v1.14.2
What's Changed
- fix: skip-cert-verify is true by default by @3andero in #333
- chore: Refine process code by @cubemaze
- chore: adjust the case of Program names and HttpRequest UA by @cubemaze
- Fix: TLS defaults to true for h2/grpc networks by @cubemaze
- refactor: replace experimental.fingerprints with custom-certificates and Change the fingerprint verification logic to SSL pinning by @Skyxim
- fix: ss converter cipher missing by @cubemaze
- fix: config parse error by @Skyxim
- chore: better workflow by @wwqgtxx
- refactor: Implement extended IO by @H1JK
- chore: tuic decrease unneeded copy by @wwqgtxx
- chore: decrease direct depend on the sing package by @wwqgtxx
- fix: addr panic by @wwqgtxx
- adjust: Improve WebSocket mask by @H1JK
- feat: gRPC gun implement extended writer by @H1JK
- chore: Update BBR config by @Larvan2
- fix: tuic server's SetCongestionController by @wwqgtxx
- fix: tuic server's MaxIncomingStreams by @wwqgtxx
- fix: tcpTracker's upload by @wwqgtxx
- chore: new Random TLS KeyPair when empty input by @wwqgtxx
- Fix: Remove EnableProcess from config.go and enable-process from config.yaml. FindProcess is now enabled by default when the rule set contains process-name rules by @Larvan2
- fix: ShadowTLS header use array instead by @H1JK
- feat: better config for sniffer by @Skyxim
- feat: add override-destination for sniffer by @Skyxim
- make ConvertsV2Ray more robust by @ag2s20150909 in #349
- Chore: Decrease the default MaxUdpRelayPacketSize to 1252 to avoid the relay UDP exceeding the size of the QUIC's datagram. ClientMaxOpenStreams now follows the config.yaml option by @Larvan2
- chore: better source address by @Skyxim
- feat: Converter support WS early data parameters by @H1JK
- fix: sub-rule condition don't work by @Skyxim
- chore: better parse udp dns by @Skyxim
- Chore: Add GEO data url configuration by @Larvan2
- Chore: Change default latency test url to HTTPS by @Larvan2
- Chore: Better parsing pure IPv6 UDP DNS by @Larvan2
- chore: better parsing pure UDP DNS by @Larvan2
- feature: geosite-based nameserver policy by @i40e
- chore: restful api display xudp for VLESS and VMess by @cubemaze
- chore: adjust keyword for geosite-based nameserver policy by @cubemaze
- adjust: VLESS enable XUDP by default by @H1JK
- docs(README.md): remove missing image link, mention Yacd-meta by @kunish in #356
- fix: get tlsconfig err not handle, return nil pointer #358 by @tgNotHouse in #360
- feat: Add utls for client's fingerprint. by @Larvan2 in #361
- chore: fix mips atomic panic by @wwqgtxx
- feat: nameserver policy support multiple server by @Skyxim
- fix: Converter Shadowsocks password parse by @H1JK
- chore: override-destination default value is true by @Skyxim
- feat: add global-client-fingerprint by @Larvan2
- fix: sniff domain don't match geosite when override-destination valuE is false by @Skyxim
- chore: do not use extra pointer in UClient by @wwqgtxx
- chore: avoid repeated wrapper by @Skyxim
- fix: tun udp with 4in6 ip by @wwqgtxx
- chore: better bind in windows by @wwqgtxx
- fix: RoundRobin strategy of load balance when called multiple times by @Ovear in #390
- feat: introduce a new robust approach to handle tproxy udp by @Ovear in #389
- style: run go fmt on every .go file by @kunish in #392
- fix: parsing ipv6 doh error by @Skyxim
- chore: Considering remove GOAMD64=v2 of linux-amd64-compatible by @wwqgtxx
- fix: websocket headroom by @wwqgtxx
- fix: disable header protection in vmess server by @wwqgtxx
Config changes
# 全局TLS指纹,优先低于proxy内的 client-fingerprint
# 可选:"chrome","firefox","safari","ios","random","none" options.
# Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint: chrome
# DNS 分流支持 GeoSite
dns:
#此处省略部分设置#
nameserver-policy:
"geosite:cn":
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
nameserver:
- https://dns.google/dns-query
- https://dns.cloudflare.com/dns-query
- https://doh.opendns.com/dns-query
- https://doh.dns.sb/dns-query
# 嗅探域名
sniffer:
enable: false
## 对 redir-host 类型识别的流量进行强制嗅探
## 如:Tun、Redir 和 TProxy 并 DNS 为 redir-host 皆属于
# force-dns-mapping: false
## 对所有未获取到域名的流量进行强制嗅探
# parse-pure-ip: false
# 是否使用嗅探结果作为实际访问,默认 true
# 全局配置,优先级低于 sniffer.sniff 实际配置
override-destination: false
sniff:
# TLS 默认如果不配置 ports 默认嗅探 443
TLS:
# ports: [443, 8443]
# 默认嗅探 80
HTTP:
# 需要嗅探的端口
ports: [80, 8080-8880]
# 可覆盖 sniffer.override-destination
override-destination: true
force-domain:
- +.v2ex.com
## 对嗅探结果进行跳过
# skip-domain:
# - Mijia Cloud
proxies:
#此处省略部分设置#
# vmess
- name: "vmess"
type: vmess/vless/trojan
client-fingerprint: chrome
# 可选:"chrome","firefox","safari","ios","random","none" options.
# Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
New Contributors
- @kunish made their first contribution in #356
- @tgNotHouse made their first contribution in #360
- @Ovear made their first contribution in #390
Full Changelog: v1.14.1...v1.14.2