fix ini configuration default values

2025-08-01 19:49:03 +00:00 · 2024-05-30 10:26:00 +08:00
85 changed files with 345 additions and 900 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -2,7 +2,7 @@ version: 2
 jobs:
  go-version-latest:
    docker:
-    - image: cimg/go:1.23-node
+    - image: cimg/go:1.22-node
    resource_class: large
    steps:
    - checkout
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,4 +1,4 @@
 # These are supported funding model platforms

 github: [fatedier]
-custom: ["https://afdian.com/a/fatedier"]
+custom: ["https://afdian.net/a/fatedier"]
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -17,13 +17,13 @@ jobs:
    - uses: actions/checkout@v4
    - uses: actions/setup-go@v5
      with:
-        go-version: '1.23'
+        go-version: '1.22'
        cache: false
    - name: golangci-lint
      uses: golangci/golangci-lint-action@v4
      with:
        # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-        version: v1.61
+        version: v1.57

        # Optional: golangci-lint command line arguments.
        # args: --issues-exit-code=0
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -15,7 +15,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
-          go-version: '1.23'
+          go-version: '1.22'
          
      - name: Make All
        run: |
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -21,14 +21,14 @@ jobs:
    steps:
    - uses: actions/stale@v9
      with:
-        stale-issue-message: 'Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.'
-        stale-pr-message: "PRs go stale after 14d of inactivity. Stale PRs rot after an additional 3d of inactivity and eventually close."
+        stale-issue-message: 'Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.'
+        stale-pr-message: "PRs go stale after 21d of inactivity. Stale PRs rot after an additional 7d of inactivity and eventually close."
        stale-issue-label: 'lifecycle/stale'
        exempt-issue-labels: 'bug,doc,enhancement,future,proposal,question,testing,todo,easy,help wanted,assigned'
        stale-pr-label: 'lifecycle/stale'
        exempt-pr-labels: 'bug,doc,enhancement,future,proposal,question,testing,todo,easy,help wanted,assigned'
-        days-before-stale: 14
-        days-before-close: 3
+        days-before-stale: 21
+        days-before-close: 7
        debug-only: ${{ github.event.inputs.debug-only }}
        exempt-all-pr-milestones: true
        exempt-all-pr-assignees: true
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,10 +1,10 @@
 service:
-  golangci-lint-version: 1.61.x # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.57.x # use the fixed version to not introduce new linters unexpectedly

 run:
  concurrency: 4
  # timeout for analysis, e.g. 30s, 5m, default is 1m
-  timeout: 20m
+  deadline: 20m
  build-tags:
  - integ
  - integfuzz
@@ -14,7 +14,7 @@ linters:
  enable:
  - unused
  - errcheck
-  - copyloopvar
+  - exportloopref
  - gocritic
  - gofumpt
  - goimports
@@ -48,8 +48,7 @@ linters-settings:
    check-blank: false
  govet:
    # report about shadowed variables
-    disable:
-    - shadow
+    check-shadowing: false
  maligned:
    # print struct with more effective memory layout or not, false by default
    suggest-new: true
@@ -89,9 +88,7 @@ linters-settings:
    excludes:
    - G401
    - G402
-    - G404
    - G501
-    - G115 # integer overflow conversion

 issues:
  # List of regexps of issue texts to exclude, empty list by default.
--- a/Makefile.cross-compiles
+++ b/Makefile.cross-compiles
@@ -2,7 +2,7 @@ export PATH := $(PATH):`go env GOPATH`/bin
 export GO111MODULE=on
 LDFLAGS := -s -w

-os-archs=darwin:amd64 darwin:arm64 freebsd:amd64 linux:amd64 linux:arm:7 linux:arm:5 linux:arm64 windows:amd64 windows:arm64 linux:mips64 linux:mips64le linux:mips:softfloat linux:mipsle:softfloat linux:riscv64 linux:loong64 android:arm64
+os-archs=darwin:amd64 darwin:arm64 freebsd:amd64 linux:amd64 linux:arm:7 linux:arm:5 linux:arm64 windows:amd64 windows:arm64 linux:mips64 linux:mips64le linux:mips:softfloat linux:mipsle:softfloat linux:riscv64 android:arm64

 all: build

--- a/README.md
+++ b/README.md
@@ -7,30 +7,15 @@

 [README](README.md) | [中文文档](README_zh.md)

-## Sponsors
-
-frp is an open source project with its ongoing development made possible entirely by the support of our awesome sponsors. If you'd like to join them, please consider [sponsoring frp's development](https://github.com/sponsors/fatedier).
-
 <h3 align="center">Gold Sponsors</h3>
 <!--gold sponsors start-->
-<p align="center">
-  <a href="https://jb.gg/frp" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_jetbrains.jpg">
-  </a>
-</p>
 <p align="center">
  <a href="https://workos.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=frp&utm_source=github" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_workos.png">
+    <img width="350px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_workos.png">
  </a>
-</p>
-<p align="center">
+  <a>&nbsp</a>
  <a href="https://github.com/daytonaio/daytona" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_daytona.png">
-  </a>
-</p>
-<p align="center">
-  <a href="https://github.com/beclab/Olares" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_olares.jpeg">
+    <img width="360px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_daytona.png">
  </a>
 </p>
 <!--gold sponsors end-->
@@ -97,7 +82,7 @@ frp also offers a P2P connect mode.
    * [Client Plugins](#client-plugins)
    * [Server Manage Plugins](#server-manage-plugins)
    * [SSH Tunnel Gateway](#ssh-tunnel-gateway)
-* [Related Projects](#related-projects)
+* [Releated Projects](#releated-projects)
 * [Contributing](#contributing)
 * [Donation](#donation)
    * [GitHub Sponsors](#github-sponsors)
@@ -1260,7 +1245,7 @@ frpc tcp --proxy_name "test-tcp" --local_ip 127.0.0.1 --local_port 8080 --remote

 Please refer to this [document](/doc/ssh_tunnel_gateway.md) for more information.

-## Related Projects
+## Releated Projects

 * [gofrp/plugin](https://github.com/gofrp/plugin) - A repository for frp plugins that contains a variety of plugins implemented based on the frp extension mechanism, meeting the customization needs of different scenarios.
 * [gofrp/tiny-frpc](https://github.com/gofrp/tiny-frpc) - A lightweight version of the frp client (around 3.5MB at minimum) implemented using the ssh protocol, supporting some of the most commonly used features, suitable for devices with limited resources.
--- a/README_zh.md
+++ b/README_zh.md
@@ -9,30 +9,15 @@

 frp 是一个专注于内网穿透的高性能的反向代理应用，支持 TCP、UDP、HTTP、HTTPS 等多种协议，且支持 P2P 通信。可以将内网服务以安全、便捷的方式通过具有公网 IP 节点的中转暴露到公网。

-## Sponsors
-
-frp 是一个完全开源的项目，我们的开发工作完全依靠赞助者们的支持。如果你愿意加入他们的行列，请考虑 [赞助 frp 的开发](https://github.com/sponsors/fatedier)。
-
 <h3 align="center">Gold Sponsors</h3>
 <!--gold sponsors start-->
-<p align="center">
-  <a href="https://jb.gg/frp" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_jetbrains.jpg">
-  </a>
-</p>
 <p align="center">
  <a href="https://workos.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=frp&utm_source=github" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_workos.png">
+    <img width="350px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_workos.png">
  </a>
-</p>
-<p align="center">
+  <a>&nbsp</a>
  <a href="https://github.com/daytonaio/daytona" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_daytona.png">
-  </a>
-</p>
-<p align="center">
-  <a href="https://github.com/beclab/Olares" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_olares.jpeg">
+    <img width="360px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_daytona.png">
  </a>
 </p>
 <!--gold sponsors end-->
@@ -104,7 +89,7 @@ frp 是一个免费且开源的项目，我们欢迎任何人为其开发和进

 您可以通过 [GitHub Sponsors](https://github.com/sponsors/fatedier) 赞助我们。

-国内用户可以通过 [爱发电](https://afdian.com/a/fatedier) 赞助我们。
+国内用户可以通过 [爱发电](https://afdian.net/a/fatedier) 赞助我们。

 企业赞助者可以将贵公司的 Logo 以及链接放置在项目 README 文件中。

--- a/Release.md
+++ b/Release.md
@@ -1,7 +1,9 @@
-### Features
-
-* Support metadatas and annotations in frpc proxy commands.
-
 ### Fixes

-* Properly release resources in service.Close() to prevent resource leaks when used as a library.
+* Fixed an issue where HTTP/2 was not enabled for https2http and https2https plugins.
+* Fixed the issue where the default values of INI configuration parameters are inconsistent with other configuration formats.
+
+### Changes
+
+* Updated the default value of `transport.tcpMuxKeepaliveInterval` from 60 to 30.
+* On the Android platform, the Google DNS server is used only when the default DNS server cannot be obtained.
--- a/client/control.go
+++ b/client/control.go
@@ -230,7 +230,7 @@ func (ctl *Control) registerMsgHandlers() {
 	ctl.msgDispatcher.RegisterHandler(&msg.Pong{}, ctl.handlePong)
 }

-// heartbeatWorker sends heartbeat to server and check heartbeat timeout.
+// headerWorker sends heartbeat to server and check heartbeat timeout.
 func (ctl *Control) heartbeatWorker() {
 	xl := ctl.xl

--- a/client/event/event.go
+++ b/client/event/event.go
@@ -8,7 +8,7 @@ import (

 var ErrPayloadType = errors.New("error payload type")

-type Handler func(payload any) error
+type Handler func(payload interface{}) error

 type StartProxyPayload struct {
 	NewProxyMsg *msg.NewProxy
--- a/client/proxy/proxy.go
+++ b/client/proxy/proxy.go
@@ -192,7 +192,7 @@ func (pxy *BaseProxy) HandleTCPWorkConnection(workConn net.Conn, m *msg.StartWor
 	if pxy.proxyPlugin != nil {
 		// if plugin is set, let plugin handle connection first
 		xl.Debugf("handle by plugin: %s", pxy.proxyPlugin.Name())
-		pxy.proxyPlugin.Handle(pxy.ctx, remote, workConn, &extraInfo)
+		pxy.proxyPlugin.Handle(remote, workConn, &extraInfo)
 		xl.Debugf("handle by plugin finished")
 		return
 	}
--- a/client/proxy/proxy_manager.go
+++ b/client/proxy/proxy_manager.go
@@ -96,7 +96,7 @@ func (pm *Manager) HandleWorkConn(name string, workConn net.Conn, m *msg.StartWo
 	}
 }

-func (pm *Manager) HandleEvent(payload any) error {
+func (pm *Manager) HandleEvent(payload interface{}) error {
 	var m msg.Message
 	switch e := payload.(type) {
 	case *event.StartProxyPayload:
--- a/client/proxy/proxy_wrapper.go
+++ b/client/proxy/proxy_wrapper.go
@@ -137,7 +137,7 @@ func (pw *Wrapper) SetRunningStatus(remoteAddr string, respErr string) error {
 		pw.Phase = ProxyPhaseStartErr
 		pw.Err = respErr
 		pw.lastStartErr = time.Now()
-		return fmt.Errorf("%s", pw.Err)
+		return fmt.Errorf(pw.Err)
 	}

 	if err := pw.pxy.Run(); err != nil {
--- a/client/service.go
+++ b/client/service.go
@@ -169,15 +169,6 @@ func (svr *Service) Run(ctx context.Context) error {
 		netpkg.SetDefaultDNSAddress(svr.common.DNSServer)
 	}

-	if svr.webServer != nil {
-		go func() {
-			log.Infof("admin server listen on %s", svr.webServer.Address())
-			if err := svr.webServer.Run(); err != nil {
-				log.Warnf("admin server exit with error: %v", err)
-			}
-		}()
-	}
-
 	// first login to frps
 	svr.loopLoginUntilSuccess(10*time.Second, lo.FromPtr(svr.common.LoginFailExit))
 	if svr.ctl == nil {
@@ -188,6 +179,14 @@ func (svr *Service) Run(ctx context.Context) error {

 	go svr.keepControllerWorking()

+	if svr.webServer != nil {
+		go func() {
+			log.Infof("admin server listen on %s", svr.webServer.Address())
+			if err := svr.webServer.Run(); err != nil {
+				log.Warnf("admin server exit with error: %v", err)
+			}
+		}()
+	}
 	<-svr.ctx.Done()
 	svr.stop()
 	return nil
--- a/cmd/frpc/sub/admin.go
+++ b/cmd/frpc/sub/admin.go
@@ -15,11 +15,9 @@
 package sub

 import (
-	"context"
 	"fmt"
 	"os"
 	"strings"
-	"time"

 	"github.com/rodaine/table"
 	"github.com/spf13/cobra"
@@ -29,24 +27,24 @@ import (
 	clientsdk "github.com/fatedier/frp/pkg/sdk/client"
 )

-var adminAPITimeout = 30 * time.Second
-
 func init() {
-	commands := []struct {
-		name        string
-		description string
-		handler     func(*v1.ClientCommonConfig) error
-	}{
-		{"reload", "Hot-Reload frpc configuration", ReloadHandler},
-		{"status", "Overview of all proxies status", StatusHandler},
-		{"stop", "Stop the running frpc", StopHandler},
-	}
+	rootCmd.AddCommand(NewAdminCommand(
+		"reload",
+		"Hot-Reload frpc configuration",
+		ReloadHandler,
+	))

-	for _, cmdConfig := range commands {
-		cmd := NewAdminCommand(cmdConfig.name, cmdConfig.description, cmdConfig.handler)
-		cmd.Flags().DurationVar(&adminAPITimeout, "api-timeout", adminAPITimeout, "Timeout for admin API calls")
-		rootCmd.AddCommand(cmd)
-	}
+	rootCmd.AddCommand(NewAdminCommand(
+		"status",
+		"Overview of all proxies status",
+		StatusHandler,
+	))
+
+	rootCmd.AddCommand(NewAdminCommand(
+		"stop",
+		"Stop the running frpc",
+		StopHandler,
+	))
 }

 func NewAdminCommand(name, short string, handler func(*v1.ClientCommonConfig) error) *cobra.Command {
@@ -75,9 +73,7 @@ func NewAdminCommand(name, short string, handler func(*v1.ClientCommonConfig) er
 func ReloadHandler(clientCfg *v1.ClientCommonConfig) error {
 	client := clientsdk.New(clientCfg.WebServer.Addr, clientCfg.WebServer.Port)
 	client.SetAuth(clientCfg.WebServer.User, clientCfg.WebServer.Password)
-	ctx, cancel := context.WithTimeout(context.Background(), adminAPITimeout)
-	defer cancel()
-	if err := client.Reload(ctx, strictConfigMode); err != nil {
+	if err := client.Reload(strictConfigMode); err != nil {
 		return err
 	}
 	fmt.Println("reload success")
@@ -87,9 +83,7 @@ func ReloadHandler(clientCfg *v1.ClientCommonConfig) error {
 func StatusHandler(clientCfg *v1.ClientCommonConfig) error {
 	client := clientsdk.New(clientCfg.WebServer.Addr, clientCfg.WebServer.Port)
 	client.SetAuth(clientCfg.WebServer.User, clientCfg.WebServer.Password)
-	ctx, cancel := context.WithTimeout(context.Background(), adminAPITimeout)
-	defer cancel()
-	res, err := client.GetAllProxyStatus(ctx)
+	res, err := client.GetAllProxyStatus()
 	if err != nil {
 		return err
 	}
@@ -115,9 +109,7 @@ func StatusHandler(clientCfg *v1.ClientCommonConfig) error {
 func StopHandler(clientCfg *v1.ClientCommonConfig) error {
 	client := clientsdk.New(clientCfg.WebServer.Addr, clientCfg.WebServer.Port)
 	client.SetAuth(clientCfg.WebServer.User, clientCfg.WebServer.Password)
-	ctx, cancel := context.WithTimeout(context.Background(), adminAPITimeout)
-	defer cancel()
-	if err := client.Stop(ctx); err != nil {
+	if err := client.Stop(); err != nil {
 		return err
 	}
 	fmt.Println("stop success")
--- a/conf/frpc_full_example.toml
+++ b/conf/frpc_full_example.toml
@@ -315,26 +315,6 @@ localAddr = "127.0.0.1:443"
 hostHeaderRewrite = "127.0.0.1"
 requestHeaders.set.x-from-where = "frp"

-[[proxies]]
-name = "plugin_http2http"
-type = "tcp"
-remotePort = 6007
-[proxies.plugin]
-type = "http2http"
-localAddr = "127.0.0.1:80"
-hostHeaderRewrite = "127.0.0.1"
-requestHeaders.set.x-from-where = "frp"
-
-[[proxies]]
-name = "plugin_tls2raw"
-type = "tcp"
-remotePort = 6008
-[proxies.plugin]
-type = "tls2raw"
-localAddr = "127.0.0.1:80"
-crtPath = "./server.crt"
-keyPath = "./server.key"
-
 [[proxies]]
 name = "secret_tcp"
 # If the type is secret tcp, remotePort is useless
--- a/doc/pic/donate-wechatpay.png
+++ b/doc/pic/donate-wechatpay.png
--- a/doc/pic/sponsor_daytona.png
+++ b/doc/pic/sponsor_daytona.png
--- a/doc/pic/sponsor_doppler.png
+++ b/doc/pic/sponsor_doppler.png
--- a/doc/pic/sponsor_jetbrains.jpg
+++ b/doc/pic/sponsor_jetbrains.jpg
--- a/doc/pic/sponsor_lokal.png
+++ b/doc/pic/sponsor_lokal.png
--- a/doc/pic/sponsor_nango.png
+++ b/doc/pic/sponsor_nango.png
--- a/doc/pic/sponsor_olares.jpeg
+++ b/doc/pic/sponsor_olares.jpeg
--- a/dockerfiles/Dockerfile-for-frpc
+++ b/dockerfiles/Dockerfile-for-frpc
@@ -1,4 +1,4 @@
-FROM golang:1.23 AS building
+FROM golang:1.22 AS building

 COPY . /building
 WORKDIR /building
@@ -7,8 +7,6 @@ RUN make frpc

 FROM alpine:3

-RUN apk add --no-cache tzdata
-
 COPY --from=building /building/bin/frpc /usr/bin/frpc

 ENTRYPOINT ["/usr/bin/frpc"]
--- a/dockerfiles/Dockerfile-for-frps
+++ b/dockerfiles/Dockerfile-for-frps
@@ -1,4 +1,4 @@
-FROM golang:1.23 AS building
+FROM golang:1.22 AS building

 COPY . /building
 WORKDIR /building
@@ -7,8 +7,6 @@ RUN make frps

 FROM alpine:3

-RUN apk add --no-cache tzdata
-
 COPY --from=building /building/bin/frps /usr/bin/frps

 ENTRYPOINT ["/usr/bin/frps"]
--- a/go.mod
+++ b/go.mod
@@ -1,33 +1,33 @@
 module github.com/fatedier/frp

-go 1.23.0
+go 1.22

 require (
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
 	github.com/coreos/go-oidc/v3 v3.10.0
-	github.com/fatedier/golib v0.5.1
+	github.com/fatedier/golib v0.5.0
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/websocket v1.5.0
 	github.com/hashicorp/yamux v0.1.1
-	github.com/onsi/ginkgo/v2 v2.22.0
-	github.com/onsi/gomega v1.34.2
+	github.com/onsi/ginkgo/v2 v2.17.1
+	github.com/onsi/gomega v1.32.0
 	github.com/pelletier/go-toml/v2 v2.2.0
 	github.com/pion/stun/v2 v2.0.0
 	github.com/pires/go-proxyproto v0.7.0
-	github.com/prometheus/client_golang v1.19.1
-	github.com/quic-go/quic-go v0.48.2
+	github.com/prometheus/client_golang v1.19.0
+	github.com/quic-go/quic-go v0.42.0
 	github.com/rodaine/table v1.2.0
-	github.com/samber/lo v1.47.0
+	github.com/samber/lo v1.39.0
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.9.0
 	github.com/tidwall/gjson v1.17.1
-	github.com/xtaci/kcp-go/v5 v5.6.13
-	golang.org/x/crypto v0.30.0
-	golang.org/x/net v0.32.0
+	github.com/xtaci/kcp-go/v5 v5.6.8
+	golang.org/x/crypto v0.22.0
+	golang.org/x/net v0.24.0
 	golang.org/x/oauth2 v0.16.0
-	golang.org/x/sync v0.10.0
+	golang.org/x/sync v0.6.0
 	golang.org/x/time v0.5.0
 	gopkg.in/ini.v1 v1.67.0
 	k8s.io/apimachinery v0.28.8
@@ -40,12 +40,12 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/pprof v0.0.0-20241206021119-61a79c692802 // indirect
+	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
 	github.com/klauspost/reedsolomon v1.12.0 // indirect
@@ -59,19 +59,20 @@ require (
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
-	github.com/templexxx/cpu v0.1.1 // indirect
-	github.com/templexxx/xorsimd v0.4.3 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	github.com/templexxx/cpu v0.1.0 // indirect
+	github.com/templexxx/xorsimd v0.4.2 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
-	go.uber.org/mock v0.5.0 // indirect
-	golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d // indirect
-	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/tools v0.28.0 // indirect
+	go.uber.org/mock v0.4.0 // indirect
+	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/tools v0.17.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/protobuf v1.34.1 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
--- a/go.sum
+++ b/go.sum
@@ -9,6 +9,9 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
@@ -21,16 +24,16 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fatedier/golib v0.5.1 h1:hcKAnaw5mdI/1KWRGejxR+i1Hn/NvbY5UsMKDr7o13M=
-github.com/fatedier/golib v0.5.1/go.mod h1:W6kIYkIFxHsTzbgqg5piCxIiDo4LzwgTY6R5W8l9NFQ=
+github.com/fatedier/golib v0.5.0 h1:hNcH7hgfIFqVWbP+YojCCAj4eO94pPf4dEF8lmq2jWs=
+github.com/fatedier/golib v0.5.0/go.mod h1:W6kIYkIFxHsTzbgqg5piCxIiDo4LzwgTY6R5W8l9NFQ=
 github.com/fatedier/yamux v0.0.0-20230628132301-7aca4898904d h1:ynk1ra0RUqDWQfvFi5KtMiSobkVQ3cNc0ODb8CfIETo=
 github.com/fatedier/yamux v0.0.0-20230628132301-7aca4898904d/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
 github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
-github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
-github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -55,14 +58,15 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/pprof v0.0.0-20241206021119-61a79c692802 h1:US08AXzP0bLurpzFUV3Poa9ZijrRdd1zAIOVtoHEiS8=
-github.com/google/pprof v0.0.0-20241206021119-61a79c692802/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc=
@@ -75,10 +79,10 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg=
-github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
-github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8=
-github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc=
+github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
+github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
+github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
+github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
 github.com/pelletier/go-toml/v2 v2.2.0 h1:QLgLl2yMN7N+ruc31VynXs1vhMZa7CeHHejIeBAsoHo=
 github.com/pelletier/go-toml/v2 v2.2.0/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/pion/dtls/v2 v2.2.7 h1:cSUBsETxepsCSFSxC3mc/aDo14qQLMSL+O6IjG28yV8=
@@ -97,8 +101,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
-github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
+github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
+github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
 github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
@@ -106,17 +110,17 @@ github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSz
 github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
 github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
 github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
-github.com/quic-go/quic-go v0.48.2 h1:wsKXZPeGWpMpCGSWqOcqpW2wZYic/8T3aqiOID0/KWE=
-github.com/quic-go/quic-go v0.48.2/go.mod h1:yBgs3rWBOADpga7F+jJsb6Ybg1LSYiQvwWlLX+/6HMs=
+github.com/quic-go/quic-go v0.42.0 h1:uSfdap0eveIl8KXnipv9K7nlwZ5IqLlYOpJ58u5utpM=
+github.com/quic-go/quic-go v0.42.0/go.mod h1:132kz4kL3F9vxhW3CtQJLDVwcFe5wdWeJXXijhsO57M=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rodaine/table v1.2.0 h1:38HEnwK4mKSHQJIkavVj+bst1TEY7j9zhLMWu4QJrMA=
 github.com/rodaine/table v1.2.0/go.mod h1:wejb/q/Yd4T/SVmBSRMr7GCq3KlcZp3gyNYdLSBhkaE=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/samber/lo v1.47.0 h1:z7RynLwP5nbyRscyvcD043DWYoOcYRv3mV8lBeqOCLc=
-github.com/samber/lo v1.47.0/go.mod h1:RmDH9Ct32Qy3gduHQuKJ3gW1fMHAnE/fAzQuf6He5cU=
+github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
+github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
 github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
 github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -125,16 +129,17 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/templexxx/cpu v0.1.1 h1:isxHaxBXpYFWnk2DReuKkigaZyrjs2+9ypIdGP4h+HI=
-github.com/templexxx/cpu v0.1.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
-github.com/templexxx/xorsimd v0.4.3 h1:9AQTFHd7Bhk3dIT7Al2XeBX5DWOvsUPZCuhyAtNbHjU=
-github.com/templexxx/xorsimd v0.4.3/go.mod h1:oZQcD6RFDisW2Am58dSAGwwL6rHjbzrlu25VDqfWkQg=
+github.com/templexxx/cpu v0.1.0 h1:wVM+WIJP2nYaxVxqgHPD4wGA2aJ9rvrQRV8CvFzNb40=
+github.com/templexxx/cpu v0.1.0/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
+github.com/templexxx/xorsimd v0.4.2 h1:ocZZ+Nvu65LGHmCLZ7OoCtg8Fx8jnHKK37SjvngUoVI=
+github.com/templexxx/xorsimd v0.4.2/go.mod h1:HgwaPoDREdi6OnULpSfxhzaiiSUY4Fi3JPn1wpt28NI=
 github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U=
 github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
@@ -143,31 +148,31 @@ github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
 github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
-github.com/xtaci/kcp-go/v5 v5.6.13 h1:FEjtz9+D4p8t2x4WjciGt/jsIuhlWjjgPCCWjrVR4Hk=
-github.com/xtaci/kcp-go/v5 v5.6.13/go.mod h1:75S1AKYYzNUSXIv30h+jPKJYZUwqpfvLshu63nCNSOM=
+github.com/xtaci/kcp-go/v5 v5.6.8 h1:jlI/0jAyjoOjT/SaGB58s4bQMJiNS41A2RKzR6TMWeI=
+github.com/xtaci/kcp-go/v5 v5.6.8/go.mod h1:oE9j2NVqAkuKO5o8ByKGch3vgVX3BNf8zqP8JiGq0bM=
 github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 h1:EWU6Pktpas0n8lLQwDsRyZfmkPeRbdgPtW609es+/9E=
 github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37/go.mod h1:HpMP7DB2CyokmAh4lp0EQnnWhmycP/TvwBGzvuie+H0=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
-go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
+go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
+go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
-golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
-golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d h1:0olWaB5pg3+oychR51GUVCEsGkeCU/2JxjBgIo4f3M0=
-golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
-golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -181,8 +186,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
 golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
@@ -191,11 +196,12 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -205,16 +211,16 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
@@ -222,8 +228,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -234,8 +240,8 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
-golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
+golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
+golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
@@ -256,8 +262,8 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
--- a/package.sh
+++ b/package.sh
@@ -18,7 +18,7 @@ rm -rf ./release/packages
 mkdir -p ./release/packages

 os_all='linux windows darwin freebsd android'
-arch_all='386 amd64 arm arm64 mips64 mips64le mips mipsle riscv64 loong64'
+arch_all='386 amd64 arm arm64 mips64 mips64le mips mipsle riscv64'
 extra_all='_ hf'

 cd ./release
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -50,8 +50,7 @@ func NewAuthVerifier(cfg v1.AuthServerConfig) (authVerifier Verifier) {
 	case v1.AuthMethodToken:
 		authVerifier = NewTokenAuth(cfg.AdditionalScopes, cfg.Token)
 	case v1.AuthMethodOIDC:
-		tokenVerifier := NewTokenVerifier(cfg.OIDC)
-		authVerifier = NewOidcAuthVerifier(cfg.AdditionalScopes, tokenVerifier)
+		authVerifier = NewOidcAuthVerifier(cfg.AdditionalScopes, cfg.OIDC)
 	}
 	return authVerifier
 }
--- a/pkg/auth/oidc.go
+++ b/pkg/auth/oidc.go
@@ -87,18 +87,14 @@ func (auth *OidcAuthProvider) SetNewWorkConn(newWorkConnMsg *msg.NewWorkConn) (e
 	return err
 }

-type TokenVerifier interface {
-	Verify(context.Context, string) (*oidc.IDToken, error)
-}
-
 type OidcAuthConsumer struct {
 	additionalAuthScopes []v1.AuthScope

-	verifier          TokenVerifier
-	subjectsFromLogin []string
+	verifier         *oidc.IDTokenVerifier
+	subjectFromLogin string
 }

-func NewTokenVerifier(cfg v1.AuthOIDCServerConfig) TokenVerifier {
+func NewOidcAuthVerifier(additionalAuthScopes []v1.AuthScope, cfg v1.AuthOIDCServerConfig) *OidcAuthConsumer {
 	provider, err := oidc.NewProvider(context.Background(), cfg.Issuer)
 	if err != nil {
 		panic(err)
@@ -109,14 +105,9 @@ func NewTokenVerifier(cfg v1.AuthOIDCServerConfig) TokenVerifier {
 		SkipExpiryCheck:   cfg.SkipExpiryCheck,
 		SkipIssuerCheck:   cfg.SkipIssuerCheck,
 	}
-	return provider.Verifier(&verifierConf)
-}
-
-func NewOidcAuthVerifier(additionalAuthScopes []v1.AuthScope, verifier TokenVerifier) *OidcAuthConsumer {
 	return &OidcAuthConsumer{
 		additionalAuthScopes: additionalAuthScopes,
-		verifier:             verifier,
-		subjectsFromLogin:    []string{},
+		verifier:             provider.Verifier(&verifierConf),
 	}
 }

@@ -125,9 +116,7 @@ func (auth *OidcAuthConsumer) VerifyLogin(loginMsg *msg.Login) (err error) {
 	if err != nil {
 		return fmt.Errorf("invalid OIDC token in login: %v", err)
 	}
-	if !slices.Contains(auth.subjectsFromLogin, token.Subject) {
-		auth.subjectsFromLogin = append(auth.subjectsFromLogin, token.Subject)
-	}
+	auth.subjectFromLogin = token.Subject
 	return nil
 }

@@ -136,11 +125,11 @@ func (auth *OidcAuthConsumer) verifyPostLoginToken(privilegeKey string) (err err
 	if err != nil {
 		return fmt.Errorf("invalid OIDC token in ping: %v", err)
 	}
-	if !slices.Contains(auth.subjectsFromLogin, token.Subject) {
+	if token.Subject != auth.subjectFromLogin {
 		return fmt.Errorf("received different OIDC subject in login and ping. "+
-			"original subjects: %s, "+
+			"original subject: %s, "+
 			"new subject: %s",
-			auth.subjectsFromLogin, token.Subject)
+			auth.subjectFromLogin, token.Subject)
 	}
 	return nil
 }
--- a/pkg/auth/oidc_test.go
+++ b/pkg/auth/oidc_test.go
@@ -1,64 +0,0 @@
-package auth_test
-
-import (
-	"context"
-	"testing"
-	"time"
-
-	"github.com/coreos/go-oidc/v3/oidc"
-	"github.com/stretchr/testify/require"
-
-	"github.com/fatedier/frp/pkg/auth"
-	v1 "github.com/fatedier/frp/pkg/config/v1"
-	"github.com/fatedier/frp/pkg/msg"
-)
-
-type mockTokenVerifier struct{}
-
-func (m *mockTokenVerifier) Verify(ctx context.Context, subject string) (*oidc.IDToken, error) {
-	return &oidc.IDToken{
-		Subject: subject,
-	}, nil
-}
-
-func TestPingWithEmptySubjectFromLoginFails(t *testing.T) {
-	r := require.New(t)
-	consumer := auth.NewOidcAuthVerifier([]v1.AuthScope{v1.AuthScopeHeartBeats}, &mockTokenVerifier{})
-	err := consumer.VerifyPing(&msg.Ping{
-		PrivilegeKey: "ping-without-login",
-		Timestamp:    time.Now().UnixMilli(),
-	})
-	r.Error(err)
-	r.Contains(err.Error(), "received different OIDC subject in login and ping")
-}
-
-func TestPingAfterLoginWithNewSubjectSucceeds(t *testing.T) {
-	r := require.New(t)
-	consumer := auth.NewOidcAuthVerifier([]v1.AuthScope{v1.AuthScopeHeartBeats}, &mockTokenVerifier{})
-	err := consumer.VerifyLogin(&msg.Login{
-		PrivilegeKey: "ping-after-login",
-	})
-	r.NoError(err)
-
-	err = consumer.VerifyPing(&msg.Ping{
-		PrivilegeKey: "ping-after-login",
-		Timestamp:    time.Now().UnixMilli(),
-	})
-	r.NoError(err)
-}
-
-func TestPingAfterLoginWithDifferentSubjectFails(t *testing.T) {
-	r := require.New(t)
-	consumer := auth.NewOidcAuthVerifier([]v1.AuthScope{v1.AuthScopeHeartBeats}, &mockTokenVerifier{})
-	err := consumer.VerifyLogin(&msg.Login{
-		PrivilegeKey: "login-with-first-subject",
-	})
-	r.NoError(err)
-
-	err = consumer.VerifyPing(&msg.Ping{
-		PrivilegeKey: "ping-with-different-subject",
-		Timestamp:    time.Now().UnixMilli(),
-	})
-	r.Error(err)
-	r.Contains(err.Error(), "received different OIDC subject in login and ping")
-}
--- a/pkg/config/flags.go
+++ b/pkg/config/flags.go
@@ -106,8 +106,6 @@ func registerProxyBaseConfigFlags(cmd *cobra.Command, c *v1.ProxyBaseConfig, opt
 	}

 	cmd.Flags().StringVarP(&c.Name, "proxy_name", "n", "", "proxy name")
-	cmd.Flags().StringToStringVarP(&c.Metadatas, "metadatas", "", nil, "metadata key-value pairs (e.g., key1=value1,key2=value2)")
-	cmd.Flags().StringToStringVarP(&c.Annotations, "annotations", "", nil, "annotation key-value pairs (e.g., key1=value1,key2=value2)")

 	if !options.sshMode {
 		cmd.Flags().StringVarP(&c.LocalIP, "local_ip", "i", "127.0.0.1", "local ip")
@@ -142,7 +140,6 @@ func registerVisitorBaseConfigFlags(cmd *cobra.Command, c *v1.VisitorBaseConfig,
 	cmd.Flags().BoolVarP(&c.Transport.UseCompression, "uc", "", false, "use compression")
 	cmd.Flags().StringVarP(&c.SecretKey, "sk", "", "", "secret key")
 	cmd.Flags().StringVarP(&c.ServerName, "server_name", "", "", "server name")
-	cmd.Flags().StringVarP(&c.ServerUser, "server-user", "", "", "server user")
 	cmd.Flags().StringVarP(&c.BindAddr, "bind_addr", "", "", "bind addr")
 	cmd.Flags().IntVarP(&c.BindPort, "bind_port", "", 0, "bind port")
 }
@@ -229,7 +226,6 @@ func RegisterServerConfigFlags(cmd *cobra.Command, c *v1.ServerConfig, opts ...R
 	cmd.PersistentFlags().StringVarP(&c.BindAddr, "bind_addr", "", "0.0.0.0", "bind address")
 	cmd.PersistentFlags().IntVarP(&c.BindPort, "bind_port", "p", 7000, "bind port")
 	cmd.PersistentFlags().IntVarP(&c.KCPBindPort, "kcp_bind_port", "", 0, "kcp bind udp port")
-	cmd.PersistentFlags().IntVarP(&c.QUICBindPort, "quic_bind_port", "", 0, "quic bind udp port")
 	cmd.PersistentFlags().StringVarP(&c.ProxyBindAddr, "proxy_bind_addr", "", "0.0.0.0", "proxy bind address")
 	cmd.PersistentFlags().IntVarP(&c.VhostHTTPPort, "vhost_http_port", "", 0, "vhost http port")
 	cmd.PersistentFlags().IntVarP(&c.VhostHTTPSPort, "vhost_https_port", "", 0, "vhost https port")
--- a/pkg/config/legacy/client.go
+++ b/pkg/config/legacy/client.go
@@ -170,7 +170,7 @@ type ClientCommonConf struct {
 }

 // Supported sources including: string(file path), []byte, Reader interface.
-func UnmarshalClientConfFromIni(source any) (ClientCommonConf, error) {
+func UnmarshalClientConfFromIni(source interface{}) (ClientCommonConf, error) {
 	f, err := ini.LoadSources(ini.LoadOptions{
 		Insensitive:         false,
 		InsensitiveSections: false,
@@ -203,7 +203,7 @@ func UnmarshalClientConfFromIni(source any) (ClientCommonConf, error) {
 // otherwise just start proxies in startProxy map
 func LoadAllProxyConfsFromIni(
 	prefix string,
-	source any,
+	source interface{},
 	start []string,
 ) (map[string]ProxyConf, map[string]VisitorConf, error) {
 	f, err := ini.LoadSources(ini.LoadOptions{
--- a/pkg/config/legacy/server.go
+++ b/pkg/config/legacy/server.go
@@ -217,7 +217,7 @@ func GetDefaultServerConf() ServerCommonConf {
 	}
 }

-func UnmarshalServerConfFromIni(source any) (ServerCommonConf, error) {
+func UnmarshalServerConfFromIni(source interface{}) (ServerCommonConf, error) {
 	f, err := ini.LoadSources(ini.LoadOptions{
 		Insensitive:         false,
 		InsensitiveSections: false,
--- a/pkg/config/load.go
+++ b/pkg/config/load.go
@@ -18,10 +18,10 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"html/template"
 	"os"
 	"path/filepath"
 	"strings"
-	"text/template"

 	toml "github.com/pelletier/go-toml/v2"
 	"github.com/samber/lo"
@@ -118,7 +118,7 @@ func LoadConfigure(b []byte, c any, strict bool) error {
 	defer v1.DisallowUnknownFieldsMu.Unlock()
 	v1.DisallowUnknownFields = strict

-	var tomlObj any
+	var tomlObj interface{}
 	// Try to unmarshal as TOML first; swallow errors from that (assume it's not valid TOML).
 	if err := toml.Unmarshal(b, &tomlObj); err == nil {
 		b, err = json.Marshal(&tomlObj)
--- a/pkg/config/load_test.go
+++ b/pkg/config/load_test.go
@@ -112,29 +112,6 @@ func TestLoadServerConfigStrictMode(t *testing.T) {
 	}
 }

-func TestRenderWithTemplate(t *testing.T) {
-	tests := []struct {
-		name    string
-		content string
-		want    string
-	}{
-		{"toml", tomlServerContent, tomlServerContent},
-		{"yaml", yamlServerContent, yamlServerContent},
-		{"json", jsonServerContent, jsonServerContent},
-		{"template numeric", `key = {{ 123 }}`, "key = 123"},
-		{"template string", `key = {{ "xyz" }}`, "key = xyz"},
-		{"template quote", `key = {{ printf "%q" "with space" }}`, `key = "with space"`},
-	}
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			require := require.New(t)
-			got, err := RenderWithTemplate([]byte(test.content), nil)
-			require.NoError(err)
-			require.EqualValues(test.want, string(got))
-		})
-	}
-}
-
 func TestCustomStructStrictMode(t *testing.T) {
 	require := require.New(t)

--- a/pkg/config/types/types.go
+++ b/pkg/config/types/types.go
@@ -159,18 +159,18 @@ func NewPortsRangeSliceFromString(str string) ([]PortsRange, error) {
 			out = append(out, PortsRange{Single: int(singleNum)})
 		case 2:
 			// range numbers
-			minNum, err := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
+			min, err := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
 			if err != nil {
 				return nil, fmt.Errorf("range number is invalid, %v", err)
 			}
-			maxNum, err := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
+			max, err := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
 			if err != nil {
 				return nil, fmt.Errorf("range number is invalid, %v", err)
 			}
-			if maxNum < minNum {
+			if max < min {
 				return nil, fmt.Errorf("range number is invalid")
 			}
-			out = append(out, PortsRange{Start: int(minNum), End: int(maxNum)})
+			out = append(out, PortsRange{Start: int(min), End: int(max)})
 		default:
 			return nil, fmt.Errorf("range number is invalid")
 		}
--- a/pkg/config/v1/plugin.go
+++ b/pkg/config/v1/plugin.go
@@ -20,15 +20,9 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
-
-	"github.com/samber/lo"
-
-	"github.com/fatedier/frp/pkg/util/util"
 )

-type ClientPluginOptions interface {
-	Complete()
-}
+type ClientPluginOptions interface{}

 type TypedClientPluginOptions struct {
 	Type string `json:"type"`
@@ -79,11 +73,9 @@ const (
 	PluginHTTPProxy        = "http_proxy"
 	PluginHTTPS2HTTP       = "https2http"
 	PluginHTTPS2HTTPS      = "https2https"
-	PluginHTTP2HTTP        = "http2http"
 	PluginSocks5           = "socks5"
 	PluginStaticFile       = "static_file"
 	PluginUnixDomainSocket = "unix_domain_socket"
-	PluginTLS2Raw          = "tls2raw"
 )

 var clientPluginOptionsTypeMap = map[string]reflect.Type{
@@ -91,11 +83,9 @@ var clientPluginOptionsTypeMap = map[string]reflect.Type{
 	PluginHTTPProxy:        reflect.TypeOf(HTTPProxyPluginOptions{}),
 	PluginHTTPS2HTTP:       reflect.TypeOf(HTTPS2HTTPPluginOptions{}),
 	PluginHTTPS2HTTPS:      reflect.TypeOf(HTTPS2HTTPSPluginOptions{}),
-	PluginHTTP2HTTP:        reflect.TypeOf(HTTP2HTTPPluginOptions{}),
 	PluginSocks5:           reflect.TypeOf(Socks5PluginOptions{}),
 	PluginStaticFile:       reflect.TypeOf(StaticFilePluginOptions{}),
 	PluginUnixDomainSocket: reflect.TypeOf(UnixDomainSocketPluginOptions{}),
-	PluginTLS2Raw:          reflect.TypeOf(TLS2RawPluginOptions{}),
 }

 type HTTP2HTTPSPluginOptions struct {
@@ -105,61 +95,36 @@ type HTTP2HTTPSPluginOptions struct {
 	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
 }

-func (o *HTTP2HTTPSPluginOptions) Complete() {}
-
 type HTTPProxyPluginOptions struct {
 	Type         string `json:"type,omitempty"`
 	HTTPUser     string `json:"httpUser,omitempty"`
 	HTTPPassword string `json:"httpPassword,omitempty"`
 }

-func (o *HTTPProxyPluginOptions) Complete() {}
-
 type HTTPS2HTTPPluginOptions struct {
 	Type              string           `json:"type,omitempty"`
 	LocalAddr         string           `json:"localAddr,omitempty"`
 	HostHeaderRewrite string           `json:"hostHeaderRewrite,omitempty"`
 	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
-	EnableHTTP2       *bool            `json:"enableHTTP2,omitempty"`
 	CrtPath           string           `json:"crtPath,omitempty"`
 	KeyPath           string           `json:"keyPath,omitempty"`
 }

-func (o *HTTPS2HTTPPluginOptions) Complete() {
-	o.EnableHTTP2 = util.EmptyOr(o.EnableHTTP2, lo.ToPtr(true))
-}
-
 type HTTPS2HTTPSPluginOptions struct {
 	Type              string           `json:"type,omitempty"`
 	LocalAddr         string           `json:"localAddr,omitempty"`
 	HostHeaderRewrite string           `json:"hostHeaderRewrite,omitempty"`
 	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
-	EnableHTTP2       *bool            `json:"enableHTTP2,omitempty"`
 	CrtPath           string           `json:"crtPath,omitempty"`
 	KeyPath           string           `json:"keyPath,omitempty"`
 }

-func (o *HTTPS2HTTPSPluginOptions) Complete() {
-	o.EnableHTTP2 = util.EmptyOr(o.EnableHTTP2, lo.ToPtr(true))
-}
-
-type HTTP2HTTPPluginOptions struct {
-	Type              string           `json:"type,omitempty"`
-	LocalAddr         string           `json:"localAddr,omitempty"`
-	HostHeaderRewrite string           `json:"hostHeaderRewrite,omitempty"`
-	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
-}
-
-func (o *HTTP2HTTPPluginOptions) Complete() {}
-
 type Socks5PluginOptions struct {
 	Type     string `json:"type,omitempty"`
 	Username string `json:"username,omitempty"`
 	Password string `json:"password,omitempty"`
 }

-func (o *Socks5PluginOptions) Complete() {}
-
 type StaticFilePluginOptions struct {
 	Type         string `json:"type,omitempty"`
 	LocalPath    string `json:"localPath,omitempty"`
@@ -168,20 +133,7 @@ type StaticFilePluginOptions struct {
 	HTTPPassword string `json:"httpPassword,omitempty"`
 }

-func (o *StaticFilePluginOptions) Complete() {}
-
 type UnixDomainSocketPluginOptions struct {
 	Type     string `json:"type,omitempty"`
 	UnixPath string `json:"unixPath,omitempty"`
 }
-
-func (o *UnixDomainSocketPluginOptions) Complete() {}
-
-type TLS2RawPluginOptions struct {
-	Type      string `json:"type,omitempty"`
-	LocalAddr string `json:"localAddr,omitempty"`
-	CrtPath   string `json:"crtPath,omitempty"`
-	KeyPath   string `json:"keyPath,omitempty"`
-}
-
-func (o *TLS2RawPluginOptions) Complete() {}
--- a/pkg/config/v1/proxy.go
+++ b/pkg/config/v1/proxy.go
@@ -127,10 +127,6 @@ func (c *ProxyBaseConfig) Complete(namePrefix string) {
 	c.Name = lo.Ternary(namePrefix == "", "", namePrefix+".") + c.Name
 	c.LocalIP = util.EmptyOr(c.LocalIP, "127.0.0.1")
 	c.Transport.BandwidthLimitMode = util.EmptyOr(c.Transport.BandwidthLimitMode, types.BandwidthLimitModeClient)
-
-	if c.Plugin.ClientPluginOptions != nil {
-		c.Plugin.ClientPluginOptions.Complete()
-	}
 }

 func (c *ProxyBaseConfig) MarshalToMsg(m *msg.NewProxy) {
--- a/pkg/config/v1/validation/plugin.go
+++ b/pkg/config/v1/validation/plugin.go
@@ -32,8 +32,6 @@ func ValidateClientPluginOptions(c v1.ClientPluginOptions) error {
 		return validateStaticFilePluginOptions(v)
 	case *v1.UnixDomainSocketPluginOptions:
 		return validateUnixDomainSocketPluginOptions(v)
-	case *v1.TLS2RawPluginOptions:
-		return validateTLS2RawPluginOptions(v)
 	}
 	return nil
 }
@@ -72,10 +70,3 @@ func validateUnixDomainSocketPluginOptions(c *v1.UnixDomainSocketPluginOptions)
 	}
 	return nil
 }
-
-func validateTLS2RawPluginOptions(c *v1.TLS2RawPluginOptions) error {
-	if c.LocalAddr == "" {
-		return errors.New("localAddr is required")
-	}
-	return nil
-}
--- a/pkg/msg/ctl.go
+++ b/pkg/msg/ctl.go
@@ -39,6 +39,6 @@ func ReadMsgInto(c io.Reader, msg Message) (err error) {
 	return msgCtl.ReadMsgInto(c, msg)
 }

-func WriteMsg(c io.Writer, msg any) (err error) {
+func WriteMsg(c io.Writer, msg interface{}) (err error) {
 	return msgCtl.WriteMsg(c, msg)
 }
--- a/pkg/msg/msg.go
+++ b/pkg/msg/msg.go
@@ -40,7 +40,7 @@ const (
 	TypeNatHoleReport      = '6'
 )

-var msgTypeMap = map[byte]any{
+var msgTypeMap = map[byte]interface{}{
 	TypeLogin:              Login{},
 	TypeLoginResp:          LoginResp{},
 	TypeNewProxy:           NewProxy{},
--- a/pkg/nathole/controller.go
+++ b/pkg/nathole/controller.go
@@ -371,8 +371,8 @@ func getRangePorts(addrs []string, difference, maxNumber int) []msg.PortsRange {
 		return nil
 	}

-	addr, isLast := lo.Last(addrs)
-	if !isLast {
+	addr, err := lo.Last(addrs)
+	if err != nil {
 		return nil
 	}
 	var ports []msg.PortsRange
--- a/pkg/nathole/utils.go
+++ b/pkg/nathole/utils.go
@@ -78,9 +78,9 @@ func ListAllLocalIPs() ([]net.IP, error) {
 	return ips, nil
 }

-func ListLocalIPsForNatHole(maxItems int) ([]string, error) {
-	if maxItems <= 0 {
-		return nil, fmt.Errorf("maxItems must be greater than 0")
+func ListLocalIPsForNatHole(max int) ([]string, error) {
+	if max <= 0 {
+		return nil, fmt.Errorf("max must be greater than 0")
 	}

 	ips, err := ListAllLocalIPs()
@@ -88,9 +88,9 @@ func ListLocalIPsForNatHole(maxItems int) ([]string, error) {
 		return nil, err
 	}

-	filtered := make([]string, 0, maxItems)
+	filtered := make([]string, 0, max)
 	for _, ip := range ips {
-		if len(filtered) >= maxItems {
+		if len(filtered) >= max {
 			break
 		}

--- a/pkg/plugin/client/http2http.go
+++ b/pkg/plugin/client/http2http.go
@@ -1,94 +0,0 @@
-// Copyright 2024 The frp Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build !frps
-
-package plugin
-
-import (
-	"context"
-	"io"
-	stdlog "log"
-	"net"
-	"net/http"
-	"net/http/httputil"
-
-	"github.com/fatedier/golib/pool"
-
-	v1 "github.com/fatedier/frp/pkg/config/v1"
-	"github.com/fatedier/frp/pkg/util/log"
-	netpkg "github.com/fatedier/frp/pkg/util/net"
-)
-
-func init() {
-	Register(v1.PluginHTTP2HTTP, NewHTTP2HTTPPlugin)
-}
-
-type HTTP2HTTPPlugin struct {
-	opts *v1.HTTP2HTTPPluginOptions
-
-	l *Listener
-	s *http.Server
-}
-
-func NewHTTP2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) {
-	opts := options.(*v1.HTTP2HTTPPluginOptions)
-
-	listener := NewProxyListener()
-
-	p := &HTTP2HTTPPlugin{
-		opts: opts,
-		l:    listener,
-	}
-
-	rp := &httputil.ReverseProxy{
-		Rewrite: func(r *httputil.ProxyRequest) {
-			req := r.Out
-			req.URL.Scheme = "http"
-			req.URL.Host = p.opts.LocalAddr
-			if p.opts.HostHeaderRewrite != "" {
-				req.Host = p.opts.HostHeaderRewrite
-			}
-			for k, v := range p.opts.RequestHeaders.Set {
-				req.Header.Set(k, v)
-			}
-		},
-		BufferPool: pool.NewBuffer(32 * 1024),
-		ErrorLog:   stdlog.New(log.NewWriteLogger(log.WarnLevel, 2), "", 0),
-	}
-
-	p.s = &http.Server{
-		Handler:           rp,
-		ReadHeaderTimeout: 0,
-	}
-
-	go func() {
-		_ = p.s.Serve(listener)
-	}()
-
-	return p, nil
-}
-
-func (p *HTTP2HTTPPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
-	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
-	_ = p.l.PutConn(wrapConn)
-}
-
-func (p *HTTP2HTTPPlugin) Name() string {
-	return v1.PluginHTTP2HTTP
-}
-
-func (p *HTTP2HTTPPlugin) Close() error {
-	return p.s.Close()
-}
--- a/pkg/plugin/client/http2https.go
+++ b/pkg/plugin/client/http2https.go
@@ -17,7 +17,6 @@
 package plugin

 import (
-	"context"
 	"crypto/tls"
 	"io"
 	stdlog "log"
@@ -89,7 +88,7 @@ func NewHTTP2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 	return p, nil
 }

-func (p *HTTP2HTTPSPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (p *HTTP2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	_ = p.l.PutConn(wrapConn)
 }
--- a/pkg/plugin/client/http_proxy.go
+++ b/pkg/plugin/client/http_proxy.go
@@ -18,7 +18,6 @@ package plugin

 import (
 	"bufio"
-	"context"
 	"encoding/base64"
 	"io"
 	"net"
@@ -69,7 +68,7 @@ func (hp *HTTPProxy) Name() string {
 	return v1.PluginHTTPProxy
 }

-func (hp *HTTPProxy) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (hp *HTTPProxy) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)

 	sc, rd := libnet.NewSharedConn(wrapConn)
--- a/pkg/plugin/client/https2http.go
+++ b/pkg/plugin/client/https2http.go
@@ -17,7 +17,6 @@
 package plugin

 import (
-	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
@@ -28,11 +27,9 @@ import (
 	"time"

 	"github.com/fatedier/golib/pool"
-	"github.com/samber/lo"

 	v1 "github.com/fatedier/frp/pkg/config/v1"
 	"github.com/fatedier/frp/pkg/transport"
-	httppkg "github.com/fatedier/frp/pkg/util/http"
 	"github.com/fatedier/frp/pkg/util/log"
 	netpkg "github.com/fatedier/frp/pkg/util/net"
 )
@@ -74,31 +71,26 @@ func NewHTTPS2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 		BufferPool: pool.NewBuffer(32 * 1024),
 		ErrorLog:   stdlog.New(log.NewWriteLogger(log.WarnLevel, 2), "", 0),
 	}
-	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.TLS != nil {
-			tlsServerName, _ := httppkg.CanonicalHost(r.TLS.ServerName)
-			host, _ := httppkg.CanonicalHost(r.Host)
-			if tlsServerName != "" && tlsServerName != host {
-				w.WriteHeader(http.StatusMisdirectedRequest)
-				return
-			}
-		}
-		rp.ServeHTTP(w, r)
-	})

-	tlsConfig, err := transport.NewServerTLSConfig(p.opts.CrtPath, p.opts.KeyPath, "")
+	var (
+		tlsConfig *tls.Config
+		err       error
+	)
+	if opts.CrtPath != "" || opts.KeyPath != "" {
+		tlsConfig, err = p.genTLSConfig()
+	} else {
+		tlsConfig, err = transport.NewServerTLSConfig("", "", "")
+		tlsConfig.InsecureSkipVerify = true
+	}
 	if err != nil {
 		return nil, fmt.Errorf("gen TLS config error: %v", err)
 	}

 	p.s = &http.Server{
-		Handler:           handler,
+		Handler:           rp,
 		ReadHeaderTimeout: 60 * time.Second,
 		TLSConfig:         tlsConfig,
 	}
-	if !lo.FromPtr(opts.EnableHTTP2) {
-		p.s.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
-	}

 	go func() {
 		_ = p.s.ServeTLS(listener, "", "")
@@ -106,7 +98,17 @@ func NewHTTPS2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 	return p, nil
 }

-func (p *HTTPS2HTTPPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
+func (p *HTTPS2HTTPPlugin) genTLSConfig() (*tls.Config, error) {
+	cert, err := tls.LoadX509KeyPair(p.opts.CrtPath, p.opts.KeyPath)
+	if err != nil {
+		return nil, err
+	}
+
+	config := &tls.Config{Certificates: []tls.Certificate{cert}}
+	return config, nil
+}
+
+func (p *HTTPS2HTTPPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	if extra.SrcAddr != nil {
 		wrapConn.SetRemoteAddr(extra.SrcAddr)
--- a/pkg/plugin/client/https2https.go
+++ b/pkg/plugin/client/https2https.go
@@ -17,7 +17,6 @@
 package plugin

 import (
-	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
@@ -28,11 +27,9 @@ import (
 	"time"

 	"github.com/fatedier/golib/pool"
-	"github.com/samber/lo"

 	v1 "github.com/fatedier/frp/pkg/config/v1"
 	"github.com/fatedier/frp/pkg/transport"
-	httppkg "github.com/fatedier/frp/pkg/util/http"
 	"github.com/fatedier/frp/pkg/util/log"
 	netpkg "github.com/fatedier/frp/pkg/util/net"
 )
@@ -80,31 +77,26 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 		BufferPool: pool.NewBuffer(32 * 1024),
 		ErrorLog:   stdlog.New(log.NewWriteLogger(log.WarnLevel, 2), "", 0),
 	}
-	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.TLS != nil {
-			tlsServerName, _ := httppkg.CanonicalHost(r.TLS.ServerName)
-			host, _ := httppkg.CanonicalHost(r.Host)
-			if tlsServerName != "" && tlsServerName != host {
-				w.WriteHeader(http.StatusMisdirectedRequest)
-				return
-			}
-		}
-		rp.ServeHTTP(w, r)
-	})

-	tlsConfig, err := transport.NewServerTLSConfig(p.opts.CrtPath, p.opts.KeyPath, "")
+	var (
+		tlsConfig *tls.Config
+		err       error
+	)
+	if opts.CrtPath != "" || opts.KeyPath != "" {
+		tlsConfig, err = p.genTLSConfig()
+	} else {
+		tlsConfig, err = transport.NewServerTLSConfig("", "", "")
+		tlsConfig.InsecureSkipVerify = true
+	}
 	if err != nil {
 		return nil, fmt.Errorf("gen TLS config error: %v", err)
 	}

 	p.s = &http.Server{
-		Handler:           handler,
+		Handler:           rp,
 		ReadHeaderTimeout: 60 * time.Second,
 		TLSConfig:         tlsConfig,
 	}
-	if !lo.FromPtr(opts.EnableHTTP2) {
-		p.s.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
-	}

 	go func() {
 		_ = p.s.ServeTLS(listener, "", "")
@@ -112,7 +104,17 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 	return p, nil
 }

-func (p *HTTPS2HTTPSPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
+func (p *HTTPS2HTTPSPlugin) genTLSConfig() (*tls.Config, error) {
+	cert, err := tls.LoadX509KeyPair(p.opts.CrtPath, p.opts.KeyPath)
+	if err != nil {
+		return nil, err
+	}
+
+	config := &tls.Config{Certificates: []tls.Certificate{cert}}
+	return config, nil
+}
+
+func (p *HTTPS2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	if extra.SrcAddr != nil {
 		wrapConn.SetRemoteAddr(extra.SrcAddr)
--- a/pkg/plugin/client/plugin.go
+++ b/pkg/plugin/client/plugin.go
@@ -15,7 +15,6 @@
 package plugin

 import (
-	"context"
 	"fmt"
 	"io"
 	"net"
@@ -58,7 +57,7 @@ type ExtraInfo struct {
 type Plugin interface {
 	Name() string

-	Handle(ctx context.Context, conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo)
+	Handle(conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo)
 	Close() error
 }

--- a/pkg/plugin/client/socks5.go
+++ b/pkg/plugin/client/socks5.go
@@ -17,7 +17,6 @@
 package plugin

 import (
-	"context"
 	"io"
 	"log"
 	"net"
@@ -51,7 +50,7 @@ func NewSocks5Plugin(options v1.ClientPluginOptions) (p Plugin, err error) {
 	return
 }

-func (sp *Socks5Plugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (sp *Socks5Plugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
 	defer conn.Close()
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	_ = sp.Server.ServeConn(wrapConn)
--- a/pkg/plugin/client/static_file.go
+++ b/pkg/plugin/client/static_file.go
@@ -17,7 +17,6 @@
 package plugin

 import (
-	"context"
 	"io"
 	"net"
 	"net/http"
@@ -70,7 +69,7 @@ func NewStaticFilePlugin(options v1.ClientPluginOptions) (Plugin, error) {
 	return sp, nil
 }

-func (sp *StaticFilePlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (sp *StaticFilePlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	_ = sp.l.PutConn(wrapConn)
 }
--- a/pkg/plugin/client/tls2raw.go
+++ b/pkg/plugin/client/tls2raw.go
@@ -1,83 +0,0 @@
-// Copyright 2024 The frp Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build !frps
-
-package plugin
-
-import (
-	"context"
-	"crypto/tls"
-	"io"
-	"net"
-
-	libio "github.com/fatedier/golib/io"
-
-	v1 "github.com/fatedier/frp/pkg/config/v1"
-	"github.com/fatedier/frp/pkg/transport"
-	netpkg "github.com/fatedier/frp/pkg/util/net"
-	"github.com/fatedier/frp/pkg/util/xlog"
-)
-
-func init() {
-	Register(v1.PluginTLS2Raw, NewTLS2RawPlugin)
-}
-
-type TLS2RawPlugin struct {
-	opts *v1.TLS2RawPluginOptions
-
-	tlsConfig *tls.Config
-}
-
-func NewTLS2RawPlugin(options v1.ClientPluginOptions) (Plugin, error) {
-	opts := options.(*v1.TLS2RawPluginOptions)
-
-	p := &TLS2RawPlugin{
-		opts: opts,
-	}
-
-	tlsConfig, err := transport.NewServerTLSConfig(p.opts.CrtPath, p.opts.KeyPath, "")
-	if err != nil {
-		return nil, err
-	}
-	p.tlsConfig = tlsConfig
-	return p, nil
-}
-
-func (p *TLS2RawPlugin) Handle(ctx context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
-	xl := xlog.FromContextSafe(ctx)
-
-	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
-	tlsConn := tls.Server(wrapConn, p.tlsConfig)
-
-	if err := tlsConn.Handshake(); err != nil {
-		xl.Warnf("tls handshake error: %v", err)
-		return
-	}
-	rawConn, err := net.Dial("tcp", p.opts.LocalAddr)
-	if err != nil {
-		xl.Warnf("dial to local addr error: %v", err)
-		return
-	}
-
-	libio.Join(tlsConn, rawConn)
-}
-
-func (p *TLS2RawPlugin) Name() string {
-	return v1.PluginTLS2Raw
-}
-
-func (p *TLS2RawPlugin) Close() error {
-	return nil
-}
--- a/pkg/plugin/client/unix_domain_socket.go
+++ b/pkg/plugin/client/unix_domain_socket.go
@@ -17,14 +17,12 @@
 package plugin

 import (
-	"context"
 	"io"
 	"net"

 	libio "github.com/fatedier/golib/io"

 	v1 "github.com/fatedier/frp/pkg/config/v1"
-	"github.com/fatedier/frp/pkg/util/xlog"
 )

 func init() {
@@ -50,11 +48,9 @@ func NewUnixDomainSocketPlugin(options v1.ClientPluginOptions) (p Plugin, err er
 	return
 }

-func (uds *UnixDomainSocketPlugin) Handle(ctx context.Context, conn io.ReadWriteCloser, _ net.Conn, extra *ExtraInfo) {
-	xl := xlog.FromContextSafe(ctx)
+func (uds *UnixDomainSocketPlugin) Handle(conn io.ReadWriteCloser, _ net.Conn, extra *ExtraInfo) {
 	localConn, err := net.DialUnix("unix", nil, uds.UnixAddr)
 	if err != nil {
-		xl.Warnf("dial to uds %s error: %v", uds.UnixAddr, err)
 		return
 	}
 	if extra.ProxyProtocolHeader != nil {
--- a/pkg/plugin/server/http.go
+++ b/pkg/plugin/server/http.go
@@ -72,7 +72,7 @@ func (p *httpPlugin) IsSupport(op string) bool {
 	return false
 }

-func (p *httpPlugin) Handle(ctx context.Context, op string, content any) (*Response, any, error) {
+func (p *httpPlugin) Handle(ctx context.Context, op string, content interface{}) (*Response, interface{}, error) {
 	r := &Request{
 		Version: APIVersion,
 		Op:      op,
--- a/pkg/plugin/server/manager.go
+++ b/pkg/plugin/server/manager.go
@@ -75,7 +75,7 @@ func (m *Manager) Login(content *LoginContent) (*LoginContent, error) {
 			Reject:   false,
 			Unchange: true,
 		}
-		retContent any
+		retContent interface{}
 		err        error
 	)
 	reqid, _ := util.RandID()
@@ -109,7 +109,7 @@ func (m *Manager) NewProxy(content *NewProxyContent) (*NewProxyContent, error) {
 			Reject:   false,
 			Unchange: true,
 		}
-		retContent any
+		retContent interface{}
 		err        error
 	)
 	reqid, _ := util.RandID()
@@ -168,7 +168,7 @@ func (m *Manager) Ping(content *PingContent) (*PingContent, error) {
 			Reject:   false,
 			Unchange: true,
 		}
-		retContent any
+		retContent interface{}
 		err        error
 	)
 	reqid, _ := util.RandID()
@@ -202,7 +202,7 @@ func (m *Manager) NewWorkConn(content *NewWorkConnContent) (*NewWorkConnContent,
 			Reject:   false,
 			Unchange: true,
 		}
-		retContent any
+		retContent interface{}
 		err        error
 	)
 	reqid, _ := util.RandID()
@@ -236,7 +236,7 @@ func (m *Manager) NewUserConn(content *NewUserConnContent) (*NewUserConnContent,
 			Reject:   false,
 			Unchange: true,
 		}
-		retContent any
+		retContent interface{}
 		err        error
 	)
 	reqid, _ := util.RandID()
--- a/pkg/plugin/server/plugin.go
+++ b/pkg/plugin/server/plugin.go
@@ -32,5 +32,5 @@ const (
 type Plugin interface {
 	Name() string
 	IsSupport(op string) bool
-	Handle(ctx context.Context, op string, content any) (res *Response, retContent any, err error)
+	Handle(ctx context.Context, op string, content interface{}) (res *Response, retContent interface{}, err error)
 }
--- a/pkg/plugin/server/types.go
+++ b/pkg/plugin/server/types.go
@@ -21,14 +21,14 @@ import (
 type Request struct {
 	Version string      `json:"version"`
 	Op      string      `json:"op"`
-	Content any    `json:"content"`
+	Content interface{} `json:"content"`
 }

 type Response struct {
 	Reject       bool        `json:"reject"`
 	RejectReason string      `json:"reject_reason"`
 	Unchange     bool        `json:"unchange"`
-	Content      any    `json:"content"`
+	Content      interface{} `json:"content"`
 }

 type LoginContent struct {
--- a/pkg/sdk/client/client.go
+++ b/pkg/sdk/client/client.go
@@ -1,7 +1,6 @@
 package client

 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -32,8 +31,8 @@ func (c *Client) SetAuth(user, pwd string) {
 	c.authPwd = pwd
 }

-func (c *Client) GetProxyStatus(ctx context.Context, name string) (*client.ProxyStatusResp, error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/status", nil)
+func (c *Client) GetProxyStatus(name string) (*client.ProxyStatusResp, error) {
+	req, err := http.NewRequest("GET", "http://"+c.address+"/api/status", nil)
 	if err != nil {
 		return nil, err
 	}
@@ -55,8 +54,8 @@ func (c *Client) GetProxyStatus(ctx context.Context, name string) (*client.Proxy
 	return nil, fmt.Errorf("no proxy status found")
 }

-func (c *Client) GetAllProxyStatus(ctx context.Context) (client.StatusResp, error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/status", nil)
+func (c *Client) GetAllProxyStatus() (client.StatusResp, error) {
+	req, err := http.NewRequest("GET", "http://"+c.address+"/api/status", nil)
 	if err != nil {
 		return nil, err
 	}
@@ -71,7 +70,7 @@ func (c *Client) GetAllProxyStatus(ctx context.Context) (client.StatusResp, erro
 	return allStatus, nil
 }

-func (c *Client) Reload(ctx context.Context, strictMode bool) error {
+func (c *Client) Reload(strictMode bool) error {
 	v := url.Values{}
 	if strictMode {
 		v.Set("strictConfig", "true")
@@ -80,7 +79,7 @@ func (c *Client) Reload(ctx context.Context, strictMode bool) error {
 	if len(v) > 0 {
 		queryStr = "?" + v.Encode()
 	}
-	req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/reload"+queryStr, nil)
+	req, err := http.NewRequest("GET", "http://"+c.address+"/api/reload"+queryStr, nil)
 	if err != nil {
 		return err
 	}
@@ -88,8 +87,8 @@ func (c *Client) Reload(ctx context.Context, strictMode bool) error {
 	return err
 }

-func (c *Client) Stop(ctx context.Context) error {
-	req, err := http.NewRequestWithContext(ctx, "POST", "http://"+c.address+"/api/stop", nil)
+func (c *Client) Stop() error {
+	req, err := http.NewRequest("POST", "http://"+c.address+"/api/stop", nil)
 	if err != nil {
 		return err
 	}
@@ -97,16 +96,16 @@ func (c *Client) Stop(ctx context.Context) error {
 	return err
 }

-func (c *Client) GetConfig(ctx context.Context) (string, error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/config", nil)
+func (c *Client) GetConfig() (string, error) {
+	req, err := http.NewRequest("GET", "http://"+c.address+"/api/config", nil)
 	if err != nil {
 		return "", err
 	}
 	return c.do(req)
 }

-func (c *Client) UpdateConfig(ctx context.Context, content string) error {
-	req, err := http.NewRequestWithContext(ctx, "PUT", "http://"+c.address+"/api/config", strings.NewReader(content))
+func (c *Client) UpdateConfig(content string) error {
+	req, err := http.NewRequest("PUT", "http://"+c.address+"/api/config", strings.NewReader(content))
 	if err != nil {
 		return err
 	}
--- a/pkg/ssh/gateway.go
+++ b/pkg/ssh/gateway.go
@@ -112,10 +112,6 @@ func (g *Gateway) Run() {
 	}
 }

-func (g *Gateway) Close() error {
-	return g.ln.Close()
-}
-
 func (g *Gateway) handleConn(conn net.Conn) {
 	defer conn.Close()

--- a/pkg/util/log/log.go
+++ b/pkg/util/log/log.go
@@ -67,27 +67,27 @@ func InitLogger(logPath string, levelStr string, maxDays int, disableLogColor bo
 	Logger = Logger.WithOptions(options...)
 }

-func Errorf(format string, v ...any) {
+func Errorf(format string, v ...interface{}) {
 	Logger.Errorf(format, v...)
 }

-func Warnf(format string, v ...any) {
+func Warnf(format string, v ...interface{}) {
 	Logger.Warnf(format, v...)
 }

-func Infof(format string, v ...any) {
+func Infof(format string, v ...interface{}) {
 	Logger.Infof(format, v...)
 }

-func Debugf(format string, v ...any) {
+func Debugf(format string, v ...interface{}) {
 	Logger.Debugf(format, v...)
 }

-func Tracef(format string, v ...any) {
+func Tracef(format string, v ...interface{}) {
 	Logger.Tracef(format, v...)
 }

-func Logf(level log.Level, offset int, format string, v ...any) {
+func Logf(level log.Level, offset int, format string, v ...interface{}) {
 	Logger.Logf(level, offset, format, v...)
 }

--- a/pkg/util/util/util.go
+++ b/pkg/util/util/util.go
@@ -85,21 +85,21 @@ func ParseRangeNumbers(rangeStr string) (numbers []int64, err error) {
 			numbers = append(numbers, singleNum)
 		case 2:
 			// range numbers
-			minValue, errRet := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
+			min, errRet := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
 			if errRet != nil {
 				err = fmt.Errorf("range number is invalid, %v", errRet)
 				return
 			}
-			maxValue, errRet := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
+			max, errRet := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
 			if errRet != nil {
 				err = fmt.Errorf("range number is invalid, %v", errRet)
 				return
 			}
-			if maxValue < minValue {
+			if max < min {
 				err = fmt.Errorf("range number is invalid")
 				return
 			}
-			for i := minValue; i <= maxValue; i++ {
+			for i := min; i <= max; i++ {
 				numbers = append(numbers, i)
 			}
 		default:
@@ -118,13 +118,13 @@ func GenerateResponseErrorString(summary string, err error, detailed bool) strin
 }

 func RandomSleep(duration time.Duration, minRatio, maxRatio float64) time.Duration {
-	minValue := int64(minRatio * 1000.0)
-	maxValue := int64(maxRatio * 1000.0)
+	min := int64(minRatio * 1000.0)
+	max := int64(maxRatio * 1000.0)
 	var n int64
-	if maxValue <= minValue {
-		n = minValue
+	if max <= min {
+		n = min
 	} else {
-		n = mathrand.Int64N(maxValue-minValue) + minValue
+		n = mathrand.Int64N(max-min) + min
 	}
 	d := duration * time.Duration(n) / time.Duration(1000)
 	time.Sleep(d)
--- a/pkg/util/version/version.go
+++ b/pkg/util/version/version.go
@@ -14,7 +14,7 @@

 package version

-var version = "0.61.2"
+var version = "0.58.1"

 func Full() string {
 	return version
--- a/pkg/util/vhost/http.go
+++ b/pkg/util/vhost/http.go
@@ -29,8 +29,6 @@ import (

 	libio "github.com/fatedier/golib/io"
 	"github.com/fatedier/golib/pool"
-	"golang.org/x/net/http2"
-	"golang.org/x/net/http2/h2c"

 	httppkg "github.com/fatedier/frp/pkg/util/http"
 	"github.com/fatedier/frp/pkg/util/log"
@@ -43,7 +41,7 @@ type HTTPReverseProxyOptions struct {
 }

 type HTTPReverseProxy struct {
-	proxy       http.Handler
+	proxy       *httputil.ReverseProxy
 	vhostRouter *Routers

 	responseHeaderTimeout time.Duration
@@ -140,7 +138,7 @@ func NewHTTPReverseProxy(option HTTPReverseProxyOptions, vhostRouter *Routers) *
 			_, _ = rw.Write(getNotFoundPageContent())
 		},
 	}
-	rp.proxy = h2c.NewHandler(proxy, &http2.Server{})
+	rp.proxy = proxy
 	return rp
 }

--- a/pkg/util/vhost/router.go
+++ b/pkg/util/vhost/router.go
@@ -24,7 +24,7 @@ type Router struct {
 	httpUser string

 	// store any object here
-	payload any
+	payload interface{}
 }

 func NewRouters() *Routers {
@@ -33,7 +33,7 @@ func NewRouters() *Routers {
 	}
 }

-func (r *Routers) Add(domain, location, httpUser string, payload any) error {
+func (r *Routers) Add(domain, location, httpUser string, payload interface{}) error {
 	domain = strings.ToLower(domain)

 	r.mutex.Lock()
--- a/pkg/util/vhost/vhost.go
+++ b/pkg/util/vhost/vhost.go
@@ -100,10 +100,6 @@ func (v *Muxer) SetRewriteHostFunc(f hostRewriteFunc) *Muxer {
 	return v
 }

-func (v *Muxer) Close() error {
-	return v.listener.Close()
-}
-
 type ChooseEndpointFunc func() (string, error)

 type CreateConnFunc func(remoteAddr string) (net.Conn, error)
--- a/pkg/util/xlog/xlog.go
+++ b/pkg/util/xlog/xlog.go
@@ -94,22 +94,22 @@ func (l *Logger) Spawn() *Logger {
 	return nl
 }

-func (l *Logger) Errorf(format string, v ...any) {
+func (l *Logger) Errorf(format string, v ...interface{}) {
 	log.Logger.Errorf(l.prefixString+format, v...)
 }

-func (l *Logger) Warnf(format string, v ...any) {
+func (l *Logger) Warnf(format string, v ...interface{}) {
 	log.Logger.Warnf(l.prefixString+format, v...)
 }

-func (l *Logger) Infof(format string, v ...any) {
+func (l *Logger) Infof(format string, v ...interface{}) {
 	log.Logger.Infof(l.prefixString+format, v...)
 }

-func (l *Logger) Debugf(format string, v ...any) {
+func (l *Logger) Debugf(format string, v ...interface{}) {
 	log.Logger.Debugf(l.prefixString+format, v...)
 }

-func (l *Logger) Tracef(format string, v ...any) {
+func (l *Logger) Tracef(format string, v ...interface{}) {
 	log.Logger.Tracef(l.prefixString+format, v...)
 }
--- a/server/controller/resource.go
+++ b/server/controller/resource.go
@@ -59,13 +59,3 @@ type ResourceController struct {
 	// All server manager plugin
 	PluginManager *plugin.Manager
 }
-
-func (rc *ResourceController) Close() error {
-	if rc.VhostHTTPSMuxer != nil {
-		rc.VhostHTTPSMuxer.Close()
-	}
-	if rc.TCPMuxHTTPConnectMuxer != nil {
-		rc.TCPMuxHTTPConnectMuxer.Close()
-	}
-	return nil
-}
--- a/server/dashboard_api.go
+++ b/server/dashboard_api.go
@@ -197,7 +197,7 @@ func getConfByType(proxyType string) any {
 // Get proxy info.
 type ProxyStatsInfo struct {
 	Name            string      `json:"name"`
-	Conf            any    `json:"conf"`
+	Conf            interface{} `json:"conf"`
 	ClientVersion   string      `json:"clientVersion,omitempty"`
 	TodayTrafficIn  int64       `json:"todayTrafficIn"`
 	TodayTrafficOut int64       `json:"todayTrafficOut"`
@@ -273,7 +273,7 @@ func (svr *Service) getProxyStatsByType(proxyType string) (proxyInfos []*ProxySt
 // Get proxy info by name.
 type GetProxyStatsResp struct {
 	Name            string      `json:"name"`
-	Conf            any    `json:"conf"`
+	Conf            interface{} `json:"conf"`
 	TodayTrafficIn  int64       `json:"todayTrafficIn"`
 	TodayTrafficOut int64       `json:"todayTrafficOut"`
 	CurConns        int64       `json:"curConns"`
--- a/server/proxy/proxy.go
+++ b/server/proxy/proxy.go
@@ -137,17 +137,17 @@ func (pxy *BaseProxy) GetWorkConnFromPool(src, dst net.Addr) (workConn net.Conn,
 			dstAddr    string
 			srcPortStr string
 			dstPortStr string
-			srcPort    uint64
-			dstPort    uint64
+			srcPort    int
+			dstPort    int
 		)

 		if src != nil {
 			srcAddr, srcPortStr, _ = net.SplitHostPort(src.String())
-			srcPort, _ = strconv.ParseUint(srcPortStr, 10, 16)
+			srcPort, _ = strconv.Atoi(srcPortStr)
 		}
 		if dst != nil {
 			dstAddr, dstPortStr, _ = net.SplitHostPort(dst.String())
-			dstPort, _ = strconv.ParseUint(dstPortStr, 10, 16)
+			dstPort, _ = strconv.Atoi(dstPortStr)
 		}
 		err := msg.WriteMsg(workConn, &msg.StartWorkConn{
 			ProxyName: pxy.GetName(),
@@ -190,8 +190,8 @@ func (pxy *BaseProxy) startCommonTCPListenersHandler() {
 						} else {
 							tempDelay *= 2
 						}
-						if maxTime := 1 * time.Second; tempDelay > maxTime {
-							tempDelay = maxTime
+						if max := 1 * time.Second; tempDelay > max {
+							tempDelay = max
 						}
 						xl.Infof("met temporary error: %s, sleep for %s ...", err, tempDelay)
 						time.Sleep(tempDelay)
--- a/server/proxy/xtcp.go
+++ b/server/proxy/xtcp.go
@@ -17,7 +17,8 @@ package proxy
 import (
 	"fmt"
 	"reflect"
-	"sync"
+
+	"github.com/fatedier/golib/errors"

 	v1 "github.com/fatedier/frp/pkg/config/v1"
 	"github.com/fatedier/frp/pkg/msg"
@@ -32,7 +33,6 @@ type XTCPProxy struct {
 	cfg *v1.XTCPProxyConfig

 	closeCh chan struct{}
-	closeOnce sync.Once
 }

 func NewXTCPProxy(baseProxy *BaseProxy) Proxy {
@@ -43,7 +43,6 @@ func NewXTCPProxy(baseProxy *BaseProxy) Proxy {
 	return &XTCPProxy{
 		BaseProxy: baseProxy,
 		cfg:       unwrapped,
-		closeCh:   make(chan struct{}),
 	}
 }

@@ -88,9 +87,9 @@ func (pxy *XTCPProxy) Run() (remoteAddr string, err error) {
 }

 func (pxy *XTCPProxy) Close() {
-	pxy.closeOnce.Do(func() {
 	pxy.BaseProxy.Close()
 	pxy.rc.NatHoleController.CloseClient(pxy.GetName())
+	_ = errors.PanicToError(func() {
 		close(pxy.closeCh)
 	})
 }
--- a/server/service.go
+++ b/server/service.go
@@ -386,30 +386,24 @@ func (svr *Service) Run(ctx context.Context) {
 func (svr *Service) Close() error {
 	if svr.kcpListener != nil {
 		svr.kcpListener.Close()
+		svr.kcpListener = nil
 	}
 	if svr.quicListener != nil {
 		svr.quicListener.Close()
+		svr.quicListener = nil
 	}
 	if svr.websocketListener != nil {
 		svr.websocketListener.Close()
+		svr.websocketListener = nil
 	}
 	if svr.tlsListener != nil {
 		svr.tlsListener.Close()
-	}
-	if svr.sshTunnelListener != nil {
-		svr.sshTunnelListener.Close()
+		svr.tlsConfig = nil
 	}
 	if svr.listener != nil {
 		svr.listener.Close()
+		svr.listener = nil
 	}
-	if svr.webServer != nil {
-		svr.webServer.Close()
-	}
-	if svr.sshTunnelGateway != nil {
-		svr.sshTunnelGateway.Close()
-	}
-	svr.rc.Close()
-	svr.muxer.Close()
 	svr.ctlManager.Close()
 	if svr.cancel != nil {
 		svr.cancel()
--- a/test/e2e/framework/expect.go
+++ b/test/e2e/framework/expect.go
@@ -5,75 +5,75 @@ import (
 )

 // ExpectEqual expects the specified two are the same, otherwise an exception raises
-func ExpectEqual(actual any, extra any, explain ...any) {
+func ExpectEqual(actual interface{}, extra interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, actual).To(gomega.Equal(extra), explain...)
 }

 // ExpectEqualValues expects the specified two are the same, it not strict about type
-func ExpectEqualValues(actual any, extra any, explain ...any) {
+func ExpectEqualValues(actual interface{}, extra interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, actual).To(gomega.BeEquivalentTo(extra), explain...)
 }

-func ExpectEqualValuesWithOffset(offset int, actual any, extra any, explain ...any) {
+func ExpectEqualValuesWithOffset(offset int, actual interface{}, extra interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1+offset, actual).To(gomega.BeEquivalentTo(extra), explain...)
 }

 // ExpectNotEqual expects the specified two are not the same, otherwise an exception raises
-func ExpectNotEqual(actual any, extra any, explain ...any) {
+func ExpectNotEqual(actual interface{}, extra interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, actual).NotTo(gomega.Equal(extra), explain...)
 }

 // ExpectError expects an error happens, otherwise an exception raises
-func ExpectError(err error, explain ...any) {
+func ExpectError(err error, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, err).To(gomega.HaveOccurred(), explain...)
 }

-func ExpectErrorWithOffset(offset int, err error, explain ...any) {
+func ExpectErrorWithOffset(offset int, err error, explain ...interface{}) {
 	gomega.ExpectWithOffset(1+offset, err).To(gomega.HaveOccurred(), explain...)
 }

 // ExpectNoError checks if "err" is set, and if so, fails assertion while logging the error.
-func ExpectNoError(err error, explain ...any) {
+func ExpectNoError(err error, explain ...interface{}) {
 	ExpectNoErrorWithOffset(1, err, explain...)
 }

 // ExpectNoErrorWithOffset checks if "err" is set, and if so, fails assertion while logging the error at "offset" levels above its caller
 // (for example, for call chain f -> g -> ExpectNoErrorWithOffset(1, ...) error would be logged for "f").
-func ExpectNoErrorWithOffset(offset int, err error, explain ...any) {
+func ExpectNoErrorWithOffset(offset int, err error, explain ...interface{}) {
 	gomega.ExpectWithOffset(1+offset, err).NotTo(gomega.HaveOccurred(), explain...)
 }

-func ExpectContainSubstring(actual, substr string, explain ...any) {
+func ExpectContainSubstring(actual, substr string, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, actual).To(gomega.ContainSubstring(substr), explain...)
 }

 // ExpectConsistOf expects actual contains precisely the extra elements.  The ordering of the elements does not matter.
-func ExpectConsistOf(actual any, extra any, explain ...any) {
+func ExpectConsistOf(actual interface{}, extra interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, actual).To(gomega.ConsistOf(extra), explain...)
 }

-func ExpectContainElements(actual any, extra any, explain ...any) {
+func ExpectContainElements(actual interface{}, extra interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, actual).To(gomega.ContainElements(extra), explain...)
 }

-func ExpectNotContainElements(actual any, extra any, explain ...any) {
+func ExpectNotContainElements(actual interface{}, extra interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, actual).NotTo(gomega.ContainElements(extra), explain...)
 }

 // ExpectHaveKey expects the actual map has the key in the keyset
-func ExpectHaveKey(actual any, key any, explain ...any) {
+func ExpectHaveKey(actual interface{}, key interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, actual).To(gomega.HaveKey(key), explain...)
 }

 // ExpectEmpty expects actual is empty
-func ExpectEmpty(actual any, explain ...any) {
+func ExpectEmpty(actual interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, actual).To(gomega.BeEmpty(), explain...)
 }

-func ExpectTrue(actual any, explain ...any) {
+func ExpectTrue(actual interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1, actual).Should(gomega.BeTrue(), explain...)
 }

-func ExpectTrueWithOffset(offset int, actual any, explain ...any) {
+func ExpectTrueWithOffset(offset int, actual interface{}, explain ...interface{}) {
 	gomega.ExpectWithOffset(1+offset, actual).Should(gomega.BeTrue(), explain...)
 }
--- a/test/e2e/framework/log.go
+++ b/test/e2e/framework/log.go
@@ -11,18 +11,18 @@ func nowStamp() string {
 	return time.Now().Format(time.StampMilli)
 }

-func log(level string, format string, args ...any) {
+func log(level string, format string, args ...interface{}) {
 	fmt.Fprintf(ginkgo.GinkgoWriter, nowStamp()+": "+level+": "+format+"\n", args...)
 }

 // Logf logs the info.
-func Logf(format string, args ...any) {
+func Logf(format string, args ...interface{}) {
 	log("INFO", format, args...)
 }

 // Failf logs the fail info, including a stack trace starts with its direct caller
 // (for example, for call chain f -> g -> Failf("foo", ...) error would be logged for "g").
-func Failf(format string, args ...any) {
+func Failf(format string, args ...interface{}) {
 	msg := fmt.Sprintf(format, args...)
 	skip := 1
 	ginkgo.Fail(msg, skip)
--- a/test/e2e/framework/mockservers.go
+++ b/test/e2e/framework/mockservers.go
@@ -67,8 +67,8 @@ func (m *MockServers) Close() {
 	os.Remove(m.udsEchoServer.BindAddr())
 }

-func (m *MockServers) GetTemplateParams() map[string]any {
-	ret := make(map[string]any)
+func (m *MockServers) GetTemplateParams() map[string]interface{} {
+	ret := make(map[string]interface{})
 	ret[TCPEchoServerPort] = m.tcpEchoServer.BindPort()
 	ret[UDPEchoServerPort] = m.udpEchoServer.BindPort()
 	ret[UDSEchoServerAddr] = m.udsEchoServer.BindAddr()
@@ -76,7 +76,7 @@ func (m *MockServers) GetTemplateParams() map[string]any {
 	return ret
 }

-func (m *MockServers) GetParam(key string) any {
+func (m *MockServers) GetParam(key string) interface{} {
 	params := m.GetTemplateParams()
 	if v, ok := params[key]; ok {
 		return v
--- a/test/e2e/framework/request.go
+++ b/test/e2e/framework/request.go
@@ -42,7 +42,7 @@ type RequestExpect struct {
 	f           *Framework
 	expectResp  []byte
 	expectError bool
-	explain     []any
+	explain     []interface{}
 }

 func NewRequestExpect(f *Framework) *RequestExpect {
@@ -51,7 +51,7 @@ func NewRequestExpect(f *Framework) *RequestExpect {
 		f:           f,
 		expectResp:  []byte(consts.TestString),
 		expectError: false,
-		explain:     make([]any, 0),
+		explain:     make([]interface{}, 0),
 	}
 }

@@ -94,7 +94,7 @@ func (e *RequestExpect) ExpectError(expectErr bool) *RequestExpect {
 	return e
 }

-func (e *RequestExpect) Explain(explain ...any) *RequestExpect {
+func (e *RequestExpect) Explain(explain ...interface{}) *RequestExpect {
 	e.explain = explain
 	return e
 }
--- a/test/e2e/legacy/basic/client.go
+++ b/test/e2e/legacy/basic/client.go
@@ -1,7 +1,6 @@
 package basic

 import (
-	"context"
 	"fmt"
 	"strconv"
 	"strings"
@@ -55,7 +54,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 		framework.NewRequestExpect(f).Port(p3Port).Ensure()

 		client := f.APIClientForFrpc(adminPort)
-		conf, err := client.GetConfig(context.Background())
+		conf, err := client.GetConfig()
 		framework.ExpectNoError(err)

 		newP2Port := f.AllocPort()
@@ -66,10 +65,10 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 			newClientConf = newClientConf[:p3Index]
 		}

-		err = client.UpdateConfig(context.Background(), newClientConf)
+		err = client.UpdateConfig(newClientConf)
 		framework.ExpectNoError(err)

-		err = client.Reload(context.Background(), true)
+		err = client.Reload(true)
 		framework.ExpectNoError(err)
 		time.Sleep(time.Second)

@@ -121,7 +120,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 		framework.NewRequestExpect(f).Port(testPort).Ensure()

 		client := f.APIClientForFrpc(adminPort)
-		err := client.Stop(context.Background())
+		err := client.Stop()
 		framework.ExpectNoError(err)

 		time.Sleep(3 * time.Second)
--- a/test/e2e/legacy/basic/server.go
+++ b/test/e2e/legacy/basic/server.go
@@ -1,7 +1,6 @@
 package basic

 import (
-	"context"
 	"fmt"
 	"net"
 	"strconv"
@@ -102,7 +101,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
 		client := f.APIClientForFrpc(adminPort)

 		// tcp random port
-		status, err := client.GetProxyStatus(context.Background(), "tcp")
+		status, err := client.GetProxyStatus("tcp")
 		framework.ExpectNoError(err)

 		_, portStr, err := net.SplitHostPort(status.RemoteAddr)
@@ -113,7 +112,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
 		framework.NewRequestExpect(f).Port(port).Ensure()

 		// udp random port
-		status, err = client.GetProxyStatus(context.Background(), "udp")
+		status, err = client.GetProxyStatus("udp")
 		framework.ExpectNoError(err)

 		_, portStr, err = net.SplitHostPort(status.RemoteAddr)
--- a/test/e2e/v1/basic/client.go
+++ b/test/e2e/v1/basic/client.go
@@ -1,7 +1,6 @@
 package basic

 import (
-	"context"
 	"fmt"
 	"strconv"
 	"strings"
@@ -58,7 +57,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 		framework.NewRequestExpect(f).Port(p3Port).Ensure()

 		client := f.APIClientForFrpc(adminPort)
-		conf, err := client.GetConfig(context.Background())
+		conf, err := client.GetConfig()
 		framework.ExpectNoError(err)

 		newP2Port := f.AllocPort()
@@ -69,10 +68,10 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 			newClientConf = newClientConf[:p3Index]
 		}

-		err = client.UpdateConfig(context.Background(), newClientConf)
+		err = client.UpdateConfig(newClientConf)
 		framework.ExpectNoError(err)

-		err = client.Reload(context.Background(), true)
+		err = client.Reload(true)
 		framework.ExpectNoError(err)
 		time.Sleep(time.Second)

@@ -125,7 +124,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 		framework.NewRequestExpect(f).Port(testPort).Ensure()

 		client := f.APIClientForFrpc(adminPort)
-		err := client.Stop(context.Background())
+		err := client.Stop()
 		framework.ExpectNoError(err)

 		time.Sleep(3 * time.Second)
--- a/test/e2e/v1/basic/config.go
+++ b/test/e2e/v1/basic/config.go
@@ -1,7 +1,6 @@
 package basic

 import (
-	"context"
 	"fmt"

 	"github.com/onsi/ginkgo/v2"
@@ -73,7 +72,7 @@ var _ = ginkgo.Describe("[Feature: Config]", func() {

 			client := f.APIClientForFrpc(adminPort)
 			checkProxyFn := func(name string, localPort, remotePort int) {
-				status, err := client.GetProxyStatus(context.Background(), name)
+				status, err := client.GetProxyStatus(name)
 				framework.ExpectNoError(err)

 				framework.ExpectContainSubstring(status.LocalAddr, fmt.Sprintf(":%d", localPort))
--- a/test/e2e/v1/basic/server.go
+++ b/test/e2e/v1/basic/server.go
@@ -1,7 +1,6 @@
 package basic

 import (
-	"context"
 	"fmt"
 	"net"
 	"strconv"
@@ -113,7 +112,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
 		client := f.APIClientForFrpc(adminPort)

 		// tcp random port
-		status, err := client.GetProxyStatus(context.Background(), "tcp")
+		status, err := client.GetProxyStatus("tcp")
 		framework.ExpectNoError(err)

 		_, portStr, err := net.SplitHostPort(status.RemoteAddr)
@@ -124,7 +123,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
 		framework.NewRequestExpect(f).Port(port).Ensure()

 		// udp random port
-		status, err = client.GetProxyStatus(context.Background(), "udp")
+		status, err = client.GetProxyStatus("udp")
 		framework.ExpectNoError(err)

 		_, portStr, err = net.SplitHostPort(status.RemoteAddr)
--- a/test/e2e/v1/plugin/client.go
+++ b/test/e2e/v1/plugin/client.go
@@ -3,7 +3,6 @@ package plugin
 import (
 	"crypto/tls"
 	"fmt"
-	"net/http"
 	"strconv"

 	"github.com/onsi/ginkgo/v2"
@@ -330,122 +329,4 @@ var _ = ginkgo.Describe("[Feature: Client-Plugins]", func() {
 			ExpectResp([]byte("test")).
 			Ensure()
 	})
-
-	ginkgo.Describe("http2http", func() {
-		ginkgo.It("host header rewrite", func() {
-			serverConf := consts.DefaultServerConfig
-
-			localPort := f.AllocPort()
-			remotePort := f.AllocPort()
-			clientConf := consts.DefaultClientConfig + fmt.Sprintf(`
-			[[proxies]]
-			name = "http2http"
-			type = "tcp"
-			remotePort = %d
-			[proxies.plugin]
-			type = "http2http"
-			localAddr = "127.0.0.1:%d"
-			hostHeaderRewrite = "rewrite.test.com"
-			`, remotePort, localPort)
-
-			f.RunProcesses([]string{serverConf}, []string{clientConf})
-
-			localServer := httpserver.New(
-				httpserver.WithBindPort(localPort),
-				httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-					_, _ = w.Write([]byte(req.Host))
-				})),
-			)
-			f.RunServer("", localServer)
-
-			framework.NewRequestExpect(f).
-				Port(remotePort).
-				RequestModify(func(r *request.Request) {
-					r.HTTP().HTTPHost("example.com")
-				}).
-				ExpectResp([]byte("rewrite.test.com")).
-				Ensure()
-		})
-
-		ginkgo.It("set request header", func() {
-			serverConf := consts.DefaultServerConfig
-
-			localPort := f.AllocPort()
-			remotePort := f.AllocPort()
-			clientConf := consts.DefaultClientConfig + fmt.Sprintf(`
-			[[proxies]]
-			name = "http2http"
-			type = "tcp"
-			remotePort = %d
-			[proxies.plugin]
-			type = "http2http"
-			localAddr = "127.0.0.1:%d"
-			requestHeaders.set.x-from-where = "frp"
-			`, remotePort, localPort)
-
-			f.RunProcesses([]string{serverConf}, []string{clientConf})
-
-			localServer := httpserver.New(
-				httpserver.WithBindPort(localPort),
-				httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-					_, _ = w.Write([]byte(req.Header.Get("x-from-where")))
-				})),
-			)
-			f.RunServer("", localServer)
-
-			framework.NewRequestExpect(f).
-				Port(remotePort).
-				RequestModify(func(r *request.Request) {
-					r.HTTP().HTTPHost("example.com")
-				}).
-				ExpectResp([]byte("frp")).
-				Ensure()
-		})
-	})
-
-	ginkgo.It("tls2raw", func() {
-		generator := &cert.SelfSignedCertGenerator{}
-		artifacts, err := generator.Generate("example.com")
-		framework.ExpectNoError(err)
-		crtPath := f.WriteTempFile("tls2raw_server.crt", string(artifacts.Cert))
-		keyPath := f.WriteTempFile("tls2raw_server.key", string(artifacts.Key))
-
-		serverConf := consts.DefaultServerConfig
-		vhostHTTPSPort := f.AllocPort()
-		serverConf += fmt.Sprintf(`
-		vhostHTTPSPort = %d
-		`, vhostHTTPSPort)
-
-		localPort := f.AllocPort()
-		clientConf := consts.DefaultClientConfig + fmt.Sprintf(`
-		[[proxies]]
-		name = "tls2raw-test"
-		type = "https"
-		customDomains = ["example.com"]
-		[proxies.plugin]
-		type = "tls2raw"
-		localAddr = "127.0.0.1:%d"
-		crtPath = "%s"
-		keyPath = "%s"
-		`, localPort, crtPath, keyPath)
-
-		f.RunProcesses([]string{serverConf}, []string{clientConf})
-
-		localServer := httpserver.New(
-			httpserver.WithBindPort(localPort),
-			httpserver.WithResponse([]byte("test")),
-		)
-		f.RunServer("", localServer)
-
-		framework.NewRequestExpect(f).
-			Port(vhostHTTPSPort).
-			RequestModify(func(r *request.Request) {
-				r.HTTPS().HTTPHost("example.com").TLSConfig(&tls.Config{
-					ServerName:         "example.com",
-					InsecureSkipVerify: true,
-				})
-			}).
-			ExpectResp([]byte("test")).
-			Ensure()
-	})
 })
--- a/web/frpc/src/components/ClientConfigure.vue
+++ b/web/frpc/src/components/ClientConfigure.vue
@@ -8,7 +8,7 @@
      type="textarea"
      autosize
      v-model="textarea"
-      placeholder="frpc configure file, can not be empty..."
+      placeholder="frpc configrue file, can not be empty..."
    ></el-input>
  </div>
 </template>