Update documentation

constant/version.go

@@ -1,6 +1,6 @@
 package constant
 
 var (
-	Version = "1.1-beta1"
+	Version = "1.1-beta2"
 	Commit  = ""
 )

docs/changelog.md

@@ -1,3 +1,28 @@
+#### 1.1-beta2
+
+* Add Clash mode and persistence support **1**
+* Add TLS ECH and uTLS support for outbound TLS options **2**
+* Fix socks4 request
+* Fix processing empty dns result
+
+*1*:
+
+Switching modes using the Clash API, and `store-selected` are now supported,
+see [Experimental](/configuration/experimental).
+
+*2*:
+
+ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
+message, see [TLS#ECH](/configuration/shared/tls#ech).
+
+uTLS is a fork of "crypto/tls", which provides ClientHello fingerprinting resistance,
+see [TLS#uTLS](/configuration/shared/tls#utls).
+
+#### 1.0.2
+
+* Fix socks4 request
+* Fix processing empty dns result
+
 #### 1.1-beta1
 
 * Add support for use with android VPNService **1**

docs/configuration/dns/rule.md

@@ -73,6 +73,7 @@
         "user_id": [
           1000
         ],
+        "clash_mode": "direct",
         "invert": false,
         "outbound": [
           "direct"
@@ -208,6 +209,10 @@ Match user name.
 
 Match user id.
 
+#### clash_mode
+
+Match Clash mode.
+
 #### invert
 
 Invert match result.

docs/configuration/dns/rule.zh.md

@@ -72,6 +72,7 @@
         "user_id": [
           1000
         ],
+        "clash_mode": "direct",
         "invert": false,
         "outbound": [
           "direct"
@@ -207,6 +208,10 @@
 
 匹配用户 ID。
 
+#### clash_mode
+
+匹配 Clash 模式。
+
 #### invert
 
 反选匹配结果。

docs/configuration/experimental/index.md

@@ -8,7 +8,10 @@
     "clash_api": {
       "external_controller": "127.0.0.1:9090",
       "external_ui": "folder",
-      "secret": ""
+      "secret": "",
+      "default_mode": "rule",
+      "store_selected": false,
+      "cache_file": "cache.db"
     }
   }
 }
@@ -26,7 +29,7 @@
 
 #### external_controller
 
-RESTful web API listening address. Disabled if empty.
+RESTful web API listening address. Clash API will be disabled if empty.
 
 #### external_ui
 
@@ -38,4 +41,22 @@ serve it at `http://{{external-controller}}/ui`.
 
 Secret for the RESTful API (optional)
 Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
-ALWAYS set a secret if RESTful API is listening on 0.0.0.0
+ALWAYS set a secret if RESTful API is listening on 0.0.0.0
+
+#### default_mode
+
+Default mode in clash, `rule` will be used if empty.
+
+This setting has no direct effect, but can be used in routing and DNS rules via the `clash_mode` rule item.
+
+#### store_selected
+
+!!! note ""
+
+    The tag must be set for target outbounds.
+
+Store selected outbound for the `Selector` outbound in cache file.
+
+#### cache_file
+
+Cache file path, `cache.db` will be used if empty.

docs/configuration/experimental/index.zh.md

@@ -8,7 +8,10 @@
     "clash_api": {
       "external_controller": "127.0.0.1:9090",
       "external_ui": "folder",
-      "secret": ""
+      "secret": "",
+      "default_mode": "rule",
+      "store_selected": false,
+      "cache_file": "cache.db"
     }
   }
 }
@@ -26,7 +29,7 @@
 
 #### external_controller
 
-RESTful web API 监听地址。
+RESTful web API 监听地址。如果为空，则禁用 Clash API。
 
 #### external_ui
 
@@ -36,4 +39,22 @@ RESTful web API 监听地址。
 
 RESTful API 的密钥（可选）
 通过指定 HTTP 标头 `Authorization: Bearer ${secret}` 进行身份验证
-如果 RESTful API 正在监听 0.0.0.0，请始终设置一个密钥。
+如果 RESTful API 正在监听 0.0.0.0，请始终设置一个密钥。
+
+#### default_mode
+
+Clash 中的默认模式，默认使用 `rule`。
+
+此设置没有直接影响，但可以通过 `clash_mode` 规则项在路由和 DNS 规则中使用。
+
+#### store_selected
+
+!!! note ""
+
+    必须为目标出站设置标签。
+
+将 `Selector` 中出站的选定的目标出站存储在缓存文件中。
+
+#### cache_file
+
+缓存文件路径，默认使用`cache.db`。

docs/configuration/route/rule.md

@@ -80,6 +80,7 @@
         "user_id": [
           1000
         ],
+        "clash_mode": "direct",
         "invert": false,
         "outbound": "direct"
       },
@@ -219,6 +220,10 @@ Match user name.
 
 Match user id.
 
+#### clash_mode
+
+Match Clash mode.
+
 #### invert
 
 Invert match result.

docs/configuration/route/rule.zh.md

@@ -78,6 +78,7 @@
         "user_id": [
           1000
         ],
+        "clash_mode": "direct",
         "invert": false,
         "outbound": "direct"
       },
@@ -217,6 +218,10 @@
 
 匹配用户 ID。
 
+#### clash_mode
+
+匹配 Clash 模式。
+
 #### invert
 
 反选匹配结果。

docs/configuration/shared/tls.md

@@ -30,10 +30,6 @@
 }
 ```
 
-!!! warning ""
-
-    ACME is not included by default, see [Installation](/#installation).
-
 ### Outbound
 
 ```json
@@ -47,7 +43,17 @@
   "max_version": "",
   "cipher_suites": [],
   "certificate": "",
-  "certificate_path": ""
+  "certificate_path": "",
+  "ech": {
+    "enabled": false,
+    "pq_signature_schemes_enabled": false,
+    "dynamic_record_sizing_disabled": false,
+    "config": ""
+  },
+  "utls": {
+    "enabled": false,
+    "fingerprint": ""
+  }
 }
 ```
 
@@ -155,8 +161,48 @@ The server private key, in PEM format.
 
 The path to the server private key, in PEM format.
 
+#### ech
+
+==Client only==
+
+!!! warning ""
+
+    ECH is not included by default, see [Installation](/#installation).
+
+ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
+message.
+
+If you don't know how to fill in the other configuration, just set `enabled`.
+
+#### utls
+
+==Client only==
+
+!!! warning ""
+
+    uTLS is not included by default, see [Installation](/#installation).
+
+!!! note ""
+
+    uTLS is poorly maintained and the effect may be unproven, use at your own risk.
+
+uTLS is a fork of "crypto/tls", which provides ClientHello fingerprinting resistance.
+
+Available fingerprint values:
+
+* chrome
+* firefox
+* ios
+* android
+* random
+
+
 ### ACME Fields
 
+!!! warning ""
+
+    ACME is not included by default, see [Installation](/#installation).
+
 #### domain
 
 List of domain.
@@ -205,10 +251,6 @@ listener for the HTTP challenge.
 The alternate port to use for the ACME TLS-ALPN challenge; the system must forward 443 to this port for challenge to
 succeed.
 
-### Reload
-
-For server configuration, certificate and key will be automatically reloaded if modified.
-
 #### external_account
 
 EAB (External Account Binding) contains information necessary to bind or map an ACME account to some other account known
@@ -226,4 +268,8 @@ The key identifier.
 
 #### external_account.mac_key
 
-The MAC key.
+The MAC key.
+
+### Reload
+
+For server configuration, certificate and key will be automatically reloaded if modified.