Update sing-box core

2026-05-14 00:51:12 +03:00 · 2026-04-26 21:11:31 +03:00
parent cb3131b3d4 553cfa1f9f
commit 00c08995c7
183 changed files with 5718 additions and 2009 deletions
--- a/protocol/naive/inbound.go
+++ b/protocol/naive/inbound.go
@@ -29,7 +29,10 @@ import (
 	"golang.org/x/net/http2/h2c"
 )

-var ConfigureHTTP3ListenerFunc func(ctx context.Context, logger logger.Logger, listener *listener.Listener, handler http.Handler, tlsConfig tls.ServerConfig, options option.NaiveInboundOptions) (io.Closer, error)
+var (
+	ConfigureHTTP3ListenerFunc func(ctx context.Context, logger logger.Logger, listener *listener.Listener, handler http.Handler, tlsConfig tls.ServerConfig, options option.NaiveInboundOptions) (io.Closer, error)
+	WrapError                  func(error) error
+)

 func RegisterInbound(registry *inbound.Registry) {
 	inbound.Register[option.NaiveInboundOptions](registry, C.TypeNaive, NewInbound)
--- a/protocol/naive/inbound_conn.go
+++ b/protocol/naive/inbound_conn.go
@@ -95,7 +95,7 @@ func (p *paddingConn) writeWithPadding(writer io.Writer, data []byte) (n int, er
 		binary.BigEndian.PutUint16(header, uint16(len(data)))
 		header[2] = byte(paddingSize)
 		common.Must1(buffer.Write(data))
-		buffer.Extend(paddingSize)
+		common.Must(buffer.WriteZeroN(paddingSize))
 		_, err = writer.Write(buffer.Bytes())
 		if err == nil {
 			n = len(data)
@@ -117,7 +117,7 @@ func (p *paddingConn) writeBufferWithPadding(writer io.Writer, buffer *buf.Buffe
 		header := buffer.ExtendHeader(3)
 		binary.BigEndian.PutUint16(header, uint16(bufferLen))
 		header[2] = byte(paddingSize)
-		buffer.Extend(paddingSize)
+		common.Must(buffer.WriteZeroN(paddingSize))
 		p.writePadding++
 	}
 	return common.Error(writer.Write(buffer.Bytes()))
@@ -179,18 +179,18 @@ type naiveConn struct {

 func (c *naiveConn) Read(p []byte) (n int, err error) {
 	n, err = c.readWithPadding(c.Conn, p)
-	return n, baderror.WrapH2(err)
+	return n, wrapError(err)
 }

 func (c *naiveConn) Write(p []byte) (n int, err error) {
 	n, err = c.writeChunked(c.Conn, p)
-	return n, baderror.WrapH2(err)
+	return n, wrapError(err)
 }

 func (c *naiveConn) WriteBuffer(buffer *buf.Buffer) error {
 	defer buffer.Release()
 	err := c.writeBufferWithPadding(c.Conn, buffer)
-	return baderror.WrapH2(err)
+	return wrapError(err)
 }

 func (c *naiveConn) FrontHeadroom() int      { return c.frontHeadroom() }
@@ -210,7 +210,7 @@ type naiveH2Conn struct {

 func (c *naiveH2Conn) Read(p []byte) (n int, err error) {
 	n, err = c.readWithPadding(c.reader, p)
-	return n, baderror.WrapH2(err)
+	return n, wrapError(err)
 }

 func (c *naiveH2Conn) Write(p []byte) (n int, err error) {
@@ -218,7 +218,7 @@ func (c *naiveH2Conn) Write(p []byte) (n int, err error) {
 	if err == nil {
 		c.flusher.Flush()
 	}
-	return n, baderror.WrapH2(err)
+	return n, wrapError(err)
 }

 func (c *naiveH2Conn) WriteBuffer(buffer *buf.Buffer) error {
@@ -227,7 +227,15 @@ func (c *naiveH2Conn) WriteBuffer(buffer *buf.Buffer) error {
 	if err == nil {
 		c.flusher.Flush()
 	}
-	return baderror.WrapH2(err)
+	return wrapError(err)
+}
+
+func wrapError(err error) error {
+	err = baderror.WrapH2(err)
+	if WrapError != nil {
+		err = WrapError(err)
+	}
+	return err
 }

 func (c *naiveH2Conn) Close() error {
--- a/protocol/naive/quic/inbound_init.go
+++ b/protocol/naive/quic/inbound_init.go
@@ -124,4 +124,5 @@ func init() {

 		return quicListener, nil
 	}
+	naive.WrapError = qtls.WrapError
 }
--- a/protocol/socks/outbound.go
+++ b/protocol/socks/outbound.go
@@ -83,7 +83,7 @@ func (h *Outbound) DialContext(ctx context.Context, network string, destination
 	default:
 		return nil, E.Extend(N.ErrUnknownNetwork, network)
 	}
-	if h.resolve && destination.IsFqdn() {
+	if h.resolve && destination.IsDomain() {
 		destinationAddresses, err := h.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{})
 		if err != nil {
 			return nil, err
@@ -101,7 +101,7 @@ func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (n
 		h.logger.InfoContext(ctx, "outbound UoT packet connection to ", destination)
 		return h.uotClient.ListenPacket(ctx, destination)
 	}
-	if h.resolve && destination.IsFqdn() {
+	if h.resolve && destination.IsDomain() {
 		destinationAddresses, err := h.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{})
 		if err != nil {
 			return nil, err
--- a/protocol/tailscale/dns_transport.go
+++ b/protocol/tailscale/dns_transport.go
@@ -1,3 +1,5 @@
+//go:build with_gvisor
+
 package tailscale

 import (
@@ -47,6 +49,7 @@ type DNSTransport struct {
 	dnsRouter              adapter.DNSRouter
 	endpointManager        adapter.EndpointManager
 	endpoint               *Endpoint
+	access                 sync.RWMutex
 	routePrefixes          []netip.Prefix
 	routes                 map[string][]adapter.DNSTransport
 	hosts                  map[string][]netip.Addr
@@ -89,6 +92,12 @@ func (t *DNSTransport) Start(stage adapter.StartStage) error {
 }

 func (t *DNSTransport) Reset() {
+	t.access.RLock()
+	transports := t.collectResolversLocked()
+	t.access.RUnlock()
+	for _, transport := range transports {
+		transport.Reset()
+	}
 }

 func (t *DNSTransport) onReconfig(cfg *wgcfg.Config, routerCfg *router.Config, dnsCfg *nDNS.Config) {
@@ -99,7 +108,7 @@ func (t *DNSTransport) onReconfig(cfg *wgcfg.Config, routerCfg *router.Config, d
 }

 func (t *DNSTransport) updateDNSServers(routeConfig *router.Config, dnsConfig *nDNS.Config) error {
-	t.routePrefixes = buildRoutePrefixes(routeConfig)
+	routePrefixes := buildRoutePrefixes(routeConfig)
 	directDialerOnce := sync.OnceValue(func() N.Dialer {
 		directDialer := common.Must1(dialer.NewDefault(t.ctx, option.DialerOptions{}))
 		return &DNSDialer{transport: t, fallbackDialer: directDialer}
@@ -128,9 +137,19 @@ func (t *DNSTransport) updateDNSServers(routeConfig *router.Config, dnsConfig *n
 		}
 		defaultResolvers = append(defaultResolvers, myResolver)
 	}
+
+	t.access.Lock()
+	oldResolvers := t.collectResolversLocked()
+	t.routePrefixes = routePrefixes
 	t.routes = routes
 	t.hosts = hosts
 	t.defaultResolvers = defaultResolvers
+	t.access.Unlock()
+
+	for _, transport := range oldResolvers {
+		transport.Close()
+	}
+
 	if len(defaultResolvers) > 0 {
 		t.logger.Info("updated ", len(routes), " routes, ", len(hosts), " hosts, default resolvers: ",
 			strings.Join(common.Map(dnsConfig.DefaultResolvers, func(it *dnstype.Resolver) string { return it.Addr }), " "))
@@ -205,7 +224,22 @@ func buildRoutePrefixes(routeConfig *router.Config) []netip.Prefix {
 }

 func (t *DNSTransport) Close() error {
-	return nil
+	t.access.Lock()
+	transports := t.collectResolversLocked()
+	t.routePrefixes = nil
+	t.routes = nil
+	t.hosts = nil
+	t.defaultResolvers = nil
+	t.access.Unlock()
+
+	var err error
+	for _, transport := range transports {
+		name := "resolver/" + transport.Type() + "[" + transport.Tag() + "]"
+		err = E.Append(err, transport.Close(), func(err error) error {
+			return E.Cause(err, "close ", name)
+		})
+	}
+	return err
 }

 func (t *DNSTransport) Raw() bool {
@@ -217,7 +251,15 @@ func (t *DNSTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.M
 		return nil, os.ErrInvalid
 	}
 	question := message.Question[0]
-	addresses, hostsLoaded := t.hosts[question.Name]
+
+	t.access.RLock()
+	hosts := t.hosts
+	routes := t.routes
+	defaultResolvers := t.defaultResolvers
+	acceptDefaultResolvers := t.acceptDefaultResolvers
+	t.access.RUnlock()
+
+	addresses, hostsLoaded := hosts[question.Name]
 	if hostsLoaded {
 		switch question.Qtype {
 		case mDNS.TypeA:
@@ -236,7 +278,7 @@ func (t *DNSTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.M
 			}
 		}
 	}
-	for domainSuffix, transports := range t.routes {
+	for domainSuffix, transports := range routes {
 		if strings.HasSuffix(question.Name, domainSuffix) {
 			if len(transports) == 0 {
 				return &mDNS.Msg{
@@ -260,10 +302,10 @@ func (t *DNSTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.M
 			return nil, lastErr
 		}
 	}
-	if t.acceptDefaultResolvers {
-		if len(t.defaultResolvers) > 0 {
+	if acceptDefaultResolvers {
+		if len(defaultResolvers) > 0 {
 			var lastErr error
-			for _, resolver := range t.defaultResolvers {
+			for _, resolver := range defaultResolvers {
 				response, err := resolver.Exchange(ctx, message)
 				if err != nil {
 					lastErr = err
@@ -279,16 +321,26 @@ func (t *DNSTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.M
 	return nil, dns.RcodeNameError
 }

+func (t *DNSTransport) collectResolversLocked() []adapter.DNSTransport {
+	var transports []adapter.DNSTransport
+	for _, resolvers := range t.routes {
+		transports = append(transports, resolvers...)
+	}
+	transports = append(transports, t.defaultResolvers...)
+	return transports
+}
+
 type DNSDialer struct {
 	transport      *DNSTransport
 	fallbackDialer N.Dialer
 }

 func (d *DNSDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
-	if destination.IsFqdn() {
+	if destination.IsDomain() {
 		panic("invalid request here")
 	}
-	for _, prefix := range d.transport.routePrefixes {
+	routePrefixes := d.transport.routePrefixesSnapshot()
+	for _, prefix := range routePrefixes {
 		if prefix.Contains(destination.Addr) {
 			return d.transport.endpoint.DialContext(ctx, network, destination)
 		}
@@ -297,13 +349,20 @@ func (d *DNSDialer) DialContext(ctx context.Context, network string, destination
 }

 func (d *DNSDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
-	if destination.IsFqdn() {
+	if destination.IsDomain() {
 		panic("invalid request here")
 	}
-	for _, prefix := range d.transport.routePrefixes {
+	routePrefixes := d.transport.routePrefixesSnapshot()
+	for _, prefix := range routePrefixes {
 		if prefix.Contains(destination.Addr) {
 			return d.transport.endpoint.ListenPacket(ctx, destination)
 		}
 	}
 	return d.fallbackDialer.ListenPacket(ctx, destination)
 }
+
+func (t *DNSTransport) routePrefixesSnapshot() []netip.Prefix {
+	t.access.RLock()
+	defer t.access.RUnlock()
+	return append([]netip.Prefix(nil), t.routePrefixes...)
+}
--- a/protocol/tailscale/endpoint.go
+++ b/protocol/tailscale/endpoint.go
@@ -1,3 +1,5 @@
+//go:build with_gvisor
+
 package tailscale

 import (
@@ -46,6 +48,7 @@ import (
 	"github.com/sagernet/tailscale/ipn"
 	tsDNS "github.com/sagernet/tailscale/net/dns"
 	"github.com/sagernet/tailscale/net/netmon"
+	"github.com/sagernet/tailscale/net/netns"
 	"github.com/sagernet/tailscale/net/tsaddr"
 	tsTUN "github.com/sagernet/tailscale/net/tstun"
 	"github.com/sagernet/tailscale/tsnet"
@@ -107,7 +110,9 @@ type Endpoint struct {
 	systemInterface     bool
 	systemInterfaceName string
 	systemInterfaceMTU  uint32
+	serverStarted       bool
 	systemTun           tun.Tun
+	systemDialer        *dialer.DefaultDialer
 	fallbackTCPCloser   func()
 }

@@ -144,7 +149,7 @@ func (t *Endpoint) registerNetstackHandlers() {
 			ctx := log.ContextWithNewID(t.ctx)
 			source := M.SocksaddrFrom(src.Addr(), src.Port())
 			destination := M.SocksaddrFrom(dst.Addr(), dst.Port())
-			packetConn := bufio.NewPacketConn(conn)
+			packetConn := bufio.NewUnbindPacketConnWithAddr(conn, destination)
 			t.NewPacketConnectionEx(ctx, packetConn, source, destination, nil)
 		}, true
 	}
@@ -186,7 +191,7 @@ func NewEndpoint(ctx context.Context, router adapter.Router, logger log.ContextL
 		if err != nil {
 			return nil, E.Cause(err, "parse control URL")
 		}
-		remoteIsDomain = M.IsDomainName(controlURL.Hostname())
+		remoteIsDomain = M.ParseSocksaddr(controlURL.Hostname()).IsDomain()
 	} else {
 		// controlplane.tailscale.com
 		remoteIsDomain = true
@@ -258,9 +263,16 @@ func NewEndpoint(ctx context.Context, router adapter.Router, logger log.ContextL
 }

 func (t *Endpoint) Start(stage adapter.StartStage) error {
-	if stage != adapter.StartStateStart {
-		return nil
+	switch stage {
+	case adapter.StartStateStart:
+		return t.start()
+	case adapter.StartStatePostStart:
+		return t.postStart()
 	}
+	return nil
+}
+
+func (t *Endpoint) start() error {
 	if t.platformInterface != nil {
 		err := t.network.UpdateInterfaces()
 		if err != nil {
@@ -285,9 +297,6 @@ func (t *Endpoint) Start(stage adapter.StartStage) error {
 				}
 			}), nil
 		})
-		if runtime.GOOS == "android" {
-			setAndroidProtectFunc(t.platformInterface)
-		}
 	}
 	if t.systemInterface {
 		mtu := t.systemInterfaceMTU
@@ -322,9 +331,34 @@ func (t *Endpoint) Start(stage adapter.StartStage) error {
 			_ = systemTun.Close()
 			return err
 		}
+		systemDialer, err := dialer.NewDefault(t.ctx, option.DialerOptions{
+			BindInterface: tunName,
+		})
+		if err != nil {
+			_ = systemTun.Close()
+			return err
+		}
 		t.systemTun = systemTun
+		t.systemDialer = systemDialer
 		t.server.TunDevice = wgTunDevice
 	}
+	if mark := t.network.AutoRedirectOutputMark(); mark > 0 {
+		controlFunc := t.network.AutoRedirectOutputMarkFunc()
+		if bindFunc := t.network.AutoDetectInterfaceFunc(); bindFunc != nil {
+			controlFunc = control.Append(controlFunc, bindFunc)
+		}
+		netns.SetControlFunc(controlFunc)
+	} else if runtime.GOOS == "android" && t.platformInterface != nil {
+		netns.SetControlFunc(func(network, address string, c syscall.RawConn) error {
+			return control.Raw(c, func(fd uintptr) error {
+				return t.platformInterface.AutoDetectInterfaceControl(int(fd))
+			})
+		})
+	}
+	return nil
+}
+
+func (t *Endpoint) postStart() error {
 	err := t.server.Start()
 	if err != nil {
 		if t.systemTun != nil {
@@ -332,6 +366,7 @@ func (t *Endpoint) Start(stage adapter.StartStage) error {
 		}
 		return err
 	}
+	t.serverStarted = true
 	if t.fallbackTCPCloser == nil {
 		t.fallbackTCPCloser = t.server.RegisterFallbackTCPHandler(func(src, dst netip.AddrPort) (handler func(net.Conn), intercept bool) {
 			return func(conn net.Conn) {
@@ -449,15 +484,22 @@ func (t *Endpoint) watchState() {
 }

 func (t *Endpoint) Close() error {
-	netmon.RegisterInterfaceGetter(nil)
-	if runtime.GOOS == "android" {
-		setAndroidProtectFunc(nil)
+	var err error
+	if t.serverStarted {
+		err = common.Close(common.PtrOrNil(t.server))
+		t.serverStarted = false
 	}
+	netmon.RegisterInterfaceGetter(nil)
+	netns.SetControlFunc(nil)
 	if t.fallbackTCPCloser != nil {
 		t.fallbackTCPCloser()
 		t.fallbackTCPCloser = nil
 	}
-	return common.Close(common.PtrOrNil(t.server))
+	if t.systemTun != nil {
+		t.systemTun.Close()
+		t.systemTun = nil
+	}
+	return err
 }

 func (t *Endpoint) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
@@ -467,13 +509,16 @@ func (t *Endpoint) DialContext(ctx context.Context, network string, destination
 	case N.NetworkUDP:
 		t.logger.InfoContext(ctx, "outbound packet connection to ", destination)
 	}
-	if destination.IsFqdn() {
+	if destination.IsDomain() {
 		destinationAddresses, err := t.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{})
 		if err != nil {
 			return nil, err
 		}
 		return N.DialSerial(ctx, t, network, destination, destinationAddresses)
 	}
+	if t.systemDialer != nil {
+		return t.systemDialer.DialContext(ctx, network, destination)
+	}
 	addr4, addr6 := t.server.TailscaleIPs()
 	remoteAddr := tcpip.FullAddress{
 		NIC:  1,
@@ -520,6 +565,9 @@ func (t *Endpoint) DialContext(ctx context.Context, network string, destination
 }

 func (t *Endpoint) listenPacketWithAddress(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	if t.systemDialer != nil {
+		return t.systemDialer.ListenPacket(ctx, destination)
+	}
 	addr4, addr6 := t.server.TailscaleIPs()
 	bind := tcpip.FullAddress{
 		NIC: 1,
@@ -547,7 +595,7 @@ func (t *Endpoint) listenPacketWithAddress(ctx context.Context, destination M.So

 func (t *Endpoint) ListenPacketWithDestination(ctx context.Context, destination M.Socksaddr) (net.PacketConn, netip.Addr, error) {
 	t.logger.InfoContext(ctx, "outbound packet connection to ", destination)
-	if destination.IsFqdn() {
+	if destination.IsDomain() {
 		destinationAddresses, err := t.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{})
 		if err != nil {
 			return nil, netip.Addr{}, err
@@ -677,19 +725,29 @@ func (t *Endpoint) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn,
 }

 func (t *Endpoint) NewDirectRouteConnection(metadata adapter.InboundContext, routeContext tun.DirectRouteContext, timeout time.Duration) (tun.DirectRouteDestination, error) {
-	inet4Address, inet6Address := t.server.TailscaleIPs()
-	if metadata.Destination.Addr.Is4() && !inet4Address.IsValid() || metadata.Destination.Addr.Is6() && !inet6Address.IsValid() {
-		return nil, E.New("Tailscale is not ready yet")
-	}
 	ctx := log.ContextWithNewID(t.ctx)
-	destination, err := ping.ConnectGVisor(
-		ctx, t.logger,
-		metadata.Source.Addr, metadata.Destination.Addr,
-		routeContext,
-		t.stack,
-		inet4Address, inet6Address,
-		timeout,
-	)
+	var destination tun.DirectRouteDestination
+	var err error
+	if t.systemDialer != nil {
+		destination, err = ping.ConnectDestination(
+			ctx, t.logger,
+			t.systemDialer.DialerForICMPDestination(metadata.Destination.Addr).Control,
+			metadata.Destination.Addr, routeContext, timeout,
+		)
+	} else {
+		inet4Address, inet6Address := t.server.TailscaleIPs()
+		if metadata.Destination.Addr.Is4() && !inet4Address.IsValid() || metadata.Destination.Addr.Is6() && !inet6Address.IsValid() {
+			return nil, E.New("Tailscale is not ready yet")
+		}
+		destination, err = ping.ConnectGVisor(
+			ctx, t.logger,
+			metadata.Source.Addr, metadata.Destination.Addr,
+			routeContext,
+			t.stack,
+			inet4Address, inet6Address,
+			timeout,
+		)
+	}
 	if err != nil {
 		return nil, err
 	}
--- a/protocol/tailscale/protect_android.go
+++ b/protocol/tailscale/protect_android.go
@@ -1,16 +0,0 @@
-package tailscale
-
-import (
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/tailscale/net/netns"
-)
-
-func setAndroidProtectFunc(platformInterface adapter.PlatformInterface) {
-	if platformInterface != nil {
-		netns.SetAndroidProtectFunc(func(fd int) error {
-			return platformInterface.AutoDetectInterfaceControl(fd)
-		})
-	} else {
-		netns.SetAndroidProtectFunc(nil)
-	}
-}
--- a/protocol/tailscale/protect_nonandroid.go
+++ b/protocol/tailscale/protect_nonandroid.go
@@ -1,8 +0,0 @@
-//go:build !android
-
-package tailscale
-
-import "github.com/sagernet/sing-box/adapter"
-
-func setAndroidProtectFunc(platformInterface adapter.PlatformInterface) {
-}
--- a/protocol/tailscale/tun_device_unix.go
+++ b/protocol/tailscale/tun_device_unix.go
@@ -1,4 +1,4 @@
-//go:build !windows
+//go:build with_gvisor && !windows

 package tailscale

--- a/protocol/tailscale/tun_device_windows.go
+++ b/protocol/tailscale/tun_device_windows.go
@@ -1,4 +1,4 @@
-//go:build windows
+//go:build with_gvisor && windows

 package tailscale

--- a/protocol/tun/inbound.go
+++ b/protocol/tun/inbound.go
@@ -67,6 +67,10 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 	if options.GSO {
 		return nil, E.New("GSO option in tun is deprecated in sing-box 1.11.0 and removed in sing-box 1.12.0")
 	}
+	//nolint:staticcheck
+	if options.InboundOptions != (option.InboundOptions{}) {
+		return nil, E.New("legacy inbound fields are deprecated in sing-box 1.11.0 and removed in sing-box 1.13.0, checkout migration: https://sing-box.sagernet.org/migration/#migrate-legacy-inbound-fields-to-rule-actions")
+	}

 	address := options.Address
 	inet4Address := common.Filter(address, func(it netip.Prefix) bool {
--- a/protocol/vless/outbound.go
+++ b/protocol/vless/outbound.go
@@ -167,7 +167,7 @@ func (h *vlessDialer) DialContext(ctx context.Context, network string, destinati
 		if h.xudp {
 			return h.client.DialEarlyXUDPPacketConn(conn, destination)
 		} else if h.packetAddr {
-			if destination.IsFqdn() {
+			if destination.IsDomain() {
 				return nil, E.New("packetaddr: domain destination is not supported")
 			}
 			packetConn, err := h.client.DialEarlyPacketConn(conn, M.Socksaddr{Fqdn: packetaddr.SeqPacketMagicAddress})
@@ -204,7 +204,7 @@ func (h *vlessDialer) ListenPacket(ctx context.Context, destination M.Socksaddr)
 	if h.xudp {
 		return h.client.DialEarlyXUDPPacketConn(conn, destination)
 	} else if h.packetAddr {
-		if destination.IsFqdn() {
+		if destination.IsDomain() {
 			return nil, E.New("packetaddr: domain destination is not supported")
 		}
 		conn, err := h.client.DialEarlyPacketConn(conn, M.Socksaddr{Fqdn: packetaddr.SeqPacketMagicAddress})
--- a/protocol/vmess/outbound.go
+++ b/protocol/vmess/outbound.go
@@ -194,7 +194,7 @@ func (h *vmessDialer) ListenPacket(ctx context.Context, destination M.Socksaddr)
 		return nil, err
 	}
 	if h.packetAddr {
-		if destination.IsFqdn() {
+		if destination.IsDomain() {
 			return nil, E.New("packetaddr: domain destination is not supported")
 		}
 		return packetaddr.NewConn(h.client.DialEarlyPacketConn(conn, M.Socksaddr{Fqdn: packetaddr.SeqPacketMagicAddress}), destination), nil
--- a/protocol/wireguard/endpoint.go
+++ b/protocol/wireguard/endpoint.go
@@ -238,7 +238,7 @@ func (w *Endpoint) DialContext(ctx context.Context, network string, destination
 	case N.NetworkUDP:
 		w.logger.InfoContext(ctx, "outbound packet connection to ", destination)
 	}
-	if destination.IsFqdn() {
+	if destination.IsDomain() {
 		destinationAddresses, err := w.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{})
 		if err != nil {
 			return nil, err
@@ -252,7 +252,7 @@ func (w *Endpoint) DialContext(ctx context.Context, network string, destination

 func (w *Endpoint) ListenPacketWithDestination(ctx context.Context, destination M.Socksaddr) (net.PacketConn, netip.Addr, error) {
 	w.logger.InfoContext(ctx, "outbound packet connection to ", destination)
-	if destination.IsFqdn() {
+	if destination.IsDomain() {
 		destinationAddresses, err := w.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{})
 		if err != nil {
 			return nil, netip.Addr{}, err