Clash Glossary
Reading config files, docs, or troubleshooting guides, you'll run into terms that never quite get explained. Here are clear definitions for 20 frequently used concepts — check back whenever you hit one you're not sure about.
Basics
The most frequently asked-about terms related to operating modes and subscriptions.
Rule Mode
Rule Mode Operating ModeMatches each connection against the rules list in your config, automatically deciding whether to go direct, through a proxy, or block it. This is the recommended mode for everyday use.
Global Mode
Global Mode Operating ModeIgnores all rules and forces every connection through the same proxy node. Mainly useful for briefly testing whether a specific node actually works — not recommended for everyday use.
Direct Mode
Direct Mode Operating ModeTurns the proxy off entirely — all traffic leaves your machine directly, as if Clash weren't installed. Handy for A/B comparison testing.
TUN Mode
TUN Mode Traffic InterceptionThe client creates a virtual network adapter that intercepts all traffic at the network layer — useful for command-line tools, games, and other apps that ignore system proxy settings. Requires extra system permissions (admin rights / network extension approval / root).
→ See how to enable it on each platformSubscription Link
Subscription Config SourceA URL provided by your service provider — the client fetches it to get a configuration containing the node list and routing rules. It supports automatic update intervals, so there's no need to maintain it manually.
→ See how to import itRules & Policy
Terms related to the rules and proxy-groups sections in config.yaml.
Proxy Group
Proxy Group SchedulingGroups multiple proxy nodes together and assigns a scheduling method (auto latency test, manual selection, failover, etc.). Rules reference the proxy group's name, not any specific node.
Rule Provider
Rule Set Rule SourceA remotely hosted collection of rules maintained by the community or a provider (like "all mainland China domains" or "all ad domains"). Reference it with a single line in your rule list, and it updates automatically from the remote source.
→ See the full rule syntax guideGEOIP Rule
GEOIP Rule TypeA rule type that routes traffic based on which country/region the destination IP belongs to — for example, GEOIP,CN,DIRECT means mainland China IPs connect directly.
DOMAIN-SUFFIX / DOMAIN-KEYWORD
Domain Matching Rules Rule TypeTwo common domain-matching rule types: DOMAIN-SUFFIX matches a domain and all its subdomains; DOMAIN-KEYWORD matches any domain containing a given keyword, covering multiple variants at once.
url-test / fallback / load-balance
Proxy Group Types SchedulingThree common proxy group scheduling types: url-test automatically picks the lowest-latency node; fallback automatically switches to the next available node if the current one fails; load-balance spreads traffic across multiple nodes for high-throughput scenarios.
MATCH (Catch-All Rule)
MATCH Rule TypeThe catch-all entry in a rule list — it matches any traffic that didn't hit an earlier rule. It must be the last line in the rule list, or any rules after it will never be reached.
Protocols & Core
The encryption protocols nodes use, plus a few key names for the Clash core itself.
Shadowsocks
SS Proxy ProtocolA lightweight encrypted proxy protocol and one of the earliest to see widespread adoption — simple to implement, low overhead, and natively supported by Clash.
VMess
V2Ray Protocol Proxy ProtocolAn encrypted proxy protocol from the V2Ray project, supporting dynamic ports and multiple transports (TCP, WebSocket, mKCP, and more). It's one of the mainstream protocols Clash supports.
Trojan
Trojan Protocol Proxy ProtocolA proxy protocol that disguises itself as normal HTTPS traffic — hard to fingerprint and resistant to blocking, natively supported by Clash.
Clash Meta / mihomo
Core Fork ProjectA community-maintained fork of the Clash core that added enhanced TUN mode, support for more protocols, and other features on top of the original. It was later renamed mihomo and is the core that most mainstream clients now run on under the hood.
Network & Debugging
DNS, ports, and interface terms you'll run into while troubleshooting.
Fake-IP Mode
Fake-IP DNSReturns a placeholder IP for DNS queries instead of resolving immediately, then resolves for real only when a connection is actually made. This skips a round-trip lookup, cuts latency, and reduces the impact of DNS poisoning.
DNS Poisoning / DNS Leak
DNS Pollution / Leak DNSDNS poisoning means a domain's resolved result has been tampered with, causing broken access; a DNS leak means DNS requests still go through your local ISP instead of the proxy while it's active. They're different problems that need different troubleshooting approaches.
Mixed Port
Mixed Port PortHTTP and SOCKS5 proxies share the same local port (default 7890) — configure the system proxy once and it supports both protocols at the same time. A handy feature of the Clash core.
External Controller / Dashboard
External Controller Control PanelA built-in RESTful API in Clash (default port 9090) that, paired with a web dashboard, lets you view connections, switch nodes, and change settings in real time. It's the underlying mechanism behind every visual dashboard.
Connections Panel
Connections Panel Control PanelA view in the client showing live network connections, including which rule and node each connection matched. The most direct tool for verifying that routing is working as expected.
→ See how to verify it's working