Instead of maintaining hundreds of domains for each service, we can route based on IP blocks. That means entire networks get handled at once.
How: Sing-box supports rule_set with ip_cidr entries. Just grab all CIDR ranges belonging to an ASN (like AS15169 for Google) and throw them into a JSON file. Then route that rule-set to the MITM outbound.
Why better: Domains change, CDNs add weird subdomains, SNI sniffing fails sometimes. IP ranges are static and cover everything in that ASN.
Note: There's no native asn: rule in Sing-box, but bundling CIDRs into a rule-set works perfectly.
Example:
{
"route": {
"rules": [{"rule_set": "google-asn", "outbound": "tls-repack-google"}],
"rule_set": [{"tag": "google-asn", "type": "local", "format": "source", "path": "google_cidrs.json"}]
}
}i might be wrong, if i am just correct me or say why this isnt a good idea before closing as not planned, it could be a super powerful thing, maybe a new repo?
Instead of maintaining hundreds of domains for each service, we can route based on IP blocks. That means entire networks get handled at once.
How: Sing-box supports
rule_setwithip_cidrentries. Just grab all CIDR ranges belonging to an ASN (like AS15169 for Google) and throw them into a JSON file. Then route that rule-set to the MITM outbound.Why better: Domains change, CDNs add weird subdomains, SNI sniffing fails sometimes. IP ranges are static and cover everything in that ASN.
Note: There's no native
asn:rule in Sing-box, but bundling CIDRs into a rule-set works perfectly.Example:
{ "route": { "rules": [{"rule_set": "google-asn", "outbound": "tls-repack-google"}], "rule_set": [{"tag": "google-asn", "type": "local", "format": "source", "path": "google_cidrs.json"}] } }i might be wrong, if i am just correct me or say why this isnt a good idea before closing as not planned, it could be a super powerful thing, maybe a new repo?