Surge Channel

https://community.nssurge.com/d/2207-surge

#Mac#Beta Version 5.4.1-2475 - Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM. - Bug fixes.

#Mac#Beta Version 5.4.1-2474 - Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM. - Bug fixes.

#Mac#Beta Version 5.4.1-2473 - Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM. - Bug fixes.

#Mac#Beta Version 5.4.1-2472 - Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM. - Bug fixes.

#Mac#Beta Version 5.4.1-2471 - Now, when performing MITM, the certificate used for signing will be sent to the client together, to support using intermediate certificates for MITM. - Bug fixes.

#iOS#TestFlight Surge 5 5.21.0 (2946) is ready to test on iOS. What to Test: - 优化 Surge Ponte 错误处理流程，修正某些错误下不会自动更新设备信息的问题 - 参数表说明补充 - 其他细节问题修正

正式版版本更新 · Surge iOS 5.8.0 正式版本已在 App Store 上线，预计数小时后可进行更新。 · Surge Mac 5.4.0 正式版本也已一同发布。 · Surge tvOS 5.8.0 版本由于审核中的一些细节问题暂未上线，预计将在数日内解决。 · 在线文档已为本次更新进行了完善。

#Mac#Release Version 5.4.0-2470 #### New Features * Protocol sniffing Requests to port 80 and 443 will wait for the client to send the first packet, then extract the SNI and other information for the rule system to judge. - DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules add an optional parameter called extended-matching. When this parameter is enabled, the rule will try to match both the SNI and the HTTP Host Header (or :authority). - Added a parameter called always-raw-tcp-hosts, used to forcibly turn off active protocol detection for specific hostnames. * New proxy protocol support: Hysteria 2 Hysteria 2 is a proxy protocol optimized for unstable and packet-loss-prone network environments, based on UDP/QUIC. * Automatic QUIC blocking Since most proxy protocols are not suitable for forwarding QUIC traffic, Surge will now automatically block QUIC traffic to make it fallback to HTTPS/TCP protocol, ensuring performance. For QUIC traffic that hits the MITM hostname, it will also be automatically rejected. * ECN (Explicit Congestion Notification) support for QUIC-based protocols Significantly improved the performance of the Vector(Surge Ponte)/TUIC/Hysteria 2 protocol. #### Optimizations - Reworked HTTP capture functionality - The related settings are no longer stored in the configuration, the [Replica] section has been deprecated. - Added an automatic shut-off setting after turning on the capture switch, which can automatically stop capturing based on time, size, or the number of requests. - Added automatic activation of MITM after turning on the capture switch, which can be additionally turned on for specific hostnames. (Even if the main MITM switch is off). - Added an option to only save HTTP/HTTPS requests after turning on the capture switch. - Improved compatibility with some non-standard protocols. - When testing the Ponte policy, the test URL has been changed from proxy-test-url to internet-test-url. - Following the WireGuard protocol standard recommendation, WireGuard handshake packets will now be tagged with 0x88 (AF41) DSCP to increase the success rate. - When forwarding UDP packets via WireGuard, it supports retaining the TOS(DSCP/ECN) tag of packets inside the tunnel. - Based on the WireGuard protocol standard recommendation, Surge will copy the ECN tag from packets inside the tunnel to packets outside. When receiving packets with an ECN tag, they will be strictly merged according to RFC6040. (ecn=true must be set for the strategy). - UDP NAT can close the UDP session early based on ICMP messages. - Improved PMTU support for QUIC. #### Bug Fixes - Fixed the issue where the external resources of rule sets needed to be reloaded to take effect after updates. - After a network switch, it will forcefully break the original long connection of DoH/DoQ/DoH3 to avoid obtaining results that are not suitable for the current network environment. - Fixed the issue where invalid certificates might cause the key store interface to crash. - When performing MITM on HTTPS requests that directly connect using an IP address, the IP address should not be sent as SNI, as this might cause compatibility issues. - Other bug fixes.

https://yfamily.vercel.app/surge.html 不晓得哪位佬整理维护的，挺赞👍

#Mac#Beta Version 5.4.0-2470 #### New Features * Protocol sniffing Requests to port 80 and 443 will wait for the client to send the first packet, then extract the SNI and other information for the rule system to judge. - DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules add an optional parameter called extended-matching. When this parameter is enabled, the rule will try to match both the SNI and the HTTP Host Header (or :authority). - Added a parameter called always-raw-tcp-hosts, used to forcibly turn off active protocol detection for specific hostnames. * New proxy protocol support: Hysteria 2 Hysteria 2 is a proxy protocol optimized for unstable and packet-loss-prone network environments, based on UDP/QUIC. * Automatic QUIC blocking Since most proxy protocols are not suitable for forwarding QUIC traffic, Surge will now automatically block QUIC traffic to make it fallback to HTTPS/TCP protocol, ensuring performance. For QUIC traffic that hits the MITM hostname, it will also be automatically rejected. * ECN (Explicit Congestion Notification) support for QUIC-based protocols Significantly improved the performance of the Vector(Surge Ponte)/TUIC/Hysteria 2 protocol. #### Optimizations - Reworked HTTP capture functionality - The related settings are no longer stored in the configuration, the [Replica] section has been deprecated. - Added an automatic shut-off setting after turning on the capture switch, which can automatically stop capturing based on time, size, or the number of requests. - Added automatic activation of MITM after turning on the capture switch, which can be additionally turned on for specific hostnames. (Even if the main MITM switch is off). - Added an option to only save HTTP/HTTPS requests after turning on the capture switch. - Improved compatibility with some non-standard protocols. - When testing the Ponte policy, the test URL has been changed from proxy-test-url to internet-test-url. - Following the WireGuard protocol standard recommendation, WireGuard handshake packets will now be tagged with 0x88 (AF41) DSCP to increase the success rate. - When forwarding UDP packets via WireGuard, it supports retaining the TOS(DSCP/ECN) tag of packets inside the tunnel. - Based on the WireGuard protocol standard recommendation, Surge will copy the ECN tag from packets inside the tunnel to packets outside. When receiving packets with an ECN tag, they will be strictly merged according to RFC6040. (ecn=true must be set for the strategy). - UDP NAT can close the UDP session early based on ICMP messages. - Improved PMTU support for QUIC. #### Bug Fixes - Fixed the issue where the external resources of rule sets needed to be reloaded to take effect after updates. - After a network switch, it will forcefully break the original long connection of DoH/DoQ/DoH3 to avoid obtaining results that are not suitable for the current network environment. - Fixed the issue where invalid certificates might cause the key store interface to crash. - When performing MITM on HTTPS requests that directly connect using an IP address, the IP address should not be sent as SNI, as this might cause compatibility issues. - Other bug fixes.

#iOS#TestFlight Surge 5 5.21.0 (2942) is ready to test on iOS. What to Test: - 再次修正了模块可能不会自动更新的问题 5.8.0 RC4