apple · caztanj · Oct 23, 2025 · jglogan · Oct 24, 2025 · caztanj
diff --git a/Sources/ContainerClient/Parser.swift b/Sources/ContainerClient/Parser.swift
@@ -554,6 +554,7 @@ public struct Parser {
     /// Parse --publish-port arguments into PublishPort objects
     /// The format of each argument is `[host-ip:]host-port:container-port[/protocol]`
     /// (e.g., "127.0.0.1:8080:80/tcp")
+    /// host-port and container-port can be ranges (e.g., "127.0.0.1:3456-4567:3456-4567/tcp`
     ///
     /// - Parameter rawPublishPorts: Array of port arguments
     /// - Returns: Array of PublishPort objects
@@ -563,14 +564,14 @@ public struct Parser {
 
         // Process each raw port string
         for socket in rawPublishPorts {
-            let parsedSocket = try Parser.publishPort(socket)
-            sockets.append(parsedSocket)
+            let parsedSockets = try Parser.publishPort(socket)
+            sockets.append(contentsOf: parsedSockets)
         }
         return sockets
     }
 
-    // Parse a single `--publish-port` argument into a `PublishPort`.
-    public static func publishPort(_ portText: String) throws -> PublishPort {
+    // Parse a single `--publish-port` argument into a `[PublishPort]`.
+    public static func publishPort(_ portText: String) throws -> [PublishPort] {
         let protoSplit = portText.split(separator: "/")
         let proto: PublishProtocol
         let addressAndPortText: String
@@ -607,19 +608,98 @@ public struct Parser {
         }
 
         guard let hostPort = Int(hostPortText) else {
-            throw ContainerizationError(.invalidArgument, message: "invalid publish host port: \(hostPortText)")
+            let hostPortRangeStart: Int
+            let hostPortRangeEnd: Int
+            let containerPortRangeStart: Int
+            let containerPortRangeEnd: Int
+
+            let hostPortParts = hostPortText.split(separator: "-")
+            switch hostPortParts.count {
+            case 2:
+                guard let start = Int(hostPortParts[0]) else {
+                    throw ContainerizationError(.invalidArgument, message: "invalid publish host port \(hostPortText)")
+                }
+
+                guard let end = Int(hostPortParts[1]) else {
+                    throw ContainerizationError(.invalidArgument, message: "invalid publish host port \(hostPortText)")
+                }
+
+                hostPortRangeStart = start
+                hostPortRangeEnd = end
+            default:
+                throw ContainerizationError(.invalidArgument, message: "invalid publish host port \(hostPortText)")
+            }
+
+            let containerPortParts = containerPortText.split(separator: "-")
+            switch containerPortParts.count {
+            case 2:
+                guard let start = Int(containerPortParts[0]) else {
+                    throw ContainerizationError(.invalidArgument, message: "invalid publish container port \(containerPortText)")
+                }
+
+                guard let end = Int(containerPortParts[1]) else {
+                    throw ContainerizationError(.invalidArgument, message: "invalid publish container port \(containerPortText)")
+                }
+
+                containerPortRangeStart = start
+                containerPortRangeEnd = end
+            default:
+                throw ContainerizationError(.invalidArgument, message: "invalid publish container port \(containerPortText)")
+            }
+
+            guard hostPortRangeStart > 1,
+                hostPortRangeEnd > 1,
+                hostPortRangeStart < hostPortRangeEnd,
+                hostPortRangeEnd > hostPortRangeStart
+            else {
+                throw ContainerizationError(.invalidArgument, message: "invalid publish host port range \(hostPortText)")
+            }
+
+            guard containerPortRangeStart > 1,
+                containerPortRangeEnd > 1,
+                containerPortRangeStart < containerPortRangeEnd,
+                containerPortRangeEnd > containerPortRangeStart
+            else {
+                throw ContainerizationError(.invalidArgument, message: "invalid publish container port range \(containerPortText)")
+            }
+
+            let hostRange = hostPortRangeEnd - hostPortRangeStart
+            let containerRange = containerPortRangeEnd - containerPortRangeStart
+
+            guard hostRange == containerRange else {
+                throw ContainerizationError(.invalidArgument, message: "publish host and container port range are not equal \(addressAndPortText)")
+            }
+
+            var publishPorts = [PublishPort]()
+            for i in 0..<hostPortRangeEnd - hostPortRangeStart + 1 {
+                let hostPort = hostPortRangeStart + i
+                let containerPort = containerPortRangeStart + i
+
+                publishPorts.append(
+                    PublishPort(
+                        hostAddress: hostAddress,
+                        hostPort: hostPort,
+                        containerPort: containerPort,
+                        proto: proto
+                    )
+                )
+            }
+
+            return publishPorts
         }
 
         guard let containerPort = Int(containerPortText) else {
             throw ContainerizationError(.invalidArgument, message: "invalid publish container port: \(containerPortText)")
         }
 
-        return PublishPort(
-            hostAddress: hostAddress,
-            hostPort: hostPort,
-            containerPort: containerPort,
-            proto: proto
-        )
+        return [
+            PublishPort(
+                hostAddress: hostAddress,
+                hostPort: hostPort,
+                containerPort: containerPort,
+                proto: proto
+            )
+        ]
     }
 
     /// Parse --publish-socket arguments into PublishSocket objects

diff --git a/Tests/CLITests/Subcommands/Run/TestCLIRunOptions.swift b/Tests/CLITests/Subcommands/Run/TestCLIRunOptions.swift
@@ -527,6 +527,55 @@ class TestCLIRunCommand: CLITest {
         }
     }
 
+    @Test func testForwardTCPPortRange() async throws {
+        let range = UInt16(10)
+        for portOffset in 0..<range {
+            let retries = 10
+            let retryDelaySeconds = Int64(3)
+            do {
+                let name = getLowercasedTestName()
+                let proxyIp = "127.0.0.1"
+                let proxyPortStart = UInt16.random(in: 50000..<55000)
+                let serverPortStart = UInt16.random(in: 55000..<60000)
+                let proxyPortEnd = proxyPortStart + range
+                let serverPortEnd = serverPortStart + range
+                try doLongRun(
+                    name: name,
+                    image: "docker.io/library/python:alpine",
+                    args: ["--publish", "\(proxyIp):\(proxyPortStart)-\(proxyPortEnd):\(serverPortStart)-\(serverPortEnd)/tcp"],
+                    containerArgs: ["python3", "-m", "http.server", "--bind", "0.0.0.0", "\(serverPortStart + portOffset)"])
+                defer {
+                    try? doStop(name: name)
+                }
+
+                let url = "http://\(proxyIp):\(proxyPortStart + portOffset)"
+                var request = HTTPClientRequest(url: url)
+                request.method = .GET
+                let config = HTTPClient.Configuration(proxy: nil)
+                let client = HTTPClient(eventLoopGroupProvider: .singleton, configuration: config)
+                defer { _ = client.shutdown() }
+                var retriesRemaining = retries
+                var success = false
+                while !success && retriesRemaining > 0 {
+                    do {
+                        let response = try await client.execute(request, timeout: .seconds(retryDelaySeconds))
+                        try #require(response.status == .ok)
+                        success = true
+                    } catch {
+                        print("request to \(url) failed, error: \(error)")
+                        try await Task.sleep(for: .seconds(retryDelaySeconds))
+                    }
+                    retriesRemaining -= 1
+                }
+                #expect(success, "Request to \(url) failed after \(retries - retriesRemaining) retries")
+                try doStop(name: name)
+            } catch {
+                Issue.record("failed to run container \(error)")
+                return
+            }
+        }
+    }
+
     func getDefaultDomain() throws -> String? {
         let (output, err, status) = try run(arguments: ["system", "property", "get", "dns.domain"])
         try #require(status == 0, "default DNS domain retrieval returned status \(status): \(err)")