diff --git a/nikki/Makefile b/nikki/Makefile
index c58f203d8..cd8ccabdb 100644
--- a/nikki/Makefile
+++ b/nikki/Makefile
@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
-PKG_SOURCE_DATE:=2025-03-20
-PKG_SOURCE_VERSION:=0f32c054f47641a2ee9c9362fc65652e772924b2
-PKG_MIRROR_HASH:=276f1dcc81b3cece5c7de5b16ddac8d596bf20e7c3bb8993d963042acf845a14
+PKG_SOURCE_DATE:=2025-04-06
+PKG_SOURCE_VERSION:=9e8f4ada4754ae95b002535acbeb457e40b06731
+PKG_MIRROR_HASH:=1c8a7d70de0cb903b58eca1937b6561003cae7e76f9f021fd3eb9007b6a1f65f
 
 PKG_LICENSE:=GPL3.0+
 PKG_MAINTAINER:=Joseph Mory <morytyann@gmail.com>
@@ -16,7 +16,7 @@ PKG_BUILD_DEPENDS:=golang/host
 PKG_BUILD_PARALLEL:=1
 PKG_BUILD_FLAGS:=no-mips16
 
-PKG_BUILD_VERSION:=alpha-0f32c05
+PKG_BUILD_VERSION:=alpha-9e8f4ad
 PKG_BUILD_TIME:=$(shell date -u -Iseconds)
 
 GO_PKG:=github.com/metacubex/mihomo
diff --git a/nikki/files/nikki.init b/nikki/files/nikki.init
index c216f3fd5..c492399ec 100644
--- a/nikki/files/nikki.init
+++ b/nikki/files/nikki.init
@@ -175,17 +175,9 @@ service_started() {
 	## cgroupfs-mount
 	### when cgroupfs-mount is installed, cgroupv1 will mounted instead of cgroupv2, we need to create cgroup manually
 	if (mount | grep -q -w "^cgroup"); then
-		local cgroup_v1_path; cgroup_v1_path="/sys/fs/cgroup/net_cls/$CGROUP_NAME"
-		mkdir -p "$cgroup_v1_path"
-		echo "$CGROUP_ID" > "$cgroup_v1_path/net_cls.classid"
-		cat "$PID_FILE_PATH" > "$cgroup_v1_path/cgroup.procs"
-		# local bypass_cgroup; config_get bypass_cgroup "proxy" "bypass_cgroup"
-		# if [ -n "$bypass_cgroup" ]; then
-		# 	local cgroup
-		# 	for cgroup in $bypass_cgroup; do
-		# 		ubus call service list "{\"name\": \"$cgroup\"}" | jsonfilter -e "$.$cgroup.instances.*.pid" >> "$cgroup_v1_path/cgroup.procs"
-		# 	done
-		# fi
+		mkdir -p "/sys/fs/cgroup/net_cls/$CGROUP_NAME"
+		echo "$CGROUP_ID" > "/sys/fs/cgroup/net_cls/$CGROUP_NAME/net_cls.classid"
+		cat "$PID_FILE_PATH" > "/sys/fs/cgroup/net_cls/$CGROUP_NAME/cgroup.procs"
 	fi
 	## kmod-br-netfilter
 	### when kmod-br-netfilter is loaded, bridge-nf-call-iptables and bridge-nf-call-ip6tables are set to 1, we need to set them to 0 if tproxy is enabled
@@ -299,14 +291,13 @@ cleanup() {
 		nft delete rule inet fw4 forward handle "$handle"
 	done
 	# delete started flag
-	rm -f "$STARTED_FLAG_PATH"
-	# revert fix compatible between tproxy and dockerd (kmod-br-netfilter)
-	if [ -f "$BRIDGE_NF_CALL_IPTABLES_FLAG_PATH" ]; then
-		rm -f "$BRIDGE_NF_CALL_IPTABLES_FLAG_PATH"
+	rm "$STARTED_FLAG_PATH" > /dev/null 2>&1
+	# revert fix compatible with dockerd
+	## kmod-br-netfilter
+	if (rm "$BRIDGE_NF_CALL_IPTABLES_FLAG_PATH" > /dev/null 2>&1); then
 		sysctl -q -w net.bridge.bridge-nf-call-iptables=1
 	fi
-	if [ -f "$BRIDGE_NF_CALL_IP6TABLES_FLAG_PATH" ]; then
-		rm -f "$BRIDGE_NF_CALL_IP6TABLES_FLAG_PATH"
+	if (rm "$BRIDGE_NF_CALL_IP6TABLES_FLAG_PATH" > /dev/null 2>&1); then
 		sysctl -q -w net.bridge.bridge-nf-call-ip6tables=1
 	fi
 	# delete cron
diff --git a/nikki/files/scripts/include.sh b/nikki/files/scripts/include.sh
index 30445e517..3fc81d7d1 100644
--- a/nikki/files/scripts/include.sh
+++ b/nikki/files/scripts/include.sh
@@ -27,7 +27,7 @@ LOG_DIR="/var/log/nikki"
 APP_LOG_PATH="$LOG_DIR/app.log"
 CORE_LOG_PATH="$LOG_DIR/core.log"
 
-# flag
+# temp
 TEMP_DIR="/var/run/nikki"
 PID_FILE_PATH="$TEMP_DIR/nikki.pid"
 STARTED_FLAG_PATH="$TEMP_DIR/started.flag"
diff --git a/nikki/files/uci-defaults/migrate.sh b/nikki/files/uci-defaults/migrate.sh
index 42635387b..ba07d1b61 100644
--- a/nikki/files/uci-defaults/migrate.sh
+++ b/nikki/files/uci-defaults/migrate.sh
@@ -20,39 +20,6 @@ proxy_fake_ip_ping_hijack=$(uci -q get nikki.proxy.fake_ip_ping_hijack); [ -z "$
 
 # since v1.20.0
 
-mixin=$(uci -q get nikki.config.mixin); [ -n "$mixin" ] && {
-	uci del nikki.config.mixin
-	[ "$mixin" == "0" ] && {
-		uci del nikki.mixin.unify_delay
-		uci del nikki.mixin.tcp_concurrent
-		uci del nikki.mixin.tcp_keep_alive_idle
-		uci del nikki.mixin.tcp_keep_alive_interval
-		uci set nikki.mixin.fake_ip_filter=0
-		uci del nikki.mixin.fake_ip_filter_mode
-		uci del nikki.mixin.dns_respect_rules
-		uci del nikki.mixin.dns_doh_prefer_http3
-		uci del nikki.mixin.dns_system_hosts
-		uci del nikki.mixin.dns_hosts
-		uci set nikki.mixin.hosts=0
-		uci set nikki.mixin.dns_nameserver=0
-		uci set nikki.mixin.dns_nameserver_policy=0
-		uci del nikki.mixin.sniffer
-		uci del nikki.mixin.sniffer_sniff_dns_mapping
-		uci del nikki.mixin.sniffer_sniff_pure_ip
-		uci set nikki.mixin.sniffer_force_domain_name=0
-		uci set nikki.mixin.sniffer_ignore_domain_name=0
-		uci set nikki.mixin.sniffer_sniff=0
-		uci del nikki.mixin.geoip_format
-		uci del nikki.mixin.geodata_loader
-		uci del nikki.mixin.geosite_url
-		uci del nikki.mixin.geoip_mmdb_url
-		uci del nikki.mixin.geoip_dat_url
-		uci del nikki.mixin.geoip_asn_url
-		uci del nikki.mixin.geox_auto_update
-		uci del nikki.mixin.geox_update_interval
-	}
-}
-
 mixin_api_port=$(uci -q get nikki.mixin.api_port); [ -n "$mixin_api_port" ] && {
 	uci del nikki.mixin.api_port
 	uci set nikki.mixin.api_listen=[::]:$mixin_api_port
@@ -63,17 +30,6 @@ mixin_dns_port=$(uci -q get nikki.mixin.dns_port); [ -n "$mixin_dns_port" ] && {
 	uci set nikki.mixin.dns_listen=[::]:$mixin_dns_port
 }
 
-# since v1.21.0
-
-proxy_bypass_cgroup=$(uci -q get nikki.proxy.bypass_cgroup); [ -z "$proxy_bypass_cgroup" ] && {
-	uci add_list nikki.proxy.bypass_cgroup=adguardhome
-	uci add_list nikki.proxy.bypass_cgroup=aria2
-	uci add_list nikki.proxy.bypass_cgroup=dnsmasq
-	uci add_list nikki.proxy.bypass_cgroup=netbird
-	uci add_list nikki.proxy.bypass_cgroup=qbittorrent
-	uci add_list nikki.proxy.bypass_cgroup=tailscale
-	uci add_list nikki.proxy.bypass_cgroup=zerotier
-}
 
 # commit
 uci commit nikki
diff --git a/nikki/files/ucode/hijack.ut b/nikki/files/ucode/hijack.ut
index 5873424fe..3fae069c6 100644
--- a/nikki/files/ucode/hijack.ut
+++ b/nikki/files/ucode/hijack.ut
@@ -364,7 +364,7 @@ table inet nikki {
 		meta nfproto @proxy_nfproto meta l4proto tcp counter redirect to :{{ redir_port }}
 		{% endif %}
 		{% if (fake_ip_ping_hijack): %}
-		ip protocol icmp ip daddr {{ fake_ip_range }} counter redirect
+		ip protocol icmp icmp type echo-request ip daddr {{ fake_ip_range }} counter redirect
 		{% endif %}
 	}
 
@@ -429,7 +429,7 @@ table inet nikki {
 		meta nfproto @proxy_nfproto jump lan_redirect
 		{% endif %}
 		{% if (fake_ip_ping_hijack): %}
-		ip protocol icmp ip daddr {{ fake_ip_range }} counter redirect
+		ip protocol icmp icmp type echo-request ip daddr {{ fake_ip_range }} counter redirect
 		{% endif %}
 	}
 
diff --git a/nikki/files/ucode/include.uc b/nikki/files/ucode/include.uc
index f6cddfdb7..5272f18c5 100644
--- a/nikki/files/ucode/include.uc
+++ b/nikki/files/ucode/include.uc
@@ -52,7 +52,7 @@ export function trim_all(obj) {
 };
 
 export function get_cgroups_version() {
-	return system('mount | grep -q -w -e "^cgroup"') == 0 ? 1 : 2;
+	return system('mount | grep -q -w "^cgroup"') == 0 ? 1 : 2;
 };
 
 export function get_users() {