In this release, we completely refactored the policy group functionality, bringing the following changes:
The url-test/fallback/load-balance policy group can no longer be configured with a specific testing URL but with a global testing URL or a policy-configured testing URL. The policy's test results can be used directly in all policy group decisions, eliminating the need to retest each policy group individually.
All types of policy groups support mixed nesting. The only requirement is that no circular references can be used.
When a group policy is used as a sub-policy of the url-test/fallback/load-balance group.
The latency of the select/url-test/fallback/ssid group is the latency of the selected policy.
The latency of the load-balance group is the average of the latencies of all available policies.
The timeout parameter of a policy group marks policies with latency exceeding this parameter as unavailable when making decisions for the group. But the maximum time taken to test the policy group is controlled by the global test-timeout parameter. (Default is 5s)
When testing a group due to decision making, all sub-policies that the group may use are tested, including sub-policies of the sub-policy group.
You may use no-alert=true parameter to suppress notifications for particular groups.
You can receive the notifications on iOS devices. Enable this option first and then configure it on Surge iOS. The two device must use a same iCloud account.
DOMAIN-SET is just like RULE-SET. But it is designed a large number of rules and highly efficient.
Unlike RULE-SET, you can only write hostnames (domain or IP address) in it. One hostname per line.
You may use "." prefix to include all sub-domains.
Changes in SRC-IP
SRC-IP rule now supports IP-CIDR for both IPv4 and IPv6.
Changes in DNS over HTTPS
From this version, if DNS-over-HTTPS is configured, the traditional DNS will only be used to test the connectivity and resolve the domain in the DOH URL.
The DNS over HTTPS now has a separate parameter: doh-server. The DOH servers in 'dns-server' will be moved to the new parameter after saving.
The legacy DNS is always required now.
DOH can be matched with rule 'PROTOCOL,DOH' now.
Added a new parameter 'doh-follow-outbound-mode'. In the previous version, the DOH client follows the system proxy settings. From this version, all DOH requests will use DIRECT policy by default. If 'doh-follow-outbound-mode' is set, the DOH requests will follow the outbound mode settings regardless of the system proxy settings.
We are refactoring the HTTP client for DOH and scripting. Please feedback if you encounter any issue.
Changes in Scripting
Added a simple view to test the script. You may find it in the Window menu.
Fixed a crash in Dashboard while using search.
You may not configure DOH with UI in this version temporarily.
New feature: Module, which can override the current profile with a set of settings. Highly flexible for diverse purposes. See the post in the community for more information: https://community.nssurge.com/d/225-module.
You may enable modules in the menu now.
You may view the detail of a module by double clicking.
Supports pattern filter for Dashboard requests.
Added a new rule type: PROTOCOL. The possible values are HTTP, HTTPS, SOCKS, SNELL, TCP, UDP.
You may now use UI to add and edit load-balance group.
DNS over HTTP (DoH) now uses DNS wireformat by default. You may configure doh-format=json in [General] to continue using JSON format.
You can now use a script to modify the response headers and status code.
USB module has been refactored to improve stability. Also, you may choose the device from multiple USB devices now.
HTTP and MitM engine has been refactored. Please report if you encounter any issues.
You can now use URL-REGEX rule for MitM connections.
You may use prefix '-' to exclude domains for MitM. Example:
hostname = -*.apple.com, -*.icloud.com, *
MitM hostname list now supports port number. By default only the connections to port 443 will be decrypted. Use suffix :port to enable MitM for other ports. Use suffix :0 to enable MitM for all ports on the hostname.
URL rewrite type 'header' is now available for MitM connections. You may also use it to rewrite a plain HTTP request to an HTTPS request.
You can now enable/disable a rule.
Added a small indicator in the menu icon for Metered Network Mode.</lo>
Added main switches for rewrite and scripting.
Supports TCP SACKs for Surge VIF.
New general option: force-http-engine-hosts. You can force Surge to treat a raw TCP connection as an HTTP connection, to enable high-level functions such as URL-REGEX rules, rewrite and scripting. This option uses the same format as [MITM] hostname option.
New option for url-test/fallback group: evaluate-before-use. By default, the requests before a connection evaluation will use the first policy in the list and trigger the evaluate. Enable the option to delay the requests until the evaluation completed.