Describe the bug

Sometimes the Internet fails entirely when Shadowsocks keeps running for a while. This is a new bug introduced around v5.1.7 until latest master.

To Reproduce Steps to reproduce the behavior:

1. Start Shadowsocks
2. Wait until your Internet is dead
3. Restart service and verify that it is back working again

Expected behavior Shadowsocks should work 24/7.

Relevant logcat

ERROR dns udp 127.0.0.1:38945 query message parse error: dns class value unknown: 2287

This message is repeated 6 times over 4 seconds, around when the DNS goes down. Not sure if it is related though.

Smartphone (please complete the following information):

• Android/Chrome OS version: Android 11
• Device: Pixel 3a XL
• Version: Reproducible from v5.2.1 (9a1c677) to 1394ab3
• Last version that did not exhibit the issue: around v5.1.7

Configuration Put an x inside the [ ] that applies.

• [x] IPv4 server address
• [ ] IPv6 server address
• [x] Client IPv4 availability
• [ ] Client IPv6 availability
• Encrypt method: n/a
• Route
  • [x] All
  • [ ] Bypass LAN
  • [ ] Bypass China
  • [ ] Bypass LAN & China
  • [ ] GFW List
  • [ ] China List
  • [ ] Custom rules
• [ ] IPv6 route
• [ ] Apps VPN mode
  • [ ] Bypass mode
• Remote DNS: 1.1.1.1

Please read contributing guidelines. Thanks.

There is a problem in Telegram media uploading since shadowsocks rust was updated to version 1.9. Same problem exist in telegram desktop with shadowsocks rust 1.9 client.

Expected behavior Start upload media after sending.

Screenshots If applicable, add screenshots to help explain your problem.

Smartphone (please complete the following information):

• Android/Chrome OS version: Android 10
• Device: Mi 9T pro
• Version: All versions after 5.1.7

Configuration Put an x inside the [ ] that applies.

• [x] IPv4 server address
• [ ] IPv6 server address
• [ ] Client IPv4 availability
• [ ] Client IPv6 availability
• Encrypt method: chacha20-poly1305
• Route
  • [ ] All
  • [x] Bypass LAN
  • [ ] Bypass China
  • [ ] Bypass LAN & China
  • [ ] GFW List
  • [ ] China List
  • [ ] Custom rules
• [ ] IPv6 route
• [ ] Apps VPN mode
  • [ ] Bypass mode
• Remote DNS: 8.8.8.8
• [ ] DNS over UDP
• Plugin configuration (if applicable): v2ray (websocket-tls)
• [ ] Auto Connect
• [ ] TCP Fast Open
• If you're not using VPN mode, please supply more details here:

Additional context Add any other context about the problem here.

Please read contributing guidelines. Thanks.

Describe the bug A clear and concise description of what the bug is.

移动4G连上有问题，dns请求发不出去的样子，表现为连上后网页打不开，而telegram却能正常使用，同样的节点配置，使用v2rayNG 的ss功能可以正常连接！

根据之前的issues https://github.com/shadowsocks/shadowsocks-android/issues/591

改DNS检查为allowed，无效 APN连接点的端口为80，无效 APN协议从"ipv4/ipv6"改成"ipv4"，无效

补充，发现APN改为cmwap可以连上，改回cmnet又不行！cmwap无法使用微信的语音视频等功能…蛋疼

使用v2rayNG 的ss功能两个APN都能正常连接！ 望大佬看看原因…

To Reproduce Steps to reproduce the behavior:

1. 关闭wifi
2. 启动 shadowsocks 并连接
3. 开启google
4. 查看错误

Expected behavior A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem.

Smartphone (please complete the following information):

• Android 8.0 OxygenOS 5.0.8
• Device: [ OnePlus 3T ]
• Version: [ONEPLUS A3010_28_181206]
• Last version that did not exhibit the issue: [not applicable]

Configuration Put an x inside the [ ] that applies.

• [x] IPv4 server address
• [ ] IPv6 server address
• [x] Client IPv4 availability
• [ ] Client IPv6 availability
• Encrypt method:
• Route
  • [x] All
  • [ ] Bypass LAN
  • [ ] Bypass China
  • [ ] Bypass LAN & China
  • [ ] GFW List
  • [ ] China List
  • [ ] Custom rules
• [ ] IPv6 route
• [x] Apps VPN mode
  • [ ] Bypass mode
• Remote DNS: 8.8.8.8 (修改过，并无改善) *[x] DNS over UDP
• Plugin configuration (if applicable):
• [ ] Auto Connect
• [ ] TCP Fast Open
• If you're not using VPN mode, please supply more details here:

Additional context Add any other context about the problem here.

上截图，为防止是线路导致的问题，我在家里的树莓派安装服务端，

连接后访问国内网站某度，完全无法打开，截图中可以看到，shadowsocks 中间有发送与接收数据，由于找不到可以直接用ip访问的网站，我访问 http://119.29.29.29/，虽然是个404页面，但确实打开了。 然后某些直接使用ip连接的app也没有问题。

V2客户端正常

最后， 把APN换成 CMWAP 后就能正常打开网页 - -

@madeye

This PR aims to replace shadowsocks-libev with shadowsocks-rust.

Fix issue #2452.

• [x] Gradle and Cargo integration
• [x] Build pass
• [x] VPNService callback
• [x] TCP relay
• [x] DNS realy
• [x] UDP relay
• [x] ACL (IP rules)
• [x] ACL (domain name rules)
• [x] Traffic statistics

Nice to have:

• [x] Parallel lookup to local and remote
• [x] Unix domain socket to local DNS resolver.

Future development plan (maybe not covered by this PR)

• [ ] A local DNS cache
• [ ] Local DNS resolver in Rust
• [ ] Fine-grained policy routing
• [ ] Multiple upstreams

when compared with previous 5.0.6, my xiaomi10 shows cpu is very high, almost 100% with full 8 core running.

when downgrade the v5.0.6, cpu becomes normal.

They are using same profile.

Describe the bug When I test the connection, I get "No Internet access. Unable to resolve host 'cp.cloudflare.com', No address associated with hostname". It errors most of the time, but my laptop and my iPad works normally. DNS server works properly. The server works well. Settings are all correct. No block. Several other WiFi networks are tried, but it stills. Network settings are cleared.

To Reproduce Steps to reproduce the behavior:

1. Connect to Shadowsocks server
2. Test the connection
3. Failed and reported error

Expected behavior A clear and concise description of what you expected to happen. Connect to Shadowsocks server

Screenshots If applicable, add screenshots to help explain your problem.

Smartphone (please complete the following information):

• Device: iQOO z1x
• Version: Android 10.0; Shadowsocks 5.1.4 & 5.0.6 from play store
• Last version that did not exhibit the issue: No

Configuration Put an x inside the [ ] that applies.

• [x] IPv4 server address
• [ ] IPv6 server address
• [x] Client IPv4 availability
• [ ] Client IPv6 availability
• Encrypt method: chacha20-ietf-poly1305
• Route
  • [ ] All
  • [ ] Bypass LAN
  • [ ] Bypass China
  • [x] Bypass LAN & China
  • [ ] GFW List
  • [ ] China List
  • [ ] Custom rules
• [x] IPv6 route
• [ ] Apps VPN mode
  • [ ] Bypass mode
• Remote DNS: 8.8.8.8
• [ ] DNS over UDP
• Plugin configuration (if applicable):
• [ ] Auto Connect
• [ ] TCP Fast Open
• If you're not using VPN mode, please supply more details here:

Additional context It reproduces on my two vivo phone but fails to reproduce on my xiaomi phone. My xiaomi 6 (Android 9.0) works pretty well.

Please read FAQ then answer these questions before submitting your issue. Thanks!

Environment

• Android version: e.g. "7.0.0_r14", more detailed description is preferred android 7.0
• Device: e.g. Google Pixel XL 华为p8
• Shadowsocks version: version code "v3.0.0" or commit ID "a073f85" v4.0
• Last version that did not exhibit the issue (if applicable):

Configuration

Put an x inside the [ ] that applies.

• [ x] IPv4 server address
• [ ] IPv6 server address
• [ x] Client IPv4 availability
• [ ] Client IPv6 availability
• Local port: 1080
• Encrypt method:rc4-md5
• [ ] One-time authentication
• Route
  • [ ] All
  • [ ] Bypass LAN
  • [x ] Bypass China
  • [ ] Bypass LAN & China
  • [ ] GFW List
  • [ ] China List
  • [ ] Custom rules
• [ ] IPv6 route
• [ ] Per-App Proxy
  • [ ] Bypass mode
• [ ] UDP Forwarding
• KCP Parameters: (leave blank if not enabled)
• [x ] Auto Connect
• [ x] TCP Fast Open
• [ ] NAT mode

What did you do?

使用kcp插件连接失败，提示”服务启动失败，无法连接远程服务器：unknow plugin kcptun” 远程端口连接kcp端口，参数autoexpire=10;mode=fast 。

What did you expect to see?

请问kcp插件如何使用

What did you see instead?

Plugin should be bundled as an apk. $PLUGIN_ID in this draft corresponds to the executable name for the plugin in order to be cross-platform, e.g. simple-obfs. An apk can have more than one plugins bundled. We don't care as long as they have different $PLUGIN_ID. Duplicated plugins will be disabled so user has to uninstall them until there's only not more than one left.

There is no restrictions/requirements on package name, but you're suggested to use com.github.shadowsocks.plugin.$PLUGIN_ID if it only contains a single plugin to prevent duplicate plugins.

There will be a library to implement the base framework contrived in this draft and some example plugins for the ease of developers. :smile:

1. Plugin configuration

Plugins get their args configured via one of the following two options:

• A configuration activity.
• If no configuration activity is found, a fallback mode will be used: user manual input and help message; (example: https://github.com/shadowsocks/shadowsocks-android/blob/67fab03/src/main/scala/com/github/shadowsocks/preferences/KcpCliPreferenceDialogFragment.scala#L38)

Configuration activity

• [x] Should this be implemented at all?

If the plugin provides a configuration activity, it will be started when user picks your plugin and taps configure. It:

• MUST have action: com.github.shadowsocks.plugin.$PLUGIN_ID.ACTION_CONFIGURE;
• SHOULD parse string extra com.github.shadowsocks.plugin.EXTRA_OPTIONS (all arg as a single string) and display the old settings;
• MUST return the data Intent with the new com.github.shadowsocks.plugin.EXTRA_OPTIONS;
• SHOULD distinguish between server settings and feature settings in some way, e.g. for simple_obfs, obfs is a server setting and obfs_host is a feature setting;
• NEED NOT be consistent with shadowsocks-android styling - you don't need to use preferences UI at all if you don't feel like it - however it's recommended to use Material Design at minimum.

Help activity/callback

If the plugin doesn't provide a configuration activity, it's highly recommended to provide a help message in the form of an Activity. It:

• MUST have action: com.github.shadowsocks.plugin.$PLUGIN_ID.ACTION_HELP;
• CAN parse string extra com.github.shadowsocks.plugin.EXTRA_OPTIONS and display some more relevant information;
• MUST be either:
  • Be invisible and return help message with CharSequence extra com.github.shadowsocks.plugin.EXTRA_HELP_MESSAGE in the data intent; (in this case, default dialog will be shown containing the message)
  • Be visible and return null as data intent.
• SHOULD distinguish between server settings and feature settings in some way, e.g. for simple_obfs, obfs is a server setting and obfs_host is a feature setting.

2. Plugin implementation

Every plugin can be either in native mode or JVM mode.

Native mode

In native mode, plugins are provided as native executables and shadowsocks-libev's plugin mode will be used.

Every native mode plugin MUST have a content provider to provide the native executables (since they can exceed 1M which is the limit of Intent size) that:

• MUST have android:label and android:icon; (may be configured by activity or application)
• MUST have action: com.github.shadowsocks.plugin.ACTION_NATIVE_PLUGIN. (used for discovering plugins)
• MUST have android:authorities set to com.github.shadowsocks.plugin.$PLUGIN_ID;
• MUST implement query that returns the file list which MUST include $PLUGIN_ID when having these as arguments:
  • uri = "content://com.github.shadowsocks.plugin.$PLUGIN_ID";
  • projection = ["path"]; (relative path, for example obfs-local)
  • selection = null;
  • selectionArgs = null;
  • sortOrder = null;
• MUST implement openFile that for files returned in query, openFile with mode = "r" returns a valid ParcelFileDescriptor for reading. For example, uri can be content://com.github.shadowsocks.plugin.kcptun/kcptun.

Native mode without binary copying

• [x] Should this be implemented at all?

By taking advantage of android:protectionLevel="signature", plugins that have the same signature as the base package (shadowsocks-android in this case) should be able to be accessed directly by ss-local. If any native mode plugin wishes to support this mode, it must have an Activity which:

• MUST have action: com.github.shadowsocks.plugin.$PLUGIN_ID.ACTION_START;
• MUST be invisible;
• MUST return the com.github.shadowsocks.plugin.EXTRA_EXECUTABLE with executable path (e.g. /data/data/com.github.shadowsocks.plugin.kcptun/lib/libkcptun.so).

All plugins in this mode HAVE to support native mode with binary copy.

P.S. If this is implemented, "official" plugins will perform a tiny little bit better than "unofficial" ones.

JVM mode

Note: This can actually be hybrid mode since I'm not caring what you do under the hood. But this should probably be a good idea if your plugin was written in a JVM language.

• [ ] Should this be implemented at all?

Every JVM mode plugin MUST have a service intent filter that:

• MUST have android:label and android:icon; (may be configured by activity or application)
• MUST have action: com.github.shadowsocks.plugin.$PLUGIN_ID.ACTION_START;
• MUST have action: com.github.shadowsocks.plugin.ACTION_JVM_PLUGIN; (used for discovering plugins)
• After onStartCommand(intent, flags, startId), where caller package name, server_ip, server_port and com.github.shadowsocks.plugin.EXTRA_OPTIONS will be passed via intent extra. Within 5000ms, it MUST broadcast com.github.shadowsocks.plugin.ACTION_JVM_PLUGIN_READY with local_port (should be the result of new ServerSocket(0).getLocalPort()) as extra or com.github.shadowsocks.plugin.ACTION_JVM_PLUGIN_FAIL with optional error message as string extra to caller package.
• After shutdown or startService timeout, stopService will be called on target service. The plugin MUST gracefully handle this and terminate.

Default configurations

If a plugin need to supply default configuration, it can put it under the ContentProvider/Service's meta-data tag, for example:

<meta-data android:name="com.github.shadowsocks.plugin.default_config"
           android:value="obfs=http"/>

If you need to provide different default configurations for different plugins, you have to use multiple ContentProvider/Service. It should be easy to implement with sub-classing.

3. Plugin security considerations

Plugins are certified using package signatures and shadowsocks-android will consider these signatures as trusted:

• Signatures by trusted sources which includes:
  • @madeye, i.e. the signer of the main repo;
  • The main repo doesn't contain any other trusted signatures. Third-party forks should add their signatures to this trusted sources if they have plugins signed by them before publishing their source code.
• Current package signature, which means:
  • If you get apk from shadowsocks-android releases or Google Play, this means only apk signed by @madeye will be recognized as trusted.
  • If you get apk from a third-party fork, all plugins from that developer will get recognized as trusted automatically even if its source code isn't available anywhere online.

A warning will be shown for untrusted plugins. No arbitrary restriction will be applied.

4. Plugin platform versioning

In order to be able to identify compatible and incompatible plugins, Semantic Versioning will be used.

Given a version number MAJOR.MINOR.PATCH, increment the:

1. MAJOR version when you make incompatible API changes,
2. MINOR version when you add functionality in a backwards-compatible manner, and
3. PATCH version when you make backwards-compatible bug fixes.

Plugin app must include this in their application tag: (which should be automatically included if you are using our library)

<meta-data android:name="com.github.shadowsocks.plugin.version"
           android:value="1.0.0"/>

5. Possible problems

• In some places hyphens are not accepted, for example package name. In that case, hyphens - should be changed into underscores _. For example, the package name for obfs-local would probably be com.github.shadowsocks.plugin.obfs_local (if it turns out that we really can't use hyphens in package name).
• In the current implementation, kcptun needs to be restarted whenever a network change is detected. We may need to put this into this platform somehow, e.g. a restart receiver for shadowsocks and a start/stop receiver for plugins...

References

• SIP003: https://github.com/shadowsocks/shadowsocks-org/issues/28;
• Previous discussion at: https://github.com/shadowsocks/shadowsocks-android/issues/1054#issuecomment-270568281.

Opinions are welcome!

Moving discussion from https://github.com/shadowsocks/shadowsocks-org/issues/154.

We are trying to make ACL handling of shadowsocks-android less hacky (for example https://github.com/shadowsocks/shadowsocks-libev/issues/2627), however, things seem challenging.

1. While shadowsocks-libev more or less takes the approach of doing async I/O via libev, libev requires you to manually keep track of your execution point to resume your connection processing. This makes extending functionalities error-prone and overall the code is hard to read. In fact, there are still traces of synchronous I/O in shadowsocks-libev (e.g. get_sockaddr), which could block the entire thread if network conditions are bad.
2. Modern programming language more or less solves this problem with coroutines, examples include golang/rust/c++20/Kotlin. However, go-shadowsocks2 (missed opportunity for go2shadowsocks btw) and shadowsocks-rust do not have support for ACL files yet. As we use really large ACL files, we need to integrate re2 or look for a regex library with similar performance. (golang stdlib does not suffice: https://github.com/golang/go/issues/11646)
3. Implementing everything in JVM is a bad idea since every byte array is going to be an object in GC heap, and there are no good Kotlin async I/O libraries either. It seems like there are similar issues in golang (objects escaping to heap) but I am not an expert in golang.
4. Doing PAC is going to be even more expensive than ACL since PAC is actually Javascript.

Thoughts are appreciated.

CC @madeye @riobard @zonyitoo

Environment

Win7 64bit

What did you do? I get source and set environment ANDROID_HOME,ANDROID_NDK_HOME ,GOROOT_BOOTSTRAP ,then do "git submodule update --init --recursive". last,I use "gradle build -stacktrace" then found it fialed as follows:

FAILURE: Build failed with an exception.

• What went wrong: The specified build file 'E:\work\myproject\workspace\jsq\code\sample_new\shadowsocks-android\uild' does not exist.

• Try: Run with --info or --debug option to get more log output. Run with --scan to get full insights.

• Exception is: java.lang.IllegalArgumentException: The specified build file 'E:\work\myproject\workspace\jsq\code\sample_new\shadowsocks-android\uild' does not exist. at org.gradle.tooling.internal.provider.StartParamsValidatingActionExecuter.execute(StartParamsValidatingActionExecuter.java:43) at org.gradle.tooling.internal.provider.StartParamsValidatingActionExecuter.execute(StartParamsValidatingActionExecuter.java:30) at org.gradle.tooling.internal.provider.SessionFailureReportingActionExecuter.execute(SessionFailureReportingActionExecuter.java:59) at org.gradle.tooling.internal.provider.SessionFailureReportingActionExecuter.execute(SessionFailureReportingActionExecuter.java:44) at org.gradle.tooling.internal.provider.SetupLoggingActionExecuter.execute(SetupLoggingActionExecuter.java:45) at org.gradle.tooling.internal.provider.SetupLoggingActionExecuter.execute(SetupLoggingActionExecuter.java:30) at org.gradle.launcher.daemon.server.exec.ExecuteBuild.doBuild(ExecuteBuild.java:67) at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:122) at org.gradle.launcher.daemon.server.exec.WatchForDisconnection.execute(WatchForDisconnection.java:37) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:122) at org.gradle.launcher.daemon.server.exec.ResetDeprecationLogger.execute(ResetDeprecationLogger.java:26) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:122) at org.gradle.launcher.daemon.server.exec.RequestStopIfSingleUsedDaemon.execute(RequestStopIfSingleUsedDaemon.java:34......... I wan't known what's my problem,thank you very much.

Please read FAQ then answer these questions before submitting your issue. Thanks!

Environment

• Android version: 7.1.1
• Device: 锤子坚果pro 2
• Shadowsocks version: 4.4.2
• Last version that did not exhibit the issue (if applicable):

Configuration

Put an x inside the [ ] that applies.

• [x] IPv4 server address
• [ ] IPv6 server address
• [x] Client IPv4 availability
• [ ] Client IPv6 availability
• Encrypt method:
• Route
  • [ ] All
  • [ ] Bypass LAN
  • [ ] Bypass China
  • [x] Bypass LAN & China
  • [ ] GFW List
  • [ ] China List
  • [ ] Custom rules
• [ ] IPv6 route
• [ ] Apps VPN mode
  • [ ] Bypass mode
• Remote DNS: 8.8.8.8
• [ ] DNS Forwarding
• Plugin configuration (if applicable):
• [ ] Auto Connect
• [ ] TCP Fast Open
• If you're not using VPN mode, please supply more details here:

What did you do?

Just install v4.4.2 and import my server config.

What did you expect to see?

Connect successfully.

What did you see instead?

后台服务启动失败：请选择配置文件

Can't import from file on Sony FW-65BU30J. The error tip is no permission on READ_DOCUMENT. And on the first time open this app, there also have no permission request for file access. I think it is a bug. Please fix it.

The AndroidTV version is 10.0.

PS: However, could you please add a feature that can input config manually? This is ridiculous that only can import config from file but can't manually add a connect config.

Please read contributing guidelines. Thanks.

Describe the bug kcptun plugin 只在 “GFWList” 模式下才能工作。在“全局”或者“绕过局域网或中国大陆地址”模式下会连不上。

To Reproduce

1. 安装并设置kcptun plugin
2. 选择“GFWList”模式
3. 启用并测试。会显示测试成功。
4. 停用并选择“全局”模式
5. 启用并测试。会显示测试失败。

Expected behavior “全局”模式下也应该能正常使用。

Screenshots 无。

Smartphone (please complete the following information):

• Android 13
• Device: Pixel 5
• Version: v5.2.6
• Last version that did not exhibit the issue: [not applicable]

Configuration Put an x inside the [ ] that applies.

• [x] IPv4 server address
• [ ] IPv6 server address
• [x] Client IPv4 availability
• [ ] Client IPv6 availability
• Encrypt method: chacha20-ietf-poly1305
• Route
  • [ ] All
  • [ ] Bypass LAN
  • [x] Bypass China
  • [x] Bypass LAN & China
  • [ ] GFW List
  • [ ] China List
  • [ ] Custom rules
• [ ] IPv6 route
• [ ] Apps VPN mode
  • [ ] Bypass mode
• Remote DNS: 8.8.8.8
• [ ] DNS over UDP
• Plugin configuration (if applicable): kcptun
• [ ] Auto Connect
• [ ] TCP Fast Open
• If you're not using VPN mode, please supply more details here:

Additional context 我还测试了在termux中运行kcptun，在shadowsocks中指定绕过termux。这种情况下“全局”模式是可以用。我怀疑是最近的android update搞坏了什么东西，因为在8或9月份的时候肯定是没有这个问题。

Please read contributing guidelines. Thanks.

Describe the bug From above version 5.0.4, the Android version of shadowsocks, shadowsocks-android no longer works on IPv6 only network, now it always resolves to IPv4 regardless of any configuration combination on both sides. PC clients like the rust and libev ports work as expected.

Server software: Arch Linux x86_64 with shadowsocks-rust 1.14.3 built from AUR Server network: IPv6 only Internet with IPv6 only dnscrypt client, no IPv4 local nor Internet address

To Reproduce Steps to reproduce the behavior:

1. Connect to the server using its IPv6 address directly
2. Click on Connected, tap to check connection
3. Success: HTTPS handshake took N ms
4. Open a browser, go to some dual stack sites, here web.telegram.org
5. The browser returnes error connection closed
6. On server side this line is registered on systemd: tcp tunnel [CLIENT_IPV6_ADDR]:40671 -> 149.154.167.99:443 connect failed, error: Network is unreachable (os error 101)
7. 149.154.167.99 is actually the A record of web.telegram.org

Expected behavior shadowsocks-android either has an option to select which IP version to resolve first or its resolution behavior is determined by server side configuration, which enables ipv6_only and ipv6_first

Screenshots If applicable, add screenshots to help explain your problem.

Smartphone (please complete the following information):

• Android/Chrome OS version: Android 9, PQ1A.190105.112
• Device: Essential Phone PH-1
• Version: 5.2.6
• Last version that did not exhibit the issue: 5.0.4

Configuration Put an x inside the [ ] that applies.

• [ ] IPv4 server address
• [x] IPv6 server address
• [ ] Client IPv4 availability
• [x] Client IPv6 availability
• Encrypt method: none
• Route
  • [ ] All
  • [ ] Bypass LAN
  • [ ] Bypass China
  • [x] Bypass LAN & China
  • [ ] GFW List
  • [ ] China List
  • [ ] Custom rules
• [x] IPv6 route
• [ ] Apps VPN mode
  • [ ] Bypass mode
• Remote DNS: dns.google
• [ ] DNS over UDP
• Plugin configuration (if applicable):
• [ ] Auto Connect
• [ ] TCP Fast Open
• If you're not using VPN mode, please supply more details here:

Additional context

1. Versions <= 5.0.4 work only if Bypass LAN & China route mode is selected, otherwise it will always resolve to IPv4 (For example you've selected All or GFWList)
2. The Connected, tap to check connection works without problem. When checking connection, it resolves dns.google to 2001:4860:4860::8844 at first and then establishes a connection with IPv6
3. Direct IPv6 connection without domain name resolution works without problem as well
4. Server side configuration:

{
    "server": "INBOUND_IPV6_ADDR",
    "server_port": 65535,
    "method": "none",
    "password": "PASSWORD",
    "local_address": "OUTBOUND_IPV6_ADDR",

    "dns": "udp://[::1]:53",
    "mode": "tcp_and_udp",

    "ipv6_first": true,
    "ipv6_only": true,

    "log": {
        "level": 1,
    },

}

I use custom rules, I actually add my configuration to an acl file by looking at the background configuration file.

I hope I can specify an ACL download address and use my ACL configuration completely.

Currently I compile the kcptun plugin by myself, let the plugin download my ACL at startup, and save it as bypass-lan-china.acl.

After testing, shadowsocks-android will also load bypass-lan-china.acl run on next boot.

I think I can do a function to directly download the prepared ACL file. My GET request will bring the md5 of the acl file in the http header, and the server will not be updated until the server check is inconsistent.

Is your feature request related to a problem? Please describe. Both for regular app users and server admins, it's really not clear what a subscription is or how it's implemented. I found the JSON documentation with some difficulty, but questions remain:

• Will the app fetch profiles in the background automatically? How often?
• Does the user still need to manually select a profile?
• Is there a "failover" mechanism if a profile is unavailable?
• Will old profiles that are no longer in the subscription config get deleted?

Describe the solution you'd like At least some clear documentation about all this. Maybe even a help button right in the subscription section of app? This can open a small info screen or even a link to a HOWTO/FAQ page somewhere here.