fix: ss2022 throughput, simple-obfs TLS state machine, MMDB path

clash-bin/src/main.rs

@@ -184,7 +184,15 @@ fn main() -> anyhow::Result<()> {
              recommended to enable this if you are using clash verge."
         );
         if let Some(dir) = &cli.directory {
-            std::env::set_current_dir(dir)?;
+            // Canonicalize to an absolute path before changing the process cwd.
+            // If `dir` is relative (e.g. `./clash-bin/tests/data/config`),
+            // calling set_current_dir then passing the same relative string as
+            // `cwd` to start_scaffold would cause paths like
+            // `cwd.join("Country.mmdb")` to be resolved from the *new* process
+            // cwd, doubling the directory segments and producing a path that
+            // doesn't exist (os error 2).
+            let abs = std::fs::canonicalize(dir)?;
+            std::env::set_current_dir(&abs)?;
         }
         if config.general.mmdb.is_none() {
             config.general.mmdb = Some("Country.mmdb".to_string());
@@ -194,9 +202,19 @@ fn main() -> anyhow::Result<()> {
         }
     }
 
+    // When compatibility mode called set_current_dir the process cwd is
+    // already correct; pass None so start_scaffold uses "." (= the new cwd)
+    // rather than the original relative cli.directory which would be resolved
+    // from the wrong base.
+    let cwd = if cli.compatibility && cli.directory.is_some() {
+        None
+    } else {
+        cli.directory.map(|x| x.to_string_lossy().to_string())
+    };
+
     clash::start_scaffold(clash::Options {
         config: clash::Config::Internal(config),
-        cwd: cli.directory.map(|x| x.to_string_lossy().to_string()),
+        cwd,
         rt: Some(TokioRuntime::MultiThread),
         log_file: cli.log_file,
     })

clash-lib/src/app/dispatcher/dispatcher_impl.rs

@@ -30,7 +30,11 @@ use crate::app::dns::ThreadSafeDNSResolver;
 
 use super::statistics_manager::Manager;
 
-const DEFAULT_BUFFER_SIZE: usize = 16 * 1024;
+// SS2022 (AEAD-2022) MAX_PACKET_SIZE is 0xFFFF (65535 bytes). Using a relay
+// buffer smaller than that forces the cipher to split every full packet into
+// multiple smaller encrypted chunks, multiplying encrypt/decrypt overhead.
+// Classic AEAD ciphers cap at 0x3FFF (16383 bytes) so they are unaffected.
+const DEFAULT_BUFFER_SIZE: usize = 64 * 1024;
 
 pub struct Dispatcher {
     outbound_manager: ThreadSafeOutboundManager,
@@ -251,7 +255,7 @@ impl Dispatcher {
          */
         let (mut local_w, mut local_r) = udp_inbound.split();
         let (remote_receiver_w, mut remote_receiver_r) =
-            tokio::sync::mpsc::channel(32);
+            tokio::sync::mpsc::channel(256);
 
         let s = sess.clone();
         let ss = sess.clone();
@@ -363,7 +367,7 @@ impl Dispatcher {
 
                         let (mut remote_w, mut remote_r) = outbound_datagram.split();
                         let (remote_sender, mut remote_forwarder) =
-                            tokio::sync::mpsc::channel::<UdpPacket>(32);
+                            tokio::sync::mpsc::channel::<UdpPacket>(256);
 
                         // remote -> local
                         let r_handle = tokio::spawn(async move {

clash-lib/src/proxy/datagram.rs

@@ -73,6 +73,9 @@ pub struct OutboundDatagramImpl {
     resolver: ThreadSafeDNSResolver,
     flushed: bool,
     pkt: Option<UdpPacket>,
+    // Pre-allocated receive buffer; avoids a 65535-byte heap allocation on
+    // every poll_next call.
+    recv_buf: Vec<u8>,
 }
 
 impl OutboundDatagramImpl {
@@ -82,6 +85,7 @@ impl OutboundDatagramImpl {
             resolver,
             flushed: true,
             pkt: None,
+            recv_buf: vec![0u8; 65535],
         }
     }
 }
@@ -190,9 +194,12 @@ impl Stream for OutboundDatagramImpl {
         mut self: Pin<&mut Self>,
         cx: &mut Context<'_>,
     ) -> Poll<Option<Self::Item>> {
-        let Self { ref mut inner, .. } = *self;
-        let mut mem = vec![0u8; 65535];
-        let mut buf = ReadBuf::new(&mut mem);
+        let Self {
+            ref mut inner,
+            ref mut recv_buf,
+            ..
+        } = *self;
+        let mut buf = ReadBuf::new(recv_buf.as_mut_slice());
         match ready!(inner.poll_recv_from(cx, &mut buf)) {
             Ok(src) => {
                 let data = buf.filled().to_vec();

clash-lib/src/proxy/shadowsocks/outbound/datagram.rs

@@ -2,6 +2,7 @@ use std::{
     io,
     net::SocketAddr,
     pin::Pin,
+    sync::Mutex,
     task::{Context, Poll},
 };
 
@@ -200,16 +201,16 @@ where
 
 /// Shadowsocks UDP I/O that ProxySocket required
 pub(crate) struct ShadowsocksUdpIo {
-    w: tokio::sync::Mutex<SplitSink<AnyOutboundDatagram, UdpPacket>>,
-    r: tokio::sync::Mutex<(SplitStream<AnyOutboundDatagram>, BytesMut)>,
+    w: Mutex<SplitSink<AnyOutboundDatagram, UdpPacket>>,
+    r: Mutex<(SplitStream<AnyOutboundDatagram>, BytesMut)>,
 }
 
 impl ShadowsocksUdpIo {
     pub fn new(inner: AnyOutboundDatagram) -> Self {
         let (w, r) = inner.split();
         Self {
-            w: tokio::sync::Mutex::new(w),
-            r: tokio::sync::Mutex::new((r, BytesMut::new())),
+            w: Mutex::new(w),
+            r: Mutex::new((r, BytesMut::new())),
         }
     }
 }
@@ -225,7 +226,7 @@ impl DatagramSend for ShadowsocksUdpIo {
         buf: &[u8],
         target: std::net::SocketAddr,
     ) -> Poll<io::Result<usize>> {
-        let mut w = self.w.try_lock().expect("must acquire");
+        let mut w = self.w.lock().unwrap();
         match w.start_send_unpin(UdpPacket {
             data: buf.to_vec(),
             src_addr: SocksAddr::any_ipv4(),
@@ -243,7 +244,7 @@ impl DatagramSend for ShadowsocksUdpIo {
     }
 
     fn poll_send_ready(&self, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
-        let mut w = self.w.try_lock().expect("must acquire");
+        let mut w = self.w.lock().unwrap();
         w.poll_ready_unpin(cx)
             .map_err(|e| new_io_error(e.to_string()))
     }
@@ -255,7 +256,7 @@ impl DatagramReceive for ShadowsocksUdpIo {
         cx: &mut Context<'_>,
         buf: &mut ReadBuf<'_>,
     ) -> Poll<io::Result<()>> {
-        let mut g = self.r.try_lock().expect("must acquire");
+        let mut g = self.r.lock().unwrap();
         let (r, remained) = &mut *g;
 
         if !remained.is_empty() {

clash-lib/src/proxy/shadowsocks/outbound/mod.rs

@@ -47,7 +47,7 @@ pub struct HandlerOptions {
 
 pub struct Handler {
     opts: HandlerOptions,
-
+    ctx: Arc<shadowsocks::context::Context>,
     connector: tokio::sync::RwLock<Option<Arc<dyn RemoteConnector>>>,
 }
 
@@ -65,6 +65,7 @@ impl Handler {
     pub fn new(opts: HandlerOptions) -> Self {
         Self {
             opts,
+            ctx: Context::new_shared(ServerType::Local),
             connector: tokio::sync::RwLock::new(None),
         }
     }
@@ -80,11 +81,10 @@ impl Handler {
             None => s,
         };
 
-        let ctx = Context::new_shared(ServerType::Local);
         let cfg = self.server_config()?;
 
         let stream = ProxyClientStream::from_stream(
-            ctx,
+            self.ctx.clone(),
             stream,
             &cfg,
             (sess.destination.host(), sess.destination.port()),
@@ -198,7 +198,6 @@ impl OutboundHandler for Handler {
         resolver: ThreadSafeDNSResolver,
         connector: &dyn RemoteConnector,
     ) -> io::Result<BoxedChainedDatagram> {
-        let ctx = Context::new_shared(ServerType::Local);
         let cfg = self.server_config()?;
 
         let socket = connector
@@ -214,7 +213,7 @@ impl OutboundHandler for Handler {
 
         let socket = ProxySocket::from_socket(
             UdpSocketType::Client,
-            ctx,
+            self.ctx.clone(),
             &cfg,
             ShadowsocksUdpIo::new(socket),
         );