 #### brutal
 参阅 [TCP Brutal](/zh/configuration/shared/tcp-brutal)。
--- a/docs/configuration/shared/tcp-brutal.md
+++ b/docs/configuration/shared/tcp-brutal.md
@ -0,0 +1,28 @@
 ### Server Requirements
 * Linux
 * `brutal` congestion control algorithm kernel module installed
 See [tcp-brutal](https://github.com/apernet/tcp-brutal) for details.
 ### Structure
 ```json
 {
  "enabled": true,
  "up_mbps": 100,
  "down_mbps": 100
 }
 ```
 ### Fields
 #### enabled
 Enable TCP Brutal congestion control algorithm。
 #### up_mbps, down_mbps
 ==Required==
 Upload and download bandwidth, in Mbps.
--- a/docs/configuration/shared/tcp-brutal.zh.md
+++ b/docs/configuration/shared/tcp-brutal.zh.md
@ -0,0 +1,28 @@
 ### 服务器要求
 * Linux
 * `brutal` 拥塞控制算法内核模块已安装
 参阅 [tcp-brutal](https://github.com/apernet/tcp-brutal)。
 ### 结构
 ```json
 {
  "enabled": true,
  "up_mbps": 100,
  "down_mbps": 100
 }
 ```
 ### 字段
 #### enabled
 启用 TCP Brutal 拥塞控制算法。
 #### up_mbps, down_mbps
 ==必填==
 上传和下载带宽，以 Mbps 为单位。
--- a/docs/configuration/shared/tls.md
+++ b/docs/configuration/shared/tls.md
@ -201,7 +201,7 @@ The path to the server private key, in PEM format.
 !!! warning ""
-    uTLS is not included by default, see [Installation](/#installation).
+    uTLS is not included by default, see [Installation](./#installation).
 !!! note ""
@ -228,7 +228,7 @@ Chrome fingerprint will be used if empty.
 !!! warning ""
-    ECH is not included by default, see [Installation](/#installation).
+    ECH is not included by default, see [Installation](./#installation).
 ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
 message.
@ -280,7 +280,7 @@ If empty, load from DNS will be attempted.
 !!! warning ""
-    ACME is not included by default, see [Installation](/#installation).
+    ACME is not included by default, see [Installation](./#installation).
 #### domain
@ -359,11 +359,11 @@ See [DNS01 Challenge Fields](/configuration/shared/dns01_challenge) for details.
 !!! warning ""
-    reality server is not included by default, see [Installation](/#installation).
+    reality server is not included by default, see [Installation](./#installation).
 !!! warning ""
-    uTLS, which is required by reality client is not included by default, see [Installation](/#installation).
+    uTLS, which is required by reality client is not included by default, see [Installation](./#installation).
 #### handshake
--- a/docs/configuration/shared/v2ray-transport.md
+++ b/docs/configuration/shared/v2ray-transport.md
@ -15,6 +15,7 @@ Available transports:
 * WebSocket
 * QUIC
 * gRPC
 * HTTPUpgrade
 !!! warning "Difference from v2ray-core"
@ -130,7 +131,7 @@ It needs to be consistent with the server.
 !!! warning ""
-    QUIC is not included by default, see [Installation](/#installation).
+    QUIC is not included by default, see [Installation](./#installation).
 !!! warning "Difference from v2ray-core"
@ -141,7 +142,7 @@ It needs to be consistent with the server.
 !!! note ""
-    standard gRPC has good compatibility but poor performance and is not included by default, see [Installation](/#installation).
+    standard gRPC has good compatibility but poor performance and is not included by default, see [Installation](./#installation).
 ```json
 {
@ -184,3 +185,32 @@ In standard gRPC client:
 If enabled, the client transport sends keepalive pings even with no active connections. If disabled, when there are no active connections, `idle_timeout` and `ping_timeout` will be ignored and no keepalive pings will be sent.
 Disabled by default.
 ### HTTPUpgrade
 ```json
 {
  "type": "httpupgrade",
  "host": "",
  "path": "",
  "headers": {}
 }
 ```
 #### host
 Host domain.
 The server will verify if not empty.
 #### path
 Path of HTTP request.
 The server will verify if not empty.
 #### headers
 Extra headers of HTTP request.
 The server will write in response if not empty.
--- a/docs/configuration/shared/v2ray-transport.zh.md
+++ b/docs/configuration/shared/v2ray-transport.zh.md
@ -14,6 +14,7 @@ V2Ray Transport 是 v2ray 发明的一组私有协议，并污染了其他协议
 * WebSocket
 * QUIC
 * gRPC
 * HTTPUpgrade
 !!! warning "与 v2ray-core 的区别"
@ -183,3 +184,32 @@ gRPC 服务名称。
 如果启用，客户端传输即使没有活动连接也会发送 keepalive ping。如果禁用，则在没有活动连接时，将忽略 `idle_timeout` 和 `ping_timeout`，并且不会发送 keepalive ping。
 默认禁用。
 ### HTTPUpgrade
 ```json
 {
  "type": "httpupgrade",
  "host": "",
  "path": "",
  "headers": {}
 }
 ```
 #### host
 主机域名。
 默认服务器将验证。
 #### path
 HTTP 请求路径
 默认服务器将验证。
 #### headers
 HTTP 请求的额外标头。
 默认服务器将写入响应。
--- a/docs/contributing/environment.md
+++ b/docs/contributing/environment.md
@ -1,50 +0,0 @@
 # Development environment
 #### For the documentation
 ##### Setup
 You need to configure python3 and pip first.
 ```shell
 pip install mkdocs-material mkdocs-static-i18n
 ```
 ##### Run the site locally
 ```shell
 mkdocs serve
 ```
 or
 ```shell
 python3 -m mkdocs serve
 ```
 #### For the project
 By default you have the latest Go installed (currently 1.19), and added `GOPATH/bin` to the PATH environment variable.
 ##### Setup
 ```shell
 make fmt_insalll
 make lint_install
 ```
 This installs the formatting and lint tools, which can be used via `make fmt` and `make lint`.
 For ProtoBuffer changes, you also need `make proto_install` and `make proto`.
 ##### Build binary to the project directory
 ```shell
 make
 ```
 ##### Install binary to GOPATH/bin
 ```shell
 make install
 ```
--- a/docs/contributing/index.md
+++ b/docs/contributing/index.md
@ -1,17 +0,0 @@
 # Contributing to sing-box
 An introduction to contributing to the sing-box project.
 The sing-box project welcomes, and depends, on contributions from developers and users in the open source community.
 Contributions can be made in a number of ways, a few examples are:
 * Code patches via pull requests
 * Documentation improvements
 * Bug reports and patch reviews
 ### Reporting an Issue?
 Please follow
 the [issue template](https://github.com/SagerNet/sing-box/issues/new?assignees=&labels=&template=bug_report.yml) to
 submit bugs. Always include **FULL** log content, especially if you don't understand the code that generates it.
--- a/docs/contributing/sub-projects.md
+++ b/docs/contributing/sub-projects.md
@ -1,67 +0,0 @@
 The sing-box uses the following projects which also need to be maintained:
 #### sing
 Link: [GitHub repository](https://github.com/SagerNet/sing)
 As a base tool library, there are no dependencies other than `golang.org/x/sys`.
 #### sing-dns
 Link: [GitHub repository](https://github.com/SagerNet/sing-dns)
 Handles DNS lookups and caching.
 #### sing-tun
 Link: [GitHub repository](https://github.com/SagerNet/sing-tun)
 Handle Tun traffic forwarding, configure routing, monitor network and routing.
 This library needs to periodically update its dependency gVisor (according to tags), including checking for changes to
 the used parts of the code and updating its usage. If you are involved in maintenance, you also need to check that if it
 works or contains memory leaks.
 #### sing-shadowsocks
 Link: [GitHub repository](https://github.com/SagerNet/sing-shadowsocks)
 Provides Shadowsocks client and server
 #### sing-vmess
 Link: [GitHub repository](https://github.com/SagerNet/sing-vmess)
 Provides VMess client and server
 #### netlink
 Link: [GitHub repository](https://github.com/SagerNet/netlink)
 Fork of `vishvananda/netlink`, with some rule fixes.
 The library needs to be updated with the upstream.
 #### quic-go
 Link: [GitHub repository](https://github.com/SagerNet/quic-go)
 Fork of `lucas-clemente/quic-go`  and `HyNetwork/quic-go`, contains quic flow control and other fixes used by Hysteria.
 Since the author of Hysteria does not follow the upstream updates in time, and the provided fork needs to use replace,
 we need to do this.
 The library needs to be updated with the upstream.
 #### smux
 Link: [GitHub repository](https://github.com/SagerNet/smux)
 Fork of `xtaci/smux`
 Modify the code to support the writev it uses internally and unify the buffer pool, which prevents it from allocating
 64k buffers for per connection and improves performance.
 Upstream doesn't seem to be updated anymore, maybe a replacement is needed.
 Note: while yamux is still actively maintained and better known, it seems to be less performant.
--- a/docs/deprecated.md
+++ b/docs/deprecated.md
@ -1,5 +1,11 @@
 ---
 icon: material/delete-alert
 ---
 # Deprecated Feature List
 ### 1.6.0
 The following features will be marked deprecated in 1.5.0 and removed entirely in 1.6.0.
 #### ShadowsocksR
--- a/docs/deprecated.zh.md
+++ b/docs/deprecated.zh.md
@ -0,0 +1,17 @@
 ---
 icon: material/delete-alert
 ---
 # 废弃功能列表
 ### 1.6.0
 下列功能已在 1.5.0 中标记为已弃用，并在 1.6.0 中完全删除。
 #### ShadowsocksR
 ShadowsocksR 支持从未默认启用，自从常用的黑产代理销售面板停止使用该协议，继续维护它是没有意义的。
 #### Proxy Protocol
 Proxy Protocol 支持由 Pull Request 添加，存在问题且仅由 HTTP 多路复用器（如 nginx）的后端使用，具有侵入性，对于代理目的毫无意义。
--- a/docs/examples/clash-api.md
+++ b/docs/examples/clash-api.md
@ -1,52 +0,0 @@
 ```json
 {
  "dns": {
    "rules": [
      {
        "domain": [
          "clash.razord.top",
          "yacd.haishan.me"
        ],
        "server": "local"
      },
      {
        "clash_mode": "direct",
        "server": "local"
      }
    ]
  },
  "outbounds": [
    {
      "type": "selector",
      "tag": "default",
      "outbounds": [
        "proxy-a",
        "proxy-b"
      ]
    }
  ],
  "route": {
    "rules": [
      {
        "clash_mode": "direct",
        "outbound": "direct"
      },
      {
        "domain": [
          "clash.razord.top",
          "yacd.haishan.me"
        ],
        "outbound": "direct"
      }
    ],
    "final": "default"
  },
  "experimental": {
    "clash_api": {
      "external_controller": "127.0.0.1:9090",
      "store_selected": true
    }
  }
 }
 ```
--- a/docs/examples/dns-hijack.md
+++ b/docs/examples/dns-hijack.md
@ -1,65 +0,0 @@
 #### Sniff Mode
 ```json
 {
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true // required
    }
  ],
  "outbounds": [
    {
      "type": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      }
    ],
    "auto_detect_interface": true
  }
 }
 ```
 #### Port Mode
 ```json
 {
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true // not required
    }
  ],
  "outbounds": [
    {
      "type": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "port": 53,
        "outbound": "dns-out"
      }
    ],
    "auto_detect_interface": true
  }
 }
 ```
--- a/docs/examples/dns-hijack.zh.md
+++ b/docs/examples/dns-hijack.zh.md
@ -1,65 +0,0 @@
 #### 探测模式
 ```json
 {
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true // 必须
    }
  ],
  "outbounds": [
    {
      "type": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      }
    ],
    "auto_detect_interface": true
  }
 }
 ```
 #### 端口模式
 ```json
 {
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true // 非必须
    }
  ],
  "outbounds": [
    {
      "type": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "port": 53,
        "outbound": "dns-out"
      }
    ],
    "auto_detect_interface": true
  }
 }
 ```
--- a/docs/examples/fakeip.md
+++ b/docs/examples/fakeip.md
@ -1,106 +0,0 @@
 ```json
 {
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://8.8.8.8"
      },
      {
        "tag": "local",
        "address": "223.5.5.5",
        "detour": "direct"
      },
      {
        "tag": "remote",
        "address": "fakeip"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": "category-ads-all",
        "server": "block",
        "disable_cache": true
      },
      {
        "outbound": "any",
        "server": "local"
      },
      {
        "geosite": "cn",
        "server": "local"
      },
      {
        "query_type": [
          "A",
          "AAAA"
        ],
        "server": "remote"
      }
    ],
    "fakeip": {
      "enabled": true,
      "inet4_range": "198.18.0.0/15",
      "inet6_range": "fc00::/18"
    },
    "independent_cache": true,
    "strategy": "ipv4_only"
  },
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true,
      "domain_strategy": "ipv4_only" // remove this line if you want to resolve the domain remotely (if the server is not sing-box, UDP may not work due to wrong behavior).
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "tag": "proxy",
      "server": "mydomain.com",
      "server_port": 8080,
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": "cn",
        "geoip": [
          "private",
          "cn"
        ],
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true
  }
 }
 ```
--- a/docs/examples/fakeip.zh.md
+++ b/docs/examples/fakeip.zh.md
@ -1,106 +0,0 @@
 ```json
 {
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://8.8.8.8"
      },
      {
        "tag": "local",
        "address": "223.5.5.5",
        "detour": "direct"
      },
      {
        "tag": "remote",
        "address": "fakeip"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": "category-ads-all",
        "server": "block",
        "disable_cache": true
      },
      {
        "outbound": "any",
        "server": "local"
      },
      {
        "geosite": "cn",
        "server": "local"
      },
      {
        "query_type": [
          "A",
          "AAAA"
        ],
        "server": "remote"
      }
    ],
    "fakeip": {
      "enabled": true,
      "inet4_range": "198.18.0.0/15",
      "inet6_range": "fc00::/18"
    },
    "independent_cache": true,
    "strategy": "ipv4_only"
  },
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true,
      "domain_strategy": "ipv4_only" // 如果您想在远程解析域，删除此行 (如果服务器程序不为 sing-box，可能由于错误的行为导致 UDP 无法使用)。
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "tag": "proxy",
      "server": "mydomain.com",
      "server_port": 8080,
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": "cn",
        "geoip": [
          "private",
          "cn"
        ],
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true
  }
 }
 ```
--- a/docs/examples/index.md
+++ b/docs/examples/index.md
@ -1,11 +0,0 @@
 # Examples
 Configuration examples for sing-box.
 * [Linux Server Installation](./linux-server-installation)
 * [Tun](./tun)
 * [DNS Hijack](./dns-hijack.md)
 * [Shadowsocks](./shadowsocks)
 * [ShadowTLS](./shadowtls)
 * [Clash API](./clash-api)
 * [FakeIP](./fakeip)
--- a/docs/examples/index.zh.md
+++ b/docs/examples/index.zh.md
@ -1,11 +0,0 @@
 # 示例
 sing-box 的配置示例。
 * [Linux 服务器安装](./linux-server-installation)
 * [Tun](./tun)
 * [DNS 劫持](./dns-hijack.md)
 * [Shadowsocks](./shadowsocks)
 * [ShadowTLS](./shadowtls)
 * [Clash API](./clash-api)
 * [FakeIP](./fakeip)
--- a/docs/examples/linux-server-installation.md
+++ b/docs/examples/linux-server-installation.md
@ -1,38 +0,0 @@
 #### Requirements
 * Linux & Systemd
 * Git
 * C compiler environment
 #### Install
 ```shell
 git clone -b main https://github.com/SagerNet/sing-box
 cd sing-box
 ./release/local/install_go.sh # skip if you have golang already installed
 ./release/local/install.sh
 ```
 Edit configuration file in `/usr/local/etc/sing-box/config.json`
 ```shell
 ./release/local/enable.sh
 ```
 #### Update
 ```shell
 ./release/local/update.sh
 ```
 #### Other commands
 | Operation | Command                                       |
 |-----------|-----------------------------------------------|
 | Start     | `sudo systemctl start sing-box`               |
 | Stop      | `sudo systemctl stop sing-box`                |
 | Kill      | `sudo systemctl kill sing-box`                |
 | Restart   | `sudo systemctl restart sing-box`             |
 | Logs      | `sudo journalctl -u sing-box --output cat -e` |
 | New Logs  | `sudo journalctl -u sing-box --output cat -f` |
 | Uninstall | `./release/local/uninstall.sh`                |
--- a/docs/examples/linux-server-installation.zh.md
+++ b/docs/examples/linux-server-installation.zh.md
@ -1,38 +0,0 @@
 #### 依赖
 * Linux & Systemd
 * Git
 * C 编译器环境
 #### 安装
 ```shell
 git clone -b main https://github.com/SagerNet/sing-box
 cd sing-box
 ./release/local/install_go.sh # 如果已安装 golang 则跳过
 ./release/local/install.sh
 ```
 编辑配置文件 `/usr/local/etc/sing-box/config.json`
 ```shell
 ./release/local/enable.sh
 ```
 #### 更新
 ```shell
 ./release/local/update.sh
 ```
 #### 其他命令
 | 操作   | 命令                                            |
 |------|-----------------------------------------------|
 | 启动   | `sudo systemctl start sing-box`               |
 | 停止   | `sudo systemctl stop sing-box`                |
 | 强制停止 | `sudo systemctl kill sing-box`                |
 | 重启   | `sudo systemctl restart sing-box`             |
 | 查看日志 | `sudo journalctl -u sing-box --output cat -e` |
 | 实时日志 | `sudo journalctl -u sing-box --output cat -f` |
 | 卸载   | `./release/local/uninstall.sh`                |
--- a/docs/examples/shadowsocks.md
+++ b/docs/examples/shadowsocks.md
@ -1,163 +0,0 @@
 # Shadowsocks
 !!! warning ""
    For censorship bypass usage in China, we recommend using UDP over TCP and disabling UDP on the server.
 ## Single User
 #### Server
 ```json
 {
  "inbounds": [
    {
      "type": "shadowsocks",
      "listen": "::",
      "listen_port": 8080,
      "network": "tcp",
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    }
  ]
 }
 ```
 #### Client
 ```json
 {
  "inbounds": [
    {
      "type": "mixed",
      "listen": "::",
      "listen_port": 2080
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "server": "127.0.0.1",
      "server_port": 8080,
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg==",
      "udp_over_tcp": true
    }
  ]
 }
 ```
 ## Multiple Users
 #### Server
 ```json
 {
  "inbounds": [
    {
      "type": "shadowsocks",
      "listen": "::",
      "listen_port": 8080,
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg==",
      "users": [
        {
          "name": "sekai",
          "password": "BXYxVUXJ9NgF7c7KPLQjkg=="
        }
      ]
    }
  ]
 }
 ```
 #### Client
 ```json
 {
  "inbounds": [
    {
      "type": "mixed",
      "listen": "::",
      "listen_port": 2080
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "server": "127.0.0.1",
      "server_port": 8080,
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg==:BXYxVUXJ9NgF7c7KPLQjkg=="
    }
  ]
 }
 ```
 ## Relay
 #### Server
 ```json
 {
  "inbounds": [
    {
      "type": "shadowsocks",
      "listen": "::",
      "listen_port": 8080,
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    }
  ]
 }
 ```
 #### Relay
 ```json
 {
  "inbounds": [
    {
      "type": "shadowsocks",
      "listen": "::",
      "listen_port": 8081,
      "method": "2022-blake3-aes-128-gcm",
      "password": "BXYxVUXJ9NgF7c7KPLQjkg==",
      "destinations": [
        {
          "name": "my_server",
          "password": "8JCsPssfgS8tiRwiMlhARg==",
          "server": "127.0.0.1",
          "server_port": 8080
        }
      ]
    }
  ]
 }
 ```
 #### Client
 ```json
 {
  "inbounds": [
    {
      "type": "mixed",
      "listen": "::",
      "listen_port": 2080
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "server": "127.0.0.1",
      "server_port": 8081,
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg==:BXYxVUXJ9NgF7c7KPLQjkg=="
    }
  ]
 }
 ```
--- a/docs/examples/shadowtls.md
+++ b/docs/examples/shadowtls.md
@ -1,70 +0,0 @@
 #### Server
 ```json
 {
  "inbounds": [
    {
      "type": "shadowtls",
      "listen": "::",
      "listen_port": 4443,
      "version": 3,
      "users": [
        {
          "name": "sekai",
          "password": "8JCsPssfgS8tiRwiMlhARg=="
        }
      ],
      "handshake": {
        "server": "google.com",
        "server_port": 443
      },
      "detour": "shadowsocks-in"
    },
    {
      "type": "shadowsocks",
      "tag": "shadowsocks-in",
      "listen": "127.0.0.1",
      "network": "tcp",
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    }
  ]
 }
 ```
 #### Client
 ```json
 {
  "outbounds": [
    {
      "type": "shadowsocks",
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg==",
      "detour": "shadowtls-out",
      "multiplex": {
        "enabled": true,
        "max_connections": 4,
        "min_streams": 4
      }
      // or "udp_over_tcp": true
    },
    {
      "type": "shadowtls",
      "tag": "shadowtls-out",
      "server": "127.0.0.1",
      "server_port": 4443,
      "version": 3,
      "password": "8JCsPssfgS8tiRwiMlhARg==",
      "tls": {
        "enabled": true,
        "server_name": "google.com",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
        }
      }
    }
  ]
 }
 ```
--- a/docs/examples/tun.md
+++ b/docs/examples/tun.md
@ -1,89 +0,0 @@
 ```json
 {
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://8.8.8.8"
      },
      {
        "tag": "local",
        "address": "223.5.5.5",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": "category-ads-all",
        "server": "block",
        "disable_cache": true
      },
      {
        "outbound": "any",
        "server": "local"
      },
      {
        "geosite": "cn",
        "server": "local"
      }
    ],
    "strategy": "ipv4_only"
  },
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "strict_route": false,
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "tag": "proxy",
      "server": "mydomain.com",
      "server_port": 8080,
      "method": "2022-blake3-aes-128-gcm",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": "cn",
        "geoip": [
          "private",
          "cn"
        ],
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true
  }
 }
 ```
--- a/docs/faq/fakeip.md
+++ b/docs/faq/fakeip.md
@ -1,19 +0,0 @@
 # FakeIP
 FakeIP refers to a type of behavior in a program that simultaneously hijacks both DNS and connection requests. It
 responds to DNS requests with virtual results and restores mapping when accepting connections.
 #### Advantage
 *
 #### Limitation
 * Its mechanism breaks applications that depend on returning correct remote addresses.
 * Only A and AAAA (IP) requests are supported, which may break applications that rely on other requests.
 #### Recommendation
 * Enable `dns.independent_cache` unless you always resolve FakeIP domains remotely.
 * If using tun, make sure FakeIP ranges is included in the tun's routes.
 * Enable `experimental.clash_api.store_fakeip` to persist FakeIP records, or use `dns.rules.rewrite_ttl` to avoid losing records after program restart in DNS cached environments.
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
世界	ec6ccfa0a8	documentation: Bump version	2023-11-23 23:15:49 +08:00
世界	2cae7ae39f	sing-quic: Fix missing user context in packet connections	2023-11-23 23:05:27 +08:00
世界	0923c5dc98	documentation: Fix typo	2023-11-23 23:04:40 +08:00
世界	dda4909bc8	Remove unused code	2023-11-21 17:42:16 +08:00
世界	125691d59f	documentation: Bump version & Refactor docs	2023-11-21 10:30:03 +08:00
世界	0e50872d04	Add `wifi_ssid` and `wifi_bssid` route and DNS rules	2023-11-21 10:30:03 +08:00
世界	83f6e022bb	Update quic-go to v0.40.0	2023-11-21 10:30:03 +08:00
世界	d183372e18	Migrate multiplex and UoT server to inbound & Add tcp-brutal support for multiplex	2023-11-21 10:30:03 +08:00
世界	fac552a268	Add support for v2ray http upgrade transport	2023-11-21 10:30:03 +08:00
世界	a3d24ed7d3	Add exclude route support for tun & Update gVisor to 20231113.0	2023-11-21 10:30:03 +08:00
世界	b244c9bbca	Add udp_disable_domain_unmapping inbound listen option	2023-11-21 10:30:02 +08:00
世界	d3373d7f12	Migrate to gobwas/ws	2023-11-21 10:30:02 +08:00
		`@ -0,0 +1,3 @@`
							`package constant`

							`const MbpsToBps = 125000`
`@ -1,4 +1,4 @@`
	`!!! error ""`	`!!! quote ""`

	`Only supported on Linux and macOS.`	`Only supported on Linux and macOS.`