Add support for ech retry configs

common/tls/client.go

@@ -2,6 +2,8 @@ package tls
 
 import (
 	"context"
+	"crypto/tls"
+	"errors"
 	"net"
 	"os"
 
@@ -41,6 +43,12 @@ func ClientHandshake(ctx context.Context, conn net.Conn, config Config) (Conn, e
 	ctx, cancel := context.WithTimeout(ctx, C.TCPTimeout)
 	defer cancel()
 	tlsConn, err := aTLS.ClientHandshake(ctx, conn, config)
+	var echErr *tls.ECHRejectionError
+	if errors.As(err, &echErr) && len(echErr.RetryConfigList) > 0 {
+		if echConfig, isECH := config.(ECHCapableConfig); isECH {
+			echConfig.SetECHConfigList(echErr.RetryConfigList)
+		}
+	}
 	if err != nil {
 		return nil, err
 	}

experimental/clashapi/cache.go

@@ -14,6 +14,7 @@ import (
 func cacheRouter(ctx context.Context) http.Handler {
 	r := chi.NewRouter()
 	r.Post("/fakeip/flush", flushFakeip(ctx))
+	r.Post("/dns/flush", flushDNS(ctx))
 	return r
 }
 
@@ -31,3 +32,13 @@ func flushFakeip(ctx context.Context) func(w http.ResponseWriter, r *http.Reques
 		render.NoContent(w, r)
 	}
 }
+
+func flushDNS(ctx context.Context) func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		dnsRouter := service.FromContext[adapter.DNSRouter](ctx)
+		if dnsRouter != nil {
+			dnsRouter.ClearCache()
+		}
+		render.NoContent(w, r)
+	}
+}

experimental/libbox/config.go

@@ -22,6 +22,7 @@ import (
 	"github.com/sagernet/sing/common/logger"
 	"github.com/sagernet/sing/common/x/list"
 	"github.com/sagernet/sing/service"
+	"github.com/sagernet/sing/service/filemanager"
 )
 
 func BaseContext(platformInterface PlatformInterface) context.Context {
@@ -33,7 +34,9 @@ func BaseContext(platformInterface PlatformInterface) context.Context {
 			})
 		}
 	}
-	return box.Context(context.Background(), include.InboundRegistry(), include.OutboundRegistry(), include.EndpointRegistry(), dnsRegistry, include.ServiceRegistry())
+	ctx := context.Background()
+	ctx = filemanager.WithDefault(ctx, sWorkingPath, sTempPath, sUserID, sGroupID)
+	return box.Context(ctx, include.InboundRegistry(), include.OutboundRegistry(), include.EndpointRegistry(), dnsRegistry, include.ServiceRegistry())
 }
 
 func parseConfig(ctx context.Context, configContent string) (option.Options, error) {

experimental/libbox/service.go

@@ -27,7 +27,6 @@ import (
 	"github.com/sagernet/sing/common/logger"
 	N "github.com/sagernet/sing/common/network"
 	"github.com/sagernet/sing/service"
-	"github.com/sagernet/sing/service/filemanager"
 	"github.com/sagernet/sing/service/pause"
 )
 
@@ -44,7 +43,6 @@ type BoxService struct {
 
 func NewService(configContent string, platformInterface PlatformInterface) (*BoxService, error) {
 	ctx := BaseContext(platformInterface)
-	ctx = filemanager.WithDefault(ctx, sWorkingPath, sTempPath, sUserID, sGroupID)
 	service.MustRegister[deprecated.Manager](ctx, new(deprecatedManager))
 	options, err := parseConfig(ctx, configContent)
 	if err != nil {

protocol/tun/inbound.go

@@ -137,6 +137,9 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 		if platformInterface != nil && platformInterface.UnderNetworkExtension() {
 			// In Network Extension, when MTU exceeds 4064 (4096-UTUN_IF_HEADROOM_SIZE), the performance of tun will drop significantly, which may be a system bug.
 			tunMTU = 4064
+		} else if C.IsAndroid {
+			// Some Android devices report ENOBUFS when using MTU 65535
+			tunMTU = 9000
 		} else {
 			tunMTU = 65535
 		}