Merge remote-tracking branch 'remotes/origin/Alpha' into Alpha

2025-04-18 08:20:53 +00:00 · 2024-08-07 19:53:35 +08:00 · 2024-08-07 19:53:35 +08:00 · fa919737c1
commit fa919737c1
parent c3b77652e6 030631607e
29 changed files with 819 additions and 190 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -155,6 +155,7 @@ jobs:
        echo "BUILDTIME=$(date)" >> $GITHUB_ENV
        echo "CGO_ENABLED=0" >> $GITHUB_ENV
        echo "BUILDTAG=-extldflags --static" >> $GITHUB_ENV
+        echo "GOTOOLCHAIN=local" >> $GITHUB_ENV

    - name: Setup NDK
      if: ${{ matrix.jobs.goos == 'android' }}
--- a/3
+++ b/3
@ -13,7 +13,7 @@ WORKDIR /mihomo
 COPY bin/ bin/
 RUN FILE_NAME=`sh file-name.sh` && echo $FILE_NAME && \
    FILE_NAME=`ls bin/ | egrep "$FILE_NAME.gz"|awk NR==1` && echo $FILE_NAME && \
-    mv bin/$FILE_NAME mihomo.gz && gzip -d mihomo.gz && echo "$FILE_NAME" > /mihomo-config/test
+    mv bin/$FILE_NAME mihomo.gz && gzip -d mihomo.gz && chmod +x mihomo && echo "$FILE_NAME" > /mihomo-config/test
 FROM alpine:latest
 LABEL org.opencontainers.image.source="https://github.com/MetaCubeX/mihomo"

@ -23,5 +23,4 @@ VOLUME ["/root/.config/mihomo/"]

 COPY --from=builder /mihomo-config/ /root/.config/mihomo/
 COPY --from=builder /mihomo/mihomo /mihomo
-RUN chmod +x /mihomo
 ENTRYPOINT [ "/mihomo" ]
--- a/adapter/inbound/addition.go
+++ b/adapter/inbound/addition.go
@ -69,3 +69,5 @@ func WithDSCP(dscp uint8) Addition {
 		metadata.DSCP = dscp
 	}
 }
+
+func Placeholder(metadata *C.Metadata) {}
--- a/component/cidr/ipcidr_set.go
+++ b/component/cidr/ipcidr_set.go
@ -57,6 +57,16 @@ func (set *IpCidrSet) Merge() error {
 	return nil
 }

+func (set *IpCidrSet) Foreach(f func(prefix netip.Prefix) bool) {
+	for _, r := range set.rr {
+		for _, prefix := range r.Prefixes() {
+			if !f(prefix) {
+				return
+			}
+		}
+	}
+}
+
 // ToIPSet not safe convert to *netipx.IPSet
 // be careful, must be used after Merge
 func (set *IpCidrSet) ToIPSet() *netipx.IPSet {
--- a/component/cidr/ipcidr_set_bin.go
+++ b/component/cidr/ipcidr_set_bin.go
@ -0,0 +1,77 @@
+package cidr
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+	"net/netip"
+
+	"go4.org/netipx"
+)
+
+func (ss *IpCidrSet) WriteBin(w io.Writer) (err error) {
+	// version
+	_, err = w.Write([]byte{1})
+	if err != nil {
+		return err
+	}
+
+	// rr
+	err = binary.Write(w, binary.BigEndian, int64(len(ss.rr)))
+	if err != nil {
+		return err
+	}
+	for _, r := range ss.rr {
+		err = binary.Write(w, binary.BigEndian, r.From().As16())
+		if err != nil {
+			return err
+		}
+		err = binary.Write(w, binary.BigEndian, r.To().As16())
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func ReadIpCidrSet(r io.Reader) (ss *IpCidrSet, err error) {
+	// version
+	version := make([]byte, 1)
+	_, err = io.ReadFull(r, version)
+	if err != nil {
+		return nil, err
+	}
+	if version[0] != 1 {
+		return nil, errors.New("version is invalid")
+	}
+
+	ss = NewIpCidrSet()
+	var length int64
+
+	// rr
+	err = binary.Read(r, binary.BigEndian, &length)
+	if err != nil {
+		return nil, err
+	}
+	if length < 1 {
+		return nil, errors.New("length is invalid")
+	}
+	ss.rr = make([]netipx.IPRange, length)
+	for i := int64(0); i < length; i++ {
+		var a16 [16]byte
+		err = binary.Read(r, binary.BigEndian, &a16)
+		if err != nil {
+			return nil, err
+		}
+		from := netip.AddrFrom16(a16).Unmap()
+		err = binary.Read(r, binary.BigEndian, &a16)
+		if err != nil {
+			return nil, err
+		}
+		to := netip.AddrFrom16(a16).Unmap()
+		ss.rr[i] = netipx.IPRangeFrom(from, to)
+	}
+
+	return ss, nil
+}
--- a/component/trie/domain.go
+++ b/component/trie/domain.go
@ -123,16 +123,18 @@ func (t *DomainTrie[T]) Optimize() {
 	t.root.optimize()
 }

-func (t *DomainTrie[T]) Foreach(print func(domain string, data T)) {
+func (t *DomainTrie[T]) Foreach(fn func(domain string, data T) bool) {
 	for key, data := range t.root.getChildren() {
-		recursion([]string{key}, data, print)
+		recursion([]string{key}, data, fn)
 		if data != nil && data.inited {
-			print(joinDomain([]string{key}), data.data)
+			if !fn(joinDomain([]string{key}), data.data) {
+				return
+			}
 		}
 	}
 }

-func recursion[T any](items []string, node *Node[T], fn func(domain string, data T)) {
+func recursion[T any](items []string, node *Node[T], fn func(domain string, data T) bool) bool {
 	for key, data := range node.getChildren() {
 		newItems := append([]string{key}, items...)
 		if data != nil && data.inited {
@ -140,10 +142,15 @@ func recursion[T any](items []string, node *Node[T], fn func(domain string, data
 			if domain[0] == domainStepByte {
 				domain = complexWildcard + domain
 			}
-			fn(domain, data.Data())
+			if !fn(domain, data.Data()) {
+				return false
+			}
+		}
+		if !recursion(newItems, data, fn) {
+			return false
 		}
-		recursion(newItems, data, fn)
 	}
+	return true
 }

 func joinDomain(items []string) string {
--- a/component/trie/domain_set.go
+++ b/component/trie/domain_set.go
@ -28,8 +28,9 @@ type qElt struct{ s, e, col int }
 // NewDomainSet creates a new *DomainSet struct, from a DomainTrie.
 func (t *DomainTrie[T]) NewDomainSet() *DomainSet {
 	reserveDomains := make([]string, 0)
-	t.Foreach(func(domain string, data T) {
+	t.Foreach(func(domain string, data T) bool {
 		reserveDomains = append(reserveDomains, utils.Reverse(domain))
+		return true
 	})
 	// ensure that the same prefix is continuous
 	// and according to the ascending sequence of length
@ -136,6 +137,41 @@ func (ss *DomainSet) Has(key string) bool {

 }

+func (ss *DomainSet) keys(f func(key string) bool) {
+	var currentKey []byte
+	var traverse func(int, int) bool
+	traverse = func(nodeId, bmIdx int) bool {
+		if getBit(ss.leaves, nodeId) != 0 {
+			if !f(string(currentKey)) {
+				return false
+			}
+		}
+
+		for ; ; bmIdx++ {
+			if getBit(ss.labelBitmap, bmIdx) != 0 {
+				return true
+			}
+			nextLabel := ss.labels[bmIdx-nodeId]
+			currentKey = append(currentKey, nextLabel)
+			nextNodeId := countZeros(ss.labelBitmap, ss.ranks, bmIdx+1)
+			nextBmIdx := selectIthOne(ss.labelBitmap, ss.ranks, ss.selects, nextNodeId-1) + 1
+			if !traverse(nextNodeId, nextBmIdx) {
+				return false
+			}
+			currentKey = currentKey[:len(currentKey)-1]
+		}
+	}
+
+	traverse(0, 0)
+	return
+}
+
+func (ss *DomainSet) Foreach(f func(key string) bool) {
+	ss.keys(func(key string) bool {
+		return f(utils.Reverse(key))
+	})
+}
+
 func setBit(bm *[]uint64, i int, v int) {
 	for i>>6 >= len(*bm) {
 		*bm = append(*bm, 0)
--- a/component/trie/domain_set_bin.go
+++ b/component/trie/domain_set_bin.go
@ -0,0 +1,115 @@
+package trie
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+func (ss *DomainSet) WriteBin(w io.Writer) (err error) {
+	// version
+	_, err = w.Write([]byte{1})
+	if err != nil {
+		return err
+	}
+
+	// leaves
+	err = binary.Write(w, binary.BigEndian, int64(len(ss.leaves)))
+	if err != nil {
+		return err
+	}
+	for _, d := range ss.leaves {
+		err = binary.Write(w, binary.BigEndian, d)
+		if err != nil {
+			return err
+		}
+	}
+
+	// labelBitmap
+	err = binary.Write(w, binary.BigEndian, int64(len(ss.labelBitmap)))
+	if err != nil {
+		return err
+	}
+	for _, d := range ss.labelBitmap {
+		err = binary.Write(w, binary.BigEndian, d)
+		if err != nil {
+			return err
+		}
+	}
+
+	// labels
+	err = binary.Write(w, binary.BigEndian, int64(len(ss.labels)))
+	if err != nil {
+		return err
+	}
+	_, err = w.Write(ss.labels)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func ReadDomainSetBin(r io.Reader) (ds *DomainSet, err error) {
+	// version
+	version := make([]byte, 1)
+	_, err = io.ReadFull(r, version)
+	if err != nil {
+		return nil, err
+	}
+	if version[0] != 1 {
+		return nil, errors.New("version is invalid")
+	}
+
+	ds = &DomainSet{}
+	var length int64
+
+	// leaves
+	err = binary.Read(r, binary.BigEndian, &length)
+	if err != nil {
+		return nil, err
+	}
+	if length < 1 {
+		return nil, errors.New("length is invalid")
+	}
+	ds.leaves = make([]uint64, length)
+	for i := int64(0); i < length; i++ {
+		err = binary.Read(r, binary.BigEndian, &ds.leaves[i])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// labelBitmap
+	err = binary.Read(r, binary.BigEndian, &length)
+	if err != nil {
+		return nil, err
+	}
+	if length < 1 {
+		return nil, errors.New("length is invalid")
+	}
+	ds.labelBitmap = make([]uint64, length)
+	for i := int64(0); i < length; i++ {
+		err = binary.Read(r, binary.BigEndian, &ds.labelBitmap[i])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// labels
+	err = binary.Read(r, binary.BigEndian, &length)
+	if err != nil {
+		return nil, err
+	}
+	if length < 1 {
+		return nil, errors.New("length is invalid")
+	}
+	ds.labels = make([]byte, length)
+	_, err = io.ReadFull(r, ds.labels)
+	if err != nil {
+		return nil, err
+	}
+
+	ds.init()
+	return ds, nil
+}
--- a/component/trie/domain_set_test.go
+++ b/component/trie/domain_set_test.go
@ -1,12 +1,29 @@
 package trie_test

 import (
+	"golang.org/x/exp/slices"
 	"testing"

 	"github.com/metacubex/mihomo/component/trie"
 	"github.com/stretchr/testify/assert"
 )

+func testDump(t *testing.T, tree *trie.DomainTrie[struct{}], set *trie.DomainSet) {
+	var dataSrc []string
+	tree.Foreach(func(domain string, data struct{}) bool {
+		dataSrc = append(dataSrc, domain)
+		return true
+	})
+	slices.Sort(dataSrc)
+	var dataSet []string
+	set.Foreach(func(key string) bool {
+		dataSet = append(dataSet, key)
+		return true
+	})
+	slices.Sort(dataSet)
+	assert.Equal(t, dataSrc, dataSet)
+}
+
 func TestDomainSet(t *testing.T) {
 	tree := trie.New[struct{}]()
 	domainSet := []string{
@ -33,6 +50,7 @@ func TestDomainSet(t *testing.T) {
 	assert.True(t, set.Has("google.com"))
 	assert.False(t, set.Has("qq.com"))
 	assert.False(t, set.Has("www.baidu.com"))
+	testDump(t, tree, set)
 }

 func TestDomainSetComplexWildcard(t *testing.T) {
@ -55,6 +73,7 @@ func TestDomainSetComplexWildcard(t *testing.T) {
 	assert.False(t, set.Has("google.com"))
 	assert.True(t, set.Has("www.baidu.com"))
 	assert.True(t, set.Has("test.test.baidu.com"))
+	testDump(t, tree, set)
 }

 func TestDomainSetWildcard(t *testing.T) {
@ -82,4 +101,5 @@ func TestDomainSetWildcard(t *testing.T) {
 	assert.False(t, set.Has("a.www.google.com"))
 	assert.False(t, set.Has("test.qq.com"))
 	assert.False(t, set.Has("test.test.test.qq.com"))
+	testDump(t, tree, set)
 }
--- a/component/trie/domain_test.go
+++ b/component/trie/domain_test.go
@ -121,8 +121,9 @@ func TestTrie_Foreach(t *testing.T) {
 		assert.NoError(t, tree.Insert(domain, localIP))
 	}
 	count := 0
-	tree.Foreach(func(domain string, data netip.Addr) {
+	tree.Foreach(func(domain string, data netip.Addr) bool {
 		count++
+		return true
 	})
 	assert.Equal(t, 7, count)
 }
--- a/config/config.go
+++ b/config/config.go
@ -42,6 +42,7 @@ import (
 	T "github.com/metacubex/mihomo/tunnel"

 	orderedmap "github.com/wk8/go-ordered-map/v2"
+	"golang.org/x/exp/slices"
 	"gopkg.in/yaml.v3"
 )

@ -792,6 +793,9 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
 		AllProviders = append(AllProviders, name)
 	}

+	slices.Sort(AllProxies)
+	slices.Sort(AllProviders)
+
 	// parse proxy group
 	for idx, mapping := range groupsConfig {
 		group, err := outboundgroup.ParseProxyGroup(mapping, proxies, providersMap, AllProxies, AllProviders)
--- a/constant/provider/interface.go
+++ b/constant/provider/interface.go
@ -1,6 +1,8 @@
 package provider

 import (
+	"fmt"
+
 	"github.com/metacubex/mihomo/common/utils"
 	"github.com/metacubex/mihomo/constant"
 )
@ -110,9 +112,37 @@ func (rt RuleBehavior) String() string {
 	}
 }

+func (rt RuleBehavior) Byte() byte {
+	switch rt {
+	case Domain:
+		return 0
+	case IPCIDR:
+		return 1
+	case Classical:
+		return 2
+	default:
+		return 255
+	}
+}
+
+func ParseBehavior(s string) (behavior RuleBehavior, err error) {
+	switch s {
+	case "domain":
+		behavior = Domain
+	case "ipcidr":
+		behavior = IPCIDR
+	case "classical":
+		behavior = Classical
+	default:
+		err = fmt.Errorf("unsupported behavior type: %s", s)
+	}
+	return
+}
+
 const (
 	YamlRule RuleFormat = iota
 	TextRule
+	MrsRule
 )

 type RuleFormat int
@ -123,11 +153,27 @@ func (rf RuleFormat) String() string {
 		return "YamlRule"
 	case TextRule:
 		return "TextRule"
+	case MrsRule:
+		return "MrsRule"
 	default:
 		return "Unknown"
 	}
 }

+func ParseRuleFormat(s string) (format RuleFormat, err error) {
+	switch s {
+	case "", "yaml":
+		format = YamlRule
+	case "text":
+		format = TextRule
+	case "mrs":
+		format = MrsRule
+	default:
+		err = fmt.Errorf("unsupported format type: %s", s)
+	}
+	return
+}
+
 type Tunnel interface {
 	Providers() map[string]ProxyProvider
 	RuleProviders() map[string]RuleProvider
--- a/docs/config.yaml
+++ b/docs/config.yaml
@ -942,6 +942,24 @@ rule-providers:
    interval: 259200
    path: /path/to/save/file.yaml
    type: file
+  rule3:
+    # mrs类型ruleset，目前仅支持domain和ipcidr(即不支持classical），
+    #
+    # 对于behavior=domain:
+    #  - format=yaml 可以通过“mihomo convert-ruleset domain yaml XXX.yaml XXX.mrs”转换到mrs格式
+    #  - format=text 可以通过“mihomo convert-ruleset domain text XXX.text XXX.mrs”转换到mrs格式
+    #  - XXX.mrs 可以通过"mihomo convert-ruleset domain mrs XXX.mrs XXX.text"转换回text格式（暂不支持转换回ymal格式）
+    #
+    # 对于behavior=ipcidr:
+    #  - format=yaml 可以通过“mihomo convert-ruleset ipcidr yaml XXX.yaml XXX.mrs”转换到mrs格式
+    #  - format=text 可以通过“mihomo convert-ruleset ipcidr text XXX.text XXX.mrs”转换到mrs格式
+    #  - XXX.mrs 可以通过"mihomo convert-ruleset ipcidr mrs XXX.mrs XXX.text"转换回text格式（暂不支持转换回ymal格式）
+    #
+    type: http
+    url: "url"
+    format: mrs
+    behavior: domain
+    path: /path/to/save/file.mrs
 rules:
  - RULE-SET,rule1,REJECT
  - IP-ASN,1,PROXY
--- a/go.mod
+++ b/go.mod
@ -7,24 +7,25 @@ require (
 	github.com/bahlo/generic-list-go v0.2.0
 	github.com/cilium/ebpf v0.12.3
 	github.com/coreos/go-iptables v0.7.0
-	github.com/dlclark/regexp2 v1.11.0
-	github.com/go-chi/chi/v5 v5.0.14
+	github.com/dlclark/regexp2 v1.11.2
+	github.com/go-chi/chi/v5 v5.1.0
 	github.com/go-chi/cors v1.2.1
 	github.com/go-chi/render v1.0.3
 	github.com/gobwas/ws v1.4.0
 	github.com/gofrs/uuid/v5 v5.2.0
-	github.com/insomniacslk/dhcp v0.0.0-20240529192340-51bc6136a0a6
+	github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9
+	github.com/klauspost/compress v1.17.9
 	github.com/klauspost/cpuid/v2 v2.2.8
 	github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40
 	github.com/mdlayher/netlink v1.7.2
 	github.com/metacubex/chacha v0.1.0
 	github.com/metacubex/gopacket v1.1.20-0.20230608035415-7e2f98a3e759
-	github.com/metacubex/quic-go v0.45.1-0.20240610004319-163fee60637e
+	github.com/metacubex/quic-go v0.45.1-0.20240803003931-60a15f6efd94
 	github.com/metacubex/randv2 v0.2.0
 	github.com/metacubex/sing-quic v0.0.0-20240518034124-7696d3f7da72
-	github.com/metacubex/sing-shadowsocks v0.2.7
-	github.com/metacubex/sing-shadowsocks2 v0.2.1
-	github.com/metacubex/sing-tun v0.2.7-0.20240719141246-19c49ac9589d
+	github.com/metacubex/sing-shadowsocks v0.2.8
+	github.com/metacubex/sing-shadowsocks2 v0.2.2
+	github.com/metacubex/sing-tun v0.2.7-0.20240729131039-ed03f557dee1
 	github.com/metacubex/sing-vmess v0.1.9-0.20240719134745-1df6fb20bbf9
 	github.com/metacubex/sing-wireguard v0.0.0-20240618022557-a6efaa37127a
 	github.com/metacubex/tfo-go v0.0.0-20240228025757-be1269474a66
@ -33,7 +34,7 @@ require (
 	github.com/mroth/weightedrand/v2 v2.1.0
 	github.com/openacid/low v0.1.21
 	github.com/oschwald/maxminddb-golang v1.12.0
-	github.com/puzpuzpuz/xsync/v3 v3.2.0
+	github.com/puzpuzpuz/xsync/v3 v3.4.0
 	github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a
 	github.com/sagernet/fswatch v0.1.1
 	github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a
@ -41,7 +42,7 @@ require (
 	github.com/sagernet/sing-mux v0.2.1-0.20240124034317-9bfb33698bb6
 	github.com/sagernet/sing-shadowtls v0.1.4
 	github.com/sagernet/wireguard-go v0.0.0-20231209092712-9a439356a62e
-	github.com/samber/lo v1.39.0
+	github.com/samber/lo v1.46.0
 	github.com/shirou/gopsutil/v3 v3.24.5
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.9.0
@ -49,9 +50,9 @@ require (
 	gitlab.com/go-extension/aes-ccm v0.0.0-20230221065045-e58665ef23c7
 	go.uber.org/automaxprocs v1.5.3
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
-	golang.org/x/crypto v0.24.0
-	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8
-	golang.org/x/net v0.26.0
+	golang.org/x/crypto v0.25.0
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
+	golang.org/x/net v0.27.0
 	golang.org/x/sync v0.7.0
 	golang.org/x/sys v0.22.0
 	google.golang.org/protobuf v1.34.2
@ -82,7 +83,6 @@ require (
 	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/josharian/native v1.1.0 // indirect
-	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mdlayher/socket v0.4.1 // indirect
@ -107,10 +107,10 @@ require (
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	gitlab.com/yawning/bsaes.git v0.0.0-20190805113838-0a714cd429ec // indirect
 	go.uber.org/mock v0.4.0 // indirect
-	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.22.0 // indirect
+	golang.org/x/tools v0.23.0 // indirect
 )

 replace github.com/sagernet/sing => github.com/metacubex/sing v0.0.0-20240724044459-6f3cf5896297
--- a/go.sum
+++ b/go.sum
@ -26,8 +26,8 @@ github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFE
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
-github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/dlclark/regexp2 v1.11.2 h1:/u628IuisSTwri5/UKloiIsH8+qF2Pu7xEQX+yIKg68=
+github.com/dlclark/regexp2 v1.11.2/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/ericlagergren/aegis v0.0.0-20230312195928-b4ce538b56f9 h1:/5RkVc9Rc81XmMyVqawCiDyrBHZbLAZgTTCqou4mwj8=
 github.com/ericlagergren/aegis v0.0.0-20230312195928-b4ce538b56f9/go.mod h1:hkIFzoiIPZYxdFOOLyDho59b7SrDfo+w3h+yWdlg45I=
 github.com/ericlagergren/polyval v0.0.0-20220411101811-e25bc10ba391 h1:8j2RH289RJplhA6WfdaPqzg1MjH2K8wX5e0uhAxrw2g=
@ -42,8 +42,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/gaukas/godicttls v0.0.4 h1:NlRaXb3J6hAnTmWdsEKb9bcSBD6BvcIjdGdeb0zfXbk=
 github.com/gaukas/godicttls v0.0.4/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI=
-github.com/go-chi/chi/v5 v5.0.14 h1:PyEwo2Vudraa0x/Wl6eDRRW2NXBvekgfxyydcM0WGE0=
-github.com/go-chi/chi/v5 v5.0.14/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
+github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
 github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4=
@ -75,14 +75,14 @@ github.com/google/tink/go v1.6.1 h1:t7JHqO8Ath2w2ig5vjwQYJzhGEZymedQc90lQXUBa4I=
 github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
 github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/insomniacslk/dhcp v0.0.0-20240529192340-51bc6136a0a6 h1:dh8D8FksyMhD64mRMbUhZHWYJfNoNMCxfVq6eexleMw=
-github.com/insomniacslk/dhcp v0.0.0-20240529192340-51bc6136a0a6/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic=
+github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9 h1:LZJWucZz7ztCqY6Jsu7N9g124iJ2kt/O62j3+UchZFg=
+github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
 github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
-github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
-github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM=
 github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@ -103,20 +103,20 @@ github.com/metacubex/gopacket v1.1.20-0.20230608035415-7e2f98a3e759 h1:cjd4biTvO
 github.com/metacubex/gopacket v1.1.20-0.20230608035415-7e2f98a3e759/go.mod h1:UHOv2xu+RIgLwpXca7TLrXleEd4oR3sPatW6IF8wU88=
 github.com/metacubex/gvisor v0.0.0-20240320004321-933faba989ec h1:HxreOiFTUrJXJautEo8rnE1uKTVGY8wtZepY1Tii/Nc=
 github.com/metacubex/gvisor v0.0.0-20240320004321-933faba989ec/go.mod h1:8BVmQ+3cxjqzWElafm24rb2Ae4jRI6vAXNXWqWjfrXw=
-github.com/metacubex/quic-go v0.45.1-0.20240610004319-163fee60637e h1:bLYn3GuRvWDcBDAkIv5kUYIhzHwafDVq635BuybnKqI=
-github.com/metacubex/quic-go v0.45.1-0.20240610004319-163fee60637e/go.mod h1:Yza2H7Ax1rxWPUcJx0vW+oAt9EsPuSiyQFhFabUPzwU=
+github.com/metacubex/quic-go v0.45.1-0.20240803003931-60a15f6efd94 h1:wlhwgxRzPLH8Ce0VME35iD2sr7jY2gFrL299/T4C2Sg=
+github.com/metacubex/quic-go v0.45.1-0.20240803003931-60a15f6efd94/go.mod h1:Yza2H7Ax1rxWPUcJx0vW+oAt9EsPuSiyQFhFabUPzwU=
 github.com/metacubex/randv2 v0.2.0 h1:uP38uBvV2SxYfLj53kuvAjbND4RUDfFJjwr4UigMiLs=
 github.com/metacubex/randv2 v0.2.0/go.mod h1:kFi2SzrQ5WuneuoLLCMkABtiBu6VRrMrWFqSPyj2cxY=
 github.com/metacubex/sing v0.0.0-20240724044459-6f3cf5896297 h1:YG/JkwGPbca5rUtEMHIu8ZuqzR7BSVm1iqY8hNoMeMA=
 github.com/metacubex/sing v0.0.0-20240724044459-6f3cf5896297/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/metacubex/sing-quic v0.0.0-20240518034124-7696d3f7da72 h1:Wr4g1HCb5Z/QIFwFiVNjO2qL+dRu25+Mdn9xtAZZ+ew=
 github.com/metacubex/sing-quic v0.0.0-20240518034124-7696d3f7da72/go.mod h1:g7Mxj7b7zm7YVqD975mk/hSmrb0A0G4bVvIMr2MMzn8=
-github.com/metacubex/sing-shadowsocks v0.2.7 h1:9f3Dt2+71TNp0e202llA2ug5h/rkWs2EZxQ5IMpf+9g=
-github.com/metacubex/sing-shadowsocks v0.2.7/go.mod h1:X3x88XtJpBxG0W0/ECOJL6Ib0SJ3xdniAkU/6/RMWU0=
-github.com/metacubex/sing-shadowsocks2 v0.2.1 h1:XIZBXlazp8EEoPp1S0DViAhLkJakjQ2f+AOwwdKKNYg=
-github.com/metacubex/sing-shadowsocks2 v0.2.1/go.mod h1:BhOug03a/RbI7y6hp6q+6ITM1dXjnLTmeWBHSTwvv2Q=
-github.com/metacubex/sing-tun v0.2.7-0.20240719141246-19c49ac9589d h1:iYlepjRCYlPXtELupDL+pQjGqkCnQz4KQOfKImP9sog=
-github.com/metacubex/sing-tun v0.2.7-0.20240719141246-19c49ac9589d/go.mod h1:olbEx9yVcaw5tHTNlRamRoxmMKcvDvcVS1YLnQGzvWE=
+github.com/metacubex/sing-shadowsocks v0.2.8 h1:wIhlaigswzjPw4hej75sEvWte3QR0+AJRafgwBHO5B4=
+github.com/metacubex/sing-shadowsocks v0.2.8/go.mod h1:X3x88XtJpBxG0W0/ECOJL6Ib0SJ3xdniAkU/6/RMWU0=
+github.com/metacubex/sing-shadowsocks2 v0.2.2 h1:eaf42uVx4Lr21S6MDYs0ZdTvGA0GEhDpb9no4+gdXPo=
+github.com/metacubex/sing-shadowsocks2 v0.2.2/go.mod h1:BhOug03a/RbI7y6hp6q+6ITM1dXjnLTmeWBHSTwvv2Q=
+github.com/metacubex/sing-tun v0.2.7-0.20240729131039-ed03f557dee1 h1:ypfofGDZbP8p3Y4P/m74JYu7sQViesi3c8nbmT6cS0Y=
+github.com/metacubex/sing-tun v0.2.7-0.20240729131039-ed03f557dee1/go.mod h1:olbEx9yVcaw5tHTNlRamRoxmMKcvDvcVS1YLnQGzvWE=
 github.com/metacubex/sing-vmess v0.1.9-0.20240719134745-1df6fb20bbf9 h1:OAXiCosqY8xKDp3pqTW3qbrCprZ1l6WkrXSFSCwyY4I=
 github.com/metacubex/sing-vmess v0.1.9-0.20240719134745-1df6fb20bbf9/go.mod h1:olVkD4FChQ5gKMHG4ZzuD7+fMkJY1G8vwOKpRehjrmY=
 github.com/metacubex/sing-wireguard v0.0.0-20240618022557-a6efaa37127a h1:NpSGclHJUYndUwBmyIpFBSoBVg8PoVX7QQKhYg0DjM0=
@ -149,8 +149,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
-github.com/puzpuzpuz/xsync/v3 v3.2.0 h1:9AzuUeF88YC5bK8u2vEG1Fpvu4wgpM1wfPIExfaaDxQ=
-github.com/puzpuzpuz/xsync/v3 v3.2.0/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
+github.com/puzpuzpuz/xsync/v3 v3.4.0 h1:DuVBAdXuGFHv8adVXjWWZ63pJq+NRXOWVXlKDBZ+mJ4=
+github.com/puzpuzpuz/xsync/v3 v3.4.0/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
 github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
 github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
 github.com/quic-go/qtls-go1-20 v0.4.1 h1:D33340mCNDAIKBqXuAvexTNMUByrYmFYVfKfDN5nfFs=
@ -172,8 +172,8 @@ github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxe
 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7/go.mod h1:FP9X2xjT/Az1EsG/orYYoC+5MojWnuI7hrffz8fGwwo=
 github.com/sagernet/wireguard-go v0.0.0-20231209092712-9a439356a62e h1:iGH0RMv2FzELOFNFQtvsxH7NPmlo7X5JizEK51UCojo=
 github.com/sagernet/wireguard-go v0.0.0-20231209092712-9a439356a62e/go.mod h1:YbL4TKHRR6APYQv3U2RGfwLDpPYSyWz6oUlpISBEzBE=
-github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
-github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
+github.com/samber/lo v1.46.0 h1:w8G+oaCPgz1PoCJztqymCFaKwXt+5cCXn51uPxExFfQ=
+github.com/samber/lo v1.46.0/go.mod h1:RmDH9Ct32Qy3gduHQuKJ3gW1fMHAnE/fAzQuf6He5cU=
 github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI=
 github.com/shirou/gopsutil/v3 v3.24.5/go.mod h1:bsoOS1aStSs9ErQ1WWfxllSeS1K5D+U30r2NfcubMVk=
 github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
@ -226,18 +226,18 @@ go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBs
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
-golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
-golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
+golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
@ -259,15 +259,15 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
 golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
+golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
+golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
+golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
--- a/listener/http/client.go
+++ b/listener/http/client.go
@ -13,7 +13,7 @@ import (
 	"github.com/metacubex/mihomo/transport/socks5"
 )

-func newClient(srcConn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition) *http.Client {
+func newClient(srcConn net.Conn, tunnel C.Tunnel, additions []inbound.Addition) *http.Client { // additions using slice let caller can change its value (without size) after newClient return
 	return &http.Client{
 		Transport: &http.Transport{
 			// from http.DefaultTransport
--- a/listener/http/proxy.go
+++ b/listener/http/proxy.go
@ -10,10 +10,9 @@ import (
 	"sync"

 	"github.com/metacubex/mihomo/adapter/inbound"
-	"github.com/metacubex/mihomo/common/lru"
 	N "github.com/metacubex/mihomo/common/net"
+	"github.com/metacubex/mihomo/component/auth"
 	C "github.com/metacubex/mihomo/constant"
-	authStore "github.com/metacubex/mihomo/listener/auth"
 	"github.com/metacubex/mihomo/log"
 )

@ -31,8 +30,10 @@ func (b *bodyWrapper) Read(p []byte) (n int, err error) {
 	return n, err
 }

-func HandleConn(c net.Conn, tunnel C.Tunnel, cache *lru.LruCache[string, bool], additions ...inbound.Addition) {
-	client := newClient(c, tunnel, additions...)
+func HandleConn(c net.Conn, tunnel C.Tunnel, authenticator auth.Authenticator, additions ...inbound.Addition) {
+	additions = append(additions, inbound.Placeholder) // Add a placeholder for InUser
+	inUserIdx := len(additions) - 1
+	client := newClient(c, tunnel, additions)
 	defer client.CloseIdleConnections()
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@ -41,7 +42,8 @@ func HandleConn(c net.Conn, tunnel C.Tunnel, cache *lru.LruCache[string, bool],
 	conn := N.NewBufferedConn(c)

 	keepAlive := true
-	trusted := cache == nil // disable authenticate if lru is nil
+	trusted := authenticator == nil // disable authenticate if lru is nil
+	lastUser := ""

 	for keepAlive {
 		peekMutex.Lock()
@ -57,12 +59,10 @@ func HandleConn(c net.Conn, tunnel C.Tunnel, cache *lru.LruCache[string, bool],

 		var resp *http.Response

-		if !trusted {
-			var user string
-			resp, user = authenticate(request, cache)
-			additions = append(additions, inbound.WithInUser(user))
-			trusted = resp == nil
-		}
+		var user string
+		resp, user = authenticate(request, authenticator) // always call authenticate function to get user
+		trusted = trusted || resp == nil
+		additions[inUserIdx] = inbound.WithInUser(user)

 		if trusted {
 			if request.Method == http.MethodConnect {
@ -89,6 +89,13 @@ func HandleConn(c net.Conn, tunnel C.Tunnel, cache *lru.LruCache[string, bool],
 				return // hijack connection
 			}

+			// ensure there is a client with correct additions
+			// when the authenticated user changed, outbound client should close idle connections
+			if user != lastUser {
+				client.CloseIdleConnections()
+				lastUser = user
+			}
+
 			removeHopByHopHeaders(request.Header)
 			removeExtraHTTPHostPort(request)

@ -138,34 +145,24 @@ func HandleConn(c net.Conn, tunnel C.Tunnel, cache *lru.LruCache[string, bool],
 	_ = conn.Close()
 }

-func authenticate(request *http.Request, cache *lru.LruCache[string, bool]) (resp *http.Response, u string) {
-	authenticator := authStore.Authenticator()
+func authenticate(request *http.Request, authenticator auth.Authenticator) (resp *http.Response, user string) {
 	if inbound.SkipAuthRemoteAddress(request.RemoteAddr) {
 		authenticator = nil
 	}
-	if authenticator != nil {
-		credential := parseBasicProxyAuthorization(request)
-		if credential == "" {
-			resp := responseWith(request, http.StatusProxyAuthRequired)
-			resp.Header.Set("Proxy-Authenticate", "Basic")
-			return resp, ""
-		}
-
-		authed, exist := cache.Get(credential)
-		if !exist {
-			user, pass, err := decodeBasicProxyAuthorization(credential)
-			authed = err == nil && authenticator.Verify(user, pass)
-			u = user
-			cache.Set(credential, authed)
-		}
-		if !authed {
-			log.Infoln("Auth failed from %s", request.RemoteAddr)
-
-			return responseWith(request, http.StatusForbidden), u
-		}
+	credential := parseBasicProxyAuthorization(request)
+	if credential == "" && authenticator != nil {
+		resp = responseWith(request, http.StatusProxyAuthRequired)
+		resp.Header.Set("Proxy-Authenticate", "Basic")
+		return
 	}
-
-	return nil, u
+	user, pass, err := decodeBasicProxyAuthorization(credential)
+	authed := authenticator == nil || (err == nil && authenticator.Verify(user, pass))
+	if !authed {
+		log.Infoln("Auth failed from %s", request.RemoteAddr)
+		return responseWith(request, http.StatusForbidden), user
+	}
+	log.Debugln("Auth success from %s -> %s", request.RemoteAddr, user)
+	return
 }

 func responseWith(request *http.Request, statusCode int) *http.Response {
--- a/listener/http/server.go
+++ b/listener/http/server.go
@ -4,9 +4,10 @@ import (
 	"net"

 	"github.com/metacubex/mihomo/adapter/inbound"
-	"github.com/metacubex/mihomo/common/lru"
+	"github.com/metacubex/mihomo/component/auth"
 	C "github.com/metacubex/mihomo/constant"
 	"github.com/metacubex/mihomo/constant/features"
+	authStore "github.com/metacubex/mihomo/listener/auth"
 )

 type Listener struct {
@ -32,10 +33,20 @@ func (l *Listener) Close() error {
 }

 func New(addr string, tunnel C.Tunnel, additions ...inbound.Addition) (*Listener, error) {
-	return NewWithAuthenticate(addr, tunnel, true, additions...)
+	return NewWithAuthenticator(addr, tunnel, authStore.Authenticator(), additions...)
 }

+// NewWithAuthenticate
+// never change type traits because it's used in CFMA
 func NewWithAuthenticate(addr string, tunnel C.Tunnel, authenticate bool, additions ...inbound.Addition) (*Listener, error) {
+	authenticator := authStore.Authenticator()
+	if !authenticate {
+		authenticator = nil
+	}
+	return NewWithAuthenticator(addr, tunnel, authenticator, additions...)
+}
+
+func NewWithAuthenticator(addr string, tunnel C.Tunnel, authenticator auth.Authenticator, additions ...inbound.Addition) (*Listener, error) {
 	isDefault := false
 	if len(additions) == 0 {
 		isDefault = true
@ -50,11 +61,6 @@ func NewWithAuthenticate(addr string, tunnel C.Tunnel, authenticate bool, additi
 		return nil, err
 	}

-	var c *lru.LruCache[string, bool]
-	if authenticate {
-		c = lru.New[string, bool](lru.WithAge[string, bool](30))
-	}
-
 	hl := &Listener{
 		listener: l,
 		addr:     addr,
@ -79,7 +85,7 @@ func NewWithAuthenticate(addr string, tunnel C.Tunnel, authenticate bool, additi
 					continue
 				}
 			}
-			go HandleConn(conn, tunnel, c, additions...)
+			go HandleConn(conn, tunnel, authenticator, additions...)
 		}
 	}()

--- a/listener/mixed/mixed.go
+++ b/listener/mixed/mixed.go
@ -4,9 +4,9 @@ import (
 	"net"

 	"github.com/metacubex/mihomo/adapter/inbound"
-	"github.com/metacubex/mihomo/common/lru"
 	N "github.com/metacubex/mihomo/common/net"
 	C "github.com/metacubex/mihomo/constant"
+	authStore "github.com/metacubex/mihomo/listener/auth"
 	"github.com/metacubex/mihomo/listener/http"
 	"github.com/metacubex/mihomo/listener/socks"
 	"github.com/metacubex/mihomo/transport/socks4"
@ -16,7 +16,6 @@ import (
 type Listener struct {
 	listener net.Listener
 	addr     string
-	cache    *lru.LruCache[string, bool]
 	closed   bool
 }

@ -53,7 +52,6 @@ func New(addr string, tunnel C.Tunnel, additions ...inbound.Addition) (*Listener
 	ml := &Listener{
 		listener: l,
 		addr:     addr,
-		cache:    lru.New[string, bool](lru.WithAge[string, bool](30)),
 	}
 	go func() {
 		for {
@ -70,14 +68,14 @@ func New(addr string, tunnel C.Tunnel, additions ...inbound.Addition) (*Listener
 					continue
 				}
 			}
-			go handleConn(c, tunnel, ml.cache, additions...)
+			go handleConn(c, tunnel, additions...)
 		}
 	}()

 	return ml, nil
 }

-func handleConn(conn net.Conn, tunnel C.Tunnel, cache *lru.LruCache[string, bool], additions ...inbound.Addition) {
+func handleConn(conn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition) {
 	N.TCPKeepAlive(conn)

 	bufConn := N.NewBufferedConn(conn)
@ -92,6 +90,6 @@ func handleConn(conn net.Conn, tunnel C.Tunnel, cache *lru.LruCache[string, bool
 	case socks5.Version:
 		socks.HandleSocks5(bufConn, tunnel, additions...)
 	default:
-		http.HandleConn(bufConn, tunnel, cache, additions...)
+		http.HandleConn(bufConn, tunnel, authStore.Authenticator(), additions...)
 	}
 }
--- a/main.go
+++ b/main.go
@ -17,6 +17,7 @@ import (
 	"github.com/metacubex/mihomo/hub"
 	"github.com/metacubex/mihomo/hub/executor"
 	"github.com/metacubex/mihomo/log"
+	"github.com/metacubex/mihomo/rules/provider"

 	"go.uber.org/automaxprocs/maxprocs"
 )
@ -48,6 +49,12 @@ func init() {

 func main() {
 	_, _ = maxprocs.Set(maxprocs.Logger(func(string, ...any) {}))
+
+	if len(os.Args) > 1 && os.Args[1] == "convert-ruleset" {
+		provider.ConvertMain(os.Args[2:])
+		return
+	}
+
 	if version {
 		fmt.Printf("Mihomo Meta %s %s %s with %s %s\n",
 			C.Version, runtime.GOOS, runtime.GOARCH, runtime.Version(), C.BuildTime)
--- a/rules/logic/logic.go
+++ b/rules/logic/logic.go
@ -4,6 +4,7 @@ import (
 	"fmt"
 	"regexp"
 	"strings"
+	"sync"

 	C "github.com/metacubex/mihomo/constant"
 	"github.com/metacubex/mihomo/rules/common"
@ -13,19 +14,19 @@ import (

 type Logic struct {
 	*common.Base
-	payload     string
-	adapter     string
-	ruleType    C.RuleType
-	rules       []C.Rule
-	subRules    map[string][]C.Rule
-	needIP      bool
-	needProcess bool
+	payload  string
+	adapter  string
+	ruleType C.RuleType
+	rules    []C.Rule
+	subRules map[string][]C.Rule
+
+	payloadOnce sync.Once
 }

 type ParseRuleFunc func(tp, payload, target string, params []string, subRules map[string][]C.Rule) (C.Rule, error)

 func NewSubRule(payload, adapter string, subRules map[string][]C.Rule, parseRule ParseRuleFunc) (*Logic, error) {
-	logic := &Logic{Base: &common.Base{}, payload: payload, adapter: adapter, ruleType: C.SubRules}
+	logic := &Logic{Base: &common.Base{}, payload: payload, adapter: adapter, ruleType: C.SubRules, subRules: subRules}
 	err := logic.parsePayload(fmt.Sprintf("(%s)", payload), parseRule)
 	if err != nil {
 		return nil, err
@ -34,15 +35,6 @@ func NewSubRule(payload, adapter string, subRules map[string][]C.Rule, parseRule
 	if len(logic.rules) != 1 {
 		return nil, fmt.Errorf("Sub-Rule rule must contain one rule")
 	}
-	for _, rule := range subRules[adapter] {
-		if rule.ShouldResolveIP() {
-			logic.needIP = true
-		}
-		if rule.ShouldFindProcess() {
-			logic.needProcess = true
-		}
-	}
-	logic.subRules = subRules
 	return logic, nil
 }

@ -56,9 +48,6 @@ func NewNOT(payload string, adapter string, parseRule ParseRuleFunc) (*Logic, er
 	if len(logic.rules) != 1 {
 		return nil, fmt.Errorf("not rule must contain one rule")
 	}
-	logic.needIP = logic.rules[0].ShouldResolveIP()
-	logic.needProcess = logic.rules[0].ShouldFindProcess()
-	logic.payload = fmt.Sprintf("(!(%s,%s))", logic.rules[0].RuleType(), logic.rules[0].Payload())
 	return logic, nil
 }

@ -68,40 +57,15 @@ func NewOR(payload string, adapter string, parseRule ParseRuleFunc) (*Logic, err
 	if err != nil {
 		return nil, err
 	}
-
-	payloads := make([]string, 0, len(logic.rules))
-	for _, rule := range logic.rules {
-		payloads = append(payloads, fmt.Sprintf("(%s,%s)", rule.RuleType().String(), rule.Payload()))
-		if rule.ShouldResolveIP() {
-			logic.needIP = true
-		}
-		if rule.ShouldFindProcess() {
-			logic.needProcess = true
-		}
-	}
-	logic.payload = fmt.Sprintf("(%s)", strings.Join(payloads, " || "))
-
 	return logic, nil
 }
+
 func NewAND(payload string, adapter string, parseRule ParseRuleFunc) (*Logic, error) {
 	logic := &Logic{Base: &common.Base{}, payload: payload, adapter: adapter, ruleType: C.AND}
 	err := logic.parsePayload(payload, parseRule)
 	if err != nil {
 		return nil, err
 	}
-
-	payloads := make([]string, 0, len(logic.rules))
-	for _, rule := range logic.rules {
-		payloads = append(payloads, fmt.Sprintf("(%s,%s)", rule.RuleType().String(), rule.Payload()))
-		if rule.ShouldResolveIP() {
-			logic.needIP = true
-		}
-		if rule.ShouldFindProcess() {
-			logic.needProcess = true
-		}
-	}
-	logic.payload = fmt.Sprintf("(%s)", strings.Join(payloads, " && "))
-
 	return logic, nil
 }

@ -218,13 +182,6 @@ func (logic *Logic) parsePayload(payload string, parseRule ParseRuleFunc) error
 				return err
 			}

-			if rule.ShouldResolveIP() {
-				logic.needIP = true
-			}
-			if rule.ShouldFindProcess() {
-				logic.needProcess = true
-			}
-
 			rules = append(rules, rule)
 		}

@ -279,9 +236,9 @@ func (logic *Logic) Match(metadata *C.Metadata) (bool, string) {
 			}
 		}
 		return true, logic.adapter
+	default:
+		return false, ""
 	}
-
-	return false, ""
 }

 func (logic *Logic) Adapter() string {
@ -289,15 +246,58 @@ func (logic *Logic) Adapter() string {
 }

 func (logic *Logic) Payload() string {
+	logic.payloadOnce.Do(func() { // a little bit expensive, so only computed once
+		switch logic.ruleType {
+		case C.NOT:
+			logic.payload = fmt.Sprintf("(!(%s,%s))", logic.rules[0].RuleType(), logic.rules[0].Payload())
+		case C.OR:
+			payloads := make([]string, 0, len(logic.rules))
+			for _, rule := range logic.rules {
+				payloads = append(payloads, fmt.Sprintf("(%s,%s)", rule.RuleType().String(), rule.Payload()))
+			}
+			logic.payload = fmt.Sprintf("(%s)", strings.Join(payloads, " || "))
+		case C.AND:
+			payloads := make([]string, 0, len(logic.rules))
+			for _, rule := range logic.rules {
+				payloads = append(payloads, fmt.Sprintf("(%s,%s)", rule.RuleType().String(), rule.Payload()))
+			}
+			logic.payload = fmt.Sprintf("(%s)", strings.Join(payloads, " && "))
+		default:
+		}
+	})
 	return logic.payload
 }

 func (logic *Logic) ShouldResolveIP() bool {
-	return logic.needIP
+	if logic.ruleType == C.SubRules {
+		for _, rule := range logic.subRules[logic.adapter] {
+			if rule.ShouldResolveIP() {
+				return true
+			}
+		}
+	}
+	for _, rule := range logic.rules {
+		if rule.ShouldResolveIP() {
+			return true
+		}
+	}
+	return false
 }

 func (logic *Logic) ShouldFindProcess() bool {
-	return logic.needProcess
+	if logic.ruleType == C.SubRules {
+		for _, rule := range logic.subRules[logic.adapter] {
+			if rule.ShouldFindProcess() {
+				return true
+			}
+		}
+	}
+	for _, rule := range logic.rules {
+		if rule.ShouldFindProcess() {
+			return true
+		}
+	}
+	return false
 }

 func (logic *Logic) ProviderNames() (names []string) {
--- a/rules/provider/classical_strategy.go
+++ b/rules/provider/classical_strategy.go
@ -5,6 +5,7 @@ import (
 	"strings"

 	C "github.com/metacubex/mihomo/constant"
+	P "github.com/metacubex/mihomo/constant/provider"
 	"github.com/metacubex/mihomo/log"
 )

@ -16,6 +17,10 @@ type classicalStrategy struct {
 	parse             func(tp, payload, target string, params []string) (parsed C.Rule, parseErr error)
 }

+func (c *classicalStrategy) Behavior() P.RuleBehavior {
+	return P.Classical
+}
+
 func (c *classicalStrategy) Match(metadata *C.Metadata) bool {
 	for _, rule := range c.rules {
 		if m, _ := rule.Match(metadata); m {
--- a/rules/provider/domain_strategy.go
+++ b/rules/provider/domain_strategy.go
@ -1,9 +1,16 @@
 package provider

 import (
+	"errors"
+	"io"
+	"strings"
+
 	"github.com/metacubex/mihomo/component/trie"
 	C "github.com/metacubex/mihomo/constant"
+	P "github.com/metacubex/mihomo/constant/provider"
 	"github.com/metacubex/mihomo/log"
+
+	"golang.org/x/exp/slices"
 )

 type domainStrategy struct {
@ -12,6 +19,10 @@ type domainStrategy struct {
 	domainSet  *trie.DomainSet
 }

+func (d *domainStrategy) Behavior() P.RuleBehavior {
+	return P.Domain
+}
+
 func (d *domainStrategy) ShouldFindProcess() bool {
 	return false
 }
@ -35,6 +46,10 @@ func (d *domainStrategy) Reset() {
 }

 func (d *domainStrategy) Insert(rule string) {
+	if strings.ContainsRune(rule, '/') {
+		log.Warnln("invalid domain:[%s]", rule)
+		return
+	}
 	err := d.domainTrie.Insert(rule, struct{}{})
 	if err != nil {
 		log.Warnln("invalid domain:[%s]", rule)
@ -48,6 +63,45 @@ func (d *domainStrategy) FinishInsert() {
 	d.domainTrie = nil
 }

+func (d *domainStrategy) FromMrs(r io.Reader, count int) error {
+	domainSet, err := trie.ReadDomainSetBin(r)
+	if err != nil {
+		return err
+	}
+	d.count = count
+	d.domainSet = domainSet
+	return nil
+}
+
+func (d *domainStrategy) WriteMrs(w io.Writer) error {
+	if d.domainSet == nil {
+		return errors.New("nil domainSet")
+	}
+	return d.domainSet.WriteBin(w)
+}
+
+func (d *domainStrategy) DumpMrs(f func(key string) bool) {
+	if d.domainSet != nil {
+		var keys []string
+		d.domainSet.Foreach(func(key string) bool {
+			keys = append(keys, key)
+			return true
+		})
+		slices.Sort(keys)
+
+		for _, key := range keys {
+			if _, ok := slices.BinarySearch(keys, "+."+key); ok {
+				continue // ignore the rules added by trie internal processing
+			}
+			if !f(key) {
+				return
+			}
+		}
+	}
+}
+
+var _ mrsRuleStrategy = (*domainStrategy)(nil)
+
 func NewDomainStrategy() *domainStrategy {
 	return &domainStrategy{}
 }
--- a/rules/provider/ipcidr_strategy.go
+++ b/rules/provider/ipcidr_strategy.go
@ -1,8 +1,13 @@
 package provider

 import (
+	"errors"
+	"io"
+	"net/netip"
+
 	"github.com/metacubex/mihomo/component/cidr"
 	C "github.com/metacubex/mihomo/constant"
+	P "github.com/metacubex/mihomo/constant/provider"
 	"github.com/metacubex/mihomo/log"

 	"go4.org/netipx"
@ -15,6 +20,10 @@ type ipcidrStrategy struct {
 	//trie            *trie.IpCidrTrie
 }

+func (i *ipcidrStrategy) Behavior() P.RuleBehavior {
+	return P.IPCIDR
+}
+
 func (i *ipcidrStrategy) ShouldFindProcess() bool {
 	return false
 }
@ -54,6 +63,34 @@ func (i *ipcidrStrategy) FinishInsert() {
 	i.cidrSet.Merge()
 }

+func (i *ipcidrStrategy) FromMrs(r io.Reader, count int) error {
+	cidrSet, err := cidr.ReadIpCidrSet(r)
+	if err != nil {
+		return err
+	}
+	i.count = count
+	i.cidrSet = cidrSet
+	if i.count > 0 {
+		i.shouldResolveIP = true
+	}
+	return nil
+}
+
+func (i *ipcidrStrategy) WriteMrs(w io.Writer) error {
+	if i.cidrSet == nil {
+		return errors.New("nil cidrSet")
+	}
+	return i.cidrSet.WriteBin(w)
+}
+
+func (i *ipcidrStrategy) DumpMrs(f func(key string) bool) {
+	if i.cidrSet != nil {
+		i.cidrSet.Foreach(func(prefix netip.Prefix) bool {
+			return f(prefix.String())
+		})
+	}
+}
+
 func (i *ipcidrStrategy) ToIpCidr() *netipx.IPSet {
 	return i.cidrSet.ToIPSet()
 }
--- a/rules/provider/mrs_converter.go
+++ b/rules/provider/mrs_converter.go
@ -0,0 +1,120 @@
+package provider
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+
+	P "github.com/metacubex/mihomo/constant/provider"
+
+	"github.com/klauspost/compress/zstd"
+)
+
+func ConvertToMrs(buf []byte, behavior P.RuleBehavior, format P.RuleFormat, w io.Writer) (err error) {
+	strategy := newStrategy(behavior, nil)
+	strategy, err = rulesParse(buf, strategy, format)
+	if err != nil {
+		return err
+	}
+	if strategy.Count() == 0 {
+		return errors.New("empty rule")
+	}
+	if _strategy, ok := strategy.(mrsRuleStrategy); ok {
+		if format == P.MrsRule { // export to TextRule
+			_strategy.DumpMrs(func(key string) bool {
+				_, err = fmt.Fprintln(w, key)
+				if err != nil {
+					return false
+				}
+				return true
+			})
+			return nil
+		}
+
+		var encoder *zstd.Encoder
+		encoder, err = zstd.NewWriter(w)
+		if err != nil {
+			return err
+		}
+		defer func() {
+			zstdErr := encoder.Close()
+			if err == nil {
+				err = zstdErr
+			}
+		}()
+
+		// header
+		_, err = encoder.Write(MrsMagicBytes[:])
+		if err != nil {
+			return err
+		}
+
+		// behavior
+		_behavior := []byte{behavior.Byte()}
+		_, err = encoder.Write(_behavior[:])
+		if err != nil {
+			return err
+		}
+
+		// count
+		count := int64(_strategy.Count())
+		err = binary.Write(encoder, binary.BigEndian, count)
+		if err != nil {
+			return err
+		}
+
+		// extra (reserved for future using)
+		var extra []byte
+		err = binary.Write(encoder, binary.BigEndian, int64(len(extra)))
+		if err != nil {
+			return err
+		}
+		_, err = encoder.Write(extra)
+		if err != nil {
+			return err
+		}
+
+		return _strategy.WriteMrs(encoder)
+	} else {
+		return ErrInvalidFormat
+	}
+}
+
+func ConvertMain(args []string) {
+	if len(args) > 3 {
+		behavior, err := P.ParseBehavior(args[0])
+		if err != nil {
+			panic(err)
+		}
+		format, err := P.ParseRuleFormat(args[1])
+		if err != nil {
+			panic(err)
+		}
+		source := args[2]
+		target := args[3]
+
+		sourceFile, err := os.ReadFile(source)
+		if err != nil {
+			panic(err)
+		}
+
+		targetFile, err := os.OpenFile(target, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
+		if err != nil {
+			panic(err)
+		}
+
+		err = ConvertToMrs(sourceFile, behavior, format, targetFile)
+		if err != nil {
+			panic(err)
+		}
+
+		err = targetFile.Close()
+		if err != nil {
+			panic(err)
+		}
+	} else {
+		panic("Usage: convert-ruleset <behavior> <format> <source file> <target file>")
+	}
+}
--- a/rules/provider/mrs_reader.go
+++ b/rules/provider/mrs_reader.go
@ -0,0 +1,72 @@
+package provider
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/klauspost/compress/zstd"
+)
+
+var MrsMagicBytes = [4]byte{'M', 'R', 'S', 1} // MRSv1
+
+func rulesMrsParse(buf []byte, strategy ruleStrategy) (ruleStrategy, error) {
+	if _strategy, ok := strategy.(mrsRuleStrategy); ok {
+		reader, err := zstd.NewReader(bytes.NewReader(buf))
+		if err != nil {
+			return nil, err
+		}
+		defer reader.Close()
+
+		// header
+		var header [4]byte
+		_, err = io.ReadFull(reader, header[:])
+		if err != nil {
+			return nil, err
+		}
+		if header != MrsMagicBytes {
+			return nil, fmt.Errorf("invalid MrsMagic bytes")
+		}
+
+		// behavior
+		var _behavior [1]byte
+		_, err = io.ReadFull(reader, _behavior[:])
+		if err != nil {
+			return nil, err
+		}
+		if _behavior[0] != strategy.Behavior().Byte() {
+			return nil, fmt.Errorf("invalid behavior")
+		}
+
+		// count
+		var count int64
+		err = binary.Read(reader, binary.BigEndian, &count)
+		if err != nil {
+			return nil, err
+		}
+
+		// extra (reserved for future using)
+		var length int64
+		err = binary.Read(reader, binary.BigEndian, &length)
+		if err != nil {
+			return nil, err
+		}
+		if length < 0 {
+			return nil, errors.New("length is invalid")
+		}
+		if length > 0 {
+			extra := make([]byte, length)
+			_, err = io.ReadFull(reader, extra)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		err = _strategy.FromMrs(reader, int(count))
+		return strategy, err
+	} else {
+		return nil, ErrInvalidFormat
+	}
+}
--- a/rules/provider/parse.go
+++ b/rules/provider/parse.go
@ -32,28 +32,13 @@ func ParseRuleProvider(name string, mapping map[string]interface{}, parse func(t
 	if err := decoder.Decode(mapping, schema); err != nil {
 		return nil, err
 	}
-	var behavior P.RuleBehavior
-
-	switch schema.Behavior {
-	case "domain":
-		behavior = P.Domain
-	case "ipcidr":
-		behavior = P.IPCIDR
-	case "classical":
-		behavior = P.Classical
-	default:
-		return nil, fmt.Errorf("unsupported behavior type: %s", schema.Behavior)
+	behavior, err := P.ParseBehavior(schema.Behavior)
+	if err != nil {
+		return nil, err
 	}
-
-	var format P.RuleFormat
-
-	switch schema.Format {
-	case "", "yaml":
-		format = P.YamlRule
-	case "text":
-		format = P.TextRule
-	default:
-		return nil, fmt.Errorf("unsupported format type: %s", schema.Format)
+	format, err := P.ParseRuleFormat(schema.Format)
+	if err != nil {
+		return nil, err
 	}

 	var vehicle P.Vehicle
--- a/rules/provider/provider.go
+++ b/rules/provider/provider.go
@ -4,16 +4,17 @@ import (
 	"bytes"
 	"encoding/json"
 	"errors"
+	"io"
 	"runtime"
 	"strings"
 	"time"

-	"gopkg.in/yaml.v3"
-
 	"github.com/metacubex/mihomo/common/pool"
 	"github.com/metacubex/mihomo/component/resource"
 	C "github.com/metacubex/mihomo/constant"
 	P "github.com/metacubex/mihomo/constant/provider"
+
+	"gopkg.in/yaml.v3"
 )

 var tunnel P.Tunnel
@ -43,6 +44,7 @@ type RulePayload struct {
 }

 type ruleStrategy interface {
+	Behavior() P.RuleBehavior
 	Match(metadata *C.Metadata) bool
 	Count() int
 	ShouldResolveIP() bool
@ -52,6 +54,13 @@ type ruleStrategy interface {
 	FinishInsert()
 }

+type mrsRuleStrategy interface {
+	ruleStrategy
+	FromMrs(r io.Reader, count int) error
+	WriteMrs(w io.Writer) error
+	DumpMrs(f func(key string) bool)
+}
+
 func (rp *ruleSetProvider) Type() P.ProviderType {
 	return P.Rule
 }
@ -152,9 +161,13 @@ func newStrategy(behavior P.RuleBehavior, parse func(tp, payload, target string,
 }

 var ErrNoPayload = errors.New("file must have a `payload` field")
+var ErrInvalidFormat = errors.New("invalid format")

 func rulesParse(buf []byte, strategy ruleStrategy, format P.RuleFormat) (ruleStrategy, error) {
 	strategy.Reset()
+	if format == P.MrsRule {
+		return rulesMrsParse(buf, strategy)
+	}

 	schema := &RulePayload{}

@ -228,6 +241,8 @@ func rulesParse(buf []byte, strategy ruleStrategy, format P.RuleFormat) (ruleStr
 			if len(schema.Payload) > 0 {
 				str = schema.Payload[0]
 			}
+		default:
+			return nil, ErrInvalidFormat
 		}

 		if str == "" {
--- a/rules/provider/rule_set.go
+++ b/rules/provider/rule_set.go
@ -40,10 +40,7 @@ func (rs *RuleSet) Adapter() string {
 }

 func (rs *RuleSet) Payload() string {
-	if provider, ok := rs.getProvider(); ok {
-		return provider.Name()
-	}
-	return ""
+	return rs.ruleProviderName
 }

 func (rs *RuleSet) ShouldResolveIP() bool {