Clash Field
Clash Field
Section titled “Clash Field”Default
Section titled “Default”proxies
Section titled “proxies”Proxy node, with content as an array. Obtained from configuration file.
proxy-groups
Section titled “proxy-groups”Composed of multiple proxy nodes. Obtained from configuration file.
proxy-providers
Section titled “proxy-providers”Proxy providers, capable of merging multiple configuration files.
Proxy rules, where rules are matched in the order from top to bottom, with rules at the top of the list having higher priority than those below them.
rule-providers
Section titled “rule-providers”Proxy rule providers, capable of managing rules and updating them individually.
Handle
Section titled “Handle”Operation Mode.
ruleRule-based matchingglobalGlobal proxy (requires selecting proxy/strategy in GLOBAL proxy group)directGlobal direct connection
HTTP(S) proxy port.
socks-port
Section titled “socks-port”SOCKS4/4a/5 proxy port.
mixed-port
Section titled “mixed-port”Mixed port is a special port that supports both HTTP(S) and SOCKS5 protocols simultaneously. You can use any program that supports HTTP or SOCKS proxies to connect to this port.
allow-lan
Section titled “allow-lan”Allows other devices to access the internet through Clash proxy port.
log-level
Section titled “log-level”Controls the logging level of Clash core, only output to console and control page.
silentSilent, no output.errorOutputs logs of errors and unusable logs.warningOutputs logs of errors that do not affect operations, and logs of error level.infoOutputs general operational logs, as well as logs of error and warning levels.debugOutputs as much information as possible during runtime.
Whether to allow the kernel to accept IPv6 traffic.
secret
Section titled “secret”Access key for the External Control API.
external-controller
Section titled “external-controller”External controller, allows controlling your Clash kernel using RESTful API.
API listening address, you can change 127.0.0.1 to 0.0.0.0 to listen on all IPs.
Enable DNS configuration field.
Enable TUN configuration field.
eBPF redirection to TUN is a feature that intercepts all network traffic on a specific network interface and redirects it to the TUN interface. This feature requires kernel support.
Supported kernel: Mihomo Clash Premium
Enable hosts configuration field.
script
Section titled “script”Clash Premium has implemented a script feature based on Python3, allowing users to dynamically and flexibly select policies for data packets.
profile
Section titled “profile”In the official Clash documentation, ‘profile’ should serve as an extended configuration, but in Clash.meta, it’s only used as a cache item.
payload
Section titled “payload”Payload serves as the content for rule-providers.
tunnels
Section titled “tunnels”Flow forwarding tunnel, capable of forwarding TCP/UDP traffic, and can also be forwarded through a proxy.
auto-redir
Section titled “auto-redir”experimental
Section titled “experimental”Experimental configuration
interface-name
Section titled “interface-name”Specify the outbound interface for the proxy-groups.
routing-mark
Section titled “routing-mark”Attach a routing markwhen the proxy-groups goes outbound.
redir-port
Section titled “redir-port”The redirect port is only applicable to Linux (Android) and macOS. Can only proxy TCP traffic.
tproxy-port
Section titled “tproxy-port”The tproxy port is only applicable to Linux (Android). Capable of proxying both TCP and UDP traffic.
iptables
Section titled “iptables”external-ui
Section titled “external-ui”Allows running static webpage resources (such as Clash-dashboard) on Clash API, path is API address/ui.
bind-address
Section titled “bind-address”Binding address, only allows other devices to access through this address.
authentication
Section titled “authentication”User authentication for http(s), socks, and mixed proxies.
Proxie field.
sniffer
Section titled “sniffer”Clash uses a Mapping mechanism to address the issue of being unable to pass domain names through the Redir port in transparent proxy scenarios. However, this mechanism can lead to inaccuracies in domain name restoration and domain-based routing if Clash’s built-in DNS resolution service is not used.
Meta incorporates a Sniffer domain name sniffer, which reads the domain name field in handshake packets to restore IPs to domain names, effectively addressing the shortcomings of the Mapping mechanism.
geox-url
Section titled “geox-url”Custom GEO Download Address
listeners
Section titled “listeners”sub-rules
Section titled “sub-rules”geodata-mode
Section titled “geodata-mode”Change the geoip usage file, mmdb or dat,true is dat, with a default value of false.
unified-delay
Section titled “unified-delay”Change delay calculation method, remove additional delays such as handshakes.
tcp-concurrent
Section titled “tcp-concurrent”enable-process
Section titled “enable-process”Meta rename find-process-mode.
find-process-mode
Section titled “find-process-mode”Controls whether Clash matches processes.
alwaysEnables, forces matching of all processes.strictDefault, Clash determines whether to enable.offDoes not match processes, recommended for use on routers.
skip-auth-prefixes
Section titled “skip-auth-prefixes”Set the IP ranges allowed to skip authentication.
external-controller-tls
Section titled “external-controller-tls”HTTPS-API listening address, requires configuring the tls section for certificate and private key configuration, external-controller must also be filled in.
global-client-fingerprint
Section titled “global-client-fingerprint”Global TLS fingerprint, lower priority than client-fingerprint inside proxy.
Currently supports TCP/grpc/WS/HTTP transport with TLS, supported protocols are VLESS, Vmess, and trojan.