Clash Glossary

Reading config files, docs, or troubleshooting guides, you'll run into terms that never quite get explained. Here are clear definitions for 20 frequently used concepts — check back whenever you hit one you're not sure about.

20 Common Terms Grouped by Category With Further Reading
01 · basics

Basics

The most frequently asked-about terms related to operating modes and subscriptions.

Rule Mode

Rule Mode Operating Mode

Matches each connection against the rules list in your config, automatically deciding whether to go direct, through a proxy, or block it. This is the recommended mode for everyday use.

→ See the full mode breakdown

Global Mode

Global Mode Operating Mode

Ignores all rules and forces every connection through the same proxy node. Mainly useful for briefly testing whether a specific node actually works — not recommended for everyday use.

Direct Mode

Direct Mode Operating Mode

Turns the proxy off entirely — all traffic leaves your machine directly, as if Clash weren't installed. Handy for A/B comparison testing.

TUN Mode

TUN Mode Traffic Interception

The client creates a virtual network adapter that intercepts all traffic at the network layer — useful for command-line tools, games, and other apps that ignore system proxy settings. Requires extra system permissions (admin rights / network extension approval / root).

→ See how to enable it on each platform

Subscription Link

Subscription Config Source

A URL provided by your service provider — the client fetches it to get a configuration containing the node list and routing rules. It supports automatic update intervals, so there's no need to maintain it manually.

→ See how to import it
02 · rules & policy

Rules & Policy

Terms related to the rules and proxy-groups sections in config.yaml.

Proxy Group

Proxy Group Scheduling

Groups multiple proxy nodes together and assigns a scheduling method (auto latency test, manual selection, failover, etc.). Rules reference the proxy group's name, not any specific node.

Rule Provider

Rule Set Rule Source

A remotely hosted collection of rules maintained by the community or a provider (like "all mainland China domains" or "all ad domains"). Reference it with a single line in your rule list, and it updates automatically from the remote source.

→ See the full rule syntax guide

GEOIP Rule

GEOIP Rule Type

A rule type that routes traffic based on which country/region the destination IP belongs to — for example, GEOIP,CN,DIRECT means mainland China IPs connect directly.

DOMAIN-SUFFIX / DOMAIN-KEYWORD

Domain Matching Rules Rule Type

Two common domain-matching rule types: DOMAIN-SUFFIX matches a domain and all its subdomains; DOMAIN-KEYWORD matches any domain containing a given keyword, covering multiple variants at once.

url-test / fallback / load-balance

Proxy Group Types Scheduling

Three common proxy group scheduling types: url-test automatically picks the lowest-latency node; fallback automatically switches to the next available node if the current one fails; load-balance spreads traffic across multiple nodes for high-throughput scenarios.

MATCH (Catch-All Rule)

MATCH Rule Type

The catch-all entry in a rule list — it matches any traffic that didn't hit an earlier rule. It must be the last line in the rule list, or any rules after it will never be reached.

03 · protocols & core

Protocols & Core

The encryption protocols nodes use, plus a few key names for the Clash core itself.

Shadowsocks

SS Proxy Protocol

A lightweight encrypted proxy protocol and one of the earliest to see widespread adoption — simple to implement, low overhead, and natively supported by Clash.

VMess

V2Ray Protocol Proxy Protocol

An encrypted proxy protocol from the V2Ray project, supporting dynamic ports and multiple transports (TCP, WebSocket, mKCP, and more). It's one of the mainstream protocols Clash supports.

Trojan

Trojan Protocol Proxy Protocol

A proxy protocol that disguises itself as normal HTTPS traffic — hard to fingerprint and resistant to blocking, natively supported by Clash.

Clash Meta / mihomo

Core Fork Project

A community-maintained fork of the Clash core that added enhanced TUN mode, support for more protocols, and other features on top of the original. It was later renamed mihomo and is the core that most mainstream clients now run on under the hood.

04 · network & debugging

Network & Debugging

DNS, ports, and interface terms you'll run into while troubleshooting.

Fake-IP Mode

Fake-IP DNS

Returns a placeholder IP for DNS queries instead of resolving immediately, then resolves for real only when a connection is actually made. This skips a round-trip lookup, cuts latency, and reduces the impact of DNS poisoning.

DNS Poisoning / DNS Leak

DNS Pollution / Leak DNS

DNS poisoning means a domain's resolved result has been tampered with, causing broken access; a DNS leak means DNS requests still go through your local ISP instead of the proxy while it's active. They're different problems that need different troubleshooting approaches.

Mixed Port

Mixed Port Port

HTTP and SOCKS5 proxies share the same local port (default 7890) — configure the system proxy once and it supports both protocols at the same time. A handy feature of the Clash core.

External Controller / Dashboard

External Controller Control Panel

A built-in RESTful API in Clash (default port 9090) that, paired with a web dashboard, lets you view connections, switch nodes, and change settings in real time. It's the underlying mechanism behind every visual dashboard.

Connections Panel

Connections Panel Control Panel

A view in the client showing live network connections, including which rule and node each connection matched. The most direct tool for verifying that routing is working as expected.

→ See how to verify it's working