Routing: fix router select wrong outbound when failed to resolve domain to ip

Config: Outbound proxy config no need to be nested (#5124 )
Like eda8be601f
2025-12-18 21:24:37 +03:00 · 2025-09-12 23:38:43 +03:30 · 2025-09-11 13:48:20 +00:00 · 2025-09-11 13:08:21 +00:00 · 2025-09-11 12:36:22 +00:00 · 2025-09-10 17:30:13 +00:00
43 changed files with 917 additions and 194 deletions
--- a/.github/workflows/release-win7.yml
+++ b/.github/workflows/release-win7.yml
@@ -72,7 +72,7 @@ jobs:
          echo "ASSET_NAME=$_NAME" >> $GITHUB_ENV

      - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
          check-latest: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -37,7 +37,7 @@ jobs:

      - name: Trigger Asset Update Workflow if Assets Missing
        if: steps.check-assets.outputs.missing == 'true'
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -176,7 +176,7 @@ jobs:
          echo "ASSET_NAME=$_NAME" >> $GITHUB_ENV

      - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
          check-latest: true
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -47,7 +47,7 @@ jobs:
      - name: Checkout codebase
        uses: actions/checkout@v5
      - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
          check-latest: true
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@
  - [teddysun/xray](https://hub.docker.com/r/teddysun/xray)
  - [wulabing/xray_docker](https://github.com/wulabing/xray_docker)
 - Web Panel - **WARNING: Please DO NOT USE plain HTTP panels like 3X-UI**, as they are believed to be bribed by Iran GFW for supporting plain HTTP by default and refused to change (https://github.com/XTLS/Xray-core/pull/3884#issuecomment-2439595331), which has already put many users' data security in danger in the past few years. **If you are already using 3X-UI, please switch to the following panels, which are verified to support HTTPS and SSH port forwarding only:**
+  - [X-Panel](https://github.com/xeefei/X-Panel)
  - [Remnawave](https://github.com/remnawave/panel)
  - [Marzban](https://github.com/Gozargah/Marzban)
  - [Xray-UI](https://github.com/qist/xray-ui)
--- a/app/dispatcher/default.go
+++ b/app/dispatcher/default.go
@@ -2,6 +2,7 @@ package dispatcher

 import (
 	"context"
+	go_errors "errors"
 	"regexp"
 	"strings"
 	"sync"
@@ -483,8 +484,17 @@ func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.
 				handler = h
 			} else {
 				errors.LogWarning(ctx, "non existing outTag: ", outTag)
+				common.Close(link.Writer)
+				common.Interrupt(link.Reader)
+				return // DO NOT CHANGE: the traffic shouldn't be processed by default outbound if the specified outbound tag doesn't exist (yet), e.g., VLESS Reverse Proxy
 			}
 		} else {
+			if !go_errors.Is(err, common.ErrNoClue) {
+				errors.LogWarningInner(ctx, err, "get error during route pick ")
+				common.Close(link.Writer)
+				common.Interrupt(link.Reader)
+				return
+			}
 			errors.LogInfo(ctx, "default route for ", destination)
 		}
 	}
--- a/app/proxyman/inbound/worker.go
+++ b/app/proxyman/inbound/worker.go
@@ -2,6 +2,7 @@ package inbound

 import (
 	"context"
+	gonet "net"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -76,7 +77,25 @@ func (w *tcpWorker) callback(conn stat.Connection) {
 		case internet.SocketConfig_TProxy:
 			dest = net.DestinationFromAddr(conn.LocalAddr())
 		}
+
 		if dest.IsValid() {
+			// Check if try to connect to this inbound itself (can cause loopback)
+			var isLoopBack bool
+			if w.address == net.AnyIP || w.address == net.AnyIPv6 {
+				if dest.Port.Value() == w.port.Value() && IsLocal(dest.Address.IP()) {
+					isLoopBack = true
+				}
+			} else {
+				if w.hub.Addr().String() == dest.NetAddr() {
+					isLoopBack = true
+				}
+			}
+			if isLoopBack {
+				cancel()
+				conn.Close()
+				errors.LogError(ctx, errors.New("loopback connection detected"))
+				return
+			}
 			outbounds[0].Target = dest
 		}
 	}
@@ -544,3 +563,18 @@ func (w *dsWorker) Close() error {

 	return nil
 }
+
+func IsLocal(ip net.IP) bool {
+	addrs, err := gonet.InterfaceAddrs()
+	if err != nil {
+		return false
+	}
+	for _, addr := range addrs {
+		if ipnet, ok := addr.(*gonet.IPNet); ok {
+			if ipnet.IP.Equal(ip) {
+				return true
+			}
+		}
+	}
+	return false
+}
--- a/app/proxyman/outbound/handler.go
+++ b/app/proxyman/outbound/handler.go
@@ -108,6 +108,8 @@ func NewHandler(ctx context.Context, config *core.OutboundHandlerConfig) (outbou
 	}
 	h.proxyConfig = proxyConfig

+	ctx = session.ContextWithHandler(ctx, h)
+
 	rawProxyHandler, err := common.CreateObject(ctx, proxyConfig)
 	if err != nil {
 		return nil, err
--- a/app/reverse/bridge.go
+++ b/app/reverse/bridge.go
@@ -9,6 +9,7 @@ import (
 	"github.com/xtls/xray-core/common/mux"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/session"
+	"github.com/xtls/xray-core/common/signal"
 	"github.com/xtls/xray-core/common/task"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/transport"
@@ -53,6 +54,11 @@ func (b *Bridge) cleanup() {
 		if w.IsActive() {
 			activeWorkers = append(activeWorkers, w)
 		}
+		if w.Closed() {
+			if w.Timer != nil {
+				w.Timer.SetTimeout(0)
+			}
+		}
 	}

 	if len(activeWorkers) != len(b.workers) {
@@ -94,10 +100,11 @@ func (b *Bridge) Close() error {
 }

 type BridgeWorker struct {
-	tag        string
-	worker     *mux.ServerWorker
-	dispatcher routing.Dispatcher
-	state      Control_State
+	Tag        string
+	Worker     *mux.ServerWorker
+	Dispatcher routing.Dispatcher
+	State      Control_State
+	Timer      *signal.ActivityTimer
 }

 func NewBridgeWorker(domain string, tag string, d routing.Dispatcher) (*BridgeWorker, error) {
@@ -115,16 +122,20 @@ func NewBridgeWorker(domain string, tag string, d routing.Dispatcher) (*BridgeWo
 	}

 	w := &BridgeWorker{
-		dispatcher: d,
-		tag:        tag,
+		Dispatcher: d,
+		Tag:        tag,
 	}

 	worker, err := mux.NewServerWorker(context.Background(), w, link)
 	if err != nil {
 		return nil, err
 	}
-	w.worker = worker
+	w.Worker = worker

+	terminate := func() {
+		worker.Close()
+	}
+	w.Timer = signal.CancelAfterInactivity(ctx, terminate, 60*time.Second)
 	return w, nil
 }

@@ -141,48 +152,63 @@ func (w *BridgeWorker) Close() error {
 }

 func (w *BridgeWorker) IsActive() bool {
-	return w.state == Control_ACTIVE && !w.worker.Closed()
+	return w.State == Control_ACTIVE && !w.Worker.Closed()
+}
+
+func (w *BridgeWorker) Closed() bool {
+	return w.Worker.Closed()
 }

 func (w *BridgeWorker) Connections() uint32 {
-	return w.worker.ActiveConnections()
+	return w.Worker.ActiveConnections()
 }

 func (w *BridgeWorker) handleInternalConn(link *transport.Link) {
-	go func() {
-		reader := link.Reader
-		for {
-			mb, err := reader.ReadMultiBuffer()
-			if err != nil {
-				break
+	reader := link.Reader
+	for {
+		mb, err := reader.ReadMultiBuffer()
+		if err != nil {
+			if w.Timer != nil {
+				if w.Closed() {
+					w.Timer.SetTimeout(0)
+				} else {
+					w.Timer.SetTimeout(24 * time.Hour)
+				}
 			}
-			for _, b := range mb {
-				var ctl Control
-				if err := proto.Unmarshal(b.Bytes(), &ctl); err != nil {
-					errors.LogInfoInner(context.Background(), err, "failed to parse proto message")
-					break
-				}
-				if ctl.State != w.state {
-					w.state = ctl.State
+			return
+		}
+		if w.Timer != nil {
+			w.Timer.Update()
+		}
+		for _, b := range mb {
+			var ctl Control
+			if err := proto.Unmarshal(b.Bytes(), &ctl); err != nil {
+				errors.LogInfoInner(context.Background(), err, "failed to parse proto message")
+				if w.Timer != nil {
+					w.Timer.SetTimeout(0)
 				}
+				return
+			}
+			if ctl.State != w.State {
+				w.State = ctl.State
 			}
 		}
-	}()
+	}
 }

 func (w *BridgeWorker) Dispatch(ctx context.Context, dest net.Destination) (*transport.Link, error) {
 	if !isInternalDomain(dest) {
 		ctx = session.ContextWithInbound(ctx, &session.Inbound{
-			Tag: w.tag,
+			Tag: w.Tag,
 		})
-		return w.dispatcher.Dispatch(ctx, dest)
+		return w.Dispatcher.Dispatch(ctx, dest)
 	}

 	opt := []pipe.Option{pipe.WithSizeLimit(16 * 1024)}
 	uplinkReader, uplinkWriter := pipe.New(opt...)
 	downlinkReader, downlinkWriter := pipe.New(opt...)

-	w.handleInternalConn(&transport.Link{
+	go w.handleInternalConn(&transport.Link{
 		Reader: downlinkReader,
 		Writer: uplinkWriter,
 	})
@@ -196,12 +222,12 @@ func (w *BridgeWorker) Dispatch(ctx context.Context, dest net.Destination) (*tra
 func (w *BridgeWorker) DispatchLink(ctx context.Context, dest net.Destination, link *transport.Link) error {
 	if !isInternalDomain(dest) {
 		ctx = session.ContextWithInbound(ctx, &session.Inbound{
-			Tag: w.tag,
+			Tag: w.Tag,
 		})
-		return w.dispatcher.DispatchLink(ctx, dest, link)
+		return w.Dispatcher.DispatchLink(ctx, dest, link)
 	}

-	link = w.dispatcher.(*dispatcher.DefaultDispatcher).WrapLink(ctx, link)
+	link = w.Dispatcher.(*dispatcher.DefaultDispatcher).WrapLink(ctx, link)
 	w.handleInternalConn(link)

 	return nil
--- a/app/reverse/portal.go
+++ b/app/reverse/portal.go
@@ -12,6 +12,7 @@ import (
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/serial"
 	"github.com/xtls/xray-core/common/session"
+	"github.com/xtls/xray-core/common/signal"
 	"github.com/xtls/xray-core/common/task"
 	"github.com/xtls/xray-core/features/outbound"
 	"github.com/xtls/xray-core/transport"
@@ -82,9 +83,21 @@ func (p *Portal) HandleConnection(ctx context.Context, link *transport.Link) err
 		}

 		p.picker.AddWorker(worker)
+
+		if _, ok := link.Reader.(*pipe.Reader); !ok {
+			select {
+			case <-ctx.Done():
+			case <-muxClient.WaitClosed():
+			}
+		}
 		return nil
 	}

+	if ob.Target.Network == net.Network_UDP && ob.OriginalTarget.Address != nil && ob.OriginalTarget.Address != ob.Target.Address {
+		link.Reader = &buf.EndpointOverrideReader{Reader: link.Reader, Dest: ob.Target.Address, OriginalDest: ob.OriginalTarget.Address}
+		link.Writer = &buf.EndpointOverrideWriter{Writer: link.Writer, Dest: ob.Target.Address, OriginalDest: ob.OriginalTarget.Address}
+	}
+
 	return p.client.Dispatch(ctx, link)
 }

@@ -101,6 +114,7 @@ func (o *Outbound) Dispatch(ctx context.Context, link *transport.Link) {
 	if err := o.portal.HandleConnection(ctx, link); err != nil {
 		errors.LogInfoInner(ctx, err, "failed to process reverse connection")
 		common.Interrupt(link.Writer)
+		common.Interrupt(link.Reader)
 	}
 }

@@ -146,6 +160,8 @@ func (p *StaticMuxPicker) cleanup() error {
 	for _, w := range p.workers {
 		if !w.Closed() {
 			activeWorkers = append(activeWorkers, w)
+		} else {
+			w.timer.SetTimeout(0)
 		}
 	}

@@ -212,6 +228,7 @@ type PortalWorker struct {
 	reader   buf.Reader
 	draining bool
 	counter  uint32
+	timer    *signal.ActivityTimer
 }

 func NewPortalWorker(client *mux.ClientWorker) (*PortalWorker, error) {
@@ -231,10 +248,14 @@ func NewPortalWorker(client *mux.ClientWorker) (*PortalWorker, error) {
 	if !f {
 		return nil, errors.New("unable to dispatch control connection")
 	}
+	terminate := func() {
+		client.Close()
+	}
 	w := &PortalWorker{
 		client: client,
 		reader: downlinkReader,
 		writer: uplinkWriter,
+		timer:  signal.CancelAfterInactivity(ctx, terminate, 24*time.Hour), // // prevent leak
 	}
 	w.control = &task.Periodic{
 		Execute:  w.heartbeat,
@@ -261,7 +282,6 @@ func (w *PortalWorker) heartbeat() error {
 		msg.State = Control_DRAIN

 		defer func() {
-			w.client.GetTimer().Reset(time.Second * 16)
 			common.Close(w.writer)
 			common.Interrupt(w.reader)
 			w.writer = nil
@@ -273,6 +293,7 @@ func (w *PortalWorker) heartbeat() error {
 		b, err := proto.Marshal(msg)
 		common.Must(err)
 		mb := buf.MergeBytes(nil, b)
+		w.timer.Update()
 		return w.writer.WriteMultiBuffer(mb)
 	}
 	return nil
--- a/app/reverse/reverse.go
+++ b/app/reverse/reverse.go
@@ -12,7 +12,7 @@ import (
 )

 const (
-	internalDomain = "reverse.internal.v2fly.org" // make reverse proxy compatible with v2fly
+	internalDomain = "reverse"
 )

 func isDomain(dest net.Destination, domain string) bool {
--- a/app/router/command/config.go
+++ b/app/router/command/config.go
@@ -51,6 +51,10 @@ func (c routingContext) GetSkipDNSResolve() bool {
 	return false
 }

+func (c routingContext) GetError() error {
+	return nil
+}
+
 // AsRoutingContext converts a protobuf RoutingContext into an implementation of routing.Context.
 func AsRoutingContext(r *RoutingContext) routing.Context {
 	return routingContext{r}
--- a/app/router/router.go
+++ b/app/router/router.go
@@ -195,6 +195,9 @@ func (r *Router) pickRouteInternal(ctx routing.Context) (*Rule, routing.Context,
 		if rule.Apply(ctx) {
 			return rule, ctx, nil
 		}
+		if err := ctx.GetError(); err != nil {
+			return nil, ctx, err
+		}
 	}

 	if r.domainStrategy != Config_IpIfNonMatch || len(ctx.GetTargetDomain()) == 0 || skipDNSResolve {
@@ -208,6 +211,9 @@ func (r *Router) pickRouteInternal(ctx routing.Context) (*Rule, routing.Context,
 		if rule.Apply(ctx) {
 			return rule, ctx, nil
 		}
+		if err := ctx.GetError(); err != nil {
+			return nil, ctx, err
+		}
 	}

 	return nil, ctx, common.ErrNoClue
--- a/common/mux/client.go
+++ b/common/mux/client.go
@@ -215,14 +215,20 @@ func (m *ClientWorker) Closed() bool {
 	return m.done.Done()
 }

-func (m *ClientWorker) GetTimer() *time.Ticker {
-	return m.timer
+func (m *ClientWorker) WaitClosed() <-chan struct{} {
+	return m.done.Wait()
+}
+
+func (m *ClientWorker) Close() error {
+	return m.done.Close()
 }

 func (m *ClientWorker) monitor() {
 	defer m.timer.Stop()

 	for {
+		checkSize := m.sessionManager.Size()
+		checkCount := m.sessionManager.Count()
 		select {
 		case <-m.done.Wait():
 			m.sessionManager.Close()
@@ -230,8 +236,7 @@ func (m *ClientWorker) monitor() {
 			common.Interrupt(m.link.Reader)
 			return
 		case <-m.timer.C:
-			size := m.sessionManager.Size()
-			if size == 0 && m.sessionManager.CloseIfNoSession() {
+			if m.sessionManager.CloseIfNoSessionAndIdle(checkSize, checkCount) {
 				common.Must(m.done.Close())
 			}
 		}
@@ -251,7 +256,7 @@ func writeFirstPayload(reader buf.Reader, writer *Writer) error {
 	return nil
 }

-func fetchInput(ctx context.Context, s *Session, output buf.Writer, timer *time.Ticker) {
+func fetchInput(ctx context.Context, s *Session, output buf.Writer) {
 	outbounds := session.OutboundsFromContext(ctx)
 	ob := outbounds[len(outbounds)-1]
 	transferType := protocol.TransferTypeStream
@@ -262,7 +267,6 @@ func fetchInput(ctx context.Context, s *Session, output buf.Writer, timer *time.
 	writer := NewWriter(s.ID, ob.Target, output, transferType, xudp.GetGlobalID(ctx))
 	defer s.Close(false)
 	defer writer.Close()
-	defer timer.Reset(time.Second * 16)

 	errors.LogInfo(ctx, "dispatching request to ", ob.Target)
 	if err := writeFirstPayload(s.input, writer); err != nil {
@@ -312,10 +316,12 @@ func (m *ClientWorker) Dispatch(ctx context.Context, link *transport.Link) bool
 	}
 	s.input = link.Reader
 	s.output = link.Writer
-	if _, ok := link.Reader.(*pipe.Reader); ok {
-		go fetchInput(ctx, s, m.link.Writer, m.timer)
-	} else {
-		fetchInput(ctx, s, m.link.Writer, m.timer)
+	go fetchInput(ctx, s, m.link.Writer)
+	if _, ok := link.Reader.(*pipe.Reader); !ok {
+		select {
+		case <-ctx.Done():
+		case <-s.done.Wait():
+		}
 	}
 	return true
 }
--- a/common/mux/server.go
+++ b/common/mux/server.go
@@ -3,6 +3,7 @@ package mux
 import (
 	"context"
 	"io"
+	"time"

 	"github.com/xtls/xray-core/app/dispatcher"
 	"github.com/xtls/xray-core/common"
@@ -12,6 +13,7 @@ import (
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol"
 	"github.com/xtls/xray-core/common/session"
+	"github.com/xtls/xray-core/common/signal/done"
 	"github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/transport"
@@ -63,8 +65,15 @@ func (s *Server) DispatchLink(ctx context.Context, dest net.Destination, link *t
 		return s.dispatcher.DispatchLink(ctx, dest, link)
 	}
 	link = s.dispatcher.(*dispatcher.DefaultDispatcher).WrapLink(ctx, link)
-	_, err := NewServerWorker(ctx, s.dispatcher, link)
-	return err
+	worker, err := NewServerWorker(ctx, s.dispatcher, link)
+	if err != nil {
+		return err
+	}
+	select {
+	case <-ctx.Done():
+	case <-worker.done.Wait():
+	}
+	return nil
 }

 // Start implements common.Runnable.
@@ -81,6 +90,8 @@ type ServerWorker struct {
 	dispatcher     routing.Dispatcher
 	link           *transport.Link
 	sessionManager *SessionManager
+	done           *done.Instance
+	timer          *time.Ticker
 }

 func NewServerWorker(ctx context.Context, d routing.Dispatcher, link *transport.Link) (*ServerWorker, error) {
@@ -88,15 +99,14 @@ func NewServerWorker(ctx context.Context, d routing.Dispatcher, link *transport.
 		dispatcher:     d,
 		link:           link,
 		sessionManager: NewSessionManager(),
+		done:           done.New(),
+		timer:          time.NewTicker(60 * time.Second),
 	}
 	if inbound := session.InboundFromContext(ctx); inbound != nil {
 		inbound.CanSpliceCopy = 3
 	}
-	if _, ok := link.Reader.(*pipe.Reader); ok {
-		go worker.run(ctx)
-	} else {
-		worker.run(ctx)
-	}
+	go worker.run(ctx)
+	go worker.monitor()
 	return worker, nil
 }

@@ -111,12 +121,40 @@ func handle(ctx context.Context, s *Session, output buf.Writer) {
 	s.Close(false)
 }

+func (w *ServerWorker) monitor() {
+	defer w.timer.Stop()
+
+	for {
+		checkSize := w.sessionManager.Size()
+		checkCount := w.sessionManager.Count()
+		select {
+		case <-w.done.Wait():
+			w.sessionManager.Close()
+			common.Interrupt(w.link.Writer)
+			common.Interrupt(w.link.Reader)
+			return
+		case <-w.timer.C:
+			if w.sessionManager.CloseIfNoSessionAndIdle(checkSize, checkCount) {
+				common.Must(w.done.Close())
+			}
+		}
+	}
+}
+
 func (w *ServerWorker) ActiveConnections() uint32 {
 	return uint32(w.sessionManager.Size())
 }

 func (w *ServerWorker) Closed() bool {
-	return w.sessionManager.Closed()
+	return w.done.Done()
+}
+
+func (w *ServerWorker) WaitClosed() <-chan struct{} {
+	return w.done.Wait()
+}
+
+func (w *ServerWorker) Close() error {
+	return w.done.Close()
 }

 func (w *ServerWorker) handleStatusKeepAlive(meta *FrameMetadata, reader *buf.BufferedReader) error {
@@ -317,11 +355,11 @@ func (w *ServerWorker) handleFrame(ctx context.Context, reader *buf.BufferedRead
 }

 func (w *ServerWorker) run(ctx context.Context) {
-	reader := &buf.BufferedReader{Reader: w.link.Reader}
+	defer func() {
+		common.Must(w.done.Close())
+	}()

-	defer w.sessionManager.Close()
-	defer common.Interrupt(w.link.Reader)
-	defer common.Interrupt(w.link.Writer)
+	reader := &buf.BufferedReader{Reader: w.link.Reader}

 	for {
 		select {
--- a/common/mux/session.go
+++ b/common/mux/session.go
@@ -12,6 +12,7 @@ import (
 	"github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol"
+	"github.com/xtls/xray-core/common/signal/done"
 	"github.com/xtls/xray-core/transport/pipe"
 )

@@ -53,7 +54,7 @@ func (m *SessionManager) Count() int {
 func (m *SessionManager) Allocate(Strategy *ClientStrategy) *Session {
 	m.Lock()
 	defer m.Unlock()
-	
+
 	MaxConcurrency := int(Strategy.MaxConcurrency)
 	MaxConnection := uint16(Strategy.MaxConnection)

@@ -65,6 +66,7 @@ func (m *SessionManager) Allocate(Strategy *ClientStrategy) *Session {
 	s := &Session{
 		ID:     m.count,
 		parent: m,
+		done:   done.New(),
 	}
 	m.sessions[s.ID] = s
 	return s
@@ -115,7 +117,7 @@ func (m *SessionManager) Get(id uint16) (*Session, bool) {
 	return s, found
 }

-func (m *SessionManager) CloseIfNoSession() bool {
+func (m *SessionManager) CloseIfNoSessionAndIdle(checkSize int, checkCount int) bool {
 	m.Lock()
 	defer m.Unlock()

@@ -123,11 +125,13 @@ func (m *SessionManager) CloseIfNoSession() bool {
 		return true
 	}

-	if len(m.sessions) != 0 {
+	if len(m.sessions) != 0 || checkSize != 0 || checkCount != int(m.count) {
 		return false
 	}

 	m.closed = true
+
+	m.sessions = nil
 	return true
 }

@@ -157,6 +161,7 @@ type Session struct {
 	ID           uint16
 	transferType protocol.TransferType
 	closed       bool
+	done         *done.Instance
 	XUDP         *XUDP
 }

@@ -171,6 +176,9 @@ func (s *Session) Close(locked bool) error {
 		return nil
 	}
 	s.closed = true
+	if s.done != nil {
+		s.done.Close()
+	}
 	if s.XUDP == nil {
 		common.Interrupt(s.input)
 		common.Close(s.output)
--- a/common/mux/session_test.go
+++ b/common/mux/session_test.go
@@ -41,11 +41,11 @@ func TestSessionManagerClose(t *testing.T) {
 	m := NewSessionManager()
 	s := m.Allocate(&ClientStrategy{})

-	if m.CloseIfNoSession() {
+	if m.CloseIfNoSessionAndIdle(m.Size(), m.Count()) {
 		t.Error("able to close")
 	}
 	m.Remove(false, s.ID)
-	if !m.CloseIfNoSession() {
+	if !m.CloseIfNoSessionAndIdle(m.Size(), m.Count()) {
 		t.Error("not able to close")
 	}
 }
--- a/common/protocol/headers.go
+++ b/common/protocol/headers.go
@@ -16,11 +16,12 @@ const (
 	RequestCommandTCP = RequestCommand(0x01)
 	RequestCommandUDP = RequestCommand(0x02)
 	RequestCommandMux = RequestCommand(0x03)
+	RequestCommandRvs = RequestCommand(0x04)
 )

 func (c RequestCommand) TransferType() TransferType {
 	switch c {
-	case RequestCommandTCP, RequestCommandMux:
+	case RequestCommandTCP, RequestCommandMux, RequestCommandRvs:
 		return TransferTypeStream
 	case RequestCommandUDP:
 		return TransferTypePacket
--- a/common/session/context.go
+++ b/common/session/context.go
@@ -6,6 +6,7 @@ import (

 	"github.com/xtls/xray-core/common/ctx"
 	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/features/outbound"
 	"github.com/xtls/xray-core/features/routing"
 )

@@ -16,13 +17,13 @@ const (
 	inboundSessionKey         ctx.SessionKey = 1
 	outboundSessionKey        ctx.SessionKey = 2
 	contentSessionKey         ctx.SessionKey = 3
-	muxPreferredSessionKey    ctx.SessionKey = 4 // unused
-	sockoptSessionKey         ctx.SessionKey = 5 // used by dokodemo to only receive sockopt.Mark
-	trackedConnectionErrorKey ctx.SessionKey = 6 // used by observer to get outbound error
-	dispatcherKey             ctx.SessionKey = 7 // used by ss2022 inbounds to get dispatcher
-	timeoutOnlyKey            ctx.SessionKey = 8 // mux context's child contexts to only cancel when its own traffic times out
-	allowedNetworkKey         ctx.SessionKey = 9 // muxcool server control incoming request tcp/udp
-	handlerSessionKey         ctx.SessionKey = 10 // unused
+	muxPreferredSessionKey    ctx.SessionKey = 4  // unused
+	sockoptSessionKey         ctx.SessionKey = 5  // used by dokodemo to only receive sockopt.Mark
+	trackedConnectionErrorKey ctx.SessionKey = 6  // used by observer to get outbound error
+	dispatcherKey             ctx.SessionKey = 7  // used by ss2022 inbounds to get dispatcher
+	timeoutOnlyKey            ctx.SessionKey = 8  // mux context's child contexts to only cancel when its own traffic times out
+	allowedNetworkKey         ctx.SessionKey = 9  // muxcool server control incoming request tcp/udp
+	handlerSessionKey         ctx.SessionKey = 10 // outbound gets full handler
 	mitmAlpn11Key             ctx.SessionKey = 11 // used by TLS dialer
 	mitmServerNameKey         ctx.SessionKey = 12 // used by TLS dialer
 )
@@ -163,6 +164,17 @@ func AllowedNetworkFromContext(ctx context.Context) net.Network {
 	return net.Network_Unknown
 }

+func ContextWithHandler(ctx context.Context, handler outbound.Handler) context.Context {
+	return context.WithValue(ctx, handlerSessionKey, handler)
+}
+
+func HandlerFromContext(ctx context.Context) outbound.Handler {
+	if val, ok := ctx.Value(handlerSessionKey).(outbound.Handler); ok {
+		return val
+	}
+	return nil
+}
+
 func ContextWithMitmAlpn11(ctx context.Context, alpn11 bool) context.Context {
 	return context.WithValue(ctx, mitmAlpn11Key, alpn11)
 }
--- a/core/core.go
+++ b/core/core.go
@@ -19,7 +19,7 @@ import (
 var (
 	Version_x byte = 25
 	Version_y byte = 9
-	Version_z byte = 5
+	Version_z byte = 11
 )

 var (
--- a/features/routing/context.go
+++ b/features/routing/context.go
@@ -49,4 +49,7 @@ type Context interface {

 	// GetSkipDNSResolve returns a flag switch for weather skip dns resolve during route pick.
 	GetSkipDNSResolve() bool
+
+	// GetError returns errors during route pick, e.g., built-in-dns fail to resolve domain to IP
+	GetError() error
 }
--- a/features/routing/dns/context.go
+++ b/features/routing/dns/context.go
@@ -1,8 +1,6 @@
 package dns

 import (
-	"context"
-
 	"github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/features/dns"
@@ -14,6 +12,7 @@ type ResolvableContext struct {
 	routing.Context
 	dnsClient   dns.Client
 	resolvedIPs []net.IP
+	lookupError error
 }

 // GetTargetIPs overrides original routing.Context's implementation.
@@ -22,6 +21,10 @@ func (ctx *ResolvableContext) GetTargetIPs() []net.IP {
 		return ctx.resolvedIPs
 	}

+	if ips := ctx.Context.GetTargetIPs(); len(ips) != 0 {
+		return ips
+	}
+
 	if domain := ctx.GetTargetDomain(); len(domain) != 0 {
 		ips, _, err := ctx.dnsClient.LookupIP(domain, dns.IPOption{
 			IPv4Enable: true,
@@ -32,16 +35,17 @@ func (ctx *ResolvableContext) GetTargetIPs() []net.IP {
 			ctx.resolvedIPs = ips
 			return ips
 		}
-		errors.LogInfoInner(context.Background(), err, "resolve ip for ", domain)
-	}
-
-	if ips := ctx.Context.GetTargetIPs(); len(ips) != 0 {
-		return ips
+		ctx.lookupError = errors.New("resolve ip for ", domain).Base(err)
 	}

 	return nil
 }

+// GetError override original routing.Context's implementation.
+func (ctx *ResolvableContext) GetError() error {
+	return ctx.lookupError
+}
+
 // ContextWithDNSClient creates a new routing context with domain resolving capability.
 // Resolved domain IPs can be retrieved by GetTargetIPs().
 func ContextWithDNSClient(ctx routing.Context, client dns.Client) routing.Context {
--- a/features/routing/session/context.go
+++ b/features/routing/session/context.go
@@ -152,6 +152,11 @@ func (ctx *Context) GetSkipDNSResolve() bool {
 	return ctx.Content.SkipDNSResolve
 }

+// GetError implements routing.Context.
+func (ctx *Context) GetError() error {
+	return nil
+}
+
 // AsRoutingContext creates a context from context.context with session info.
 func AsRoutingContext(ctx context.Context) routing.Context {
 	outbounds := session.OutboundsFromContext(ctx)
--- a/go.mod
+++ b/go.mod
@@ -19,15 +19,15 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e
 	github.com/vishvananda/netlink v1.3.1
-	github.com/xtls/reality v0.0.0-20250828044527-046fad5ab64f
+	github.com/xtls/reality v0.0.0-20250904214705-431b6ff8c67c
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
-	golang.org/x/crypto v0.41.0
-	golang.org/x/net v0.43.0
-	golang.org/x/sync v0.16.0
-	golang.org/x/sys v0.35.0
+	golang.org/x/crypto v0.42.0
+	golang.org/x/net v0.44.0
+	golang.org/x/sync v0.17.0
+	golang.org/x/sys v0.36.0
 	golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173
-	google.golang.org/grpc v1.75.0
-	google.golang.org/protobuf v1.36.8
+	google.golang.org/grpc v1.75.1
+	google.golang.org/protobuf v1.36.9
 	gvisor.dev/gvisor v0.0.0-20250428193742-2d800c3129d5
 	h12.io/socks v1.0.3
 	lukechampine.com/blake3 v1.4.1
@@ -47,10 +47,10 @@ require (
 	github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
 	github.com/vishvananda/netns v0.0.5 // indirect
 	go.uber.org/mock v0.5.0 // indirect
-	golang.org/x/mod v0.26.0 // indirect
-	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/mod v0.27.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
-	golang.org/x/tools v0.35.0 // indirect
+	golang.org/x/tools v0.36.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -75,8 +75,8 @@ github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW
 github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4=
 github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
 github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
-github.com/xtls/reality v0.0.0-20250828044527-046fad5ab64f h1:o1Kryl9qEYYzNep9RId9DM1kBn8tBrcK5UJnti/l0NI=
-github.com/xtls/reality v0.0.0-20250828044527-046fad5ab64f/go.mod h1:XxvnCCgBee4WWE0bc4E+a7wbk8gkJ/rS0vNVNtC5qp0=
+github.com/xtls/reality v0.0.0-20250904214705-431b6ff8c67c h1:LHLhQY3mKXSpTcQAkjFR4/6ar3rXjQryNeM7khK3AHU=
+github.com/xtls/reality v0.0.0-20250904214705-431b6ff8c67c/go.mod h1:XxvnCCgBee4WWE0bc4E+a7wbk8gkJ/rS0vNVNtC5qp0=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
@@ -96,20 +96,20 @@ go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBs
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
-golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
 golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
-golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
+golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
+golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -117,21 +117,21 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
-golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
 golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
 golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
-golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
-golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
+golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
+golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -143,10 +143,10 @@ gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
-google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4=
-google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ=
-google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc=
-google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
+google.golang.org/grpc v1.75.1 h1:/ODCNEuf9VghjgO3rqLcfg8fiOP0nSluljWFlDxELLI=
+google.golang.org/grpc v1.75.1/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ=
+google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
+google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
--- a/infra/conf/http.go
+++ b/infra/conf/http.go
@@ -51,12 +51,27 @@ type HTTPRemoteConfig struct {
 }

 type HTTPClientConfig struct {
-	Servers []*HTTPRemoteConfig `json:"servers"`
-	Headers map[string]string   `json:"headers"`
+	Address  *Address          	 `json:"address"`
+	Port     uint16            	 `json:"port"`
+	Level    uint32              `json:"level"`
+	Email    string              `json:"email"`
+	Username string              `json:"user"`
+	Password string              `json:"pass"`
+	Servers  []*HTTPRemoteConfig `json:"servers"`
+	Headers  map[string]string   `json:"headers"`
 }

 func (v *HTTPClientConfig) Build() (proto.Message, error) {
 	config := new(http.ClientConfig)
+	if v.Address != nil {
+		v.Servers = []*HTTPRemoteConfig{
+			{
+				Address: v.Address,
+				Port:    v.Port,
+				Users:   []json.RawMessage{{}},
+			},
+		}
+	}
 	config.Server = make([]*protocol.ServerEndpoint, len(v.Servers))
 	for idx, serverConfig := range v.Servers {
 		server := &protocol.ServerEndpoint{
@@ -65,12 +80,22 @@ func (v *HTTPClientConfig) Build() (proto.Message, error) {
 		}
 		for _, rawUser := range serverConfig.Users {
 			user := new(protocol.User)
-			if err := json.Unmarshal(rawUser, user); err != nil {
-				return nil, errors.New("failed to parse HTTP user").Base(err).AtError()
+			if v.Address != nil {
+				user.Level = v.Level
+				user.Email = v.Email
+			} else {
+				if err := json.Unmarshal(rawUser, user); err != nil {
+					return nil, errors.New("failed to parse HTTP user").Base(err).AtError()
+				}
 			}
 			account := new(HTTPAccount)
-			if err := json.Unmarshal(rawUser, account); err != nil {
-				return nil, errors.New("failed to parse HTTP account").Base(err).AtError()
+			if v.Address != nil {
+				account.Username = v.Username
+				account.Password = v.Password
+			} else {
+				if err := json.Unmarshal(rawUser, account); err != nil {
+					return nil, errors.New("failed to parse HTTP account").Base(err).AtError()
+				}
 			}
 			user.Account = serial.ToTypedMessage(account.Build())
 			server.User = append(server.User, user)
--- a/infra/conf/shadowsocks.go
+++ b/infra/conf/shadowsocks.go
@@ -162,20 +162,44 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) {
 type ShadowsocksServerTarget struct {
 	Address    *Address `json:"address"`
 	Port       uint16   `json:"port"`
+	Level      byte     `json:"level"`
+	Email      string   `json:"email"`
 	Cipher     string   `json:"method"`
 	Password   string   `json:"password"`
-	Email      string   `json:"email"`
-	Level      byte     `json:"level"`
 	IVCheck    bool     `json:"ivCheck"`
 	UoT        bool     `json:"uot"`
 	UoTVersion int      `json:"uotVersion"`
 }

 type ShadowsocksClientConfig struct {
+	Address    *Address `json:"address"`
+	Port       uint16   `json:"port"`
+	Level      byte     `json:"level"`
+	Email      string   `json:"email"`
+	Cipher     string   `json:"method"`
+	Password   string   `json:"password"`
+	IVCheck    bool     `json:"ivCheck"`
+	UoT        bool     `json:"uot"`
+	UoTVersion int      `json:"uotVersion"`
 	Servers []*ShadowsocksServerTarget `json:"servers"`
 }

 func (v *ShadowsocksClientConfig) Build() (proto.Message, error) {
+	if v.Address != nil {
+		v.Servers = []*ShadowsocksServerTarget{
+			{
+				Address:    v.Address,
+				Port:       v.Port,
+				Level:      v.Level,
+				Email:      v.Email,
+				Cipher:     v.Cipher,
+				Password:   v.Password,
+				IVCheck:    v.IVCheck,
+				UoT:        v.UoT,
+				UoTVersion: v.UoTVersion,
+			},
+		}
+	}
 	if len(v.Servers) == 0 {
 		return nil, errors.New("0 Shadowsocks server configured.")
 	}
--- a/infra/conf/socks.go
+++ b/infra/conf/socks.go
@@ -70,11 +70,26 @@ type SocksRemoteConfig struct {
 }

 type SocksClientConfig struct {
-	Servers []*SocksRemoteConfig `json:"servers"`
+	Address  *Address             `json:"address"`
+	Port     uint16               `json:"port"`
+	Level    uint32               `json:"level"`
+	Email    string               `json:"email"`
+	Username string               `json:"user"`
+	Password string               `json:"pass"`
+	Servers  []*SocksRemoteConfig `json:"servers"`
 }

 func (v *SocksClientConfig) Build() (proto.Message, error) {
 	config := new(socks.ClientConfig)
+	if v.Address != nil {
+		v.Servers = []*SocksRemoteConfig{
+			{
+				Address: v.Address,
+				Port:    v.Port,
+				Users:   []json.RawMessage{{}},
+			},
+		}
+	}
 	config.Server = make([]*protocol.ServerEndpoint, len(v.Servers))
 	for idx, serverConfig := range v.Servers {
 		server := &protocol.ServerEndpoint{
@@ -83,12 +98,22 @@ func (v *SocksClientConfig) Build() (proto.Message, error) {
 		}
 		for _, rawUser := range serverConfig.Users {
 			user := new(protocol.User)
-			if err := json.Unmarshal(rawUser, user); err != nil {
-				return nil, errors.New("failed to parse Socks user").Base(err).AtError()
+			if v.Address != nil {
+				user.Level = v.Level
+				user.Email = v.Email
+			} else {
+				if err := json.Unmarshal(rawUser, user); err != nil {
+					return nil, errors.New("failed to parse Socks user").Base(err).AtError()
+				}
 			}
 			account := new(SocksAccount)
-			if err := json.Unmarshal(rawUser, account); err != nil {
-				return nil, errors.New("failed to parse socks account").Base(err).AtError()
+			if v.Address != nil {
+				account.Username = v.Username
+				account.Password = v.Password
+			} else {
+				if err := json.Unmarshal(rawUser, account); err != nil {
+					return nil, errors.New("failed to parse socks account").Base(err).AtError()
+				}
 			}
 			user.Account = serial.ToTypedMessage(account.Build())
 			server.User = append(server.User, user)
--- a/infra/conf/socks_test.go
+++ b/infra/conf/socks_test.go
@@ -86,5 +86,36 @@ func TestSocksOutboundConfig(t *testing.T) {
 				},
 			},
 		},
+		{
+			Input: `{
+				"address": "127.0.0.1",
+				"port": 1234,
+				"user": "test user",
+				"pass": "test pass",
+				"email": "test@email.com"
+			}`,
+			Parser: loadJSON(creator),
+			Output: &socks.ClientConfig{
+				Server: []*protocol.ServerEndpoint{
+					{
+						Address: &net.IPOrDomain{
+							Address: &net.IPOrDomain_Ip{
+								Ip: []byte{127, 0, 0, 1},
+							},
+						},
+						Port: 1234,
+						User: []*protocol.User{
+							{
+								Email: "test@email.com",
+								Account: serial.ToTypedMessage(&socks.Account{
+									Username: "test user",
+									Password: "test pass",
+								}),
+							},
+						},
+					},
+				},
+			},
+		},
 	})
 }
--- a/infra/conf/trojan.go
+++ b/infra/conf/trojan.go
@@ -20,19 +20,37 @@ import (
 type TrojanServerTarget struct {
 	Address  *Address `json:"address"`
 	Port     uint16   `json:"port"`
-	Password string   `json:"password"`
-	Email    string   `json:"email"`
 	Level    byte     `json:"level"`
+	Email    string   `json:"email"`
+	Password string   `json:"password"`
 	Flow     string   `json:"flow"`
 }

 // TrojanClientConfig is configuration of trojan servers
 type TrojanClientConfig struct {
+	Address  *Address `json:"address"`
+	Port     uint16   `json:"port"`
+	Level    byte     `json:"level"`
+	Email    string   `json:"email"`
+	Password string   `json:"password"`
+	Flow     string   `json:"flow"`
 	Servers []*TrojanServerTarget `json:"servers"`
 }

 // Build implements Buildable
 func (c *TrojanClientConfig) Build() (proto.Message, error) {
+	if c.Address != nil {
+		c.Servers = []*TrojanServerTarget{
+			{
+				Address:  c.Address,
+				Port:     c.Port,
+				Level:    c.Level,
+				Email:    c.Email,
+				Password: c.Password,
+				Flow:     c.Flow,
+			},
+		}
+	}
 	if len(c.Servers) == 0 {
 		return nil, errors.New("0 Trojan server configured.")
 	}
--- a/infra/conf/vless.go
+++ b/infra/conf/vless.go
@@ -77,6 +77,10 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
 			return nil, errors.New(`VLESS clients: "encryption" should not be in inbound settings`)
 		}

+		if account.Reverse != nil && account.Reverse.Tag == "" {
+			return nil, errors.New(`VLESS clients: "tag" can't be empty for "reverse"`)
+		}
+
 		user.Account = serial.ToTypedMessage(account)
 		config.Clients[idx] = user
 	}
@@ -199,13 +203,30 @@ type VLessOutboundVnext struct {
 }

 type VLessOutboundConfig struct {
-	Vnext []*VLessOutboundVnext `json:"vnext"`
+	Address    *Address              `json:"address"`
+	Port       uint16                `json:"port"`
+	Level      uint32                `json:"level"`
+	Email      string                `json:"email"`
+	Id         string                `json:"id"`
+	Flow       string                `json:"flow"`
+	Seed       string                `json:"seed"`
+	Encryption string                `json:"encryption"`
+	Reverse    *vless.Reverse        `json:"reverse"`
+	Vnext      []*VLessOutboundVnext `json:"vnext"`
 }

 // Build implements Buildable
 func (c *VLessOutboundConfig) Build() (proto.Message, error) {
 	config := new(outbound.Config)
-
+	if c.Address != nil {
+		c.Vnext = []*VLessOutboundVnext{
+			{
+				Address: c.Address,
+				Port:    c.Port,
+				Users:   []json.RawMessage{{}},
+			},
+		}
+	}
 	if len(c.Vnext) != 1 {
 		return nil, errors.New(`VLESS settings: "vnext" should have one and only one member`)
 	}
@@ -224,12 +245,25 @@ func (c *VLessOutboundConfig) Build() (proto.Message, error) {
 		}
 		for idx, rawUser := range rec.Users {
 			user := new(protocol.User)
-			if err := json.Unmarshal(rawUser, user); err != nil {
-				return nil, errors.New(`VLESS users: invalid user`).Base(err)
+			if c.Address != nil {
+				user.Level = c.Level
+				user.Email = c.Email
+			} else {
+				if err := json.Unmarshal(rawUser, user); err != nil {
+					return nil, errors.New(`VLESS users: invalid user`).Base(err)
+				}
 			}
 			account := new(vless.Account)
-			if err := json.Unmarshal(rawUser, account); err != nil {
-				return nil, errors.New(`VLESS users: invalid user`).Base(err)
+			if c.Address != nil {
+				account.Id = c.Id
+				account.Flow = c.Flow
+				//account.Seed = c.Seed
+				account.Encryption = c.Encryption
+				account.Reverse = c.Reverse
+			} else {
+				if err := json.Unmarshal(rawUser, account); err != nil {
+					return nil, errors.New(`VLESS users: invalid user`).Base(err)
+				}
 			}

 			u, err := uuid.ParseString(account.Id)
@@ -288,6 +322,10 @@ func (c *VLessOutboundConfig) Build() (proto.Message, error) {
 				return nil, errors.New(`VLESS users: unsupported "encryption": ` + account.Encryption)
 			}

+			if account.Reverse != nil && account.Reverse.Tag == "" {
+				return nil, errors.New(`VLESS clients: "tag" can't be empty for "reverse"`)
+			}
+
 			user.Account = serial.ToTypedMessage(account)
 			spec.User[idx] = user
 		}
--- a/infra/conf/vless_test.go
+++ b/infra/conf/vless_test.go
@@ -57,6 +57,39 @@ func TestVLessOutbound(t *testing.T) {
 				},
 			},
 		},
+		{
+			Input: `{
+				"address": "example.com",
+				"port": 443,
+				"id": "27848739-7e62-4138-9fd3-098a63964b6b",
+				"flow": "xtls-rprx-vision-udp443",
+				"encryption": "none",
+				"level": 0
+			}`,
+			Parser: loadJSON(creator),
+			Output: &outbound.Config{
+				Vnext: []*protocol.ServerEndpoint{
+					{
+						Address: &net.IPOrDomain{
+							Address: &net.IPOrDomain_Domain{
+								Domain: "example.com",
+							},
+						},
+						Port: 443,
+						User: []*protocol.User{
+							{
+								Account: serial.ToTypedMessage(&vless.Account{
+									Id:         "27848739-7e62-4138-9fd3-098a63964b6b",
+									Flow:       "xtls-rprx-vision-udp443",
+									Encryption: "none",
+								}),
+								Level: 0,
+							},
+						},
+					},
+				},
+			},
+		},
 	})
 }

--- a/infra/conf/vmess.go
+++ b/infra/conf/vmess.go
@@ -117,13 +117,28 @@ type VMessOutboundTarget struct {
 }

 type VMessOutboundConfig struct {
-	Receivers []*VMessOutboundTarget `json:"vnext"`
+	Address     *Address               `json:"address"`
+	Port        uint16                 `json:"port"`
+	Level       uint32                 `json:"level"`
+	Email       string                 `json:"email"`
+	ID          string                 `json:"id"`
+	Security    string                 `json:"security"`
+	Experiments string                 `json:"experiments"`
+	Receivers   []*VMessOutboundTarget `json:"vnext"`
 }

 // Build implements Buildable
 func (c *VMessOutboundConfig) Build() (proto.Message, error) {
 	config := new(outbound.Config)
-
+	if c.Address != nil {
+		c.Receivers = []*VMessOutboundTarget{
+			{
+				Address: c.Address,
+				Port:    c.Port,
+				Users:   []json.RawMessage{{}},
+			},
+		}
+	}
 	if len(c.Receivers) == 0 {
 		return nil, errors.New("0 VMess receiver configured")
 	}
@@ -141,12 +156,23 @@ func (c *VMessOutboundConfig) Build() (proto.Message, error) {
 		}
 		for _, rawUser := range rec.Users {
 			user := new(protocol.User)
-			if err := json.Unmarshal(rawUser, user); err != nil {
-				return nil, errors.New("invalid VMess user").Base(err)
+			if c.Address != nil {
+				user.Level = c.Level
+				user.Email = c.Email
+			} else {
+				if err := json.Unmarshal(rawUser, user); err != nil {
+					return nil, errors.New("invalid VMess user").Base(err)
+				}
 			}
 			account := new(VMessAccount)
-			if err := json.Unmarshal(rawUser, account); err != nil {
-				return nil, errors.New("invalid VMess user").Base(err)
+			if c.Address != nil {
+				account.ID = c.ID
+				account.Security = c.Security
+				account.Experiments = c.Experiments
+			} else {
+				if err := json.Unmarshal(rawUser, account); err != nil {
+					return nil, errors.New("invalid VMess user").Base(err)
+				}
 			}

 			u, err := uuid.ParseString(account.ID)
--- a/infra/conf/vmess_test.go
+++ b/infra/conf/vmess_test.go
@@ -58,6 +58,40 @@ func TestVMessOutbound(t *testing.T) {
 				},
 			},
 		},
+		{
+			Input: `{
+				"address": "127.0.0.1",
+				"port": 80,
+				"id": "e641f5ad-9397-41e3-bf1a-e8740dfed019",
+				"email": "love@example.com",
+				"level": 255
+			}`,
+			Parser: loadJSON(creator),
+			Output: &outbound.Config{
+				Receiver: []*protocol.ServerEndpoint{
+					{
+						Address: &net.IPOrDomain{
+							Address: &net.IPOrDomain_Ip{
+								Ip: []byte{127, 0, 0, 1},
+							},
+						},
+						Port: 80,
+						User: []*protocol.User{
+							{
+								Email: "love@example.com",
+								Level: 255,
+								Account: serial.ToTypedMessage(&vmess.Account{
+									Id: "e641f5ad-9397-41e3-bf1a-e8740dfed019",
+									SecuritySettings: &protocol.SecurityConfig{
+										Type: protocol.SecurityType_AUTO,
+									},
+								}),
+							},
+						},
+					},
+				},
+			},
+		},
 	})
 }

--- a/main/commands/all/tls/ping.go
+++ b/main/commands/all/tls/ping.go
@@ -92,7 +92,7 @@ func executePing(cmd *base.Command, args []string) {
 	fmt.Println("-------------------")
 	fmt.Println("Pinging with SNI")
 	{
-		tcpConn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: ip, Port: 443})
+		tcpConn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: ip, Port: TargetPort})
 		if err != nil {
 			base.Fatalf("Failed to dial tcp: %s", err)
 		}
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@@ -678,10 +678,10 @@ func CopyRawConnIfExist(ctx context.Context, readerConn net.Conn, writerConn net
 			errors.LogInfo(ctx, "CopyRawConn splice")
 			statWriter, _ := writer.(*dispatcher.SizeStatWriter)
 			//runtime.Gosched() // necessary
-			time.Sleep(time.Millisecond)    // without this, there will be a rare ssl error for freedom splice
-			timer.SetTimeout(8 * time.Hour) // prevent leak, just in case
+			time.Sleep(time.Millisecond)     // without this, there will be a rare ssl error for freedom splice
+			timer.SetTimeout(24 * time.Hour) // prevent leak, just in case
 			if inTimer != nil {
-				inTimer.SetTimeout(8 * time.Hour)
+				inTimer.SetTimeout(24 * time.Hour)
 			}
 			w, err := tc.ReadFrom(readerConn)
 			if readCounter != nil {
--- a/proxy/vless/account.go
+++ b/proxy/vless/account.go
@@ -21,6 +21,7 @@ func (a *Account) AsAccount() (protocol.Account, error) {
 		XorMode:    a.XorMode,
 		Seconds:    a.Seconds,
 		Padding:    a.Padding,
+		Reverse:    a.Reverse,
 	}, nil
 }

@@ -35,6 +36,8 @@ type MemoryAccount struct {
 	XorMode    uint32
 	Seconds    uint32
 	Padding    string
+
+	Reverse *Reverse
 }

 // Equals implements protocol.Account.Equals().
@@ -54,5 +57,6 @@ func (a *MemoryAccount) ToProto() proto.Message {
 		XorMode:    a.XorMode,
 		Seconds:    a.Seconds,
 		Padding:    a.Padding,
+		Reverse:    a.Reverse,
 	}
 }
--- a/proxy/vless/account.pb.go
+++ b/proxy/vless/account.pb.go
@@ -20,6 +20,51 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )

+type Reverse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Tag string `protobuf:"bytes,1,opt,name=tag,proto3" json:"tag,omitempty"`
+}
+
+func (x *Reverse) Reset() {
+	*x = Reverse{}
+	mi := &file_proxy_vless_account_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Reverse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Reverse) ProtoMessage() {}
+
+func (x *Reverse) ProtoReflect() protoreflect.Message {
+	mi := &file_proxy_vless_account_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Reverse.ProtoReflect.Descriptor instead.
+func (*Reverse) Descriptor() ([]byte, []int) {
+	return file_proxy_vless_account_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Reverse) GetTag() string {
+	if x != nil {
+		return x.Tag
+	}
+	return ""
+}
+
 type Account struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -28,16 +73,17 @@ type Account struct {
 	// ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57".
 	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	// Flow settings. May be "xtls-rprx-vision".
-	Flow       string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
-	Encryption string `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"`
-	XorMode    uint32 `protobuf:"varint,4,opt,name=xorMode,proto3" json:"xorMode,omitempty"`
-	Seconds    uint32 `protobuf:"varint,5,opt,name=seconds,proto3" json:"seconds,omitempty"`
-	Padding    string `protobuf:"bytes,6,opt,name=padding,proto3" json:"padding,omitempty"`
+	Flow       string   `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
+	Encryption string   `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"`
+	XorMode    uint32   `protobuf:"varint,4,opt,name=xorMode,proto3" json:"xorMode,omitempty"`
+	Seconds    uint32   `protobuf:"varint,5,opt,name=seconds,proto3" json:"seconds,omitempty"`
+	Padding    string   `protobuf:"bytes,6,opt,name=padding,proto3" json:"padding,omitempty"`
+	Reverse    *Reverse `protobuf:"bytes,7,opt,name=reverse,proto3" json:"reverse,omitempty"`
 }

 func (x *Account) Reset() {
 	*x = Account{}
-	mi := &file_proxy_vless_account_proto_msgTypes[0]
+	mi := &file_proxy_vless_account_proto_msgTypes[1]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -49,7 +95,7 @@ func (x *Account) String() string {
 func (*Account) ProtoMessage() {}

 func (x *Account) ProtoReflect() protoreflect.Message {
-	mi := &file_proxy_vless_account_proto_msgTypes[0]
+	mi := &file_proxy_vless_account_proto_msgTypes[1]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -62,7 +108,7 @@ func (x *Account) ProtoReflect() protoreflect.Message {

 // Deprecated: Use Account.ProtoReflect.Descriptor instead.
 func (*Account) Descriptor() ([]byte, []int) {
-	return file_proxy_vless_account_proto_rawDescGZIP(), []int{0}
+	return file_proxy_vless_account_proto_rawDescGZIP(), []int{1}
 }

 func (x *Account) GetId() string {
@@ -107,28 +153,40 @@ func (x *Account) GetPadding() string {
 	return ""
 }

+func (x *Account) GetReverse() *Reverse {
+	if x != nil {
+		return x.Reverse
+	}
+	return nil
+}
+
 var File_proxy_vless_account_proto protoreflect.FileDescriptor

 var file_proxy_vless_account_proto_rawDesc = []byte{
 	0x0a, 0x19, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6c, 0x65, 0x73, 0x73, 0x2f, 0x61, 0x63,
 	0x63, 0x6f, 0x75, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x78, 0x72, 0x61,
-	0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6c, 0x65, 0x73, 0x73, 0x22, 0x9b, 0x01,
-	0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, 0x6f,
-	0x77, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x12, 0x1e, 0x0a,
-	0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a,
-	0x07, 0x78, 0x6f, 0x72, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07,
-	0x78, 0x6f, 0x72, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x63, 0x6f, 0x6e,
-	0x64, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64,
-	0x73, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x07, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x42, 0x52, 0x0a, 0x14, 0x63,
-	0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6c,
-	0x65, 0x73, 0x73, 0x50, 0x01, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
-	0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65,
-	0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6c, 0x65, 0x73, 0x73, 0xaa, 0x02, 0x10, 0x58,
-	0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x56, 0x6c, 0x65, 0x73, 0x73, 0x62,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6c, 0x65, 0x73, 0x73, 0x22, 0x1b, 0x0a,
+	0x07, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x61, 0x67, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x74, 0x61, 0x67, 0x22, 0xd0, 0x01, 0x0a, 0x07, 0x41,
+	0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x6e,
+	0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a,
+	0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x78, 0x6f,
+	0x72, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x78, 0x6f, 0x72,
+	0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x18,
+	0x0a, 0x07, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x07, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x33, 0x0a, 0x07, 0x72, 0x65, 0x76, 0x65,
+	0x72, 0x73, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x78, 0x72, 0x61, 0x79,
+	0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6c, 0x65, 0x73, 0x73, 0x2e, 0x52, 0x65, 0x76,
+	0x65, 0x72, 0x73, 0x65, 0x52, 0x07, 0x72, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x42, 0x52, 0x0a,
+	0x14, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e,
+	0x76, 0x6c, 0x65, 0x73, 0x73, 0x50, 0x01, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f,
+	0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6c, 0x65, 0x73, 0x73, 0xaa, 0x02,
+	0x10, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x56, 0x6c, 0x65, 0x73,
+	0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
@@ -143,16 +201,18 @@ func file_proxy_vless_account_proto_rawDescGZIP() []byte {
 	return file_proxy_vless_account_proto_rawDescData
 }

-var file_proxy_vless_account_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_proxy_vless_account_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
 var file_proxy_vless_account_proto_goTypes = []any{
-	(*Account)(nil), // 0: xray.proxy.vless.Account
+	(*Reverse)(nil), // 0: xray.proxy.vless.Reverse
+	(*Account)(nil), // 1: xray.proxy.vless.Account
 }
 var file_proxy_vless_account_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
+	0, // 0: xray.proxy.vless.Account.reverse:type_name -> xray.proxy.vless.Reverse
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
 }

 func init() { file_proxy_vless_account_proto_init() }
@@ -166,7 +226,7 @@ func file_proxy_vless_account_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_proxy_vless_account_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   1,
+			NumMessages:   2,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
--- a/proxy/vless/account.proto
+++ b/proxy/vless/account.proto
@@ -6,6 +6,10 @@ option go_package = "github.com/xtls/xray-core/proxy/vless";
 option java_package = "com.xray.proxy.vless";
 option java_multiple_files = true;

+message Reverse {
+  string tag = 1;
+}
+
 message Account {
  // ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57".
  string id = 1;
@@ -16,4 +20,6 @@ message Account {
  uint32 xorMode = 4;
  uint32 seconds = 5;
  string padding = 6;
+
+  Reverse reverse = 7;
 }
--- a/proxy/vless/encoding/encoding.go
+++ b/proxy/vless/encoding/encoding.go
@@ -46,7 +46,7 @@ func EncodeRequestHeader(writer io.Writer, request *protocol.RequestHeader, requ
 		return errors.New("failed to write request command").Base(err)
 	}

-	if request.Command != protocol.RequestCommandMux {
+	if request.Command != protocol.RequestCommandMux && request.Command != protocol.RequestCommandRvs {
 		if err := addrParser.WriteAddressPort(&buffer, request.Address, request.Port); err != nil {
 			return errors.New("failed to write request address and port").Base(err)
 		}
@@ -112,7 +112,8 @@ func DecodeRequestHeader(isfb bool, first *buf.Buffer, reader io.Reader, validat
 		switch request.Command {
 		case protocol.RequestCommandMux:
 			request.Address = net.DomainAddress("v1.mux.cool")
-			request.Port = 0
+		case protocol.RequestCommandRvs:
+			request.Address = net.DomainAddress("v1.rvs.cool")
 		case protocol.RequestCommandTCP, protocol.RequestCommandUDP:
 			if addr, port, err := addrParser.ReadAddressPort(&buffer, reader); err == nil {
 				request.Address = addr
--- a/proxy/vless/inbound/inbound.go
+++ b/proxy/vless/inbound/inbound.go
@@ -12,19 +12,24 @@ import (
 	"time"
 	"unsafe"

+	"github.com/xtls/xray-core/app/dispatcher"
+	"github.com/xtls/xray-core/app/reverse"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/common/log"
+	"github.com/xtls/xray-core/common/mux"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol"
 	"github.com/xtls/xray-core/common/retry"
+	"github.com/xtls/xray-core/common/serial"
 	"github.com/xtls/xray-core/common/session"
 	"github.com/xtls/xray-core/common/signal"
 	"github.com/xtls/xray-core/common/task"
 	"github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/dns"
 	feature_inbound "github.com/xtls/xray-core/features/inbound"
+	"github.com/xtls/xray-core/features/outbound"
 	"github.com/xtls/xray-core/features/policy"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/proxy"
@@ -66,12 +71,14 @@ func init() {

 // Handler is an inbound connection handler that handles messages in VLess protocol.
 type Handler struct {
-	inboundHandlerManager feature_inbound.Manager
-	policyManager         policy.Manager
-	validator             vless.Validator
-	dns                   dns.Client
-	decryption            *encryption.ServerInstance
-	fallbacks             map[string]map[string]map[string]*Fallback // or nil
+	inboundHandlerManager  feature_inbound.Manager
+	policyManager          policy.Manager
+	validator              vless.Validator
+	decryption             *encryption.ServerInstance
+	outboundHandlerManager outbound.Manager
+	defaultDispatcher      *dispatcher.DefaultDispatcher
+	ctx                    context.Context
+	fallbacks              map[string]map[string]map[string]*Fallback // or nil
 	// regexps               map[string]*regexp.Regexp       // or nil
 }

@@ -79,10 +86,12 @@ type Handler struct {
 func New(ctx context.Context, config *Config, dc dns.Client, validator vless.Validator) (*Handler, error) {
 	v := core.MustFromContext(ctx)
 	handler := &Handler{
-		inboundHandlerManager: v.GetFeature(feature_inbound.ManagerType()).(feature_inbound.Manager),
-		policyManager:         v.GetFeature(policy.ManagerType()).(policy.Manager),
-		dns:                   dc,
-		validator:             validator,
+		inboundHandlerManager:  v.GetFeature(feature_inbound.ManagerType()).(feature_inbound.Manager),
+		policyManager:          v.GetFeature(policy.ManagerType()).(policy.Manager),
+		validator:              validator,
+		outboundHandlerManager: v.GetFeature(outbound.ManagerType()).(outbound.Manager),
+		defaultDispatcher:      v.GetFeature(routing.DispatcherType()).(*dispatcher.DefaultDispatcher),
+		ctx:                    ctx,
 	}

 	if config.Decryption != "" && config.Decryption != "none" {
@@ -174,11 +183,49 @@ func isMuxAndNotXUDP(request *protocol.RequestHeader, first *buf.Buffer) bool {
 		firstBytes[6] == 2) // Network type: UDP
 }

+func (h *Handler) GetReverse(a *vless.MemoryAccount) (*Reverse, error) {
+	u := h.validator.Get(a.ID.UUID())
+	if u == nil {
+		return nil, errors.New("reverse: user " + a.ID.String() + " doesn't exist anymore")
+	}
+	a = u.Account.(*vless.MemoryAccount)
+	if a.Reverse == nil || a.Reverse.Tag == "" {
+		return nil, errors.New("reverse: user " + a.ID.String() + " is not allowed to create reverse proxy")
+	}
+	r := h.outboundHandlerManager.GetHandler(a.Reverse.Tag)
+	if r == nil {
+		picker, _ := reverse.NewStaticMuxPicker()
+		r = &Reverse{tag: a.Reverse.Tag, picker: picker, client: &mux.ClientManager{Picker: picker}}
+		for len(h.outboundHandlerManager.ListHandlers(h.ctx)) == 0 {
+			time.Sleep(time.Second) // prevents this outbound from becoming the default outbound
+		}
+		if err := h.outboundHandlerManager.AddHandler(h.ctx, r); err != nil {
+			return nil, err
+		}
+	}
+	if r, ok := r.(*Reverse); ok {
+		return r, nil
+	}
+	return nil, errors.New("reverse: outbound " + a.Reverse.Tag + " is not type Reverse")
+}
+
+func (h *Handler) RemoveReverse(u *protocol.MemoryUser) {
+	if u != nil {
+		a := u.Account.(*vless.MemoryAccount)
+		if a.Reverse != nil && a.Reverse.Tag != "" {
+			h.outboundHandlerManager.RemoveHandler(h.ctx, a.Reverse.Tag)
+		}
+	}
+}
+
 // Close implements common.Closable.Close().
 func (h *Handler) Close() error {
 	if h.decryption != nil {
 		h.decryption.Close()
 	}
+	for _, u := range h.validator.GetAll() {
+		h.RemoveReverse(u)
+	}
 	return errors.Combine(common.Close(h.validator))
 }

@@ -189,6 +236,7 @@ func (h *Handler) AddUser(ctx context.Context, u *protocol.MemoryUser) error {

 // RemoveUser implements proxy.UserManager.RemoveUser().
 func (h *Handler) RemoveUser(ctx context.Context, e string) error {
+	h.RemoveReverse(h.validator.GetByEmail(e))
 	return h.validator.Del(e)
 }

@@ -500,7 +548,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 			switch request.Command {
 			case protocol.RequestCommandUDP:
 				return errors.New(requestAddons.Flow + " doesn't support UDP").AtWarning()
-			case protocol.RequestCommandMux:
+			case protocol.RequestCommandMux, protocol.RequestCommandRvs:
+				inbound.CanSpliceCopy = 3
 				fallthrough // we will break Mux connections that contain TCP requests
 			case protocol.RequestCommandTCP:
 				var t reflect.Type
@@ -565,6 +614,14 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 	clientWriter := encoding.EncodeBodyAddons(bufferWriter, request, requestAddons, trafficState, false, ctx, connection, nil)
 	bufferWriter.SetFlushNext()

+	if request.Command == protocol.RequestCommandRvs {
+		r, err := h.GetReverse(account)
+		if err != nil {
+			return err
+		}
+		return r.NewMux(ctx, h.defaultDispatcher.WrapLink(ctx, &transport.Link{Reader: clientReader, Writer: clientWriter}))
+	}
+
 	if err := dispatcher.DispatchLink(ctx, request.Destination(), &transport.Link{
 		Reader: clientReader,
 		Writer: clientWriter},
@@ -573,3 +630,58 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 	}
 	return nil
 }
+
+type Reverse struct {
+	tag    string
+	picker *reverse.StaticMuxPicker
+	client *mux.ClientManager
+}
+
+func (r *Reverse) Tag() string {
+	return r.tag
+}
+
+func (r *Reverse) NewMux(ctx context.Context, link *transport.Link) error {
+	muxClient, err := mux.NewClientWorker(*link, mux.ClientStrategy{})
+	if err != nil {
+		return errors.New("failed to create mux client worker").Base(err).AtWarning()
+	}
+	worker, err := reverse.NewPortalWorker(muxClient)
+	if err != nil {
+		return errors.New("failed to create portal worker").Base(err).AtWarning()
+	}
+	r.picker.AddWorker(worker)
+	select {
+	case <-ctx.Done():
+	case <-muxClient.WaitClosed():
+	}
+	return nil
+}
+
+func (r *Reverse) Dispatch(ctx context.Context, link *transport.Link) {
+	outbounds := session.OutboundsFromContext(ctx)
+	ob := outbounds[len(outbounds)-1]
+	if ob != nil {
+		if ob.Target.Network == net.Network_UDP && ob.OriginalTarget.Address != nil && ob.OriginalTarget.Address != ob.Target.Address {
+			link.Reader = &buf.EndpointOverrideReader{Reader: link.Reader, Dest: ob.Target.Address, OriginalDest: ob.OriginalTarget.Address}
+			link.Writer = &buf.EndpointOverrideWriter{Writer: link.Writer, Dest: ob.Target.Address, OriginalDest: ob.OriginalTarget.Address}
+		}
+		r.client.Dispatch(ctx, link)
+	}
+}
+
+func (r *Reverse) Start() error {
+	return nil
+}
+
+func (r *Reverse) Close() error {
+	return nil
+}
+
+func (r *Reverse) SenderSettings() *serial.TypedMessage {
+	return nil
+}
+
+func (r *Reverse) ProxySettings() *serial.TypedMessage {
+	return nil
+}
--- a/proxy/vless/outbound/outbound.go
+++ b/proxy/vless/outbound/outbound.go
@@ -11,9 +11,12 @@ import (
 	"unsafe"

 	utls "github.com/refraction-networking/utls"
+	proxyman "github.com/xtls/xray-core/app/proxyman/outbound"
+	"github.com/xtls/xray-core/app/reverse"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/errors"
+	"github.com/xtls/xray-core/common/mux"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol"
 	"github.com/xtls/xray-core/common/retry"
@@ -23,6 +26,7 @@ import (
 	"github.com/xtls/xray-core/common/xudp"
 	"github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/policy"
+	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/proxy"
 	"github.com/xtls/xray-core/proxy/vless"
 	"github.com/xtls/xray-core/proxy/vless/encoding"
@@ -32,6 +36,7 @@ import (
 	"github.com/xtls/xray-core/transport/internet/reality"
 	"github.com/xtls/xray-core/transport/internet/stat"
 	"github.com/xtls/xray-core/transport/internet/tls"
+	"github.com/xtls/xray-core/transport/pipe"
 )

 func init() {
@@ -47,6 +52,7 @@ type Handler struct {
 	policyManager policy.Manager
 	cone          bool
 	encryption    *encryption.ClientInstance
+	reverse       *Reverse
 }

 // New creates a new VLess outbound handler.
@@ -82,14 +88,39 @@ func New(ctx context.Context, config *Config) (*Handler, error) {
 		}
 	}

+	if a.Reverse != nil {
+		handler.reverse = &Reverse{
+			tag:        a.Reverse.Tag,
+			dispatcher: v.GetFeature(routing.DispatcherType()).(routing.Dispatcher),
+			ctx:        ctx,
+			handler:    handler,
+		}
+		handler.reverse.monitorTask = &task.Periodic{
+			Execute:  handler.reverse.monitor,
+			Interval: time.Second * 2,
+		}
+		go func() {
+			time.Sleep(2 * time.Second)
+			handler.reverse.Start()
+		}()
+	}
+
 	return handler, nil
 }

+// Close implements common.Closable.Close().
+func (h *Handler) Close() error {
+	if h.reverse != nil {
+		return h.reverse.Close()
+	}
+	return nil
+}
+
 // Process implements proxy.Outbound.Process().
 func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer internet.Dialer) error {
 	outbounds := session.OutboundsFromContext(ctx)
 	ob := outbounds[len(outbounds)-1]
-	if !ob.Target.IsValid() {
+	if !ob.Target.IsValid() && ob.Target.Address.String() != "v1.rvs.cool" {
 		return errors.New("target not specified").AtError()
 	}
 	ob.Name = "vless"
@@ -127,8 +158,16 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 	if target.Network == net.Network_UDP {
 		command = protocol.RequestCommandUDP
 	}
-	if target.Address.Family().IsDomain() && target.Address.Domain() == "v1.mux.cool" {
-		command = protocol.RequestCommandMux
+	if target.Address.Family().IsDomain() {
+		switch target.Address.Domain() {
+		case "v1.mux.cool":
+			command = protocol.RequestCommandMux
+		case "v1.rvs.cool":
+			if target.Network != net.Network_Unknown {
+				return errors.New("nice try baby").AtError()
+			}
+			command = protocol.RequestCommandRvs
+		}
 	}

 	request := &protocol.RequestHeader{
@@ -321,3 +360,67 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte

 	return nil
 }
+
+type Reverse struct {
+	tag         string
+	dispatcher  routing.Dispatcher
+	ctx         context.Context
+	handler     *Handler
+	workers     []*reverse.BridgeWorker
+	monitorTask *task.Periodic
+}
+
+func (r *Reverse) monitor() error {
+	var activeWorkers []*reverse.BridgeWorker
+	for _, w := range r.workers {
+		if w.IsActive() {
+			activeWorkers = append(activeWorkers, w)
+		}
+	}
+	if len(activeWorkers) != len(r.workers) {
+		r.workers = activeWorkers
+	}
+
+	var numConnections uint32
+	var numWorker uint32
+	for _, w := range r.workers {
+		if w.IsActive() {
+			numConnections += w.Connections()
+			numWorker++
+		}
+	}
+	if numWorker == 0 || numConnections/numWorker > 16 {
+		reader1, writer1 := pipe.New(pipe.WithSizeLimit(2 * buf.Size))
+		reader2, writer2 := pipe.New(pipe.WithSizeLimit(2 * buf.Size))
+		link1 := &transport.Link{Reader: reader1, Writer: writer2}
+		link2 := &transport.Link{Reader: reader2, Writer: writer1}
+		w := &reverse.BridgeWorker{
+			Tag:        r.tag,
+			Dispatcher: r.dispatcher,
+		}
+		worker, err := mux.NewServerWorker(r.ctx, w, link1)
+		if err != nil {
+			errors.LogWarningInner(r.ctx, err, "failed to create mux server worker")
+			return nil
+		}
+		w.Worker = worker
+		r.workers = append(r.workers, w)
+		go func() {
+			ctx := session.ContextWithOutbounds(r.ctx, []*session.Outbound{{
+				Target: net.Destination{Address: net.DomainAddress("v1.rvs.cool")},
+			}})
+			r.handler.Process(ctx, link2, session.HandlerFromContext(ctx).(*proxyman.Handler))
+			common.Interrupt(reader1)
+			common.Interrupt(reader2)
+		}()
+	}
+	return nil
+}
+
+func (r *Reverse) Start() error {
+	return r.monitorTask.Start()
+}
+
+func (r *Reverse) Close() error {
+	return r.monitorTask.Close()
+}
--- a/proxy/vmess/aead/authid.go
+++ b/proxy/vmess/aead/authid.go
@@ -17,8 +17,10 @@ import (
 )

 var (
-	ErrNotFound = errors.New("user do not exist")
-	ErrReplay   = errors.New("replayed request")
+	ErrNotFound     = errors.New("user do not exist")
+	ErrNeagtiveTime = errors.New("timestamp is negative")
+	ErrInvalidTime  = errors.New("invalid timestamp, perhaps unsynchronized time")
+	ErrReplay       = errors.New("replayed request")
 )

 func CreateAuthID(cmdKey []byte, time int64) [16]byte {
@@ -102,11 +104,11 @@ func (a *AuthIDDecoderHolder) Match(authID [16]byte) (interface{}, error) {
 		}

 		if t < 0 {
-			continue
+			return nil, ErrNeagtiveTime
 		}

 		if math.Abs(math.Abs(float64(t))-float64(time.Now().Unix())) > 120 {
-			continue
+			return nil, ErrInvalidTime
 		}

 		if !a.filter.Check(authID[:]) {
--- a/transport/internet/kcp/cryptreal.go
+++ b/transport/internet/kcp/cryptreal.go
@@ -9,5 +9,5 @@ import (

 func NewAEADAESGCMBasedOnSeed(seed string) cipher.AEAD {
 	hashedSeed := sha256.Sum256([]byte(seed))
-	return crypto.NewAesGcm(hashedSeed[:])
+	return crypto.NewAesGcm(hashedSeed[:16])
 }