diff --git a/Makefile b/Makefile
index f0a0618d..1a87f518 100644
--- a/Makefile
+++ b/Makefile
@@ -47,9 +47,9 @@ WINDOWS_ARCH_LIST = \
 	windows-arm64 \
     windows-arm32v7
 
-all:linux-amd64 linux-arm64\
-	darwin-amd64 darwin-arm64\
- 	windows-amd64 windows-arm64\
+all:linux-amd64v3 linux-arm64\
+	darwin-amd64v3 darwin-arm64\
+ 	windows-amd64v3 windows-arm64\
 
 docker:
 	GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@
diff --git a/component/process/process_android.go b/component/process/process_android.go
deleted file mode 100644
index 6013ecd3..00000000
--- a/component/process/process_android.go
+++ /dev/null
@@ -1,228 +0,0 @@
-package process
-
-import (
-	"bytes"
-	"encoding/binary"
-	"fmt"
-	"net"
-	"net/netip"
-	"os"
-	"path"
-	"path/filepath"
-	"strings"
-	"syscall"
-	"unicode"
-	"unsafe"
-
-	"github.com/Dreamacro/clash/common/pool"
-)
-
-// from https://github.com/vishvananda/netlink/blob/bca67dfc8220b44ef582c9da4e9172bf1c9ec973/nl/nl_linux.go#L52-L62
-var nativeEndian = func() binary.ByteOrder {
-	var x uint32 = 0x01020304
-	if *(*byte)(unsafe.Pointer(&x)) == 0x01 {
-		return binary.BigEndian
-	}
-
-	return binary.LittleEndian
-}()
-
-const (
-	sizeOfSocketDiagRequest = syscall.SizeofNlMsghdr + 8 + 48
-	socketDiagByFamily      = 20
-	pathProc                = "/proc"
-)
-
-func findProcessName(network string, ip netip.Addr, srcPort int) (int32, string, error) {
-	inode, uid, err := resolveSocketByNetlink(network, ip, srcPort)
-	if err != nil {
-		return -1, "", err
-	}
-
-	pp, err := resolveProcessNameByProcSearch(inode, uid)
-	return uid, pp, err
-}
-
-func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) {
-	var family byte
-	var protocol byte
-
-	switch network {
-	case TCP:
-		protocol = syscall.IPPROTO_TCP
-	case UDP:
-		protocol = syscall.IPPROTO_UDP
-	default:
-		return 0, 0, ErrInvalidNetwork
-	}
-
-	if ip.Is4() {
-		family = syscall.AF_INET
-	} else {
-		family = syscall.AF_INET6
-	}
-
-	req := packSocketDiagRequest(family, protocol, ip, uint16(srcPort))
-
-	socket, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_DGRAM, syscall.NETLINK_INET_DIAG)
-	if err != nil {
-		return 0, 0, fmt.Errorf("dial netlink: %w", err)
-	}
-	defer syscall.Close(socket)
-
-	_ = syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100})
-	_ = syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100})
-
-	if err := syscall.Connect(socket, &syscall.SockaddrNetlink{
-		Family: syscall.AF_NETLINK,
-		Pad:    0,
-		Pid:    0,
-		Groups: 0,
-	}); err != nil {
-		return 0, 0, err
-	}
-
-	if _, err := syscall.Write(socket, req); err != nil {
-		return 0, 0, fmt.Errorf("write request: %w", err)
-	}
-
-	rb := pool.Get(pool.RelayBufferSize)
-	defer pool.Put(rb)
-
-	n, err := syscall.Read(socket, rb)
-	if err != nil {
-		return 0, 0, fmt.Errorf("read response: %w", err)
-	}
-
-	messages, err := syscall.ParseNetlinkMessage(rb[:n])
-	if err != nil {
-		return 0, 0, fmt.Errorf("parse netlink message: %w", err)
-	} else if len(messages) == 0 {
-		return 0, 0, fmt.Errorf("unexcepted netlink response")
-	}
-
-	message := messages[0]
-	if message.Header.Type&syscall.NLMSG_ERROR != 0 {
-		return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR")
-	}
-
-	uid, inode := unpackSocketDiagResponse(&messages[0])
-	if uid < 0 || inode < 0 {
-		return 0, 0, fmt.Errorf("invalid uid(%d) or inode(%d)", uid, inode)
-	}
-
-	return uid, inode, nil
-}
-
-func packSocketDiagRequest(family, protocol byte, source netip.Addr, sourcePort uint16) []byte {
-	s := make([]byte, 16)
-
-	copy(s, source.AsSlice())
-
-	buf := make([]byte, sizeOfSocketDiagRequest)
-
-	nativeEndian.PutUint32(buf[0:4], sizeOfSocketDiagRequest)
-	nativeEndian.PutUint16(buf[4:6], socketDiagByFamily)
-	nativeEndian.PutUint16(buf[6:8], syscall.NLM_F_REQUEST|syscall.NLM_F_DUMP)
-	nativeEndian.PutUint32(buf[8:12], 0)
-	nativeEndian.PutUint32(buf[12:16], 0)
-
-	buf[16] = family
-	buf[17] = protocol
-	buf[18] = 0
-	buf[19] = 0
-	nativeEndian.PutUint32(buf[20:24], 0xFFFFFFFF)
-
-	binary.BigEndian.PutUint16(buf[24:26], sourcePort)
-	binary.BigEndian.PutUint16(buf[26:28], 0)
-
-	copy(buf[28:44], s)
-	copy(buf[44:60], net.IPv6zero)
-
-	nativeEndian.PutUint32(buf[60:64], 0)
-	nativeEndian.PutUint64(buf[64:72], 0xFFFFFFFFFFFFFFFF)
-
-	return buf
-}
-
-func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid int32) {
-	if len(msg.Data) < 72 {
-		return 0, 0
-	}
-
-	data := msg.Data
-
-	uid = int32(nativeEndian.Uint32(data[64:68]))
-	inode = int32(nativeEndian.Uint32(data[68:72]))
-
-	return
-}
-
-func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
-	files, err := os.ReadDir(pathProc)
-	if err != nil {
-		return "", err
-	}
-
-	buffer := make([]byte, syscall.PathMax)
-	socket := []byte(fmt.Sprintf("socket:[%d]", inode))
-
-	for _, f := range files {
-		if !f.IsDir() || !isPid(f.Name()) {
-			continue
-		}
-
-		info, err := f.Info()
-		if err != nil {
-			return "", err
-		}
-		if info.Sys().(*syscall.Stat_t).Uid != uint32(uid) {
-			continue
-		}
-
-		processPath := path.Join(pathProc, f.Name())
-		fdPath := path.Join(processPath, "fd")
-
-		fds, err := os.ReadDir(fdPath)
-		if err != nil {
-			continue
-		}
-
-		for _, fd := range fds {
-			n, err := syscall.Readlink(path.Join(fdPath, fd.Name()), buffer)
-			if err != nil {
-				continue
-			}
-
-			if bytes.Equal(buffer[:n], socket) {
-				cmdline, err := os.ReadFile(path.Join(processPath, "cmdline"))
-				if err != nil {
-					return "", err
-				}
-
-				return splitCmdline(cmdline), nil
-			}
-		}
-	}
-
-	return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
-}
-
-func splitCmdline(cmdline []byte) string {
-	cmdline = bytes.Trim(cmdline, " ")
-
-	idx := bytes.IndexFunc(cmdline, func(r rune) bool {
-		return unicode.IsControl(r) || unicode.IsSpace(r)
-	})
-
-	if idx == -1 {
-		return filepath.Base(string(cmdline))
-	}
-	return filepath.Base(string(cmdline[:idx]))
-}
-
-func isPid(s string) bool {
-	return strings.IndexFunc(s, func(r rune) bool {
-		return !unicode.IsDigit(r)
-	}) == -1
-}
diff --git a/component/process/process_linux.go b/component/process/process_linux.go
index 4f937ba0..c2809da1 100644
--- a/component/process/process_linux.go
+++ b/component/process/process_linux.go
@@ -1,5 +1,3 @@
-//go:build !android
-
 package process
 
 import (
@@ -10,6 +8,8 @@ import (
 	"net/netip"
 	"os"
 	"path"
+	"path/filepath"
+	"runtime"
 	"strings"
 	"syscall"
 	"unicode"
@@ -198,8 +198,19 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
 				continue
 			}
 
-			if bytes.Equal(buffer[:n], socket) {
-				return os.Readlink(path.Join(processPath, "exe"))
+			if runtime.GOOS == "android" {
+				if bytes.Equal(buffer[:n], socket) {
+					cmdline, err := os.ReadFile(path.Join(processPath, "cmdline"))
+					if err != nil {
+						return "", err
+					}
+
+					return splitCmdline(cmdline), nil
+				}
+			} else {
+				if bytes.Equal(buffer[:n], socket) {
+					return os.Readlink(path.Join(processPath, "exe"))
+				}
 			}
 		}
 	}
@@ -207,6 +218,19 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
 	return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
 }
 
+func splitCmdline(cmdline []byte) string {
+	cmdline = bytes.Trim(cmdline, " ")
+
+	idx := bytes.IndexFunc(cmdline, func(r rune) bool {
+		return unicode.IsControl(r) || unicode.IsSpace(r)
+	})
+
+	if idx == -1 {
+		return filepath.Base(string(cmdline))
+	}
+	return filepath.Base(string(cmdline[:idx]))
+}
+
 func isPid(s string) bool {
 	return strings.IndexFunc(s, func(r rune) bool {
 		return !unicode.IsDigit(r)
diff --git a/config/config.go b/config/config.go
index a4f0e942..d170617e 100644
--- a/config/config.go
+++ b/config/config.go
@@ -115,7 +115,7 @@ type Tun struct {
 	DNSHijack           []netip.AddrPort `yaml:"dns-hijack" json:"dns-hijack"`
 	AutoRoute           bool             `yaml:"auto-route" json:"auto-route"`
 	AutoDetectInterface bool             `yaml:"auto-detect-interface" json:"auto-detect-interface"`
-	TunAddressPrefix    *netip.Prefix    `yaml:"-" json:"-"`
+	TunAddressPrefix    netip.Prefix     `yaml:"-" json:"-"`
 }
 
 // IPTables config
@@ -910,9 +910,11 @@ func parseTun(rawTun RawTun, general *General, dnsCfg *DNS) (*Tun, error) {
 		dnsHijack = append(dnsHijack, addrPort)
 	}
 
-	var tunAddressPrefix *netip.Prefix
+	var tunAddressPrefix netip.Prefix
 	if dnsCfg.FakeIPRange != nil {
-		tunAddressPrefix = dnsCfg.FakeIPRange.IPNet()
+		tunAddressPrefix = *dnsCfg.FakeIPRange.IPNet()
+	} else {
+		tunAddressPrefix = netip.MustParsePrefix("198.18.0.1/16")
 	}
 
 	return &Tun{
diff --git a/go.mod b/go.mod
index e629e777..e4a64444 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/oschwald/geoip2-golang v1.7.0
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.7.1
-	github.com/vishvananda/netlink v1.0.1-0.20190930145447-2ec5bdc52b86
+	github.com/vishvananda/netlink v1.2.0-beta.0.20220404152918-5e915e014938
 	github.com/xtls/go v0.0.0-20210920065950-d4af136d3672
 	go.etcd.io/bbolt v1.3.6
 	go.uber.org/atomic v1.9.0
@@ -60,3 +60,5 @@ require (
 )
 
 replace golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 => github.com/MetaCubeX/wintun-go v0.0.0-20220319102620-bbc5e6b2015e
+
+replace github.com/vishvananda/netlink v1.2.0-beta.0.20220404152918-5e915e014938 => github.com/MetaCubeX/netlink v1.2.0-beta.0.20220529072258-d6853f887820
diff --git a/go.sum b/go.sum
index bb38823c..5079b59e 100644
--- a/go.sum
+++ b/go.sum
@@ -10,6 +10,8 @@ git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGy
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Dreamacro/go-shadowsocks2 v0.1.8 h1:Ixejp5JscEc866gAvm/l6TFd7BOBvDviKgwb1quWw3g=
 github.com/Dreamacro/go-shadowsocks2 v0.1.8/go.mod h1:51y4Q6tJoCE7e8TmYXcQRqfoxPfE9Cvn79V6pB6Df7Y=
+github.com/MetaCubeX/netlink v1.2.0-beta.0.20220529072258-d6853f887820 h1:fGKWZ25VApYnuPZoNeqdH/nZtHa2XMajwH6Yj/OgoVc=
+github.com/MetaCubeX/netlink v1.2.0-beta.0.20220529072258-d6853f887820/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/MetaCubeX/wintun-go v0.0.0-20220319102620-bbc5e6b2015e h1:GRfT5Lf8HP7RNczKIwTYLoCh1PPuIs/sY9hj+W+3deg=
 github.com/MetaCubeX/wintun-go v0.0.0-20220319102620-bbc5e6b2015e/go.mod h1:ARUuShAtcziEJ/vnZ2hgoP+zc0J7Ukcca2S/NPDoQCc=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
@@ -202,8 +204,7 @@ github.com/u-root/uio v0.0.0-20220204230159-dac05f7d2cb4 h1:hl6sK6aFgTLISijk6xIz
 github.com/u-root/uio v0.0.0-20220204230159-dac05f7d2cb4/go.mod h1:LpEX5FO/cB+WF4TYGY1V5qktpaZLkKkSegbr0V4eYXA=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
 github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
-github.com/vishvananda/netlink v1.0.1-0.20190930145447-2ec5bdc52b86 h1:7SWt9pGCMaw+N1ZhRsaLKaYNviFhxambdoaoYlDqz1w=
-github.com/vishvananda/netlink v1.0.1-0.20190930145447-2ec5bdc52b86/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/xtls/go v0.0.0-20210920065950-d4af136d3672 h1:4mkzGhKqt3JO1BWYjtD3iRFyAx4ow67hmSqOcGjuxqQ=
@@ -297,6 +298,7 @@ golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/listener/listener.go b/listener/listener.go
index 80429dd7..29f6d441 100644
--- a/listener/listener.go
+++ b/listener/listener.go
@@ -2,11 +2,9 @@ package proxy
 
 import (
 	"fmt"
-	"github.com/Dreamacro/clash/common/cmd"
 	"github.com/Dreamacro/clash/listener/inner"
 	"github.com/Dreamacro/clash/listener/tun/ipstack/commons"
 	"net"
-	"runtime"
 	"sort"
 	"strconv"
 	"sync"
@@ -456,12 +454,7 @@ func Cleanup(wait bool) {
 			commons.WaitForTunClose(lastTunConf.Device)
 		}
 
-		if runtime.GOOS == "android" {
-			prefs := []int{9000, 9001, 9002, 9003, 9004}
-			for _, pref := range prefs {
-				_, _ = cmd.ExecCmd(fmt.Sprintf("ip rule del pref %d", pref))
-			}
-		}
+		commons.CleanupRule()
 	}
 	tunStackListener = nil
 	lastTunConf = nil
diff --git a/listener/tun/ipstack/commons/router_android.go b/listener/tun/ipstack/commons/router_android.go
index 4dc351fc..172c9ce3 100644
--- a/listener/tun/ipstack/commons/router_android.go
+++ b/listener/tun/ipstack/commons/router_android.go
@@ -2,26 +2,30 @@ package commons
 
 import (
 	"fmt"
-	"github.com/Dreamacro/clash/common/cmd"
 	"github.com/Dreamacro/clash/listener/tun/device"
 	"github.com/Dreamacro/clash/log"
+	"github.com/vishvananda/netlink"
+	"net"
 	"net/netip"
-	"strconv"
-	"strings"
 )
 
 func GetAutoDetectInterface() (ifn string, err error) {
-	cmdRes, err := cmd.ExecCmd("ip route get 1.1.1.1 uid 4294967295")
-
-	sps := strings.Split(cmdRes, " ")
-	if len(sps) > 4 {
-		ifn = sps[4]
+	routes, err := netlink.RouteGetWithOptions(
+		net.ParseIP("1.1.1.1"),
+		&netlink.RouteGetOptions{
+			Uid: &netlink.UID{Uid: 4294967295},
+		})
+	if err != nil {
+		return "", err
 	}
 
-	if ifn == "" {
-		err = fmt.Errorf("interface not found")
+	for _, route := range routes {
+		if lk, err := netlink.LinkByIndex(route.LinkIndex); err == nil {
+			return lk.Attrs().Name, nil
+		}
 	}
-	return
+
+	return "", fmt.Errorf("interface not found")
 }
 
 func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, autoRoute bool) error {
@@ -30,54 +34,107 @@ func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int,
 		ip            = addr.Masked().Addr().Next()
 	)
 
-	_, err := cmd.ExecCmd(fmt.Sprintf("ip addr add %s dev %s", ip.String(), interfaceName))
+	metaLink, err := netlink.LinkByName(interfaceName)
 	if err != nil {
 		return err
 	}
 
-	_, err = cmd.ExecCmd(fmt.Sprintf("ip link set %s up", interfaceName))
+	naddr, err := netlink.ParseAddr(addr.String())
 	if err != nil {
 		return err
 	}
 
-	if err = execRouterCmd("add", addr.Masked().String(), interfaceName, ip.String(), "main"); err != nil {
+	if err = netlink.AddrAdd(metaLink, naddr); err != nil {
+		return err
+	}
+
+	if err = netlink.LinkSetUp(metaLink); err != nil {
 		return err
 	}
 
 	if autoRoute {
-		err = configInterfaceRouting(interfaceName, addr)
+		err = configInterfaceRouting(metaLink.Attrs().Index, interfaceName, ip)
 	}
 	return err
 }
 
-func configInterfaceRouting(interfaceName string, addr netip.Prefix) error {
-	linkIP := addr.Masked().Addr().Next()
+func configInterfaceRouting(index int, interfaceName string, ip netip.Addr) error {
 	const tableId = 1981801
+	var pref = 9000
 
 	for _, route := range defaultRoutes {
-		if err := execRouterCmd("add", route, interfaceName, linkIP.String(), strconv.Itoa(tableId)); err != nil {
+		_, ipn, err := net.ParseCIDR(route)
+		if err != nil {
+			return err
+		}
+
+		if err := netlink.RouteAdd(&netlink.Route{
+			LinkIndex: index,
+			Scope:     netlink.SCOPE_LINK,
+			Protocol:  2,
+			Src:       ip.AsSlice(),
+			Dst:       ipn,
+			Table:     tableId,
+		}); err != nil {
 			return err
 		}
 	}
-	execAddRuleCmd(fmt.Sprintf("lookup main pref 9000"))
-	execAddRuleCmd(fmt.Sprintf("from 0.0.0.0 iif lo uidrange 0-4294967294 lookup %d pref 9001", tableId))
-	execAddRuleCmd(fmt.Sprintf("from %s iif lo uidrange 0-4294967294 lookup %d pref 9002", linkIP, tableId))
-	execAddRuleCmd(fmt.Sprintf("from all iif %s lookup main suppress_prefixlength 0 pref 9003", interfaceName))
-	execAddRuleCmd(fmt.Sprintf("not from all iif lo lookup %d pref 9004", tableId))
+
+	logIfErr := func(e error) {
+		if e != nil {
+			log.Warnln("[TOUTE] config route rule: %s", e)
+		}
+	}
+
+	var r *netlink.Rule
+	r = netlink.NewRule()
+	r.Table = 254
+	r.Priority = pref
+	logIfErr(netlink.RuleAdd(r))
+	pref += 10
+
+	r = netlink.NewRule()
+	_, nl, _ := net.ParseCIDR("0.0.0.0/32")
+	r.Table = tableId
+	r.Priority = pref
+	r.Src = nl
+	r.IifName = "lo"
+	r.UID = netlink.NewRuleUIDRange(0, 4294967294)
+	logIfErr(netlink.RuleAdd(r))
+	pref += 10
+
+	_, nl, _ = net.ParseCIDR(ip.String())
+	r.Priority = pref
+	r.Src = nl
+	logIfErr(netlink.RuleAdd(r))
+	pref += 10
+
+	r = netlink.NewRule()
+	r.Table = 254
+	r.Priority = pref
+	r.IifName = interfaceName
+	r.SuppressPrefixlen = 0
+	logIfErr(netlink.RuleAdd(r))
+	pref += 10
+
+	r = netlink.NewRule()
+	r.Table = tableId
+	r.Priority = pref
+	r.IifName = "lo"
+	r.SuppressPrefixlen = 0
+	r.Invert = true
+	logIfErr(netlink.RuleAdd(r))
 
 	return nil
 }
 
-func execAddRuleCmd(rule string) {
-	_, err := cmd.ExecCmd("ip rule add " + rule)
-	if err != nil {
-		log.Warnln("%s", err)
+func CleanupRule() {
+	r := netlink.NewRule()
+	for i := 0; i < 5; i++ {
+		r.Priority = 9000 + i*10
+		err := netlink.RuleDel(r)
+		if err != nil {
+			log.Warnln("[TOUTE] cleanup route rule: %s", err)
+		}
 	}
 }
-
-func execRouterCmd(action, route, interfaceName, linkIP, table string) error {
-	cmdStr := fmt.Sprintf("ip route %s %s dev %s proto kernel scope link src %s table %s", action, route, interfaceName, linkIP, table)
-
-	_, err := cmd.ExecCmd(cmdStr)
-	return err
-}
diff --git a/listener/tun/ipstack/commons/router_darwin.go b/listener/tun/ipstack/commons/router_darwin.go
index 47e3db1a..3132fced 100644
--- a/listener/tun/ipstack/commons/router_darwin.go
+++ b/listener/tun/ipstack/commons/router_darwin.go
@@ -61,3 +61,5 @@ func execRouterCmd(action, inet, route string, interfaceName string) error {
 	_, err := cmd.ExecCmd(fmt.Sprintf("route %s %s %s -interface %s", action, inet, route, interfaceName))
 	return err
 }
+
+func CleanupRule() {}
diff --git a/listener/tun/ipstack/commons/router_linux.go b/listener/tun/ipstack/commons/router_linux.go
index b34dd5a4..d5f3edab 100644
--- a/listener/tun/ipstack/commons/router_linux.go
+++ b/listener/tun/ipstack/commons/router_linux.go
@@ -6,15 +6,33 @@ import (
 	"fmt"
 	"github.com/Dreamacro/clash/common/cmd"
 	"github.com/Dreamacro/clash/listener/tun/device"
+	"github.com/vishvananda/netlink"
+	"net"
 	"net/netip"
 )
 
 func GetAutoDetectInterface() (string, error) {
-	execCmd, err := cmd.ExecCmd("bash -c ip route show | grep 'default via' | awk -F ' ' 'NR==1{print $5}' | xargs echo -n")
-	if execCmd == "" {
-		return "", fmt.Errorf("interface not found")
+	routes, err := netlink.RouteList(nil, netlink.FAMILY_V4)
+	if err != nil {
+		return "", err
 	}
-	return execCmd, err
+
+	for _, route := range routes {
+		if route.Dst == nil {
+			lk, err := netlink.LinkByIndex(route.LinkIndex)
+			if err != nil {
+				return "", err
+			}
+
+			if lk.Type() == "tuntap" {
+				continue
+			}
+
+			return lk.Attrs().Name, nil
+		}
+	}
+
+	return "", fmt.Errorf("interface not found")
 }
 
 func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, autoRoute bool) error {
@@ -23,29 +41,55 @@ func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int,
 		ip            = addr.Masked().Addr().Next()
 	)
 
-	if _, err := cmd.ExecCmd(fmt.Sprintf("ip addr add %s dev %s", ip.String(), interfaceName)); err != nil {
+	metaLink, err := netlink.LinkByName(interfaceName)
+	if err != nil {
 		return err
 	}
 
-	if _, err := cmd.ExecCmd(fmt.Sprintf("ip link set %s up", interfaceName)); err != nil {
+	naddr, err := netlink.ParseAddr(addr.String())
+	if err != nil {
 		return err
 	}
 
-	if err := execRouterCmd("add", addr.Masked().String(), interfaceName, ip.String(), "main"); err != nil {
+	if err = netlink.AddrAdd(metaLink, naddr); err != nil {
+		return err
+	}
+
+	if err = netlink.LinkSetUp(metaLink); err != nil {
+		return err
+	}
+
+	if err = netlink.RouteAdd(&netlink.Route{
+		LinkIndex: metaLink.Attrs().Index,
+		Scope:     netlink.SCOPE_LINK,
+		Protocol:  2,
+		Src:       ip.AsSlice(),
+		Table:     254,
+	}); err != nil {
 		return err
 	}
 
 	if autoRoute {
-		_ = configInterfaceRouting(interfaceName, addr)
+		_ = configInterfaceRouting(metaLink.Attrs().Index, interfaceName, ip)
 	}
 	return nil
 }
 
-func configInterfaceRouting(interfaceName string, addr netip.Prefix) error {
-	linkIP := addr.Masked().Addr().Next()
-
+func configInterfaceRouting(index int, interfaceName string, ip netip.Addr) error {
 	for _, route := range defaultRoutes {
-		if err := execRouterCmd("add", route, interfaceName, linkIP.String(), "main"); err != nil {
+		_, ipn, err := net.ParseCIDR(route)
+		if err != nil {
+			return err
+		}
+
+		if err := netlink.RouteAdd(&netlink.Route{
+			LinkIndex: index,
+			Scope:     netlink.SCOPE_LINK,
+			Protocol:  2,
+			Src:       ip.AsSlice(),
+			Dst:       ipn,
+			Table:     254,
+		}); err != nil {
 			return err
 		}
 	}
@@ -59,3 +103,5 @@ func execRouterCmd(action, route, interfaceName, linkIP, table string) error {
 	_, err := cmd.ExecCmd(cmdStr)
 	return err
 }
+
+func CleanupRule() {}
diff --git a/listener/tun/ipstack/commons/router_others.go b/listener/tun/ipstack/commons/router_others.go
index 6c8ea341..dfc409f4 100644
--- a/listener/tun/ipstack/commons/router_others.go
+++ b/listener/tun/ipstack/commons/router_others.go
@@ -17,3 +17,5 @@ func GetAutoDetectInterface() (string, error) {
 func ConfigInterfaceAddress(device.Device, netip.Prefix, int, bool) error {
 	return fmt.Errorf("unsupported on this OS: %s", runtime.GOOS)
 }
+
+func CleanupRule() {}
diff --git a/listener/tun/ipstack/commons/router_windows.go b/listener/tun/ipstack/commons/router_windows.go
index b29b20ab..2abfa0ff 100644
--- a/listener/tun/ipstack/commons/router_windows.go
+++ b/listener/tun/ipstack/commons/router_windows.go
@@ -269,3 +269,5 @@ func getAutoDetectInterfaceByFamily(family winipcfg.AddressFamily) (string, erro
 
 	return "", errors.New("ethernet interface not found")
 }
+
+func CleanupRule() {}
diff --git a/listener/tun/tun_adapter.go b/listener/tun/tun_adapter.go
index 35a9d0a6..9d0cad1b 100644
--- a/listener/tun/tun_adapter.go
+++ b/listener/tun/tun_adapter.go
@@ -26,7 +26,7 @@ import (
 func New(tunConf *config.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.PacketAdapter) (ipstack.Stack, error) {
 
 	var (
-		tunAddress = netip.Prefix{}
+		tunAddress = tunConf.TunAddressPrefix
 		devName    = tunConf.Device
 		stackType  = tunConf.Stack
 		autoRoute  = tunConf.AutoRoute
@@ -38,10 +38,6 @@ func New(tunConf *config.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.
 		err error
 	)
 
-	if tunConf.TunAddressPrefix != nil {
-		tunAddress = *tunConf.TunAddressPrefix
-	}
-
 	if devName == "" {
 		devName = generateDeviceName()
 	}