diff --git a/net/xray-core/Makefile b/net/xray-core/Makefile
index c5d8a6045..1662e0d95 100644
--- a/net/xray-core/Makefile
+++ b/net/xray-core/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=xray-core
-PKG_VERSION:=1.4.5
+PKG_VERSION:=1.5.1
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/XTLS/Xray-core/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=54c6a687dd463b25afe8d8eb44d37e18b8177f58308207cd1d74f6cd04619854
+PKG_HASH:=11b01de5da7efed2a5f066b14bfe5e0299071dc8c32b7f64af5c51daf3abc6c2
 
 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_LICENSE:=MPL-2.0
@@ -78,24 +78,24 @@ define Package/xray-core/conffiles
 /etc/config/xray
 endef
 
-GEOIP_VER:=202110210032
+GEOIP_VER:=202112090029
 GEOIP_FILE:=geoip.dat.$(GEOIP_VER)
 
 define Download/geoip
   URL:=https://github.com/v2fly/geoip/releases/download/$(GEOIP_VER)/
   URL_FILE:=geoip.dat
   FILE:=$(GEOIP_FILE)
-  HASH:=932cd484471f8066c040ab84a04fdd70df6c5cee99545de610e1f337bb696220
+  HASH:=704c53a30531b74a2c4c51b5ee958340717fc81906335c4342fb7d6ef4243ba9
 endef
 
-GEOSITE_VER:=20211018134657
+GEOSITE_VER:=20211209100918
 GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER)
 
 define Download/geosite
   URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/
   URL_FILE:=dlc.dat
   FILE:=$(GEOSITE_FILE)
-  HASH:=60b2388b11f1f9b6e14794fbacdf3bf693e3101e3ec651ce5423d8caceda5497
+  HASH:=a39901df0d0f7477d874cda50b045057610837dd0d80f7ff4c51b7ab87d88b18
 endef
 
 define Build/Prepare
diff --git a/net/xray-core/patches/010-fix-unsupported-cipher-method-xChaCha20-IETF-Poly1305.patch b/net/xray-core/patches/010-fix-unsupported-cipher-method-xChaCha20-IETF-Poly1305.patch
new file mode 100644
index 000000000..c535b4c66
--- /dev/null
+++ b/net/xray-core/patches/010-fix-unsupported-cipher-method-xChaCha20-IETF-Poly1305.patch
@@ -0,0 +1,20 @@
+From c8e2a99e68109b386c541dcc157f1f64ca8cbd17 Mon Sep 17 00:00:00 2001
+From: xqzr <34030394+xqzr@users.noreply.github.com>
+Date: Fri, 17 Dec 2021 00:25:16 +0800
+Subject: [PATCH] fix unsupported cipher method: xChaCha20-IETF-Poly1305
+
+---
+ infra/conf/shadowsocks.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/infra/conf/shadowsocks.go
++++ b/infra/conf/shadowsocks.go
+@@ -59,7 +59,7 @@ func (v *ShadowsocksServerConfig) Build(
+ 				return nil, newError("Shadowsocks password is not specified.")
+ 			}
+ 			if account.CipherType < shadowsocks.CipherType_AES_128_GCM ||
+-				account.CipherType > shadowsocks.CipherType_CHACHA20_POLY1305 {
++				account.CipherType > shadowsocks.CipherType_XCHACHA20_POLY1305 {
+ 				return nil, newError("unsupported cipher method: ", user.Cipher)
+ 			}
+ 			config.Users = append(config.Users, &protocol.User{
diff --git a/net/xray-core/patches/020-grpc-add-initial_windows_size-option.patch b/net/xray-core/patches/020-grpc-add-initial_windows_size-option.patch
new file mode 100644
index 000000000..696bcf259
--- /dev/null
+++ b/net/xray-core/patches/020-grpc-add-initial_windows_size-option.patch
@@ -0,0 +1,114 @@
+From 63da3a548138640f96e631f10d6e2ee1bae3ed62 Mon Sep 17 00:00:00 2001
+From: hmol233 <82594500+hmol233@users.noreply.github.com>
+Date: Mon, 20 Dec 2021 00:47:21 +0800
+Subject: [PATCH] grpc: add initial_windows_size option
+
+---
+ infra/conf/grpc.go                   |  7 +++++++
+ transport/internet/grpc/config.pb.go | 23 +++++++++++++++++------
+ transport/internet/grpc/config.proto |  1 +
+ transport/internet/grpc/dial.go      |  4 ++++
+ 4 files changed, 29 insertions(+), 6 deletions(-)
+
+--- a/infra/conf/grpc.go
++++ b/infra/conf/grpc.go
+@@ -12,6 +12,7 @@ type GRPCConfig struct {
+ 	IdleTimeout         int32  `json:"idle_timeout"`
+ 	HealthCheckTimeout  int32  `json:"health_check_timeout"`
+ 	PermitWithoutStream bool   `json:"permit_without_stream"`
++	InitialWindowsSize  int32  `json:"initial_windows_size"`
+ }
+ 
+ func (g *GRPCConfig) Build() (proto.Message, error) {
+@@ -21,11 +22,17 @@ func (g *GRPCConfig) Build() (proto.Mess
+ 	if g.HealthCheckTimeout <= 0 {
+ 		g.HealthCheckTimeout = 0
+ 	}
++	if g.InitialWindowsSize < 0 {
++		// default window size of gRPC-go
++		g.InitialWindowsSize = 0
++	}
++
+ 	return &grpc.Config{
+ 		ServiceName:         g.ServiceName,
+ 		MultiMode:           g.MultiMode,
+ 		IdleTimeout:         g.IdleTimeout,
+ 		HealthCheckTimeout:  g.HealthCheckTimeout,
+ 		PermitWithoutStream: g.PermitWithoutStream,
++		InitialWindowsSize:  g.InitialWindowsSize,
+ 	}, nil
+ }
+--- a/transport/internet/grpc/config.pb.go
++++ b/transport/internet/grpc/config.pb.go
+@@ -31,6 +31,7 @@ type Config struct {
+ 	IdleTimeout         int32  `protobuf:"varint,4,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"`
+ 	HealthCheckTimeout  int32  `protobuf:"varint,5,opt,name=health_check_timeout,json=healthCheckTimeout,proto3" json:"health_check_timeout,omitempty"`
+ 	PermitWithoutStream bool   `protobuf:"varint,6,opt,name=permit_without_stream,json=permitWithoutStream,proto3" json:"permit_without_stream,omitempty"`
++	InitialWindowsSize  int32  `protobuf:"varint,7,opt,name=initial_windows_size,json=initialWindowsSize,proto3" json:"initial_windows_size,omitempty"`
+ }
+ 
+ func (x *Config) Reset() {
+@@ -107,6 +108,13 @@ func (x *Config) GetPermitWithoutStream(
+ 	return false
+ }
+ 
++func (x *Config) GetInitialWindowsSize() int32 {
++	if x != nil {
++		return x.InitialWindowsSize
++	}
++	return 0
++}
++
+ var File_transport_internet_grpc_config_proto protoreflect.FileDescriptor
+ 
+ var file_transport_internet_grpc_config_proto_rawDesc = []byte{
+@@ -114,7 +122,7 @@ var file_transport_internet_grpc_config_
+ 	0x72, 0x6e, 0x65, 0x74, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+ 	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x25, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61,
+ 	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e,
+-	0x67, 0x72, 0x70, 0x63, 0x2e, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x22, 0xe7, 0x01,
++	0x67, 0x72, 0x70, 0x63, 0x2e, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x22, 0x99, 0x02,
+ 	0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74,
+ 	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c,
+ 	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01,
+@@ -129,11 +137,14 @@ var file_transport_internet_grpc_config_
+ 	0x6f, 0x75, 0x74, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x74, 0x5f, 0x77, 0x69,
+ 	0x74, 0x68, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x18, 0x06, 0x20, 0x01,
+ 	0x28, 0x08, 0x52, 0x13, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x74, 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75,
+-	0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75,
+-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d,
+-	0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69,
+-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x62, 0x06, 0x70, 0x72,
+-	0x6f, 0x74, 0x6f, 0x33,
++	0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x30, 0x0a, 0x14, 0x69, 0x6e, 0x69, 0x74, 0x69,
++	0x61, 0x6c, 0x5f, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18,
++	0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x57, 0x69,
++	0x6e, 0x64, 0x6f, 0x77, 0x73, 0x53, 0x69, 0x7a, 0x65, 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74,
++	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61,
++	0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74,
++	0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x62, 0x06,
++	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ }
+ 
+ var (
+--- a/transport/internet/grpc/config.proto
++++ b/transport/internet/grpc/config.proto
+@@ -10,4 +10,5 @@ message Config {
+   int32 idle_timeout = 4;
+   int32 health_check_timeout = 5;
+   bool permit_without_stream = 6;
++  int32 initial_windows_size = 7;
+ }
+--- a/transport/internet/grpc/dial.go
++++ b/transport/internet/grpc/dial.go
+@@ -135,6 +135,10 @@ func getGrpcClient(ctx context.Context,
+ 		}))
+ 	}
+ 
++	if grpcSettings.InitialWindowsSize > 0 {
++		dialOptions = append(dialOptions, grpc.WithInitialWindowSize(grpcSettings.InitialWindowsSize))
++	}
++
+ 	var grpcDestHost string
+ 	if dest.Address.Family().IsDomain() {
+ 		grpcDestHost = dest.Address.Domain()
diff --git a/net/xray-core/patches/030-Fix-shadowsocks-xchacha-cipher-nonce-size.patch b/net/xray-core/patches/030-Fix-shadowsocks-xchacha-cipher-nonce-size.patch
new file mode 100644
index 000000000..a73d0156c
--- /dev/null
+++ b/net/xray-core/patches/030-Fix-shadowsocks-xchacha-cipher-nonce-size.patch
@@ -0,0 +1,52 @@
+From 9ea1bf7c1dfad892aafc8807b56ce398bb2eb819 Mon Sep 17 00:00:00 2001
+From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
+Date: Sat, 18 Dec 2021 23:23:09 -0500
+Subject: [PATCH] Fix shadowsocks xchacha cipher nonce size
+
+---
+ common/crypto/auth.go          | 4 ----
+ proxy/shadowsocks/protocol.go  | 2 +-
+ proxy/shadowsocks/validator.go | 6 +++---
+ 3 files changed, 4 insertions(+), 8 deletions(-)
+
+--- a/common/crypto/auth.go
++++ b/common/crypto/auth.go
+@@ -39,10 +39,6 @@ func GenerateIncreasingNonce(nonce []byt
+ 	}
+ }
+ 
+-func GenerateInitialAEADNonce() BytesGenerator {
+-	return GenerateIncreasingNonce([]byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF})
+-}
+-
+ func GenerateAEADNonceWithSize(nonceSize int) BytesGenerator {
+ 	c := make([]byte, nonceSize)
+ 	for i := 0; i < nonceSize; i++ {
+--- a/proxy/shadowsocks/protocol.go
++++ b/proxy/shadowsocks/protocol.go
+@@ -86,7 +86,7 @@ func ReadTCPSession(validator *Validator
+ 		if aead != nil {
+ 			auth := &crypto.AEADAuthenticator{
+ 				AEAD:           aead,
+-				NonceGenerator: crypto.GenerateInitialAEADNonce(),
++				NonceGenerator: crypto.GenerateAEADNonceWithSize(aead.NonceSize()),
+ 			}
+ 			r = crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{
+ 				Auth: auth,
+--- a/proxy/shadowsocks/validator.go
++++ b/proxy/shadowsocks/validator.go
+@@ -93,11 +93,11 @@ func (v *Validator) Get(bs []byte, comma
+ 			var matchErr error
+ 			switch command {
+ 			case protocol.RequestCommandTCP:
+-				data := make([]byte, 16)
+-				ret, matchErr = aead.Open(data[:0], data[4:16], bs[ivLen:ivLen+18], nil)
++				data := make([]byte, 4+aead.NonceSize())
++				ret, matchErr = aead.Open(data[:0], data[4:], bs[ivLen:ivLen+18], nil)
+ 			case protocol.RequestCommandUDP:
+ 				data := make([]byte, 8192)
+-				ret, matchErr = aead.Open(data[:0], data[8180:8192], bs[ivLen:], nil)
++				ret, matchErr = aead.Open(data[:0], data[8192-aead.NonceSize():8192], bs[ivLen:], nil)
+ 			}
+ 
+ 			if matchErr == nil {