Technical Features

Explore Clash Core Capabilities

Clash is a cross-platform, rule-driven proxy engine written in Go. Supporting 20+ protocols and flexible routing policies, it provides a reliable and efficient network proxy solution for developers and power users.

Download Now Back to Home

Traffic Routing Illustration

Your Device

Clash Rule Engine

Smart Routing · YAML Rules · Millisecond Matching

Running

PROXY

google.com youtube.com github.com

DIRECT

amazon.com amazon.com youtube.com

REJECT

Ad Domains Tracking Scripts Malicious Sites

What is Clash

A Powerful
Rule-driven Proxy Engine

Clash's core (Mihomo kernel) is a lightweight, high-performance proxy backend that defines nodes, rules, and policy groups through YAML configuration files for granular traffic control.

Whether matching by domain, IP, GEOIP, or process name, Clash accurately routes different traffic to specified proxy nodes or direct connections, completely transparent to applications.

Fully Open Source Written in Go GPL-3.0 License Cross-platform Support High-performance Core YAML Configuration

Technical Specs

LanguageGo

Supported Protocols20+

Rule Types12 Types

Outbound Policies5 Types

DNS ModesFake-IP / Redir-Host

Control APIRESTful API

Transparent ProxyTUN / iptables

Open Source LicenseGPL-3.0

Core Features

Proxy Capabilities Built for Experts

Clash abstracts complex network requirements into simple configurations, offering enterprise-grade stability and flexibility.

Rule-based Traffic Routing

The core strength of Clash. Define rule order via YAML to precisely match every connection, supporting routing by domain, IP range, location, process name, and more.

rules: - DOMAIN-SUFFIX,google.com,Proxy - GEOIP,CN,DIRECT - PROCESS-NAME,steam.exe,DIRECT - MATCH,,Proxy

TUN Transparent Proxy

Create a virtual network interface to take over all system traffic without individual app configuration. Full protocol support for TCP, UDP, and ICMP.

Recommended Mode

Native Multi-protocol Support

Shadowsocks, VMess, VLESS, Trojan, Hysteria2, TUIC, WireGuard, and other major protocols supported out of the box.

SS VMess VLESS Trojan Hy2 TUIC

20+

Supported Proxy Protocols

Continuously Following Latest
Community Standards & Specs

RESTful Control Panel

Built-in REST API. Use with Web UIs like Yacd or MetaCubeX to view connections in real-time and switch nodes with one click.

Visual Management

Enhanced DNS Resolution

Fake-IP and Redir-Host dual modes. Supports DoH / DoT / DoQ encrypted upstreams to effectively prevent DNS pollution and leaks.

Fake-IP DoH DoT DoQ DHCP

Smart Outbound Policy Groups

URL-Test auto-selection, Fallback failover, and Load-Balance for various network scenarios.

URL-Test — Auto-select lowest latency node

Fallback — Auto-switch on node failure

Load-Balance — Aggregate bandwidth across nodes

Rule Providers

Load and update rule sets from remote URLs. Reference community GeoSite / GeoIP databases for ad-blocking and routing.

Community Driven

Mixed Port & Multi-inbound

A single Mixed Port for both HTTP and SOCKS5. Also supports Redirect and TProxy for transparent router proxy deployment.

Highly Compatible

Process-level Traffic Matching

Route by process name using PROCESS-NAME for precise control over Telegram, Steam, Chrome, and more.

Precise Control

Protocol Support

Covering the Major Proxy Protocol Ecosystem

Clash (Mihomo core) continuously follows the latest proxy standards, staying in sync with cutting-edge community technology.

Encrypted Protocols

Shadowsocks ShadowsocksR VMess VLESS Trojan Snell

Next-gen

Hysteria Hysteria2 TUIC v5 WireGuard AnyTLS

Universal Protocols

SOCKS5 HTTP HTTPS SSH

Transport Layer

WebSocket HTTP/2 gRPC QUIC Reality

DNS Protocols

UDP DNS DoH DoT DoQ dhcp system

Rule Types

DOMAIN DOMAIN-SUFFIX IP-CIDR GEOIP GEOSITE PROCESS-NAME RULE-SET SCRIPT

How It Works

The Complete Traffic Path Through Clash

Understand how Clash takes over, resolves, matches, and forwards every network request from application to destination.

App Initiates Request

A browser, app, or process starts a TCP/UDP connection. The OS forwards traffic to Clash's proxy port or TUN interface.

ChromeTelegramcurlAny Process

Clash Takes Over Traffic

Via TUN mode, system proxy settings, or iptables, Clash intercepts all outbound TCP and UDP traffic.

TUNiptablesMixed Port

DNS Resolution & Anti-pollution

Built-in DNS resolve domains before rule matching. Fake-IP mode returns fake IPs to prevent pollution, while real IPs are resolved via trusted DoH/DoT.

Fake-IPDoHDoTDoQ

Top-to-bottom Rule Matching

Clash matches rules in order. Once a hit is found, it determines the outbound target; unmatched traffic falls to the MATCH catch-all rule.

DOMAINGEOIPIP-CIDRPROCESS-NAME

Policy Group Decides Exit Node

The group type determines the final node: URL-Test selects the lowest latency, Fallback selects the first available, or Select follows manual user choice.

URL-TestFallbackLoad-BalanceSelect

Data Reaches Target Server

Traffic is forwarded via an encrypted proxy node or connected directly via DIRECT. The process is completely transparent to the app.

PROXY → Encrypted ForwardingDIRECT → Direct Connection

Outbound Policies

Flexible Policy Group System

Clash offers various built-in policy types, from simple direct connection to enterprise-grade high availability.

DIRECT Direct

No proxy; traffic connects directly to the target server. Ideal for local websites, LAN access, and low-latency needs.

REJECT Block

Drops matching traffic without response. Commonly used to block ads, trackers, and malicious IPs for privacy.

URL-Test Auto Speed Test

Periodically pings a test URL to automatically select the lowest latency available node, ensuring a smooth experience.

Fallback Failover

Selects the first available node in order. Automatically switches to backup nodes if the primary fails, ensuring continuity.

Load-Balance Load Balancing

Distributes traffic across multiple nodes via hash or round-robin to increase aggregate bandwidth, ideal for high-concurrency downloads.

Select Manual Selection

Manually specify outbound nodes via a dashboard or client, ideal for power users who want full control over their route.

Use Cases

Who Is Using Clash

From individual developers to corporate teams, Clash's flexibility makes it suitable for all types of network scenarios.

👨‍💻

Developers & Engineers

Access resources like GitHub, npm, Docker Hub, and Google APIs. Use process-level control to manage dev tool proxying without affecting local debugging.

🏢

Enterprises & Teams

Centrally manage employee traffic policies with rule sets. Integrate with internal systems via RESTful API. Deploy as a transparent gateway on routers.

🌏

Daily Users

Smart routing for domestic/international traffic. Hassle-free access to streaming and academic resources with graphical clients like Clash Verge Rev and FlClash.