listen on appropriate IP address

lonnywong · lonnywong · commit 0e225bc1726c · 2025-11-11T01:55:02.000+08:00
diff --git a/tsshd/main.go b/tsshd/main.go
@@ -36,6 +36,8 @@ import (
 	"time"
 )
 
+var kDefaultConnectTimeout = 10 * time.Second
+
 var exitChan = make(chan int, 1)
 
 type tsshdArgs struct {
@@ -158,6 +160,11 @@ func TsshdMain() int {
 	// cleanup on exit
 	defer cleanupOnExit()
 
+	// default connect timeout
+	if args.ConnectTimeout <= 0 {
+		args.ConnectTimeout = kDefaultConnectTimeout
+	}
+
 	// handle exit signals
 	handleExitSignals()
 
@@ -181,11 +188,7 @@ func TsshdMain() int {
 
 	go func() {
 		// should be connected in time
-		connectTimeout := args.ConnectTimeout
-		if connectTimeout <= 0 {
-			connectTimeout = 10 * time.Second
-		}
-		time.Sleep(connectTimeout)
+		time.Sleep(args.ConnectTimeout)
 		if !serving.Load() {
 			exitChan <- 1
 		}
diff --git a/tsshd/proto.go b/tsshd/proto.go
@@ -327,6 +327,7 @@ func newKcpClient(addr string, info *ServerInfo) (udpClient, error) {
 	if err != nil {
 		return nil, fmt.Errorf("kcp dial [%s] failed: %v", addr, err)
 	}
+	conn.SetWindowSize(1024, 1024)
 	conn.SetNoDelay(1, 10, 2, 1)
 	session, err := smux.Client(conn, &smuxConfig)
 	if err != nil {
diff --git a/tsshd/proxy.go b/tsshd/proxy.go
@@ -81,15 +81,16 @@ type udpBuffer struct {
 }
 
 type serverProxy struct {
-	frontendList []*net.UDPConn
-	backendConn  *net.UDPConn
-	clientConn   atomic.Pointer[udpConn]
-	authedConn   *udpConn
-	cipherBlock  *cipher.Block
-	clientID     uint64
-	serverID     uint64
-	serialNumber uint64
-	bufChan      chan *udpBuffer
+	connectTimeout time.Duration
+	frontendList   []*net.UDPConn
+	backendConn    *net.UDPConn
+	clientConn     atomic.Pointer[udpConn]
+	authedConn     *udpConn
+	cipherBlock    *cipher.Block
+	clientID       uint64
+	serverID       uint64
+	serialNumber   uint64
+	bufChan        chan *udpBuffer
 }
 
 func (p *serverProxy) isClientConn(conn *udpConn) bool {
@@ -191,13 +192,22 @@ func (p *serverProxy) backendToFrontend() {
 }
 
 func (p *serverProxy) serveFrontendConn(conn *net.UDPConn) {
+	defer func() { _ = conn.Close() }()
+	beginTime := time.Now()
+	neverReceived := true
+
 	current := 0
 	buffers := [2][]byte{make([]byte, 0xffff), make([]byte, 0xffff)}
 	for {
+		_ = conn.SetReadDeadline(time.Now().Add(p.connectTimeout))
 		n, addr, err := conn.ReadFromUDP(buffers[current])
 		if err != nil || n <= 0 {
+			if neverReceived && time.Since(beginTime) > p.connectTimeout {
+				return
+			}
 			continue
 		}
+		neverReceived = false
 		p.bufChan <- &udpBuffer{
 			conn: &udpConn{
 				frontendConn: conn,
@@ -221,7 +231,7 @@ func (p *serverProxy) serveProxy() {
 	go p.backendToFrontend()
 }
 
-func startServerProxy(frontendList []*net.UDPConn, info *ServerInfo) ([]*net.UDPConn, error) {
+func startServerProxy(frontendList []*net.UDPConn, info *ServerInfo, connectTimeout time.Duration) ([]*net.UDPConn, error) {
 	localAddr := "127.0.0.1:0"
 	udpAddr, err := net.ResolveUDPAddr("udp", localAddr)
 	if err != nil {
@@ -263,12 +273,13 @@ func startServerProxy(frontendList []*net.UDPConn, info *ServerInfo) ([]*net.UDP
 	info.ServerID = binary.BigEndian.Uint64(serverID)
 
 	proxy := &serverProxy{
-		frontendList: frontendList,
-		backendConn:  backendConn,
-		cipherBlock:  &cipherBlock,
-		clientID:     info.ClientID,
-		serverID:     info.ServerID,
-		bufChan:      make(chan *udpBuffer), // unbuffered channel to avaid copying buffer
+		connectTimeout: connectTimeout,
+		frontendList:   frontendList,
+		backendConn:    backendConn,
+		cipherBlock:    &cipherBlock,
+		clientID:       info.ClientID,
+		serverID:       info.ServerID,
+		bufChan:        make(chan *udpBuffer), // unbuffered channel to avaid copying buffer
 	}
 	go proxy.serveProxy()
 
diff --git a/tsshd/server.go b/tsshd/server.go
@@ -37,6 +37,7 @@ import (
 	"math/big"
 	math_rand "math/rand"
 	"net"
+	"os"
 	"strconv"
 	"strings"
 	"time"
@@ -74,7 +75,7 @@ func initServer(args *tsshdArgs) (*kcp.Listener, *quic.Listener, error) {
 	}
 
 	if args.Proxy {
-		conn, err = startServerProxy(conn, info)
+		conn, err = startServerProxy(conn, info, args.ConnectTimeout)
 		if err != nil {
 			return nil, nil, err
 		}
@@ -131,63 +132,92 @@ func getPortRange(args *tsshdArgs) (int, int) {
 	return kDefaultPortRangeLow, kDefaultPortRangeHigh
 }
 
-func getUdpNetworks(args *tsshdArgs) []string {
-	if args.IPv4 && !args.IPv6 {
-		return []string{"udp4"}
-	}
-	if !args.IPv4 && args.IPv6 {
-		return []string{"udp6"}
-	}
-	ipv4, ipv6 := false, false
-	addrs, err := net.InterfaceAddrs()
+func canListenOnUDP(udpAddr *net.UDPAddr) bool {
+	conn, err := net.ListenUDP("udp", udpAddr)
 	if err != nil {
-		return []string{"udp"}
+		return false
 	}
-	for _, addr := range addrs {
-		if ipNet, ok := addr.(*net.IPNet); ok {
-			if ipNet.IP.IsLoopback() {
-				continue
+	_ = conn.Close()
+	return true
+}
+
+func getUdpAddrs(args *tsshdArgs) ([]*net.UDPAddr, error) {
+	if sshConnection := os.Getenv("SSH_CONNECTION"); sshConnection != "" {
+		if tokens := strings.Fields(sshConnection); len(tokens) >= 3 {
+			ip := tokens[2]
+			if strings.HasPrefix(strings.ToLower(ip), "::ffff:") {
+				ip = ip[7:]
 			}
-			if ipNet.IP.To4() != nil {
-				ipv4 = true
-			} else if ipNet.IP.To16() != nil {
-				ipv6 = true
+			udpAddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:0", ip))
+			if err == nil && canListenOnUDP(udpAddr) {
+				return []*net.UDPAddr{udpAddr}, nil
 			}
 		}
 	}
-	if !ipv4 && !ipv6 {
-		return []string{"udp"}
-	}
-	var networks []string
-	if ipv4 {
-		networks = append(networks, "udp4")
+
+	var udpAddrs []*net.UDPAddr
+	ifaceAddrs, err := net.InterfaceAddrs()
+	if err == nil {
+		ipv4Only := args.IPv4 && !args.IPv6
+		ipv6Only := !args.IPv4 && args.IPv6
+		for _, addr := range ifaceAddrs {
+			if ipNet, ok := addr.(*net.IPNet); ok {
+				if ipNet.IP.IsLoopback() {
+					continue
+				}
+				if ipNet.IP.To4() != nil && !ipv6Only {
+					addr := &net.UDPAddr{IP: ipNet.IP}
+					if canListenOnUDP(addr) {
+						udpAddrs = append(udpAddrs, addr)
+					}
+				} else if ipNet.IP.To16() != nil && !ipv4Only {
+					var zone string
+					if ipAddr, ok := addr.(*net.IPAddr); ok {
+						zone = ipAddr.Zone
+					}
+					addr := &net.UDPAddr{IP: ipNet.IP, Zone: zone}
+					if canListenOnUDP(addr) {
+						udpAddrs = append(udpAddrs, addr)
+					}
+				}
+			}
+		}
 	}
-	if ipv6 {
-		networks = append(networks, "udp6")
+
+	if len(udpAddrs) == 0 {
+		udpAddr, err := net.ResolveUDPAddr("udp", ":0")
+		if err != nil {
+			return nil, err
+		}
+		return []*net.UDPAddr{udpAddr}, nil
 	}
-	return networks
+
+	return udpAddrs, nil
 }
 
 func listenUdpOnFreePort(args *tsshdArgs) ([]*net.UDPConn, int, error) {
 	portRangeLow, portRangeHigh := getPortRange(args)
 	if portRangeHigh < portRangeLow {
 		return nil, 0, fmt.Errorf("no port in [%d,%d]", portRangeLow, portRangeHigh)
 	}
-	networks := getUdpNetworks(args)
+	addrs, err := getUdpAddrs(args)
+	if err != nil {
+		return nil, 0, fmt.Errorf("get available udp address failed: %v", err)
+	}
 	var lastErr error
 	size := portRangeHigh - portRangeLow + 1
 	port := portRangeLow + math_rand.Intn(size)
 	for range size {
 		var connList []*net.UDPConn
-		for _, network := range networks {
-			conn, err := listenUdpOnPort(network, port)
+		for _, addr := range addrs {
+			conn, err := listenUdpOnPort(addr, port)
 			if err != nil {
 				lastErr = err
 				break
 			}
 			connList = append(connList, conn)
 		}
-		if len(connList) == len(networks) {
+		if len(connList) == len(addrs) {
 			return connList, port, nil
 		}
 		for _, conn := range connList {
@@ -204,15 +234,11 @@ func listenUdpOnFreePort(args *tsshdArgs) ([]*net.UDPConn, int, error) {
 	return nil, 0, fmt.Errorf("listen udp on [%d,%d] failed", portRangeLow, portRangeHigh)
 }
 
-func listenUdpOnPort(network string, port int) (*net.UDPConn, error) {
-	addr := fmt.Sprintf(":%d", port)
-	udpAddr, err := net.ResolveUDPAddr(network, addr)
-	if err != nil {
-		return nil, fmt.Errorf("resolve [%s] addr [%s] failed: %v", network, addr, err)
-	}
-	conn, err := net.ListenUDP(network, udpAddr)
+func listenUdpOnPort(udpAddr *net.UDPAddr, port int) (*net.UDPConn, error) {
+	udpAddr.Port = port
+	conn, err := net.ListenUDP("udp", udpAddr)
 	if err != nil {
-		return nil, fmt.Errorf("listen [%s] on [%s] failed: %v", network, addr, err)
+		return nil, fmt.Errorf("listen on [%s] failed: %v", udpAddr.String(), err)
 	}
 	return conn, nil
 }
diff --git a/tsshd/service.go b/tsshd/service.go
@@ -37,9 +37,9 @@ import (
 var smuxConfig = smux.Config{
 	Version:           2,
 	KeepAliveDisabled: true,
-	MaxFrameSize:      32 * 1024,
-	MaxStreamBuffer:   64 * 1024,
-	MaxReceiveBuffer:  4 * 1024 * 1024,
+	MaxFrameSize:      48 * 1024,
+	MaxStreamBuffer:   10 * 1024 * 1024,
+	MaxReceiveBuffer:  20 * 1024 * 1024,
 }
 
 type quicStream struct {
@@ -73,6 +73,7 @@ func handleKcpConn(conn *kcp.UDPSession) {
 		return
 	}
 
+	conn.SetWindowSize(1024, 1024)
 	conn.SetNoDelay(1, 10, 2, 1)
 
 	session, err := smux.Server(conn, &smuxConfig)

Original file line number	Diff line number	Diff line change
`@@ -327,6 +327,7 @@ func newKcpClient(addr string, info *ServerInfo) (udpClient, error) {`
`327`	`327`	`if err != nil {`
`328`	`328`	`return nil, fmt.Errorf("kcp dial [%s] failed: %v", addr, err)`
`329`	`329`	`}`
	`330`	`+ conn.SetWindowSize(1024, 1024)`
`330`	`331`	`conn.SetNoDelay(1, 10, 2, 1)`
`331`	`332`	`session, err := smux.Client(conn, &smuxConfig)`
`332`	`333`	`if err != nil {`