design.md 1.9 KB
Context
The current docs/surge-client.conf routes AI/streaming through the chained landing proxy and everything else through the relay. There is no handling for China-destined traffic, which gets unnecessarily routed through the relay server, adding latency and potentially breaking access to domestic services.
Sukka's ruleset already provides comprehensive China domain and IP lists at ruleset.skk.moe.
Goals / Non-Goals
Goals:
- Route China domains and IPs to
DIRECTin the reference Surge client config - Use Sukka's maintained China rulesets (no self-maintained lists)
- Maintain correct rule ordering (domain rules before IP rules)
Non-Goals:
- Server-side changes (this is purely client-side Surge config)
- GeoIP database management (Surge handles this via Sukka's rulesets)
Decisions
1. Rule placement: China rules before FINAL, after service-specific rules
China direct rules are inserted after the AI/streaming rules but before FINAL. This way, AI/streaming traffic still goes through the chain even if the IP happens to resolve to a China range, while general China traffic goes direct.
Ordering:
- AI domain/non_ip rules → Chain
- Streaming domain/non_ip rules → Chain
- China domain/non_ip rules → DIRECT (new)
- Streaming IP rules → Chain
- China IP rules → DIRECT (new)
- FINAL → Relay-SS
2. Use Sukka's China rulesets
domainset/cn.conf— China domain setnon_ip/domestic.conf— non-IP China domestic rulesip/domestic.conf— China IP CIDR rules
Consistent with the existing approach of delegating all domain/IP lists to Sukka.
Risks / Trade-offs
- [China IP range overlap with CDN] → Some international services use China CDN nodes. These will go direct instead of through the proxy. This is typically desired behavior (faster access). If specific services break, they can be added as exceptions above the China rules.