diff --git a/luci-app-mihomo/Makefile b/luci-app-mihomo/Makefile
index 196f40d4c..c930c382b 100644
--- a/luci-app-mihomo/Makefile
+++ b/luci-app-mihomo/Makefile
@@ -1,6 +1,6 @@
 include $(TOPDIR)/rules.mk
 
-PKG_VERSION:=1.16.0
+PKG_VERSION:=1.17.0
 
 LUCI_TITLE:=LuCI Support for mihomo
 LUCI_DEPENDS:=+luci-base +mihomo
diff --git a/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js b/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js
index 6264ef3d7..8c631f881 100644
--- a/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js
+++ b/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js
@@ -140,6 +140,10 @@ return view.extend({
         o.rmempty = false;
         o.value('0-65535', _('All Port'));
         o.value('123 443 8443', _('Commonly Used Port'));
+
+        o = s.taboption('bypass', form.DynamicList, 'bypass_dscp', _('Bypass DSCP'));
+        o.datatype = 'range(0, 63)';
+
         return m.render();
     }
 });
diff --git a/luci-app-mihomo/po/templates/mihomo.pot b/luci-app-mihomo/po/templates/mihomo.pot
index 43d9ac58e..68d3bb72f 100644
--- a/luci-app-mihomo/po/templates/mihomo.pot
+++ b/luci-app-mihomo/po/templates/mihomo.pot
@@ -61,6 +61,10 @@ msgstr ""
 msgid "Bypass China Mainland IP"
 msgstr ""
 
+#: applications/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js:144
+msgid "Bypass DSCP"
+msgstr ""
+
 #: applications/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js:124
 msgid "Bypass Group"
 msgstr ""
diff --git a/luci-app-mihomo/po/zh_Hans/mihomo.po b/luci-app-mihomo/po/zh_Hans/mihomo.po
index b3afaadd0..a9b62478a 100644
--- a/luci-app-mihomo/po/zh_Hans/mihomo.po
+++ b/luci-app-mihomo/po/zh_Hans/mihomo.po
@@ -68,6 +68,10 @@ msgstr "绕过"
 msgid "Bypass China Mainland IP"
 msgstr "绕过中国大陆 IP"
 
+#: applications/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js:144
+msgid "Bypass DSCP"
+msgstr "绕过 DSCP"
+
 #: applications/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js:124
 msgid "Bypass Group"
 msgstr "绕过用户组"
diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
index 7b625eaed..6653f5f74 100644
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@@ -1,5 +1,5 @@
 # Copyright (C) 2018-2020 L-WRT Team
-# Copyright (C) 2021-2023 xiaorouji
+# Copyright (C) 2021-2025 xiaorouji
 #
 # This is free software, licensed under the GNU General Public License v3.
 
diff --git a/luci-app-passwall/luasrc/controller/passwall.lua b/luci-app-passwall/luasrc/controller/passwall.lua
index 2ed0db401..c01e5ef27 100644
--- a/luci-app-passwall/luasrc/controller/passwall.lua
+++ b/luci-app-passwall/luasrc/controller/passwall.lua
@@ -1,10 +1,10 @@
 -- Copyright (C) 2018-2020 L-WRT Team
--- Copyright (C) 2021-2023 xiaorouji
+-- Copyright (C) 2021-2025 xiaorouji
 
 module("luci.controller.passwall", package.seeall)
 local api = require "luci.passwall.api"
-local appname = "passwall"			-- not available
-local uci = api.libuci		        -- in funtion index()
+local appname = "passwall"	-- not available
+local uci = api.uci			-- in funtion index()
 local fs = api.fs
 local http = require "luci.http"
 local util = require "luci.util"
@@ -17,8 +17,8 @@ function index()
 		else return end
 	end
 	local api = require "luci.passwall.api"
-	local appname = "passwall"			-- global definitions not available
-	local uci = api.libuci		        -- in function index()
+	local appname = "passwall"	-- global definitions not available
+	local uci = api.uci			-- in function index()
 	local fs = api.fs
 	entry({"admin", "services", appname}).dependent = true
 	entry({"admin", "services", appname, "reset_config"}, call("reset_config")).leaf = true
@@ -110,7 +110,7 @@ end
 
 function show_menu()
 	uci:delete(appname, "@global[0]", "hide_from_luci")
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 	luci.sys.call("rm -rf /tmp/luci-*")
 	luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
 	luci.http.redirect(api.url())
@@ -118,7 +118,7 @@ end
 
 function hide_menu()
 	uci:set(appname, "@global[0]", "hide_from_luci","1")
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 	luci.sys.call("rm -rf /tmp/luci-*")
 	luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
 	luci.http.redirect(luci.dispatcher.build_url("admin", "status", "overview"))
@@ -135,6 +135,7 @@ function socks_autoswitch_add_node()
 	local id = luci.http.formvalue("id")
 	local key = luci.http.formvalue("key")
 	if id and id ~= "" and key and key ~= "" then
+		uci:set(appname, id, "enable_autoswitch", "1")
 		local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
 		for i = #new_list, 1, -1 do
 			if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
@@ -146,8 +147,8 @@ function socks_autoswitch_add_node()
 				table.insert(new_list, e.id)
 			end
 		end
-		api.uci_set_list(uci, appname, id, "autoswitch_backup_node", new_list)
-		uci:commit(appname)
+		uci:set_list(appname, id, "autoswitch_backup_node", new_list)
+		api.uci_save(uci, appname)
 	end
 	luci.http.redirect(api.url("socks_config", id))
 end
@@ -156,14 +157,15 @@ function socks_autoswitch_remove_node()
 	local id = luci.http.formvalue("id")
 	local key = luci.http.formvalue("key")
 	if id and id ~= "" and key and key ~= "" then
+		uci:set(appname, id, "enable_autoswitch", "1")
 		local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
 		for i = #new_list, 1, -1 do
 			if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
 				table.remove(new_list, i)
 			end
 		end
-		api.uci_set_list(uci, appname, id, "autoswitch_backup_node", new_list)
-		uci:commit(appname)
+		uci:set_list(appname, id, "autoswitch_backup_node", new_list)
+		api.uci_save(uci, appname)
 	end
 	luci.http.redirect(api.url("socks_config", id))
 end
@@ -353,7 +355,7 @@ function set_node()
 	local protocol = luci.http.formvalue("protocol")
 	local section = luci.http.formvalue("section")
 	uci:set(appname, "@global[0]", protocol .. "_node", section)
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 	luci.sys.call("/etc/init.d/passwall restart > /dev/null 2>&1 &")
 	luci.http.redirect(api.url("log"))
 end
@@ -361,7 +363,7 @@ end
 function copy_node()
 	local section = luci.http.formvalue("section")
 	local uuid = api.gen_short_uuid()
-	api.uci_section(uci, appname, "nodes", uuid)
+	uci:section(appname, "nodes", uuid)
 	for k, v in pairs(uci:get_all(appname, section)) do
 		local filter = k:find("%.")
 		if filter and filter == 1 then
@@ -375,7 +377,7 @@ function copy_node()
 	end
 	uci:delete(appname, uuid, "add_from")
 	uci:set(appname, uuid, "add_mode", 1)
-	uci:commit(appname)
+	api.uci_save(uci, appname)
 	luci.http.redirect(api.url("node_config", uuid))
 end
 
@@ -385,7 +387,7 @@ function clear_all_nodes()
 	uci:delete(appname, '@global[0]', "udp_node")
 	uci:foreach(appname, "socks", function(t)
 		uci:delete(appname, t[".name"])
-		api.uci_set_list(uci, appname, t[".name"], "autoswitch_backup_node", {})
+		uci:set_list(appname, t[".name"], "autoswitch_backup_node", {})
 	end)
 	uci:foreach(appname, "haproxy_config", function(t)
 		uci:delete(appname, t[".name"])
@@ -398,7 +400,7 @@ function clear_all_nodes()
 		uci:delete(appname, node['.name'])
 	end)
 
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 	luci.sys.call("/etc/init.d/" .. appname .. " stop")
 end
 
@@ -421,7 +423,7 @@ function delete_select_nodes()
 					table.remove(auto_switch_node_list, i)
 				end
 			end
-			api.uci_set_list(uci, appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list)
+			uci:set_list(appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list)
 		end)
 		uci:foreach(appname, "haproxy_config", function(t)
 			if t["lbss"] == w then
@@ -448,7 +450,7 @@ function delete_select_nodes()
 		end)
 		uci:delete(appname, w)
 	end)
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 	luci.sys.call("/etc/init.d/" .. appname .. " restart > /dev/null 2>&1 &")
 end
 
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/socks_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/socks_config.lua
index bc1ab22d8..1e70f23fa 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/socks_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/socks_config.lua
@@ -123,6 +123,8 @@ for k, v in pairs(nodes_table) do
 	socks_node:value(v.id, v["remark"])
 end
 
-m:append(Template(appname .. "/socks_auto_switch/footer"))
+o = s:option(DummyValue, "btn", " ")
+o.template = appname .. "/socks_auto_switch/btn"
+o:depends("enable_autoswitch", true)
 
 return m
diff --git a/luci-app-passwall/luasrc/passwall/api.lua b/luci-app-passwall/luasrc/passwall/api.lua
index c866607ce..1dbeb84ad 100644
--- a/luci-app-passwall/luasrc/passwall/api.lua
+++ b/luci-app-passwall/luasrc/passwall/api.lua
@@ -3,6 +3,7 @@ local com = require "luci.passwall.com"
 bin = require "nixio".bin
 fs = require "nixio.fs"
 sys = require "luci.sys"
+uci = require "luci.model.uci".cursor()
 libuci = require "uci".cursor()
 util = require "luci.util"
 datatypes = require "luci.cbi.datatypes"
@@ -30,6 +31,10 @@ function log(...)
 	end
 end
 
+function is_js_luci()
+	return sys.call('[ -f "/www/luci-static/resources/uci.js" ]') == 0
+end
+
 function uci_set_list(cursor, config, section, option, value)
 	if config and section and option then
 		if not value or #value == 0 then
@@ -55,24 +60,48 @@ function uci_section(cursor, config, type, name, values)
 	return stat and name
 end
 
+function uci_save(cursor, config, commit, apply)
+	if is_js_luci() then
+		commit = true
+		if commit then
+			if apply then
+				cursor:commit(config)
+			else
+				sh_uci_commit(config)
+			end
+		end
+	else
+		cursor:save(config)
+		if commit then
+			cursor:commit(config)
+			if apply then
+				sys.call("/etc/init.d/" .. config .. " reload > /dev/null 2>&1 &")
+			end
+		end
+	end
+end
+
 function sh_uci_get(config, section, option)
 	exec_call(string.format("uci -q get %s.%s.%s", config, section, option))
-	exec_call(string.format("uci -q commit %s", config))
 end
 
-function sh_uci_set(config, section, option, val)
+function sh_uci_set(config, section, option, val, commit)
 	exec_call(string.format("uci -q set %s.%s.%s=\"%s\"", config, section, option, val))
-	exec_call(string.format("uci -q commit %s", config))
+	if commit then sh_uci_commit(config) end
 end
 
-function sh_uci_del(config, section, option)
+function sh_uci_del(config, section, option, commit)
 	exec_call(string.format("uci -q delete %s.%s.%s", config, section, option))
-	exec_call(string.format("uci -q commit %s", config))
+	if commit then sh_uci_commit(config) end
 end
 
-function sh_uci_add_list(config, section, option, val)
+function sh_uci_add_list(config, section, option, val, commit)
 	exec_call(string.format("uci -q del_list %s.%s.%s=\"%s\"", config, section, option, val))
 	exec_call(string.format("uci -q add_list %s.%s.%s=\"%s\"", config, section, option, val))
+	if commit then sh_uci_commit(config) end
+end
+
+function sh_uci_commit(config)
 	exec_call(string.format("uci -q commit %s", config))
 end
 
@@ -175,7 +204,7 @@ end
 
 function curl_direct(url, file, args)
 	--直连访问
-	local chn_list = libuci:get(appname, "@global[0]", "chn_list") or "direct"
+	local chn_list = uci:get(appname, "@global[0]", "chn_list") or "direct"
 	local Dns = (chn_list == "proxy") and "1.1.1.1" or "223.5.5.5"
 	if not args then args = {} end
 	local tmp_args = clone(args)
@@ -419,30 +448,10 @@ function get_domain_from_url(url)
 	return url
 end
 
-function get_node_name(node_id)
-	local e
-	if type(node_id) == "table" then
-		e = node_id
-	else
-		e = libuci:get_all(appname, node_id)
-	end
-	if e then
-		if e.type and e.remarks then
-			if e.protocol and (e.protocol == "_balancing" or e.protocol == "_shunt" or e.protocol == "_iface") then
-				local type = e.type
-				if type == "sing-box" then type = "Sing-Box" end
-				local remark = "%s：[%s] " % {type .. " " .. i18n.translatef(e.protocol), e.remarks}
-				return remark
-			end
-		end
-	end
-	return ""
-end
-
 function get_valid_nodes()
 	local show_node_info = uci_get_type("@global_other[0]", "show_node_info", "0")
 	local nodes = {}
-	libuci:foreach(appname, "nodes", function(e)
+	uci:foreach(appname, "nodes", function(e)
 		e.id = e[".name"]
 		if e.type and e.remarks then
 			if e.protocol and (e.protocol == "_balancing" or e.protocol == "_shunt" or e.protocol == "_iface") then
@@ -539,7 +548,7 @@ function gen_short_uuid()
 end
 
 function uci_get_type(type, config, default)
-	local value = libuci:get(appname, type, config) or default
+	local value = uci:get(appname, type, config) or default
 	if (value == nil or value == "") and (default and default ~= "") then
 		value = default
 	end
diff --git a/luci-app-passwall/luasrc/passwall/server_app.lua b/luci-app-passwall/luasrc/passwall/server_app.lua
index ef267c649..50357056b 100644
--- a/luci-app-passwall/luasrc/passwall/server_app.lua
+++ b/luci-app-passwall/luasrc/passwall/server_app.lua
@@ -3,7 +3,7 @@
 local action = arg[1]
 local api = require "luci.passwall.api"
 local sys = api.sys
-local uci = api.libuci
+local uci = api.uci
 local jsonc = api.jsonc
 
 local CONFIG = "passwall_server"
diff --git a/luci-app-passwall/luasrc/passwall/util_hysteria2.lua b/luci-app-passwall/luasrc/passwall/util_hysteria2.lua
index 12afe6874..b818aadbf 100644
--- a/luci-app-passwall/luasrc/passwall/util_hysteria2.lua
+++ b/luci-app-passwall/luasrc/passwall/util_hysteria2.lua
@@ -1,6 +1,6 @@
 module("luci.passwall.util_hysteria2", package.seeall)
 local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
 local jsonc = api.jsonc
 
 function gen_config_server(node)
diff --git a/luci-app-passwall/luasrc/passwall/util_naiveproxy.lua b/luci-app-passwall/luasrc/passwall/util_naiveproxy.lua
index b6ef39b3b..ee095c1e6 100644
--- a/luci-app-passwall/luasrc/passwall/util_naiveproxy.lua
+++ b/luci-app-passwall/luasrc/passwall/util_naiveproxy.lua
@@ -1,6 +1,6 @@
 module("luci.passwall.util_naiveproxy", package.seeall)
 local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
 local jsonc = api.jsonc
 
 function gen_config(var)
diff --git a/luci-app-passwall/luasrc/passwall/util_shadowsocks.lua b/luci-app-passwall/luasrc/passwall/util_shadowsocks.lua
index 5e724e77b..e6080001b 100644
--- a/luci-app-passwall/luasrc/passwall/util_shadowsocks.lua
+++ b/luci-app-passwall/luasrc/passwall/util_shadowsocks.lua
@@ -1,6 +1,6 @@
 module("luci.passwall.util_shadowsocks", package.seeall)
 local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
 local jsonc = api.jsonc
 
 function gen_config_server(node)
diff --git a/luci-app-passwall/luasrc/passwall/util_sing-box.lua b/luci-app-passwall/luasrc/passwall/util_sing-box.lua
index e6cdbc7d3..bfa24b46c 100644
--- a/luci-app-passwall/luasrc/passwall/util_sing-box.lua
+++ b/luci-app-passwall/luasrc/passwall/util_sing-box.lua
@@ -1,6 +1,6 @@
 module("luci.passwall.util_sing-box", package.seeall)
 local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
 local sys = api.sys
 local jsonc = api.jsonc
 local appname = "passwall"
diff --git a/luci-app-passwall/luasrc/passwall/util_trojan.lua b/luci-app-passwall/luasrc/passwall/util_trojan.lua
index 31bd67a4a..848b689a5 100644
--- a/luci-app-passwall/luasrc/passwall/util_trojan.lua
+++ b/luci-app-passwall/luasrc/passwall/util_trojan.lua
@@ -1,6 +1,6 @@
 module("luci.passwall.util_trojan", package.seeall)
 local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
 local json = api.jsonc
 
 function gen_config_server(node)
diff --git a/luci-app-passwall/luasrc/passwall/util_tuic.lua b/luci-app-passwall/luasrc/passwall/util_tuic.lua
index be00dcb8c..e138b6da5 100644
--- a/luci-app-passwall/luasrc/passwall/util_tuic.lua
+++ b/luci-app-passwall/luasrc/passwall/util_tuic.lua
@@ -1,6 +1,6 @@
 module("luci.passwall.util_tuic", package.seeall)
 local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
 local json = api.jsonc
 
 function gen_config(var)
diff --git a/luci-app-passwall/luasrc/passwall/util_xray.lua b/luci-app-passwall/luasrc/passwall/util_xray.lua
index c3ac56c20..828b7681f 100644
--- a/luci-app-passwall/luasrc/passwall/util_xray.lua
+++ b/luci-app-passwall/luasrc/passwall/util_xray.lua
@@ -1,6 +1,6 @@
 module("luci.passwall.util_xray", package.seeall)
 local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
 local sys = api.sys
 local jsonc = api.jsonc
 local appname = "passwall"
diff --git a/luci-app-passwall/luasrc/view/passwall/socks_auto_switch/footer.htm b/luci-app-passwall/luasrc/view/passwall/socks_auto_switch/btn.htm
similarity index 63%
rename from luci-app-passwall/luasrc/view/passwall/socks_auto_switch/footer.htm
rename to luci-app-passwall/luasrc/view/passwall/socks_auto_switch/btn.htm
index 067b97876..287c1d2f4 100644
--- a/luci-app-passwall/luasrc/view/passwall/socks_auto_switch/footer.htm
+++ b/luci-app-passwall/luasrc/view/passwall/socks_auto_switch/btn.htm
@@ -19,5 +19,7 @@ local api = require "luci.passwall.api"
 	}
 	//]]>
 </script>
-<input class="btn cbi-button cbi-button-add" type="button" onclick="add_node_by_key()" value="<%:Add nodes to the standby node list by keywords%>" />
-<input class="btn cbi-button cbi-button-remove" type="button" onclick="remove_node_by_key()" value="<%:Delete nodes in the standby node list by keywords%>" />
\ No newline at end of file
+<div id="cbi-<%=self.config.."-"..section.."-"..self.option%>" data-index="<%=self.index%>" data-depends="<%=pcdata(self:deplist2json(section))%>">
+	<input class="btn cbi-button cbi-button-add" type="button" onclick="add_node_by_key()" value="<%:Add nodes to the standby node list by keywords%>" />
+	<input class="btn cbi-button cbi-button-remove" type="button" onclick="remove_node_by_key()" value="<%:Delete nodes in the standby node list by keywords%>" />
+</div>
\ No newline at end of file
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index eafa62591..57b989bd2 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # Copyright (C) 2018-2020 L-WRT Team
-# Copyright (C) 2021-2023 xiaorouji
+# Copyright (C) 2021-2025 xiaorouji
 
 . $IPKG_INSTROOT/lib/functions.sh
 . $IPKG_INSTROOT/lib/functions/service.sh
@@ -417,8 +417,8 @@ run_ipt2socks() {
 }
 
 run_singbox() {
-	local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
-	local dns_listen_port direct_dns_port direct_dns_udp_server direct_dns_tcp_server direct_dns_dot_server remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port
+	local flag type node tcp_redir_port tcp_proxy_way udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
+	local dns_listen_port direct_dns_query_strategy direct_dns_port direct_dns_udp_server direct_dns_tcp_server direct_dns_dot_server remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port
 	local loglevel log_file config_file server_host server_port
 	local _extra_param=""
 	eval_set_val $@
@@ -448,6 +448,7 @@ run_singbox() {
 	[ -n "$server_host" ] && _extra_param="${_extra_param} -server_host $server_host"
 	[ -n "$server_port" ] && _extra_param="${_extra_param} -server_port $server_port"
 	[ -n "$tcp_redir_port" ] && _extra_param="${_extra_param} -tcp_redir_port $tcp_redir_port"
+	[ -n "$tcp_proxy_way" ] && _extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
 	[ -n "$udp_redir_port" ] && _extra_param="${_extra_param} -udp_redir_port $udp_redir_port"
 	[ -n "$socks_address" ] && _extra_param="${_extra_param} -local_socks_address $socks_address"
 	[ -n "$socks_port" ] && _extra_param="${_extra_param} -local_socks_port $socks_port"
@@ -474,7 +475,8 @@ run_singbox() {
 		direct_dns_port=$(echo ${local_dns} | awk -F '#' '{print $2}')
 	fi
 	_extra_param="${_extra_param} -direct_dns_port ${direct_dns_port:-53}"
-	_extra_param="${_extra_param} -direct_dns_query_strategy ${DIRECT_DNS_QUERY_STRATEGY}"
+	direct_dns_query_strategy=${direct_dns_query_strategy:-UseIP}
+	_extra_param="${_extra_param} -direct_dns_query_strategy ${direct_dns_query_strategy}"
 
 	[ -n "$remote_dns_query_strategy" ] && _extra_param="${_extra_param} -remote_dns_query_strategy ${remote_dns_query_strategy}"
 	case "$remote_dns_protocol" in
@@ -493,14 +495,13 @@ run_singbox() {
 	esac
 	[ -n "$remote_dns_client_ip" ] && _extra_param="${_extra_param} -remote_dns_client_ip ${remote_dns_client_ip}"
 	[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1"
-	_extra_param="${_extra_param} -tcp_proxy_way ${TCP_PROXY_WAY}"
 	lua $UTIL_SINGBOX gen_config ${_extra_param} > $config_file
 	ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" $log_file run -c "$config_file"
 }
 
 run_xray() {
-	local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
-	local dns_listen_port remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port
+	local flag type node tcp_redir_port tcp_proxy_way udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
+	local dns_listen_port direct_dns_query_strategy remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port
 	local loglevel log_file config_file server_host server_port
 	local _extra_param=""
 	eval_set_val $@
@@ -519,6 +520,7 @@ run_xray() {
 	[ -n "$server_host" ] && _extra_param="${_extra_param} -server_host $server_host"
 	[ -n "$server_port" ] && _extra_param="${_extra_param} -server_port $server_port"
 	[ -n "$tcp_redir_port" ] && _extra_param="${_extra_param} -tcp_redir_port $tcp_redir_port"
+	[ -n "$tcp_proxy_way" ] && _extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
 	[ -n "$udp_redir_port" ] && _extra_param="${_extra_param} -udp_redir_port $udp_redir_port"
 	[ -n "$socks_address" ] && _extra_param="${_extra_param} -local_socks_address $socks_address"
 	[ -n "$socks_port" ] && _extra_param="${_extra_param} -local_socks_port $socks_port"
@@ -528,7 +530,8 @@ run_xray() {
 	[ -n "$http_username" ] && [ -n "$http_password" ] && _extra_param="${_extra_param} -local_http_username $http_username -local_http_password $http_password"
 	[ -n "$dns_socks_address" ] && [ -n "$dns_socks_port" ] && _extra_param="${_extra_param} -dns_socks_address ${dns_socks_address} -dns_socks_port ${dns_socks_port}"
 	[ -n "$dns_listen_port" ] && _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port}"
-	_extra_param="${_extra_param} -direct_dns_query_strategy ${DIRECT_DNS_QUERY_STRATEGY}"
+	direct_dns_query_strategy=${direct_dns_query_strategy:-UseIP}
+	_extra_param="${_extra_param} -direct_dns_query_strategy ${direct_dns_query_strategy}"
 	[ -n "$remote_dns_query_strategy" ] && _extra_param="${_extra_param} -remote_dns_query_strategy ${remote_dns_query_strategy}"
 	[ -n "$remote_dns_client_ip" ] && _extra_param="${_extra_param} -remote_dns_client_ip ${remote_dns_client_ip}"
 	[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1"
@@ -545,7 +548,6 @@ run_xray() {
 		[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_doh_ip ${_doh_bootstrap}"
 		_extra_param="${_extra_param} -remote_dns_doh_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
 	}
-	_extra_param="${_extra_param} -tcp_proxy_way ${TCP_PROXY_WAY}"
 	_extra_param="${_extra_param} -loglevel $loglevel"
 	lua $UTIL_XRAY gen_config ${_extra_param} > $config_file
 	ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file run -c "$config_file"
@@ -924,7 +926,7 @@ run_redir() {
 				}
 				NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1)
 			}
-			run_singbox flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args}
+			run_singbox flag=$_flag node=$node tcp_redir_port=$local_port tcp_proxy_way=$TCP_PROXY_WAY config_file=$config_file log_file=$log_file ${_args}
 		;;
 		xray)
 			local _flag="TCP"
@@ -982,7 +984,7 @@ run_redir() {
 				}
 				NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1)
 			}
-			run_xray flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args}
+			run_xray flag=$_flag node=$node tcp_redir_port=$local_port tcp_proxy_way=$TCP_PROXY_WAY config_file=$config_file log_file=$log_file ${_args}
 		;;
 		trojan*)
 			[ "${TCP_PROXY_WAY}" = "tproxy" ] && lua_tproxy_arg="-use_tproxy true"
@@ -1424,6 +1426,7 @@ start_dns() {
 			local log_file=/dev/null
 			local _args="type=$DNS_MODE config_file=$config_file log_file=$log_file"
 			[ "${DNS_CACHE}" == "0" ] && _args="${_args} dns_cache=0"
+			_args="${_args} direct_dns_query_strategy=${DIRECT_DNS_QUERY_STRATEGY}"
 			_args="${_args} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY}"
 			DNSMASQ_FILTER_PROXY_IPV6=0
 			local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip)
@@ -1459,6 +1462,7 @@ start_dns() {
 			local log_file=/dev/null
 			local _args="type=$DNS_MODE config_file=$config_file log_file=$log_file"
 			[ "${DNS_CACHE}" == "0" ] && _args="${_args} dns_cache=0"
+			_args="${_args} direct_dns_query_strategy=${DIRECT_DNS_QUERY_STRATEGY}"
 			_args="${_args} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY}"
 			DNSMASQ_FILTER_PROXY_IPV6=0
 			local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip)
diff --git a/luci-app-passwall/root/usr/share/passwall/haproxy.lua b/luci-app-passwall/root/usr/share/passwall/haproxy.lua
index 7efaaeb78..67366ae1f 100644
--- a/luci-app-passwall/root/usr/share/passwall/haproxy.lua
+++ b/luci-app-passwall/root/usr/share/passwall/haproxy.lua
@@ -4,7 +4,7 @@ local api = require ("luci.passwall.api")
 local appname = "passwall"
 local fs = api.fs
 local jsonc = api.jsonc
-local uci = api.libuci
+local uci = api.uci
 local sys = api.sys
 
 local log = function(...)
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
index 981578adb..061615370 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
@@ -21,7 +21,7 @@ local NFTFLAG = var["-NFTFLAG"]
 local REMOTE_FAKEDNS = var["-REMOTE_FAKEDNS"]
 local LOG_FILE = var["-LOG_FILE"]
 
-local uci = api.libuci
+local uci = api.uci
 local sys = api.sys
 local fs = api.fs
 local datatypes = api.datatypes
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.lua b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.lua
index b168d73e1..165ed51fc 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.lua
@@ -1,6 +1,6 @@
 local api = require "luci.passwall.api"
 local appname = "passwall"
-local uci = api.libuci
+local uci = api.uci
 local sys = api.sys
 local fs = api.fs
 local datatypes = api.datatypes
@@ -25,7 +25,7 @@ local function backup_servers()
 	local DNSMASQ_DNS = uci:get("dhcp", "@dnsmasq[0]", "server")
 	if DNSMASQ_DNS and #DNSMASQ_DNS > 0 then
 		uci:set(appname, "@global[0]", "dnsmasq_servers", DNSMASQ_DNS)
-		uci:commit(appname)
+		api.uci_save(uci, appname, true)
 	end
 end
 
@@ -43,11 +43,11 @@ local function restore_servers()
 			tinsert(dns_table, v)
 		end
 		uci:delete(appname, "@global[0]", "dnsmasq_servers")
-		uci:commit(appname)
+		api.uci_save(uci, appname, true)
 	end
 	if dns_table and #dns_table > 0 then
-		api.uci_set_list(uci, "dhcp", "@dnsmasq[0]", "server", dns_table)
-		uci:commit("dhcp")
+		uci:set_list("dhcp", "@dnsmasq[0]", "server", dns_table)
+		api.uci_save(uci, "dhcp", true)
 	end
 end
 
@@ -76,7 +76,7 @@ function stretch()
 			end
 		end
 		uci:set("dhcp", "@dnsmasq[0]", "resolvfile", RESOLVFILE)
-		uci:commit("dhcp")
+		api.uci_save(uci, "dhcp", true)
 	end
 end
 
@@ -102,8 +102,8 @@ function logic_restart(var)
 					tinsert(dns_table, v)
 				end
 			end
-			api.uci_set_list(uci, "dhcp", "@dnsmasq[0]", "server", dns_table)
-			uci:commit("dhcp")
+			uci:set_list("dhcp", "@dnsmasq[0]", "server", dns_table)
+			api.uci_save(uci, "dhcp", true)
 		end
 		sys.call("/etc/init.d/dnsmasq restart >/dev/null 2>&1")
 		restore_servers()
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
index 16e1419d9..ed0fa0bfc 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
@@ -28,7 +28,7 @@ local CACHE_FLAG = "smartdns_" .. FLAG
 local CACHE_DNS_PATH = CACHE_PATH .. "/" .. CACHE_FLAG
 local CACHE_DNS_FILE = CACHE_DNS_PATH .. ".conf"
 
-local uci = api.libuci
+local uci = api.uci
 local sys = api.sys
 local fs = api.fs
 local datatypes = api.datatypes
diff --git a/luci-app-passwall/root/usr/share/passwall/rule_update.lua b/luci-app-passwall/root/usr/share/passwall/rule_update.lua
index e399a70e8..f0ffc645e 100755
--- a/luci-app-passwall/root/usr/share/passwall/rule_update.lua
+++ b/luci-app-passwall/root/usr/share/passwall/rule_update.lua
@@ -2,7 +2,7 @@
 
 local api = require ("luci.passwall.api")
 local name = api.appname
-local uci = api.libuci
+local uci = api.uci
 local sys = api.sys
 local jsonc = api.jsonc
 local fs = api.fs
@@ -469,7 +469,7 @@ uci:set(name, "@global_rules[0]", "chnroute6_update", chnroute6_update)
 uci:set(name, "@global_rules[0]", "chnlist_update", chnlist_update)
 uci:set(name, "@global_rules[0]", "geoip_update", geoip_update)
 uci:set(name, "@global_rules[0]", "geosite_update", geosite_update)
-uci:commit(name)
+api.uci_save(uci, name, true)
 
 if reboot == 1 then
 	if arg3 == "cron" then
diff --git a/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/luci-app-passwall/root/usr/share/passwall/subscribe.lua
index 8f66cef70..696c18e78 100755
--- a/luci-app-passwall/root/usr/share/passwall/subscribe.lua
+++ b/luci-app-passwall/root/usr/share/passwall/subscribe.lua
@@ -1312,7 +1312,7 @@ local function truncate_nodes(add_from)
 			end
 		end
 	end)
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 end
 
 local function select_node(nodes, config)
@@ -1464,7 +1464,7 @@ local function update_node(manual)
 			end
 		end
 	end
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 
 	if next(CONFIG) then
 		local nodes = {}
@@ -1499,7 +1499,7 @@ local function update_node(manual)
 		end
 		]]--
 
-		uci:commit(appname)
+		api.uci_save(uci, appname, true)
 	end
 
 	if arg[3] == "cron" then
diff --git a/luci-app-passwall2/Makefile b/luci-app-passwall2/Makefile
index a6d87a8da..2ef577c36 100644
--- a/luci-app-passwall2/Makefile
+++ b/luci-app-passwall2/Makefile
@@ -1,4 +1,4 @@
-# Copyright (C) 2022-2023 xiaorouji
+# Copyright (C) 2022-2025 xiaorouji
 #
 # This is free software, licensed under the GNU General Public License v3.
 
diff --git a/luci-app-passwall2/luasrc/controller/passwall2.lua b/luci-app-passwall2/luasrc/controller/passwall2.lua
index 56b59097b..7cd9e8252 100644
--- a/luci-app-passwall2/luasrc/controller/passwall2.lua
+++ b/luci-app-passwall2/luasrc/controller/passwall2.lua
@@ -1,9 +1,9 @@
--- Copyright (C) 2022-2023 xiaorouji
+-- Copyright (C) 2022-2025 xiaorouji
 
 module("luci.controller.passwall2", package.seeall)
 local api = require "luci.passwall2.api"
-local appname = api.appname			-- not available
-local uci = api.libuci		        -- in funtion index()
+local appname = api.appname		-- not available
+local uci = api.uci				-- in funtion index()
 local http = require "luci.http"
 local util = require "luci.util"
 local i18n = require "luci.i18n"
@@ -15,8 +15,8 @@ function index()
 		else return end
 	end
 	local api = require "luci.passwall2.api"
-	local appname = "passwall2"			-- global definitions not available
-	local uci = api.libuci		        -- in function index()
+	local appname = api.appname		-- global definitions not available
+	local uci = api.uci				-- in function index()
 	entry({"admin", "services", appname}).dependent = true
 	entry({"admin", "services", appname, "reset_config"}, call("reset_config")).leaf = true
 	entry({"admin", "services", appname, "show"}, call("show_menu")).leaf = true
@@ -99,7 +99,7 @@ end
 
 function show_menu()
 	uci:delete(appname, "@global[0]", "hide_from_luci")
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 	luci.sys.call("rm -rf /tmp/luci-*")
 	luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
 	luci.http.redirect(api.url())
@@ -107,7 +107,7 @@ end
 
 function hide_menu()
 	uci:set(appname, "@global[0]", "hide_from_luci","1")
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 	luci.sys.call("rm -rf /tmp/luci-*")
 	luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
 	luci.http.redirect(luci.dispatcher.build_url("admin", "status", "overview"))
@@ -124,6 +124,7 @@ function socks_autoswitch_add_node()
 	local id = luci.http.formvalue("id")
 	local key = luci.http.formvalue("key")
 	if id and id ~= "" and key and key ~= "" then
+		uci:set(appname, id, "enable_autoswitch", "1")
 		local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
 		for i = #new_list, 1, -1 do
 			if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
@@ -135,8 +136,8 @@ function socks_autoswitch_add_node()
 				table.insert(new_list, e.id)
 			end
 		end
-		api.uci_set_list(uci, appname, id, "autoswitch_backup_node", new_list)
-		uci:commit(appname)
+		uci:set_list(appname, id, "autoswitch_backup_node", new_list)
+		api.uci_save(uci, appname)
 	end
 	luci.http.redirect(api.url("socks_config", id))
 end
@@ -145,14 +146,15 @@ function socks_autoswitch_remove_node()
 	local id = luci.http.formvalue("id")
 	local key = luci.http.formvalue("key")
 	if id and id ~= "" and key and key ~= "" then
+		uci:set(appname, id, "enable_autoswitch", "1")
 		local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
 		for i = #new_list, 1, -1 do
 			if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
 				table.remove(new_list, i)
 			end
 		end
-		api.uci_set_list(uci, appname, id, "autoswitch_backup_node", new_list)
-		uci:commit(appname)
+		uci:set_list(appname, id, "autoswitch_backup_node", new_list)
+		api.uci_save(uci, appname)
 	end
 	luci.http.redirect(api.url("socks_config", id))
 end
@@ -292,7 +294,7 @@ function set_node()
 	local config = luci.http.formvalue("config")
 	local section = luci.http.formvalue("section")
 	uci:set(appname, type, config, section)
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 	luci.sys.call("/etc/init.d/passwall2 restart > /dev/null 2>&1 &")
 	luci.http.redirect(api.url("log"))
 end
@@ -300,7 +302,7 @@ end
 function copy_node()
 	local section = luci.http.formvalue("section")
 	local uuid = api.gen_short_uuid()
-	api.uci_section(uci, appname, "nodes", uuid)
+	uci:section(appname, "nodes", uuid)
 	for k, v in pairs(uci:get_all(appname, section)) do
 		local filter = k:find("%.")
 		if filter and filter == 1 then
@@ -314,7 +316,7 @@ function copy_node()
 	end
 	uci:delete(appname, uuid, "add_from")
 	uci:set(appname, uuid, "add_mode", 1)
-	uci:commit(appname)
+	api.uci_save(uci, appname)
 	luci.http.redirect(api.url("node_config", uuid))
 end
 
@@ -323,7 +325,7 @@ function clear_all_nodes()
 	uci:delete(appname, '@global[0]', "node")
 	uci:foreach(appname, "socks", function(t)
 		uci:delete(appname, t[".name"])
-		api.uci_set_list(uci, appname, t[".name"], "autoswitch_backup_node", {})
+		uci:set_list(appname, t[".name"], "autoswitch_backup_node", {})
 	end)
 	uci:foreach(appname, "haproxy_config", function(t)
 		uci:delete(appname, t[".name"])
@@ -334,8 +336,7 @@ function clear_all_nodes()
 	uci:foreach(appname, "nodes", function(node)
 		uci:delete(appname, node['.name'])
 	end)
-
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 	luci.sys.call("/etc/init.d/" .. appname .. " stop")
 end
 
@@ -355,7 +356,7 @@ function delete_select_nodes()
 					table.remove(auto_switch_node_list, i)
 				end
 			end
-			api.uci_set_list(uci, appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list)
+			uci:set_list(appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list)
 		end)
 		uci:foreach(appname, "haproxy_config", function(t)
 			if t["lbss"] == w then
@@ -379,7 +380,7 @@ function delete_select_nodes()
 		end)
 		uci:delete(appname, w)
 	end)
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 	luci.sys.call("/etc/init.d/" .. appname .. " restart > /dev/null 2>&1 &")
 end
 
diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua
index e5bc0ca9d..fa87ec045 100644
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua
@@ -118,6 +118,8 @@ for k, v in pairs(nodes_table) do
 	socks_node:value(v.id, v["remark"])
 end
 
-m:append(Template(appname .. "/socks_auto_switch/footer"))
+o = s:option(DummyValue, "btn", " ")
+o.template = appname .. "/socks_auto_switch/btn"
+o:depends("enable_autoswitch", true)
 
 return m
diff --git a/luci-app-passwall2/luasrc/passwall2/api.lua b/luci-app-passwall2/luasrc/passwall2/api.lua
index 855194b41..25a96da5e 100644
--- a/luci-app-passwall2/luasrc/passwall2/api.lua
+++ b/luci-app-passwall2/luasrc/passwall2/api.lua
@@ -55,24 +55,48 @@ function uci_section(cursor, config, type, name, values)
 	return stat and name
 end
 
+function uci_save(cursor, config, commit, apply)
+	if is_js_luci() then
+		commit = true
+		if commit then
+			if apply then
+				cursor:commit(config)
+			else
+				sh_uci_commit(config)
+			end
+		end
+	else
+		cursor:save(config)
+		if commit then
+			cursor:commit(config)
+			if apply then
+				sys.call("/etc/init.d/" .. config .. " reload > /dev/null 2>&1 &")
+			end
+		end
+	end
+end
+
 function sh_uci_get(config, section, option)
 	exec_call(string.format("uci -q get %s.%s.%s", config, section, option))
-	exec_call(string.format("uci -q commit %s", config))
 end
 
-function sh_uci_set(config, section, option, val)
+function sh_uci_set(config, section, option, val, commit)
 	exec_call(string.format("uci -q set %s.%s.%s=\"%s\"", config, section, option, val))
-	exec_call(string.format("uci -q commit %s", config))
+	if commit then sh_uci_commit(config) end
 end
 
-function sh_uci_del(config, section, option)
+function sh_uci_del(config, section, option, commit)
 	exec_call(string.format("uci -q delete %s.%s.%s", config, section, option))
-	exec_call(string.format("uci -q commit %s", config))
+	if commit then sh_uci_commit(config) end
 end
 
-function sh_uci_add_list(config, section, option, val)
+function sh_uci_add_list(config, section, option, val, commit)
 	exec_call(string.format("uci -q del_list %s.%s.%s=\"%s\"", config, section, option, val))
 	exec_call(string.format("uci -q add_list %s.%s.%s=\"%s\"", config, section, option, val))
+	if commit then sh_uci_commit(config) end
+end
+
+function sh_uci_commit(config)
 	exec_call(string.format("uci -q commit %s", config))
 end
 
diff --git a/luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/footer.htm b/luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/btn.htm
similarity index 63%
rename from luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/footer.htm
rename to luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/btn.htm
index b4f629d41..f5bc740c1 100644
--- a/luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/footer.htm
+++ b/luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/btn.htm
@@ -19,5 +19,7 @@ local api = require "luci.passwall2.api"
 	}
 	//]]>
 </script>
-<input class="btn cbi-button cbi-button-add" type="button" onclick="add_node_by_key()" value="<%:Add nodes to the standby node list by keywords%>" />
-<input class="btn cbi-button cbi-button-remove" type="button" onclick="remove_node_by_key()" value="<%:Delete nodes in the standby node list by keywords%>" />
\ No newline at end of file
+<div id="cbi-<%=self.config.."-"..section.."-"..self.option%>" data-index="<%=self.index%>" data-depends="<%=pcdata(self:deplist2json(section))%>">
+	<input class="btn cbi-button cbi-button-add" type="button" onclick="add_node_by_key()" value="<%:Add nodes to the standby node list by keywords%>" />
+	<input class="btn cbi-button cbi-button-remove" type="button" onclick="remove_node_by_key()" value="<%:Delete nodes in the standby node list by keywords%>" />
+</div>
\ No newline at end of file
diff --git a/luci-app-passwall2/root/usr/share/passwall2/app.sh b/luci-app-passwall2/root/usr/share/passwall2/app.sh
index 905007dd1..e31fc1db0 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/app.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/app.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# Copyright (C) 2022-2023 xiaorouji
+# Copyright (C) 2022-2025 xiaorouji
 
 . $IPKG_INSTROOT/lib/functions.sh
 . $IPKG_INSTROOT/lib/functions/service.sh
@@ -16,13 +16,6 @@ GLOBAL_ACL_PATH=${TMP_ACL_PATH}/default
 LOG_FILE=/tmp/log/$CONFIG.log
 APP_PATH=/usr/share/$CONFIG
 RULES_PATH=/usr/share/${CONFIG}/rules
-TUN_DNS_PORT=15353
-TUN_DNS="127.0.0.1#${TUN_DNS_PORT}"
-DEFAULT_DNS=
-ENABLED_DEFAULT_ACL=0
-ENABLED_ACLS=0
-PROXY_IPV6=0
-PROXY_IPV6_UDP=0
 LUA_UTIL_PATH=/usr/lib/lua/luci/passwall2
 UTIL_SINGBOX=$LUA_UTIL_PATH/util_sing-box.lua
 UTIL_SS=$LUA_UTIL_PATH/util_shadowsocks.lua
@@ -30,8 +23,6 @@ UTIL_XRAY=$LUA_UTIL_PATH/util_xray.lua
 UTIL_NAIVE=$LUA_UTIL_PATH/util_naiveproxy.lua
 UTIL_HYSTERIA2=$LUA_UTIL_PATH/util_hysteria2.lua
 UTIL_TUIC=$LUA_UTIL_PATH/util_tuic.lua
-V2RAY_ARGS=""
-V2RAY_CONFIG=""
 
 echolog() {
 	local d="$(date "+%Y-%m-%d %H:%M:%S")"
@@ -218,7 +209,11 @@ check_depends() {
 
 get_new_port() {
 	port=$1
-	[ "$port" == "auto" ] && port=2082
+	[ "$port" == "auto" ] && {
+		port=2082
+		local GET_NEW_PORT=$(get_cache_var "get_new_port")
+		[ -n "${GET_NEW_PORT}" ] && port=${GET_NEW_PORT}
+	}
 	protocol=$(echo $2 | tr 'A-Z' 'a-z')
 	result=$(check_port_exists $port $protocol)
 	if [ "$result" != 0 ]; then
@@ -230,6 +225,7 @@ get_new_port() {
 		fi
 		get_new_port $temp $protocol
 	else
+		set_cache_var "get_new_port" "$port"
 		echo $port
 	fi
 }
@@ -328,7 +324,11 @@ set_cache_var() {
 	local key="${1}"
 	shift 1
 	local val="$@"
-	[ -n "${key}" ] && [ -n "${val}" ] && echo "${key}=\"${val}\"" >> $TMP_PATH/var
+	[ -n "${key}" ] && [ -n "${val}" ] && {
+		sed -i "/${key}=/d" $TMP_PATH/var >/dev/null 2>&1
+		echo "${key}=\"${val}\"" >> $TMP_PATH/var
+		eval ${key}=\"${val}\"
+	}
 }
 get_cache_var() {
 	local key="${1}"
@@ -337,8 +337,12 @@ get_cache_var() {
 	}
 }
 
+eval_cache_var() {
+	[ -s "$TMP_PATH/var" ] && eval $(cat "$TMP_PATH/var")
+}
+
 run_xray() {
-	local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
+	local flag node redir_port tcp_proxy_way socks_address socks_port socks_username socks_password http_address http_port http_username http_password
 	local dns_listen_port direct_dns_query_strategy remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy dns_cache write_ipset_direct
 	local loglevel log_file config_file
 	local _extra_param=""
@@ -440,15 +444,18 @@ run_xray() {
 			_extra_param="${_extra_param} -remote_dns_udp_port ${dns_remote_listen_port} -remote_dns_udp_server 127.0.0.1 -remote_dns_query_strategy ${remote_dns_query_strategy}"
 		fi
 	}
+	[ -n "${redir_port}" ] && {
+		_extra_param="${_extra_param} -redir_port ${redir_port}"
+		set_cache_var "node_${node}_redir_port" "${redir_port}"
+		[ -n "${tcp_proxy_way}" ] && _extra_param="${_extra_param} -tcp_proxy_way ${tcp_proxy_way}"
+	}
 
-	lua $UTIL_XRAY gen_config -node $node -redir_port $redir_port -tcp_proxy_way $tcp_proxy_way -loglevel $loglevel ${_extra_param} > $config_file
+	lua $UTIL_XRAY gen_config -node $node -loglevel $loglevel ${_extra_param} > $config_file
 	ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file run -c "$config_file"
-
-	[ -n "${redir_port}" ] && set_cache_var "node_${node}_redir_port" "${redir_port}"
 }
 
 run_singbox() {
-	local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
+	local flag node redir_port tcp_proxy_way socks_address socks_port socks_username socks_password http_address http_port http_username http_password
 	local dns_listen_port direct_dns_query_strategy remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy dns_cache write_ipset_direct
 	local loglevel log_file config_file
 	local _extra_param=""
@@ -543,10 +550,14 @@ run_singbox() {
 		[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1"
 	}
 
-	lua $UTIL_SINGBOX gen_config -node $node -redir_port $redir_port -tcp_proxy_way $tcp_proxy_way ${_extra_param} > $config_file
-	ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" "${log_file}" run -c "$config_file"
+	[ -n "${redir_port}" ] && {
+		_extra_param="${_extra_param} -redir_port ${redir_port}"
+		set_cache_var "node_${node}_redir_port" "${redir_port}"
+		[ -n "${tcp_proxy_way}" ] && _extra_param="${_extra_param} -tcp_proxy_way ${tcp_proxy_way}"
+	}
 
-	[ -n "${redir_port}" ] && set_cache_var "node_${node}_redir_port" "${redir_port}"
+	lua $UTIL_SINGBOX gen_config -node $node ${_extra_param} > $config_file
+	ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" "${log_file}" run -c "$config_file"
 }
 
 run_socks() {
@@ -714,9 +725,12 @@ run_global() {
 
 	if [ $PROXY_IPV6 == "1" ]; then
 		echolog "开启实验性IPv6透明代理(TProxy)，请确认您的节点及类型支持IPv6！"
-		PROXY_IPV6_UDP=1
 	fi
-	V2RAY_ARGS="flag=global node=$NODE redir_port=$REDIR_PORT"
+
+	TUN_DNS_PORT=15353
+	TUN_DNS="127.0.0.1#${TUN_DNS_PORT}"
+
+	V2RAY_ARGS="flag=global node=$NODE redir_port=$REDIR_PORT tcp_proxy_way=${TCP_PROXY_WAY}"
 	V2RAY_ARGS="${V2RAY_ARGS} dns_listen_port=${TUN_DNS_PORT} direct_dns_query_strategy=${DIRECT_DNS_QUERY_STRATEGY} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY} dns_cache=${DNS_CACHE}"
 	local msg="${TUN_DNS} （直连DNS：${AUTO_DNS}"
 
@@ -774,7 +788,7 @@ run_global() {
 		run_func="run_singbox"
 	fi
 	
-	${run_func} $V2RAY_ARGS
+	${run_func} ${V2RAY_ARGS}
 
 	local RUN_NEW_DNSMASQ=1
 	RUN_NEW_DNSMASQ=${DNS_REDIRECT}
@@ -1202,7 +1216,7 @@ acl_app() {
 								elif [ "${type}" = "sing-box" ] && [ -n "${SINGBOX_BIN}" ]; then
 									run_func="run_singbox"
 								fi
-								${run_func} flag=acl_$sid node=$node redir_port=$redir_port socks_address=127.0.0.1 socks_port=$acl_socks_port dns_listen_port=${dns_port} direct_dns_query_strategy=${direct_dns_query_strategy} remote_dns_protocol=${remote_dns_protocol} remote_dns_tcp_server=${remote_dns} remote_dns_udp_server=${remote_dns} remote_dns_doh="${remote_dns}" remote_dns_client_ip=${remote_dns_client_ip} remote_dns_detour=${remote_dns_detour} remote_fakedns=${remote_fakedns} remote_dns_query_strategy=${remote_dns_query_strategy} write_ipset_direct=${write_ipset_direct} config_file=${config_file}
+								${run_func} flag=acl_$sid node=$node redir_port=$redir_port tcp_proxy_way=${TCP_PROXY_WAY} socks_address=127.0.0.1 socks_port=$acl_socks_port dns_listen_port=${dns_port} direct_dns_query_strategy=${direct_dns_query_strategy} remote_dns_protocol=${remote_dns_protocol} remote_dns_tcp_server=${remote_dns} remote_dns_udp_server=${remote_dns} remote_dns_doh="${remote_dns}" remote_dns_client_ip=${remote_dns_client_ip} remote_dns_detour=${remote_dns_detour} remote_fakedns=${remote_fakedns} remote_dns_query_strategy=${remote_dns_query_strategy} write_ipset_direct=${write_ipset_direct} config_file=${config_file}
 							fi
 							dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
 							run_copy_dnsmasq flag="$sid" listen_port=$dnsmasq_port tun_dns="127.0.0.1#${dns_port}"
@@ -1222,10 +1236,13 @@ acl_app() {
 
 start() {
 	pgrep -f /tmp/etc/passwall2/bin > /dev/null 2>&1 && {
-		echolog "程序已启动，先停止再重新启动!"
+		#echolog "程序已启动，先停止再重新启动!"
 		stop
 	}
-
+	mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_PATH2
+	get_config
+	export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
+	export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
 	ulimit -n 65535
 	start_haproxy
 	start_socks
@@ -1289,8 +1306,8 @@ start() {
 
 stop() {
 	clean_log
-	[ -n "$($(source $APP_PATH/iptables.sh get_ipt_bin) -t mangle -t nat -L -nv 2>/dev/null | grep "PSW2")" ] && source $APP_PATH/iptables.sh stop
-	[ -n "$(nft list sets 2>/dev/null | grep "${CONFIG}_")" ] && source $APP_PATH/nftables.sh stop
+	eval_cache_var
+	[ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh stop
 	delete_ip2route
 	kill_all v2ray-plugin obfs-local
 	pgrep -f "sleep.*(6s|9s|58s)" | xargs kill -9 >/dev/null 2>&1
@@ -1309,14 +1326,12 @@ stop() {
 			uci -q delete ${CONFIG}.@global[0].dnsmasq_dns_redirect
 			uci -q commit ${CONFIG}
 		}
-		if [ -z "$(get_cache_var "ACL_default_dns_port")" ] || [ -n "${bak_dnsmasq_dns_redirect}" ]; then
+		if [ -z "${ACL_default_dns_port}" ] || [ -n "${bak_dnsmasq_dns_redirect}" ]; then
 			uci -q del_list dhcp.@dnsmasq[0].addnmount="${GLOBAL_DNSMASQ_CONF_PATH}"
 			uci -q commit dhcp
 			lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0
 		fi
-		bak_bridge_nf_ipt=$(get_cache_var "bak_bridge_nf_ipt")
 		[ -n "${bak_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${bak_bridge_nf_ipt} >/dev/null 2>&1
-		bak_bridge_nf_ip6t=$(get_cache_var "bak_bridge_nf_ip6t")
 		[ -n "${bak_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${bak_bridge_nf_ip6t} >/dev/null 2>&1
 	}
 	rm -rf $TMP_PATH
@@ -1325,68 +1340,66 @@ stop() {
 	exit 0
 }
 
-ENABLED=$(config_t_get global enabled 0)
-NODE=$(config_t_get global node)
-[ "$ENABLED" == 1 ] && {
-	[ -n "$NODE" ] && [ "$(config_get_type $NODE)" == "nodes" ] && ENABLED_DEFAULT_ACL=1
-}
-ENABLED_ACLS=$(config_t_get global acl_enable 0)
-[ "$ENABLED_ACLS" == 1 ] && {
-	[ "$(uci show ${CONFIG} | grep "@acl_rule" | grep "enabled='1'" | wc -l)" == 0 ] && ENABLED_ACLS=0
-}
-SOCKS_ENABLED=$(config_t_get global socks_enabled 0)
-REDIR_PORT=$(echo $(get_new_port 1041 tcp,udp))
-tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
-TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
-UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
-TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '22,25,53,143,465,587,853,993,995,80,443')
-UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
-TCP_PROXY_MODE="global"
-UDP_PROXY_MODE="global"
-LOCALHOST_PROXY=$(config_t_get global localhost_proxy '1')
-CLIENT_PROXY=$(config_t_get global client_proxy '1')
-DIRECT_DNS_QUERY_STRATEGY=$(config_t_get global direct_dns_query_strategy UseIP)
-REMOTE_DNS_PROTOCOL=$(config_t_get global remote_dns_protocol tcp)
-REMOTE_DNS_DETOUR=$(config_t_get global remote_dns_detour remote)
-REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
-REMOTE_FAKEDNS=$(config_t_get global remote_fakedns '0')
-REMOTE_DNS_QUERY_STRATEGY=$(config_t_get global remote_dns_query_strategy UseIPv4)
-WRITE_IPSET_DIRECT=$(config_t_get global write_ipset_direct 1)
-DNS_CACHE=$(config_t_get global dns_cache 1)
-DNS_REDIRECT=$(config_t_get global dns_redirect 1)
+get_config() {
+	ENABLED_DEFAULT_ACL=0
+	ENABLED=$(config_t_get global enabled 0)
+	NODE=$(config_t_get global node)
+	[ "$ENABLED" == 1 ] && {
+		[ -n "$NODE" ] && [ "$(config_get_type $NODE)" == "nodes" ] && ENABLED_DEFAULT_ACL=1
+	}
+	ENABLED_ACLS=$(config_t_get global acl_enable 0)
+	[ "$ENABLED_ACLS" == 1 ] && {
+		[ "$(uci show ${CONFIG} | grep "@acl_rule" | grep "enabled='1'" | wc -l)" == 0 ] && ENABLED_ACLS=0
+	}
+	SOCKS_ENABLED=$(config_t_get global socks_enabled 0)
+	REDIR_PORT=$(echo $(get_new_port 1041 tcp,udp))
+	TCP_PROXY_WAY=$(config_t_get global_forwarding tcp_proxy_way redirect)
+	TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
+	UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
+	TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '22,25,53,143,465,587,853,993,995,80,443')
+	UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
+	PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)
+	TCP_PROXY_MODE="global"
+	UDP_PROXY_MODE="global"
+	LOCALHOST_PROXY=$(config_t_get global localhost_proxy '1')
+	CLIENT_PROXY=$(config_t_get global client_proxy '1')
+	DIRECT_DNS_QUERY_STRATEGY=$(config_t_get global direct_dns_query_strategy UseIP)
+	REMOTE_DNS_PROTOCOL=$(config_t_get global remote_dns_protocol tcp)
+	REMOTE_DNS_DETOUR=$(config_t_get global remote_dns_detour remote)
+	REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
+	REMOTE_FAKEDNS=$(config_t_get global remote_fakedns '0')
+	REMOTE_DNS_QUERY_STRATEGY=$(config_t_get global remote_dns_query_strategy UseIPv4)
+	WRITE_IPSET_DIRECT=$(config_t_get global write_ipset_direct 1)
+	DNS_CACHE=$(config_t_get global dns_cache 1)
+	DNS_REDIRECT=$(config_t_get global dns_redirect 1)
 
-RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
-[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
+	RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
+	[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
 
-ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
-ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
+	ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
+	ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
 
-DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] |  awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
-DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
-[ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',' | sed 's/,$//')
-AUTO_DNS=${DEFAULT_DNS:-119.29.29.29}
+	DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] |  awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
+	DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
+	[ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',' | sed 's/,$//')
+	AUTO_DNS=${DEFAULT_DNS:-119.29.29.29}
 
-DNSMASQ_CONF_DIR=/tmp/dnsmasq.d
-DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
-if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then
-	DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")"
-	if [ -n "$DNSMASQ_CONF_DIR" ]; then
-		DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
-	else
-		DNSMASQ_CONF_DIR="/tmp/dnsmasq.d"
+	DNSMASQ_CONF_DIR=/tmp/dnsmasq.d
+	DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
+	if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then
+		DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")"
+		if [ -n "$DNSMASQ_CONF_DIR" ]; then
+			DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
+		else
+			DNSMASQ_CONF_DIR="/tmp/dnsmasq.d"
+		fi
 	fi
-fi
-GLOBAL_DNSMASQ_CONF=${DNSMASQ_CONF_DIR}/dnsmasq-${CONFIG}.conf
-GLOBAL_DNSMASQ_CONF_PATH=${GLOBAL_ACL_PATH}/dnsmasq.d
+	set_cache_var GLOBAL_DNSMASQ_CONF ${DNSMASQ_CONF_DIR}/dnsmasq-${CONFIG}.conf
+	set_cache_var GLOBAL_DNSMASQ_CONF_PATH ${GLOBAL_ACL_PATH}/dnsmasq.d
 
-PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)
-
-XRAY_BIN=$(first_type $(config_t_get global_app xray_file) xray)
-SINGBOX_BIN=$(first_type $(config_t_get global_app singbox_file) sing-box)
-
-export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
-export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
-mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_PATH2
+	XRAY_BIN=$(first_type $(config_t_get global_app xray_file) xray)
+	SINGBOX_BIN=$(first_type $(config_t_get global_app singbox_file) sing-box)
+}
 
 arg1=$1
 shift
@@ -1394,28 +1407,28 @@ case $arg1 in
 add_ip2route)
 	add_ip2route $@
 	;;
-get_new_port)
-	get_new_port $@
-	;;
-run_socks)
-	run_socks $@
-	;;
-socks_node_switch)
-	socks_node_switch $@
-	;;
 echolog)
 	echolog $@
 	;;
+get_new_port)
+	get_new_port $@
+	;;
 get_cache_var)
 	get_cache_var $@
 	;;
 set_cache_var)
 	set_cache_var $@
 	;;
-stop)
-	stop
+run_socks)
+	run_socks $@
+	;;
+socks_node_switch)
+	socks_node_switch $@
 	;;
 start)
 	start
 	;;
+stop)
+	stop
+	;;
 esac
diff --git a/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.lua b/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.lua
index 8870c3f8c..879c67b4d 100644
--- a/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.lua
+++ b/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.lua
@@ -1,6 +1,6 @@
 local api = require "luci.passwall2.api"
 local appname = "passwall2"
-local uci = api.libuci
+local uci = api.uci
 local sys = api.sys
 local fs = api.fs
 local datatypes = api.datatypes
@@ -25,7 +25,7 @@ local function backup_servers()
 	local DNSMASQ_DNS = uci:get("dhcp", "@dnsmasq[0]", "server")
 	if DNSMASQ_DNS and #DNSMASQ_DNS > 0 then
 		uci:set(appname, "@global[0]", "dnsmasq_servers", DNSMASQ_DNS)
-		uci:commit(appname)
+		api.uci_save(uci, appname, true)
 	end
 end
 
@@ -43,11 +43,11 @@ local function restore_servers()
 			tinsert(dns_table, v)
 		end
 		uci:delete(appname, "@global[0]", "dnsmasq_servers")
-		uci:commit(appname)
+		api.uci_save(uci, appname, true)
 	end
 	if dns_table and #dns_table > 0 then
-		api.uci_set_list(uci, "dhcp", "@dnsmasq[0]", "server", dns_table)
-		uci:commit("dhcp")
+		uci:set_list("dhcp", "@dnsmasq[0]", "server", dns_table)
+		api.uci_save(uci, "dhcp", true)
 	end
 end
 
@@ -76,7 +76,7 @@ function stretch()
 			end
 		end
 		uci:set("dhcp", "@dnsmasq[0]", "resolvfile", RESOLVFILE)
-		uci:commit("dhcp")
+		api.uci_save(uci, "dhcp", true)
 	end
 end
 
@@ -102,8 +102,8 @@ function logic_restart(var)
 					tinsert(dns_table, v)
 				end
 			end
-			api.uci_set_list(uci, "dhcp", "@dnsmasq[0]", "server", dns_table)
-			uci:commit("dhcp")
+			uci:set_list("dhcp", "@dnsmasq[0]", "server", dns_table)
+			api.uci_save(uci, "dhcp", true)
 		end
 		sys.call("/etc/init.d/dnsmasq restart >/dev/null 2>&1")
 		restore_servers()
diff --git a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
index 4f6039adb..c6e5aa458 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
@@ -204,47 +204,51 @@ gen_shunt_list() {
 	NODE_PROTOCOL=$(config_n_get $node protocol)
 	[ "$NODE_PROTOCOL" = "_shunt" ] && USE_SHUNT_NODE=1
 	[ "$USE_SHUNT_NODE" = "1" ] && {
-		local default_node=$(config_n_get ${node} default_node _direct)
-		local default_outbound="redirect"
-		[ "$default_node" = "_direct" ] && default_outbound="direct"
-		local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
-		for shunt_id in $shunt_ids; do
-			local shunt_node=$(config_n_get ${node} "${shunt_id}")
-			[ -n "$shunt_node" ] && {
-				local ipset_v4="passwall2_${node}_${shunt_id}"
-				local ipset_v6="passwall2_${node}_${shunt_id}6"
-				ipset -! create $ipset_v4 nethash maxelem 1048576
-				ipset -! create $ipset_v6 nethash family inet6 maxelem 1048576
-				local outbound="redirect"
-				[ "$shunt_node" = "_direct" ] && outbound="direct"
-				[ "$shunt_node" = "_default" ] && outbound="${default_outbound}"
-				_SHUNT_LIST4="${_SHUNT_LIST4} ${ipset_v4}:${outbound}"
-				_SHUNT_LIST6="${_SHUNT_LIST6} ${ipset_v6}:${outbound}"
+		local enable_geoview=$(config_t_get global_rules enable_geoview 0)
+		[ -z "$(first_type geoview)" ] && enable_geoview=0
+		local preloading=0
+		preloading=$enable_geoview
+		[ "${preloading}" = "1" ] && {
+			local default_node=$(config_n_get ${node} default_node _direct)
+			local default_outbound="redirect"
+			[ "$default_node" = "_direct" ] && default_outbound="direct"
+			local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
+			for shunt_id in $shunt_ids; do
+				local shunt_node=$(config_n_get ${node} "${shunt_id}")
+				[ -n "$shunt_node" ] && {
+					local ipset_v4="passwall2_${node}_${shunt_id}"
+					local ipset_v6="passwall2_${node}_${shunt_id}6"
+					ipset -! create $ipset_v4 nethash maxelem 1048576
+					ipset -! create $ipset_v6 nethash family inet6 maxelem 1048576
+					local outbound="redirect"
+					[ "$shunt_node" = "_direct" ] && outbound="direct"
+					[ "$shunt_node" = "_default" ] && outbound="${default_outbound}"
+					_SHUNT_LIST4="${_SHUNT_LIST4} ${ipset_v4}:${outbound}"
+					_SHUNT_LIST6="${_SHUNT_LIST6} ${ipset_v6}:${outbound}"
 
-				config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-				config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-				[ "$(config_t_get global_rules enable_geoview)" = "1" ] && {
-					local _geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
-					[ -n "$_geoip_code" ] && {
-						if [ "$(config_n_get $node type)" = "sing-box" ]; then
-							get_singbox_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-							get_singbox_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-						else
-							if type geoview &> /dev/null; then
+					config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+					config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+					[ "${enable_geoview}" = "1" ] && {
+						local _geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
+						[ -n "$_geoip_code" ] && {
+							if [ "$(config_n_get $node type)" = "sing-box" ]; then
+								get_singbox_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+								get_singbox_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+							else
 								get_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 								get_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 							fi
-						fi
-						echolog "  - [$?]解析分流规则[$shunt_id]-[geoip:${_geoip_code}]加入到 IPSET 完成"
+							echolog "  - [$?]解析分流规则[$shunt_id]-[geoip:${_geoip_code}]加入到 IPSET 完成"
+						}
 					}
 				}
-			}
-		done
+			done
+		}
 		[ "${_write_ipset_direct}" = "1" ] && {
 			_SHUNT_LIST4="${_SHUNT_LIST4} ${_set_name4}:direct"
 			_SHUNT_LIST6="${_SHUNT_LIST6} ${_set_name6}:direct"
 		}
-		[ -n "$default_node" ] && {
+		[ "${preloading}" = "1" ] && [ -n "$default_node" ] && {
 			local ipset_v4="passwall2_${node}_default"
 			local ipset_v6="passwall2_${node}_default6"
 			ipset -! create $ipset_v4 nethash maxelem 1048576
@@ -452,7 +456,7 @@ load_acl() {
 					$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE
 					$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
 
-					[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
+					[ "$PROXY_IPV6" == "1" ] && {
 						$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null
 						add_shunt_t_rule "${shunt_list6}" "$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport")" "-j PSW2_RULE" 2>/dev/null
 						$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null
@@ -551,12 +555,12 @@ load_acl() {
 			$ipt_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
 			$ipt_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY)
 
-			if [ "$PROXY_IPV6_UDP" == "1" ]; then
+			[ "$PROXY_IPV6" == "1" ] && {
 				$ip6t_m -A PSW2 $(comment "默认") -p udp -d $FAKE_IP_6 -j PSW2_RULE
 				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE"
 				$ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
 				$ip6t_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY)
-			fi
+			}
 
 			echolog "${msg2}"
 		fi
@@ -696,10 +700,9 @@ add_firewall_rule() {
 	accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
 	accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)
 
-	local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
-	if [ "$tcp_proxy_way" = "redirect" ]; then
+	if [ "${TCP_PROXY_WAY}" = "redirect" ]; then
 		unset is_tproxy
-	elif [ "$tcp_proxy_way" = "tproxy" ]; then
+	elif [ "${TCP_PROXY_WAY}" = "tproxy" ]; then
 		is_tproxy="TPROXY"
 	fi
 
@@ -884,14 +887,14 @@ add_firewall_rule() {
 				insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT"
 			}
 
-			if [ "$PROXY_IPV6" == "1" ]; then
+			[ "$PROXY_IPV6" == "1" ] && {
 				$ip6t_m -A PSW2_OUTPUT -p tcp -d $FAKE_IP_6 -j PSW2_RULE
 				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE"
 				$ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
 				$ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
 				$ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo -j RETURN
 				insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT"
-			fi
+			}
 
 			[ -d "${TMP_IFACE_PATH}" ] && {
 				for iface in $(ls ${TMP_IFACE_PATH}); do
@@ -910,14 +913,14 @@ add_firewall_rule() {
 			$ipt_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN
 			insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT"
 
-			if [ "$PROXY_IPV6_UDP" == "1" ]; then
+			[ "$PROXY_IPV6" == "1" ] && {
 				$ip6t_m -A PSW2_OUTPUT -p udp -d $FAKE_IP_6 -j PSW2_RULE
 				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE"
 				$ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
 				$ip6t_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
 				$ip6t_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN
 				insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT"
-			fi
+			}
 
 			[ -d "${TMP_IFACE_PATH}" ] && {
 				for iface in $(ls ${TMP_IFACE_PATH}); do
diff --git a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
index 1066ea6a6..64305bf56 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
@@ -258,46 +258,50 @@ gen_shunt_list() {
 	NODE_PROTOCOL=$(config_n_get $node protocol)
 	[ "$NODE_PROTOCOL" = "_shunt" ] && USE_SHUNT_NODE=1
 	[ "$USE_SHUNT_NODE" = "1" ] && {
-		local default_node=$(config_n_get ${node} default_node _direct)
-		local default_outbound="redirect"
-		[ "$default_node" = "_direct" ] && default_outbound="direct"
-		local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
-		for shunt_id in $shunt_ids; do
-			local shunt_node=$(config_n_get ${node} "${shunt_id}")
-			[ -n "$shunt_node" ] && {
-				local nftset_v4="passwall2_${node}_${shunt_id}"
-				local nftset_v6="passwall2_${node}_${shunt_id}6"
-				gen_nftset $nftset_v4 ipv4_addr 0 0
-				gen_nftset $nftset_v6 ipv6_addr 0 0
-				local outbound="redirect"
-				[ "$shunt_node" = "_direct" ] && outbound="direct"
-				[ "$shunt_node" = "_default" ] && outbound="${default_outbound}"
-				_SHUNT_LIST4="${_SHUNT_LIST4} ${nftset_v4}:${outbound}"
-				_SHUNT_LIST6="${_SHUNT_LIST6} ${nftset_v6}:${outbound}"
-				insert_nftset $nftset_v4 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
-				insert_nftset $nftset_v6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
-				[ "$(config_t_get global_rules enable_geoview)" = "1" ] && {
-					local _geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
-					[ -n "$_geoip_code" ] && {
-						if [ "$(config_n_get $node type)" = "sing-box" ]; then
-							insert_nftset $nftset_v4 "0" $(get_singbox_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
-							insert_nftset $nftset_v6 "0" $(get_singbox_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
-						else
-							if type geoview &> /dev/null; then
+		local enable_geoview=$(config_t_get global_rules enable_geoview 0)
+		[ -z "$(first_type geoview)" ] && enable_geoview=0
+		local preloading=0
+		preloading=$enable_geoview
+		[ "${preloading}" = "1" ] && {
+			local default_node=$(config_n_get ${node} default_node _direct)
+			local default_outbound="redirect"
+			[ "$default_node" = "_direct" ] && default_outbound="direct"
+			local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
+			for shunt_id in $shunt_ids; do
+				local shunt_node=$(config_n_get ${node} "${shunt_id}")
+				[ -n "$shunt_node" ] && {
+					local nftset_v4="passwall2_${node}_${shunt_id}"
+					local nftset_v6="passwall2_${node}_${shunt_id}6"
+					gen_nftset $nftset_v4 ipv4_addr 0 0
+					gen_nftset $nftset_v6 ipv6_addr 0 0
+					local outbound="redirect"
+					[ "$shunt_node" = "_direct" ] && outbound="direct"
+					[ "$shunt_node" = "_default" ] && outbound="${default_outbound}"
+					_SHUNT_LIST4="${_SHUNT_LIST4} ${nftset_v4}:${outbound}"
+					_SHUNT_LIST6="${_SHUNT_LIST6} ${nftset_v6}:${outbound}"
+					insert_nftset $nftset_v4 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
+					insert_nftset $nftset_v6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
+					[ "${enable_geoview}" = "1" ] && {
+						local _geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
+						[ -n "$_geoip_code" ] && {
+							if [ "$(config_n_get $node type)" = "sing-box" ]; then
+								insert_nftset $nftset_v4 "0" $(get_singbox_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
+								insert_nftset $nftset_v6 "0" $(get_singbox_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
+							else
 								insert_nftset $nftset_v4 "0" $(get_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
 								insert_nftset $nftset_v6 "0" $(get_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
 							fi
-						fi
-						echolog "  - [$?]解析分流规则[$shunt_id]-[geoip:${_geoip_code}]加入到 NFTSET 完成"
+							echolog "  - [$?]解析分流规则[$shunt_id]-[geoip:${_geoip_code}]加入到 NFTSET 完成"
+						}
 					}
 				}
-			}
-		done
+			done
+		}
 		[ "${_write_ipset_direct}" = "1" ] && {
 			_SHUNT_LIST4="${_SHUNT_LIST4} ${_set_name4}:direct"
 			_SHUNT_LIST6="${_SHUNT_LIST6} ${_set_name6}:direct"
 		}
-		[ -n "$default_node" ] && {
+		[ "${preloading}" = "1" ] && [ -n "$default_node" ] && {
 			local nftset_v4="passwall2_${node}_default"
 			local nftset_v6="passwall2_${node}_default6"
 			gen_nftset $nftset_v4 ipv4_addr 0 0
@@ -503,7 +507,7 @@ load_acl() {
 					nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\""
 					nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(REDIRECT $redir_port TPROXY4) comment \"$remarks\""
 
-					[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
+					[ "$PROXY_IPV6" == "1" ] && {
 						nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} ip6 daddr $FAKE_IP_6 counter jump PSW2_RULE comment \"$remarks\""
 						add_shunt_t_rule "${shunt_list6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr" "counter jump PSW2_RULE" "$remarks"
 						nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\"" 2>/dev/null
@@ -604,7 +608,7 @@ load_acl() {
 			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"默认\""
 			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(REDIRECT $REDIR_PORT TPROXY4) comment \"默认\""
 
-			[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
+			[ "$PROXY_IPV6" == "1" ] && {
 				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE comment \"默认\""
 				add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE" "默认"
 				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"默认\""
@@ -744,12 +748,11 @@ add_firewall_rule() {
 	accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
 	accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)
 
-	local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
-	if [ "$tcp_proxy_way" = "redirect" ]; then
+	if [ "${TCP_PROXY_WAY}" = "redirect" ]; then
 		unset is_tproxy
 		nft_prerouting_chain="PSW2_NAT"
 		nft_output_chain="PSW2_OUTPUT_NAT"
-	elif [ "$tcp_proxy_way" = "tproxy" ]; then
+	elif [ "${TCP_PROXY_WAY}" = "tproxy" ]; then
 		is_tproxy="TPROXY"
 		nft_prerouting_chain="PSW2_MANGLE"
 		nft_output_chain="PSW2_OUTPUT_MANGLE"
@@ -964,13 +967,13 @@ add_firewall_rule() {
 			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp iif lo counter return comment \"本机\""
 			nft "add rule $NFTABLE_NAME mangle_output ip protocol udp counter jump PSW2_OUTPUT_MANGLE comment \"PSW2_OUTPUT_MANGLE\""
 
-			if [ "$PROXY_IPV6_UDP" == "1" ]; then
+			[ "$PROXY_IPV6" == "1" ] && {
 				nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE"
 				add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE"
 				nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE"
 				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo $(REDIRECT $REDIR_PORT TPROXY) comment \"本机\""
 				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo counter return comment \"本机\""
-			fi
+			}
 
 			[ -d "${TMP_IFACE_PATH}" ] && {
 				for iface in $(ls ${TMP_IFACE_PATH}); do
diff --git a/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua b/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua
index b51c2181e..f23283c47 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua
+++ b/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua
@@ -1,12 +1,12 @@
 #!/usr/bin/lua
 
-require 'nixio'
-require 'luci.sys'
-local luci = luci
-local ucic = luci.model.uci.cursor()
-local jsonc = require "luci.jsonc"
-local name = 'passwall2'
 local api = require "luci.passwall2.api"
+local name = api.appname
+local fs = api.fs
+local sys = api.sys
+local uci = api.uci
+local jsonc = api.jsonc
+
 local arg1 = arg[1]
 local arg2 = arg[2]
 local arg3 = arg[3]
@@ -14,13 +14,13 @@ local arg3 = arg[3]
 local reboot = 0
 local geoip_update = 0
 local geosite_update = 0
-local asset_location = ucic:get_first(name, 'global_rules', "v2ray_location_asset", "/usr/share/v2ray/")
+local asset_location = uci:get_first(name, 'global_rules', "v2ray_location_asset", "/usr/share/v2ray/")
 
 -- Custom geo file
-local geoip_api = ucic:get_first(name, 'global_rules', "geoip_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
-local geosite_api = ucic:get_first(name, 'global_rules', "geosite_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
+local geoip_api = uci:get_first(name, 'global_rules', "geoip_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
+local geosite_api = uci:get_first(name, 'global_rules', "geosite_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
 --
-local use_nft = ucic:get(name, "@global_forwarding[0]", "use_nft") or "0"
+local use_nft = uci:get(name, "@global_forwarding[0]", "use_nft") or "0"
 
 if arg3 == "cron" then
 	arg2 = nil
@@ -67,9 +67,9 @@ local function fetch_geoip()
 						f:write(content:gsub("geoip.dat", "/tmp/geoip.dat"), "")
 						f:close()
 
-						if nixio.fs.access(asset_location .. "geoip.dat") then
-							luci.sys.call(string.format("cp -f %s %s", asset_location .. "geoip.dat", "/tmp/geoip.dat"))
-							if luci.sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
+						if fs.access(asset_location .. "geoip.dat") then
+							sys.call(string.format("cp -f %s %s", asset_location .. "geoip.dat", "/tmp/geoip.dat"))
+							if sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
 								log("geoip 版本一致，无需更新。")
 								return 1
 							end
@@ -77,8 +77,8 @@ local function fetch_geoip()
 						for _2, v2 in ipairs(json.assets) do
 							if v2.name and v2.name == "geoip.dat" then
 								sret = curl(v2.browser_download_url, "/tmp/geoip.dat")
-								if luci.sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
-									luci.sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geoip.dat", asset_location .. "geoip.dat"))
+								if sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
+									sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geoip.dat", asset_location .. "geoip.dat"))
 									reboot = 1
 									log("geoip 更新成功。")
 									return 1
@@ -118,9 +118,9 @@ local function fetch_geosite()
 						f:write(content:gsub("[^%s]+.dat", "/tmp/geosite.dat"), "")
 						f:close()
 
-						if nixio.fs.access(asset_location .. "geosite.dat") then
-							luci.sys.call(string.format("cp -f %s %s", asset_location .. "geosite.dat", "/tmp/geosite.dat"))
-							if luci.sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
+						if fs.access(asset_location .. "geosite.dat") then
+							sys.call(string.format("cp -f %s %s", asset_location .. "geosite.dat", "/tmp/geosite.dat"))
+							if sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
 								log("geosite 版本一致，无需更新。")
 								return 1
 							end
@@ -128,8 +128,8 @@ local function fetch_geosite()
 						for _2, v2 in ipairs(json.assets) do
 							if v2.name and (v2.name == "geosite.dat" or v2.name == "dlc.dat") then
 								sret = curl(v2.browser_download_url, "/tmp/geosite.dat")
-								if luci.sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
-									luci.sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geosite.dat", asset_location .. "geosite.dat"))
+								if sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
+									sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geosite.dat", asset_location .. "geosite.dat"))
 									reboot = 1
 									log("geosite 更新成功。")
 									return 1
@@ -161,8 +161,8 @@ if arg2 then
 		end
 	end)
 else
-	geoip_update = ucic:get_first(name, 'global_rules', "geoip_update", 1)
-	geosite_update = ucic:get_first(name, 'global_rules', "geosite_update", 1)
+	geoip_update = uci:get_first(name, 'global_rules', "geoip_update", 1)
+	geosite_update = uci:get_first(name, 'global_rules', "geosite_update", 1)
 end
 if geoip_update == 0 and geosite_update == 0 then
 	os.exit(0)
@@ -184,23 +184,22 @@ if tonumber(geosite_update) == 1 then
 	os.remove("/tmp/geosite.dat.sha256sum")
 end
 
-ucic:set(name, ucic:get_first(name, 'global_rules'), "geoip_update", geoip_update)
-ucic:set(name, ucic:get_first(name, 'global_rules'), "geosite_update", geosite_update)
-ucic:save(name)
-luci.sys.call("uci commit " .. name)
+uci:set(name, uci:get_first(name, 'global_rules'), "geoip_update", geoip_update)
+uci:set(name, uci:get_first(name, 'global_rules'), "geosite_update", geosite_update)
+api.uci_save(uci, name, true)
 
 if reboot == 1 then
 	if arg3 == "cron" then
-		if not nixio.fs.access("/var/lock/" .. name .. ".lock") then
-			luci.sys.call("touch /tmp/lock/" .. name .. "_cron.lock")
+		if not fs.access("/var/lock/" .. name .. ".lock") then
+			sys.call("touch /tmp/lock/" .. name .. "_cron.lock")
 		end
 	end
 
 	log("重启服务，应用新的规则。")
 	if use_nft == "1" then
-		luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &")
+		sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &")
 	else
-		luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &")
+		sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &")
 	end
 end
 log("规则更新完毕...")
diff --git a/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua b/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
index 57d928caf..3aabb321e 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
+++ b/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
@@ -3,8 +3,6 @@
 ------------------------------------------------
 -- @author William Chan <root@williamchan.me>
 ------------------------------------------------
-require 'nixio'
-require 'luci.model.uci'
 require 'luci.util'
 require 'luci.jsonc'
 require 'luci.sys'
@@ -20,6 +18,7 @@ local split = api.split
 local jsonParse, jsonStringify = luci.jsonc.parse, luci.jsonc.stringify
 local base64Decode = api.base64Decode
 local uci = api.libuci
+local fs = api.fs
 uci:revert(appname)
 
 local has_ss = api.is_finded("ss-redir")
@@ -1282,7 +1281,7 @@ local function truncate_nodes(add_from)
 			end
 		end
 	end)
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 end
 
 local function select_node(nodes, config)
@@ -1434,7 +1433,7 @@ local function update_node(manual)
 			end
 		end
 	end
-	uci:commit(appname)
+	api.uci_save(uci, appname, true)
 
 	if next(CONFIG) then
 		local nodes = {}
@@ -1469,11 +1468,11 @@ local function update_node(manual)
 		end
 		]]--
 
-		uci:commit(appname)
+		api.uci_save(uci, appname, true)
 	end
 
 	if arg[3] == "cron" then
-		if not nixio.fs.access("/var/lock/" .. appname .. ".lock") then
+		if not fs.access("/var/lock/" .. appname .. ".lock") then
 			luci.sys.call("touch /tmp/lock/" .. appname .. "_cron.lock")
 		end
 	end
diff --git a/mihomo/Makefile b/mihomo/Makefile
index ecbfa6abb..9723643f2 100644
--- a/mihomo/Makefile
+++ b/mihomo/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mihomo
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
diff --git a/mihomo/files/mihomo.init b/mihomo/files/mihomo.init
index 51494d81a..e8fa3af9f 100644
--- a/mihomo/files/mihomo.init
+++ b/mihomo/files/mihomo.init
@@ -350,11 +350,12 @@ service_started() {
 	config_get_bool router_proxy "proxy" "router_proxy" 0
 	config_get_bool lan_proxy "proxy" "lan_proxy" 0
 	### access control
-	local access_control_mode bypass_china_mainland_ip proxy_tcp_dport proxy_udp_dport
+	local access_control_mode bypass_china_mainland_ip proxy_tcp_dport proxy_udp_dport bypass_dscp
 	config_get access_control_mode "proxy" "access_control_mode"
 	config_get_bool bypass_china_mainland_ip "proxy" "bypass_china_mainland_ip" 0
 	config_get proxy_tcp_dport "proxy" "proxy_tcp_dport" "0-65535"
 	config_get proxy_udp_dport "proxy" "proxy_udp_dport" "0-65535"
+	config_get bypass_dscp "proxy" "bypass_dscp"
 	# prepare
 	local tproxy_enable; tproxy_enable=0
 	if [[ "$tcp_transparent_proxy_mode" == "tproxy" || "$udp_transparent_proxy_mode" == "tproxy" ]]; then
@@ -477,6 +478,13 @@ service_started() {
 	for proxy_dport in $proxy_udp_dport; do
 		nft add element inet "$FW_TABLE" proxy_dport \{ "udp" . "$proxy_dport" \}
 	done
+	if [ -n "$bypass_dscp" ]; then
+		log "Transparent Proxy" "Bypass DSCP: $bypass_dscp."
+		local dscp
+		for dscp in $bypass_dscp; do
+			nft add element inet "$FW_TABLE" bypass_dscp \{ "$dscp" \}
+		done
+	fi
 	# router proxy
 	if [ "$router_proxy" == 1 ]; then
 		log "Transparent Proxy" "Set proxy for router."
diff --git a/mihomo/files/nftables/hijack.nft b/mihomo/files/nftables/hijack.nft
index 2cd85091e..ab4388583 100644
--- a/mihomo/files/nftables/hijack.nft
+++ b/mihomo/files/nftables/hijack.nft
@@ -16,6 +16,11 @@ table inet mihomo {
 		}
 	}
 
+	set bypass_dscp {
+		type dscp
+		flags interval
+	}
+
 	set dns_hijack_nfproto {
 		type nf_proto
 		flags interval
@@ -178,6 +183,8 @@ table inet mihomo {
 		ip6 daddr @china_ip6 counter return
 		meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
 		meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
+		meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
+		meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
 	}
 
 	chain nat_output {
@@ -192,6 +199,8 @@ table inet mihomo {
 		ip6 daddr @china_ip6 counter return
 		meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
 		meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
+		meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
+		meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
 	}
 
 	chain mangle_prerouting {
@@ -206,6 +215,8 @@ table inet mihomo {
 		ip6 daddr @china_ip6 counter return
 		meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
 		meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
+		meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
+		meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
 		meta l4proto udp th dport 53 counter return
 	}
 
@@ -221,6 +232,8 @@ table inet mihomo {
 		ip6 daddr @china_ip6 counter return
 		meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
 		meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
+		meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
+		meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
 		meta l4proto udp th dport 53 counter return
 	}
 }
diff --git a/shadowsocks-rust/Makefile b/shadowsocks-rust/Makefile
index 320c2caba..a3cd2407b 100644
--- a/shadowsocks-rust/Makefile
+++ b/shadowsocks-rust/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=shadowsocks-rust
-PKG_VERSION:=1.21.2
+PKG_VERSION:=1.22.0
 PKG_RELEASE:=1
 
 PKG_SOURCE_HEADER:=shadowsocks-v$(PKG_VERSION)
@@ -21,23 +21,23 @@ endif
 
 ifeq ($(ARCH),aarch64)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).aarch64-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=19e11f39a1b1cd6f843d2d1b5e7759d557448bc82017ff87b9cfaeeff9814f8f
+  PKG_HASH:=4c20c76ff80e7671428068a1628b6269785fc0d22a127883ed82e2c79e6c332e
 else ifeq ($(ARCH),arm)
   # Referred to golang/golang-values.mk
   ARM_CPU_FEATURES:=$(word 2,$(subst +,$(space),$(call qstrip,$(CONFIG_CPU_TYPE))))
   ifeq ($(ARM_CPU_FEATURES),)
     PKG_SOURCE:=$(PKG_SOURCE_HEADER).arm-$(PKG_SOURCE_BODY)eabi.$(PKG_SOURCE_FOOTER)
-    PKG_HASH:=2873f227ad710cb206df1671d483f49207b7b0c1f234fe12bc470dde1930b555
+    PKG_HASH:=6724fcb42326b003e542fc2df6594dbd28259dc3df7644033844d6d7cba98b61
   else
     PKG_SOURCE:=$(PKG_SOURCE_HEADER).arm-$(PKG_SOURCE_BODY)eabihf.$(PKG_SOURCE_FOOTER)
-    PKG_HASH:=fc775890cfe614dad7a7dcb4185b30088d4ea327235513ad59ca799e410d0327
+    PKG_HASH:=3af6c4e3e28b92957b869a6851296f882f906f30285cf9247ad59f163ce9d808
   endif
 else ifeq ($(ARCH),i386)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).i686-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=5f8e8ca7923f44087a14e2146be7264a11f000a3822a32feb163236d9ea1e9ef
+  PKG_HASH:=01419d65ea1dcc41c103bc83601eda7dd7ce311f50097c826aa3262c539c3af3
 else ifeq ($(ARCH),x86_64)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).x86_64-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=53e6cc209ab9f925e5a59c9f43d75b8179551fc9e608846d7649b5e3aff22c16
+  PKG_HASH:=5e3f4a7c78ffeb612620c5cfd4a99a25d1eabffbe9e00ce5a92ee72e99d1310b
 else ifeq ($(ARCH),mips)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).mips-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
   PKG_HASH:=fa826d72de0c7713fe77570b56931f38e0bb575a370fd8de4e98b2bc29179e97