address hopping

README.md

@@ -3,7 +3,7 @@
 **[Click Here for English Version](README_EN.md)**
 
 ## 简单介绍
-但凡使用过三大运营商的家用宽带，并且需要家宽互联，那么几乎都会体验到 UDP 被限速的情况。为了躲避三大运营商针对 UDP 的 QoS，我制作了另一个工具，叫做 [UDP Hop](https://github.com/cnbatch/udphop)。原理是定期更换端口号。
+但凡使用过三大运营商的家用宽带，并且需要家宽互联，那么几乎都会体验到 UDP 被限速的情况。为了躲避三大运营商针对 UDP 的 QoS，我制作了另一个工具，叫做 [UDP Hop](https://github.com/cnbatch/udphop)。原理是定期建立新连接（更换端口号及连到新地址）。
 
 只不过，UDP Hop 只支持转发 UDP 流量。为了能够利用 UDP 转发 TCP 流量，因此就有了KCP Tube。利用 KCP 的可靠重传保证转发的 TCP 不会丢包。
 
@@ -169,9 +169,9 @@ encryption_algorithm=AES-GCM
 |  名称   | 可设置值  | 必填 |备注|
 |  ----  | ----  | :----: | ---- |
 | mode  | client<br>server<br>relay |是|客户端<br>服务端<br>中继节点|
-| listen_on | 域名或 IP 地址 |否|只能填写域名或 IP 地址|
+| listen_on | 域名或 IP 地址 |否|只能填写域名或 IP 地址。多个地址请用逗号分隔|
 | listen_port | 1 - 65535 |是|以服务端运行时可以指定端口范围|
-| destination_port | 1 - 65535 |是|以客户端运行时可以指定端口范围|
+| destination_port | 1 - 65535 |是|以客户端运行时可以指定端口范围。多个地址请用逗号分隔|
 | destination_address  | IP地址、域名 |是|填入 IPv6 地址时不需要中括号|
 | dport_refresh  | 0 - 32767 |否|单位“秒”。不填写表示使用预设值 60 秒。<br>1 至 20 按 20 秒算，大于 32767 按 32767 秒算。<br>设为 0 表示禁用。|
 | encryption_algorithm | AES-GCM<br>AES-OCB<br>chacha20<br>xchacha20<br>none |否    |AES-256-GCM-AEAD<br>AES-256-OCB-AEAD<br>ChaCha20-Poly1305<br>XChaCha20-Poly1305<br>不加密 |
@@ -521,16 +521,9 @@ root      soft    nofile       300000
 
 如果已经使用了加密选项，那么尾附的 2 字节数据就是临时生成的IV。
 
-如果选择不使用加密功能，那么尾附的 2 字节数据就是校验码，分别为两种 8-bit 校验码：
+如果选择不使用加密功能，那么尾附的 2 字节数据就是校验码，是由 CRC32 高低位异或而成。
 
-- 纵向冗余校验 (LRC, Longitudinal Redundancy Check)
-- 8-bit checksum
-
-这是因为 kcptube 使用的 Botan 库并不附带 16-bit 校验算法，因此 kcptube 同时使用了这两种 8-bit 校验码。
-
-这两种校验码的计算速度都足够快，简明又实用，并不是偏门的计算方式。例如 Modbus 就用到了 LRC。
-
-需要提醒的是，使用两种校验码仍然无法 100% 避免内容错误，TCP 本身也是一样。如果确实需要精确无误，请启用加密选项。
+需要提醒的是，使用校验码仍然无法 100% 避免内容错误，TCP 本身也是一样。如果确实需要精确无误，请启用加密选项。
 
 ## 多路复用 (mux_tunnels=N)
 KCP Tube 虽然有“多路复用”的功能，但默认并不主动打开。在不使用该功能的情况下，每接受一个入站连接，就会创建一个对应的出站连接。

README_EN.md

@@ -3,7 +3,7 @@
 **[点击此处查看简体中文版](README.md)**
 
 ## Basic Introduction
-Anyone who has used home broadband from the three major telecom operators in China and needs to connect to other home networks will almost always experience UDP speed restrictions. In order to avoid the QoS targeting UDP by the three major telecom operators, I have developed a tool,  named [UDP Hop](https://github.com/cnbatch/udphop)。The principle of this tool is to regularly change the port number.
+Anyone who has used home broadband from the three major telecom operators in China and needs to connect to other home networks will almost always experience UDP speed restrictions. In order to avoid the QoS targeting UDP by the three major telecom operators, I have developed a tool,  named [UDP Hop](https://github.com/cnbatch/udphop)。The principle of this tool is to regularly re-establish a connection automatically, by change the port number and address.
 
 However,  UDP Hop can only forwards UDP traffic. In order to forward TCP traffic using UDP, KCP Tube is developed. The reliable retransmission of KCP ensures that the forwarded TCP packets will not be lost.
 
@@ -169,10 +169,10 @@ encryption_algorithm=AES-GCM
 |  Name   | Value  | Require |Note|
 |  ----  | ----  | :----: | ---- |
 | mode  | client<br>server<br>relay |Yes|Client Mode<br>Server Mode<br>Relay Node Mode|
-| listen_on | domain name or IP address |No|domain name / IP address only|
+| listen_on | domain name or IP address |No|domain name / IP address only. Multiple addresses should be comma-separated.|
 | listen_port | 1 - 65535 |Yes|Port ranges can be specified when running as a server mode|
 | destination_port | 1 - 65535 |Yes|Port ranges can be specified when running as a client mode|
-| destination_address  | IP address, domain name |Yes|Brackets are not required when filling in an IPv6 address|
+| destination_address  | IP address, domain name |Yes|Brackets are not required when filling in an IPv6 address. ultiple addresses should be comma-separated.|
 | dport_refresh  | 20 - 65535 |No|The unit is ‘second’. Not writting this option means using the default value of 60 seconds. <br>1 to 20 is treated as 20 seconds; greater than 32767 is treated as 32767 seconds. <br>Set to 0 means disable this option.|
 | encryption_algorithm | AES-GCM<br>AES-OCB<br>chacha20<br>xchacha20<br>none |No    |AES-256-GCM-AEAD<br>AES-256-OCB-AEAD<br>ChaCha20-Poly1305<br>XChaCha20-Poly1305<br>No Encryption |
 | encryption_password  | Any character |Depends…|…on the setting of encryption_algorithm, if the value is set and it is not none, it is required|
@@ -524,16 +524,9 @@ Regardless of whether encryption is enabled or not, this program will reduce the
 
 If the encryption option is used, then the 2-byte data appended at the end will be a temporarily generated IV.
 
-If the encryption feature is not selected, the 2-byte data appended at the end will be the checksum, consisting of two different 8-bit checksums:
+If the encryption feature is not selected, the 2-byte data appended at the end will be the checksum, generated by XORing the high and low bytes of CRC32.
 
-- Longitudinal Redundancy Check (LRC)
-- 8-bit checksum
-
-This is because the Botan library used in this program does not come with a 16-bit checksum algorithm. Therefore, this program simultaneously utilizes these two 8-bit checksums.
-
-The calculation speed of these two checksums is fast enough, concise and practical, and is not an obscure calculation method. For example, Modbus uses LRC.
-
-It should be reminded that using two checksums still cannot completely avoid content errors, just like TCP itself. If you really need accuracy, please enable the encryption option.
+Please note that using checksum still cannot completely avoid content errors, just like TCP itself. If you really need accuracy, please enable the encryption option.
 
 ## Multiplexing (mux_tunnels=N)
 The function of multiplexing is not automatically enabled by default. Without using this feature, for each incoming connection accepted, a corresponding outgoing connection is created.

docs/client_server_en.md

@@ -100,7 +100,7 @@ stun_server=stun.qq.com
 log_path=./
 ```
 
-When using STUN for NAT Hole punching, the server cannot listen on multiple ports and can only use single-port mode. This is because the port number obtained after NAT Hole punching using STUN is not fixed. Even if the server's own port range is continuous, it cannot be guaranteed that the port number range obtained during NAT Hole punching is also continuous. Therefore, in this mode, KCPTube is limited to using only single-port mode.
+When using STUN for NAT Hole punching, the server cannot listen on multiple ports and can only use single-port mode; listening multiple address can't be supported. This is because the port number obtained after NAT Hole punching using STUN is not fixed. Even if the server's own port range is continuous, it cannot be guaranteed that the port number range obtained during NAT Hole punching is also continuous. Therefore, in this mode, KCPTube is limited to using only single-port mode.
 
 ## Specify the listening NIC
 
@@ -109,6 +109,43 @@ Both the client and the server can specify the NIC to listen to, and only need t
 ```
 listen_on=192.168.1.1
 ```
+or multiple addresses
+
+```
+listen_on=192.168.1.1,172.16.20.1
+```
+
+## Multiple Destination Addresses
+
+Both client and relay modes can specify multiple destination addresses, which must point to the same server.
+
+```
+destination_address=127.0.0.1,::1,10.200.30.1
+```
+
+**Note**: When using multiple addresses, it is recommended that the client's `destination_address` matches the server's `listen_on`.
+
+If the server's `listen_on` is not specified, ensure that each address in the client's `destination_address` is in a different network segment.
+
+For example, if the client specifies `destination_address=192.168.0.1,FDCA:1234::1`, the server's `listen_on` can be left blank, since `192.168.0.1` and `FDCA:1234::1` are guaranteed to be in different network segments.
+
+However, if the client specifies `destination_address=192.168.0.1,192.168.0.2,FDCA:1234::1,FDCA:1234::2`, it is better to explicitly specify these addresses in the server's `listen_on` to avoid data packets being sent from unintended addresses.
+
+## Non-continuous Port Range
+
+To use a non-continuous port range, you can separate the ranges with commas.
+
+### Server
+
+```
+listen_port=13000-13050,14000-14050,15000
+```
+
+### Client
+
+```
+destination_port=13000-13050,14000-14050,15000
+```
 
 ## Specify KCP options yourself
 

docs/client_server_zh-hans.md

@@ -100,7 +100,7 @@ stun_server=stun.qq.com
 log_path=./
 ```
 
-注意：使用 STUN 打洞时，服务端无法监听多端口，只能使用单端口模式。因为 STUN 打洞后获得的端口号并不固定，即使服务端自己的端口范围是连续的，打洞时无法保证获得的端口号范围也是连续的。因此这种模式下 KCPTube 限制为只能使用单端口模式。
+注意：使用 STUN 打洞时，服务端无法侦听多端口，只能使用单端口模式；不支持自定义侦听地址。因为 STUN 打洞后获得的端口号并不固定，即使服务端自己的端口范围是连续的，打洞时无法保证获得的端口号范围也是连续的。因此这种模式下 KCPTube 限制为只能使用单端口模式。
 
 ## 指定侦听网卡
 
@@ -110,6 +110,43 @@ log_path=./
 listen_on=192.168.1.1
 ```
 
+或者多个地址
+
+```
+listen_on=192.168.1.1,172.16.20.1
+```
+
+## 多个目标地址
+
+客户端及中继模式都可以指定多个目标地址，这些地址必须指向同一个服务端。
+
+```
+destination_address=127.0.0.1,::1,10.200.30.1
+```
+
+**备注**：使用多地址时，建议客户端的 `destination_address` 与服务端的 `listen_on` 保持一致。
+
+如果服务端的 `listen_on` 未填写，那么在填写客户端 `destination_address` 时需要确保每个地址都处于不同的网段。
+
+例如，客户端填写 `destination_address=192.168.0.1,FDCA:1234::1`，那么可以不填写服务端的 `listen_on`，因为`192.168.0.1`、`FDCA:1234::1`必然不是同一个网段。
+
+如果客户端填写 `destination_address=192.168.0.1.192.168.0.2,FDCA:1234::1,FDCA:1234::2`，那么最好在服务端的 `listen_on` 那里指定这几个地址，以免数据包从意想不到的地址发出去。
+
+## 不连续端口范围
+
+若需要使用非连续端口范围，可以使用逗号分隔
+
+### 服务端
+
+```
+listen_port=13000-13050,14000-14050,15000
+```
+
+### 客户端
+```
+destination_port=13000-13050,14000-14050,15000
+```
+
 ## 自己指定 KCP 选项
 
 如果想要更细致的设置，可以自己指定 KCP 选项。

docs/parameters_en.md

@@ -3,10 +3,10 @@
 |  Name   | Value  | Require |Note|
 |  ----  | ----  | :----: | ---- |
 | mode  | client<br>server<br>relay |Yes|Client Mode<br>Server Mode<br>Relay Node Mode|
-| listen_on | domain name or IP address |No|domain name / IP address only|
+| listen_on | domain name or IP address |No|domain name / IP address only. Multiple addresses should be comma-separated.|
 | listen_port | 1 - 65535 |Yes|Port ranges can be specified when running as a server mode|
 | destination_port | 1 - 65535 |Yes|Port ranges can be specified when running as a client mode|
-| destination_address  | IP address, domain name |Yes|Brackets are not required when filling in an IPv6 address|
+| destination_address  | IP address, domain name |Yes|Brackets are not required when filling in an IPv6 address. Multiple addresses should be comma-separated.|
 | dport_refresh  | 20 - 65535 |No|The unit is ‘second’. Not writting this option means using the default value of 60 seconds. <br>1 to 20 is treated as 20 seconds; greater than 32767 is treated as 32767 seconds. <br>Set to 0 means disable this option.|
 | encryption_algorithm | AES-GCM<br>AES-OCB<br>chacha20<br>xchacha20<br>none |No    |AES-256-GCM-AEAD<br>AES-256-OCB-AEAD<br>ChaCha20-Poly1305<br>XChaCha20-Poly1305<br>No Encryption |
 | encryption_password  | Any character |Depends…|…on the setting of encryption_algorithm, if the value is set and it is not none, it is required|

docs/parameters_zh-hans.md

@@ -3,10 +3,10 @@
 |  名称   | 可设置值  | 必填 |备注|
 |  ----  | ----  | :----: | ---- |
 | mode  | client<br>server<br>relay |是|客户端<br>服务端<br>中继节点|
-| listen_on | 域名或 IP 地址 |否|只能填写域名或 IP 地址|
+| listen_on | 域名或 IP 地址 |否|只能填写域名或 IP 地址。多个地址请用逗号分隔|
 | listen_port | 1 - 65535 |是|以服务端运行时可以指定端口范围|
 | destination_port | 1 - 65535 |是|以客户端运行时可以指定端口范围|
-| destination_address  | IP地址、域名 |是|填入 IPv6 地址时不需要中括号|
+| destination_address  | IP地址、域名 |是|填入 IPv6 地址时不需要中括号。多个地址请用逗号分隔|
 | dport_refresh  | 0 - 32767 |否|单位“秒”。不填写表示使用预设值 60 秒。<br>1 至 20 按 20 秒算，大于 32767 按 32767 秒算。<br>设为 0 表示禁用。|
 | encryption_algorithm | AES-GCM<br>AES-OCB<br>chacha20<br>xchacha20<br>none |否    |AES-256-GCM-AEAD<br>AES-256-OCB-AEAD<br>ChaCha20-Poly1305<br>XChaCha20-Poly1305<br>不加密 |
 | encryption_password  | 任意字符 |视情况|设置了 encryption_algorithm 且不为 none 时必填|