support multiple and discrete port ranges

lonnywong · lonnywong · commit 7944f616badf · 2026-01-11T23:16:57.000+08:00
diff --git a/README.cn.md b/README.cn.md
@@ -38,11 +38,11 @@ tssh 和 tsshd 的工作方式与 ssh 完全相同，没有计划支持本地回
 
 2. 在服务端（远程机器）上安装 [tsshd](https://github.com/trzsz/tsshd?tab=readme-ov-file#installation)。
 
-3. 使用 `tssh --udp xxx` 登录服务器。在 `~/.ssh/config` 中如下配置可省略 `--udp` 参数：
+3. 使用 `tssh --udp xxx` 登录服务器（对延迟敏感可指定 `--kcp` 选项）。在 `~/.ssh/config` 中如下配置可省略 `--udp` 或 `--kcp` 选项：
 
    ```
    Host xxx
-       #!! UdpMode yes
+       #!! UdpMode Yes/QUIC/KCP
    ```
 
 ## 原理简介
@@ -51,7 +51,7 @@ tssh 和 tsshd 的工作方式与 ssh 完全相同，没有计划支持本地回
 
 - `tssh` 会先作为一个 ssh 客户端正常登录到服务器上，然后在服务器上启动一个新的 `tsshd` 进程。
 
-- `tsshd` 进程会随机侦听一个 61001 到 61999 之间的 UDP 端口（可通过 `UdpPort` 配置自定义），并将其端口和几个密钥通过 ssh 通道发回给 `tssh` 进程。登录的 ssh 连接会被关闭，然后 `tssh` 进程通过 UDP 与 `tsshd` 进程通讯。
+- `tsshd` 进程会随机侦听一个 61001 到 61999 之间的 UDP 端口（可通过 `TsshdPort` 配置自定义），并将其端口和几个密钥通过 ssh 通道发回给 `tssh` 进程。登录的 ssh 连接会被关闭，然后 `tssh` 进程通过 UDP 与 `tsshd` 进程通讯。
 
 ## 重连架构
 
@@ -98,7 +98,7 @@ tssh 和 tsshd 的工作方式与 ssh 完全相同，没有计划支持本地回
 ```
 Host xxx
     #!! UdpMode Yes
-    #!! UdpPort 61001-61999
+    #!! TsshdPort 61001-61999
     #!! TsshdPath ~/go/bin/tsshd
     #!! UdpAliveTimeout 86400
     #!! UdpHeartbeatTimeout 3
@@ -110,9 +110,9 @@ Host xxx
 
 - `UdpMode`: `No` (默认为`No`: tssh 工作在 TCP 模式), `Yes` (默认协议: `QUIC`), `QUIC` ([QUIC](https://github.com/quic-go/quic-go) 协议：速度更快), `KCP` ([KCP](https://github.com/xtaci/kcp-go) 协议：延迟更低).
 
-- `UdpPort`: 指定 tsshd 监听的 UDP 端口范围，默认值为 [61001, 61999]。
+- `TsshdPort`: 指定 tsshd 监听的端口范围，默认值为 [61001, 61999]。支持指定离散的端口列表(如`6022,7022`)，也支持指定离散的端口范围(如`8010-8020,9020-9030,10080`)，tsshd 会随机监听其中一个空闲的端口。也可在命令行中使用 `--tsshd-port` 指定端口。
 
-- `TsshdPath`: 指定服务器上 tsshd 二进制程序的路径，如果未配置，则在 $PATH 中查找。
+- `TsshdPath`: 指定服务器上 tsshd 二进制程序的路径，如果未配置，则在 $PATH 中查找。也可在命令行中使用 `--tsshd-path` 指定路径。
 
 - `UdpAliveTimeout`: 如果断开连接的时间超过 `UdpAliveTimeout` 秒，tssh 和 tsshd 都会退出，不再支持重连。默认值为 86400 秒。
 
diff --git a/README.md b/README.md
@@ -39,11 +39,11 @@ tssh and tsshd works exactly like ssh, there are no plans to support local echo
 
 2. Install [tsshd](https://github.com/trzsz/tsshd?tab=readme-ov-file#installation) on the server ( the remote host ).
 
-3. Use `tssh --udp xxx` to login to the server. Or configure as follows in `~/.ssh/config` to omit `--udp`:
+3. Use `tssh --udp xxx` to log in (latency-sensitive users can specify `--kcp` option). Or configure as follows in `~/.ssh/config` to omit `--udp` or `--kcp` option:
 
    ```
    Host xxx
-       #!! UdpMode yes
+       #!! UdpMode Yes/QUIC/KCP
    ```
 
 ### How it works
@@ -52,7 +52,7 @@ tssh and tsshd works exactly like ssh, there are no plans to support local echo
 
 - The `tssh` will first login to the server normally as an ssh client, and then run a new `tsshd` process on the server.
 
-- The `tsshd` process listens on a random udp port between 61001 and 61999 (can be customized by `UdpPort`), and sends its port number and some secret keys back to the `tssh` process over the ssh channel. The ssh connection is then shut down, and the `tssh` process communicates with the `tsshd` process over udp.
+- The `tsshd` process listens on a random udp port between 61001 and 61999 (can be customized by `TsshdPort`), and sends its port number and some secret keys back to the `tssh` process over the ssh channel. The ssh connection is then shut down, and the `tssh` process communicates with the `tsshd` process over udp.
 
 ### Reconnection
 
@@ -99,7 +99,7 @@ tssh and tsshd works exactly like ssh, there are no plans to support local echo
 ```
 Host xxx
     #!! UdpMode Yes
-    #!! UdpPort 61001-61999
+    #!! TsshdPort 61001-61999
     #!! TsshdPath ~/go/bin/tsshd
     #!! UdpAliveTimeout 86400
     #!! UdpHeartbeatTimeout 3
@@ -111,9 +111,9 @@ Host xxx
 
 - `UdpMode`: `No` (the default: tssh works in TCP mode), `Yes` (default protocol: `QUIC`), `QUIC` ([QUIC](https://github.com/quic-go/quic-go) protocol: faster speed), `KCP` ([KCP](https://github.com/xtaci/kcp-go) protocol: lower latency).
 
-- `UdpPort`: Specifies the range of UDP ports that tsshd listens on, the default value is [61001, 61999].
+- `TsshdPort`: Specifies the port range that tsshd listens on, default is [61001, 61999]. You can specify multiple discrete ports (e.g., `6022,7022`) or multiple discrete ranges (e.g., `8010-8020,9020-9030,10080`); tsshd will randomly choose an available port. You can also specify the port on the command line using `--tsshd-port`.
 
-- `TsshdPath`: Specifies the path to the tsshd binary on the server, lookup in $PATH if not configured.
+- `TsshdPath`: Specifies the path to the tsshd binary on the server, lookup in $PATH if not configured. You can also specify the path on the command line using `--tsshd-path`.
 
 - `UdpAliveTimeout`: If the disconnection lasts longer than `UdpAliveTimeout` in seconds, tssh and tsshd will both exit, and no longer support reconnection. The default is 86400 seconds.
 
diff --git a/tsshd/server.go b/tsshd/server.go
@@ -42,7 +42,6 @@ import (
 	"strconv"
 	"strings"
 	"time"
-	"unicode"
 
 	"github.com/quic-go/quic-go"
 	"github.com/xtaci/kcp-go/v5"
@@ -58,10 +57,7 @@ const (
 	kProxyModeTCP = "TCP"
 )
 
-const (
-	kDefaultPortRangeLow  = 61001
-	kDefaultPortRangeHigh = 61999
-)
+const kDefaultPortRange = "61001-61999"
 
 const (
 	kDefaultMTU = 1400
@@ -120,25 +116,71 @@ func initServer(args *tsshdArgs) (*kcp.Listener, *quic.Listener, error) {
 	return kcpListener, quicListener, nil
 }
 
-func getPortRange(args *tsshdArgs) (int, int) {
-	if args.Port == "" {
-		return kDefaultPortRangeLow, kDefaultPortRangeHigh
-	}
-	ports := strings.FieldsFunc(args.Port, func(c rune) bool {
-		return unicode.IsSpace(c) || c == ',' || c == '-'
-	})
-	if len(ports) == 1 {
-		if port, err := strconv.Atoi(ports[0]); err == nil {
-			return port, port
+func parsePortRanges(tsshdPort string) [][2]uint16 {
+	var ranges [][2]uint16
+
+	addPortRange := func(lowPort string, highPort *string) {
+		low, err := strconv.ParseUint(lowPort, 10, 16)
+		if err != nil || low == 0 {
+			warning("tsshd port [%s] invalid: port [%s] is not a value in [1, 65535]", tsshdPort, lowPort)
+			return
+		}
+		high := low
+		if highPort != nil {
+			high, err = strconv.ParseUint(*highPort, 10, 16)
+			if err != nil || high == 0 {
+				warning("tsshd port [%s] invalid: port [%s] is not a value in [1, 65535]", tsshdPort, *highPort)
+				return
+			}
 		}
-	} else if len(ports) == 2 {
-		port0, err0 := strconv.Atoi(ports[0])
-		port1, err1 := strconv.Atoi(ports[1])
-		if err0 == nil && err1 == nil {
-			return port0, port1
+		if low > high {
+			warning("tsshd port [%s] invalid: port range [%d-%d] is invalid (low > high)", tsshdPort, low, high)
+			return
+		}
+		ranges = append(ranges, [2]uint16{uint16(low), uint16(high)})
+	}
+
+	for seg := range strings.SplitSeq(tsshdPort, ",") {
+		tokens := strings.Fields(seg)
+		k := -1
+		for i := 0; i < len(tokens); i++ {
+			token := tokens[i]
+			// Case 1: combined form like "8000-9000"
+			if strings.Contains(token, "-") && token != "-" {
+				parts := strings.Split(token, "-")
+				if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
+					warning("tsshd port [%s] invalid: malformed port range [%s]", tsshdPort, token)
+					continue
+				}
+				addPortRange(parts[0], &parts[1])
+				continue
+			}
+			// Case 2: single "-"
+			if token == "-" {
+				if i == 0 || i+1 >= len(tokens) || i-1 <= k {
+					warning("tsshd port [%s] invalid: '-' must appear between two ports", tsshdPort)
+					i++
+					continue
+				}
+				addPortRange(tokens[i-1], &tokens[i+1])
+				k = i + 1
+				i++ // skip high
+				continue
+			}
+			// Case 3: part of a range: skip (handled by '-')
+			if i+1 < len(tokens) && tokens[i+1] == "-" {
+				continue
+			}
+			// Case 4: plain number
+			if i > 0 && tokens[i-1] == "-" {
+				warning("tsshd port [%s] invalid: malformed port range [- %s]", tsshdPort, token)
+				continue
+			}
+			addPortRange(token, nil)
 		}
 	}
-	return kDefaultPortRangeLow, kDefaultPortRangeHigh
+
+	return ranges
 }
 
 func canListenOnIP(args *tsshdArgs, udpAddr *net.UDPAddr) bool {
@@ -228,42 +270,57 @@ func getUdpAddrs(args *tsshdArgs) ([]*net.UDPAddr, error) {
 }
 
 func listenOnFreePort(args *tsshdArgs) ([]io.Closer, int, error) {
-	portRangeLow, portRangeHigh := getPortRange(args)
-	if portRangeHigh < portRangeLow {
-		return nil, 0, fmt.Errorf("no port in [%d,%d]", portRangeLow, portRangeHigh)
+	tsshdPort := args.Port
+	if tsshdPort == "" {
+		tsshdPort = kDefaultPortRange
+	}
+	portRanges := parsePortRanges(tsshdPort)
+	if len(portRanges) == 0 {
+		return nil, 0, fmt.Errorf("no available port in [%s]", tsshdPort)
 	}
+	if len(portRanges) > 1 {
+		math_rand.Shuffle(len(portRanges), func(i, j int) {
+			portRanges[i], portRanges[j] = portRanges[j], portRanges[i]
+		})
+	}
+
 	addrs, err := getUdpAddrs(args)
 	if err != nil {
 		return nil, 0, fmt.Errorf("get available udp address failed: %v", err)
 	}
+
 	var lastErr error
-	size := portRangeHigh - portRangeLow + 1
-	port := portRangeLow + math_rand.Intn(size)
-	for range size {
-		var connList []io.Closer
-		for _, addr := range addrs {
-			conn, err := listenOnPort(args, addr, port)
-			if err != nil {
-				lastErr = err
-				break
+	for _, portRange := range portRanges {
+		portRangeLow, portRangeHigh := int(portRange[0]), int(portRange[1])
+		size := portRangeHigh - portRangeLow + 1
+		port := portRangeLow + math_rand.Intn(size)
+		for range size {
+			var connList []io.Closer
+			for _, addr := range addrs {
+				conn, err := listenOnPort(args, addr, port)
+				if err != nil {
+					lastErr = err
+					break
+				}
+				connList = append(connList, conn)
+			}
+			if len(connList) == len(addrs) {
+				return connList, port, nil
+			}
+			for _, conn := range connList {
+				_ = conn.Close()
+			}
+			port++
+			if port > portRangeHigh {
+				port = portRangeLow
 			}
-			connList = append(connList, conn)
-		}
-		if len(connList) == len(addrs) {
-			return connList, port, nil
-		}
-		for _, conn := range connList {
-			_ = conn.Close()
-		}
-		port++
-		if port > portRangeHigh {
-			port = portRangeLow
 		}
 	}
+
 	if lastErr != nil {
-		return nil, 0, fmt.Errorf("listen udp on [%d,%d] failed: %v", portRangeLow, portRangeHigh, lastErr)
+		return nil, 0, fmt.Errorf("listen udp on [%s] failed: %v", tsshdPort, lastErr)
 	}
-	return nil, 0, fmt.Errorf("listen udp on [%d,%d] failed", portRangeLow, portRangeHigh)
+	return nil, 0, fmt.Errorf("listen udp on [%s] failed", tsshdPort)
 }
 
 func listenOnPort(args *tsshdArgs, udpAddr *net.UDPAddr, port int) (conn io.Closer, err error) {
diff --git a/tsshd/server_test.go b/tsshd/server_test.go
@@ -0,0 +1,65 @@
+/*
+MIT License
+
+Copyright (c) 2024-2026 The Trzsz SSH Authors.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+*/
+
+package tsshd
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestParsePortRanges(t *testing.T) {
+	enableWarning := enableWarningLogging
+	enableWarningLogging = false
+	defer func() { enableWarningLogging = enableWarning }()
+
+	assert := assert.New(t)
+	assert.Equal([][2]uint16{{22, 22}}, parsePortRanges("22"))
+	assert.Equal([][2]uint16{{100, 102}}, parsePortRanges("100-102"))
+	assert.Equal([][2]uint16{{200, 202}}, parsePortRanges("200 - 202"))
+	assert.Equal([][2]uint16{{10, 10}, {20, 20}, {30, 30}}, parsePortRanges("10 20 30"))
+	assert.Equal([][2]uint16{{1, 3}, {5, 5}, {7, 9}, {11, 11}}, parsePortRanges("1-3 5,7 - 9 11"))
+	assert.Equal([][2]uint16{{1, 2}, {3, 4}, {5, 5}}, parsePortRanges("1-2,3-4 5"))
+	assert.Equal([][2]uint16{{10, 12}, {15, 15}}, parsePortRanges("  10\t-\t12  , 15 "))
+	assert.Equal([][2]uint16{{50, 50}}, parsePortRanges("50-50"))
+	assert.Equal([][2]uint16{{10, 10}, {20, 20}}, parsePortRanges("10,,20"))
+	assert.Equal([][2]uint16(nil), parsePortRanges("0,70000,abc"))
+	assert.Equal([][2]uint16(nil), parsePortRanges("100-50"))
+	assert.Equal([][2]uint16(nil), parsePortRanges("-"))
+	assert.Equal([][2]uint16(nil), parsePortRanges("- 10"))
+	assert.Equal([][2]uint16(nil), parsePortRanges("10 -"))
+	assert.Equal([][2]uint16{{1, 3}, {7, 7}}, parsePortRanges("1-3,abc,5 - 4,7"))
+	assert.Equal([][2]uint16(nil), parsePortRanges(""))
+	assert.Equal([][2]uint16(nil), parsePortRanges("8000-9000-10000"))
+	assert.Equal([][2]uint16(nil), parsePortRanges("8000-"))
+	assert.Equal([][2]uint16(nil), parsePortRanges("-9000"))
+	assert.Equal([][2]uint16{{10, 12}}, parsePortRanges("10 - 12 - 15"))
+	assert.Equal([][2]uint16{{1, 65535}}, parsePortRanges("1-65535"))
+	assert.Equal([][2]uint16{{10, 10}, {10, 10}, {10, 10}}, parsePortRanges("10 10 10"))
+	assert.Equal([][2]uint16{{20, 25}, {22, 23}}, parsePortRanges("20-25 22-23"))
+	assert.Equal([][2]uint16(nil), parsePortRanges("10 - 0"))
+	assert.Equal([][2]uint16(nil), parsePortRanges("10 - - 11"))
+	assert.Equal([][2]uint16{{10, 11}}, parsePortRanges("10 - 11 -"))
+}
