mihomo-rust

A high-performance rule-based tunneling proxy kernel written in Rust. Shadowsocks, Trojan, transparent proxy, DNS snooping, web dashboard, and subscription management.

View on GitHub Download Quick Start
cargo build --release

Features

🌐 Proxy Protocols

Shadowsocks, Trojan, VLESS (XTLS-Vision), HTTP, SOCKS5 outbound adapters with TCP/UDP relay. WebSocket, gRPC, H2, HTTPUpgrade transports.

📋 Rule Engine

Domain, IP-CIDR, GeoIP, port, process, network, regex rules with AND/OR/NOT logic composition. First-match-wins evaluation.

🖥 Web Dashboard

Built-in web UI at /ui for proxy switching, subscription management, group CRUD, rule editing, and live traffic monitoring.

📡 Subscriptions

Import Clash YAML subscriptions with proxies, groups, and rules. Auto-cached to disk for instant startup. Background refresh on intervals.

🔍 DNS & Snooping

Built-in UDP DNS server with main + fallback nameservers, response caching, and IP→domain reverse lookup table for transparent proxy hostname recovery.

🛡 Transparent Proxy

Kernel-level traffic interception via nftables (Linux) or pf (macOS). SNI extraction for HTTPS, DNS snooping for HTTP. SO_MARK loop avoidance. Auto firewall teardown.

Proxy Groups

Selector, URL-Test, Fallback, LoadBalance (round-robin / consistent-hashing), and Relay (chained hops) with multi-pass dependency resolution.

📦 Easy Deployment

Single static binary. Install as a systemd service with one command. Pre-built binaries for Linux amd64/arm64, macOS arm64, and Windows amd64.

🔒 ECH & uTLS

Encrypted Client Hello via BoringSSL. uTLS fingerprint spoofing (Chrome, Firefox, Safari, iOS, Android, Edge). DNS-based ECH config from HTTPS/SVCB records.

🚀 Performance

Async I/O with Tokio multi-threaded runtime. Zero-copy bidirectional relay. Minimal memory footprint with parking_lot locks.

📊 REST API

Full runtime control via Axum-powered REST API. Manage proxies, rules, connections, subscriptions, and config at runtime.

GET POST PUT PATCH DELETE

Architecture

Listeners (HTTP / SOCKS5 / Mixed / TProxy) | v Tunnel (routing engine) <--> DNS Resolver (Normal / Snooping) | Rule Matching Engine | v Proxy Adapters / Groups ---> Remote Server REST API + Web UI (Axum) ---> Runtime Control

Workspace Crates

CratePurpose
mihomo-commonCore traits and types (ProxyAdapter, Rule, Metadata)
mihomo-trieDomain trie for efficient pattern matching
mihomo-transportTLS (rustls + BoringSSL), WebSocket, gRPC, H2, HTTPUpgrade
mihomo-proxyProxy protocol implementations and groups
mihomo-rulesRule matching engine and parser
mihomo-dnsDNS resolver, cache, DNS snooping, server
mihomo-tunnelCore routing, TCP/UDP relay, statistics
mihomo-listenerInbound handlers (Mixed / HTTP / SOCKS5 / TProxy)
mihomo-configYAML config parsing, subscription fetcher, persistence
mihomo-apiREST API (Axum) + embedded web dashboard
mihomo-appCLI entry point

Quick Start

1

Build

Requires Rust 1.88+

cargo build --release
2

Configure

Copy and edit the example config

cp config.example.yaml config.yaml # edit config.yaml with your servers
3

Run

Start the proxy and open the dashboard

./target/release/mihomo -f config.yaml # Open http://127.0.0.1:9090/ui
4

Connect

Use the proxy or add a subscription from the web UI

export http_proxy=http://127.0.0.1:7890 export https_proxy=http://127.0.0.1:7890 curl https://ipinfo.io