C # [Fox instant messaging core] development record 3 (knowledge reserve: tcp udp holes)

This article from: http://www.cnblogs.com/yuanfan/archive/2010/12/17/1909379.html

 

 

What is punching and why?

Due to the rapid development of the Internet, IPv4 addresses are insufficient, so each host cannot be assigned a public IP address, so Nat address translation is used.

Below is a picture I found online

Generally, a connection is actively initiated by a host in the private network (such as the "Computer A-01"), the packet is converted to the server on the public network (such as the "server "), after the connection is established, data can be transmitted in two directions. The NAT device allows hosts in the private network to send data to hosts in the public network, but does not allow active transmission in the opposite direction, however, in some special cases, it is necessary to connect hosts in different private networks (such as P2P software, network conferencing, and video transmission). The problem of tcp nat traversal must be solved.

Below are several types of NAT

The type of NAT device has a very important impact on tcp nat traversal. According to the port ing method, Nat can be divided into the following four categories. The first three Nat types can be collectively referred to as the cone type.
(1) Full Cone: Nat maps all requests from the same internal IP address and port to the same external IP address and port. Any external host can send IP packets to the internal host through the ing.
(2) Restricted Cone: Nat maps all requests from the same internal IP address and port to the same external IP address and port. However, an internal host can only send an IP packet to an external host whose IP address is X.
(3) Port restricted Cone: the port restriction clone is similar to the restriction clone, but the port number restriction is exceeded, that is, only the internal host is directed to the IP address X first, only when an external host whose port is P sends an IP packet can the external host send an IP packet whose source port is P to the internal host.
(4) symmetric NAT: This type of NAT is different from the preceding three types, when the same internal host uses the same port to communicate with the external host with different addresses, Nat maps the internal host differently. Symmetric Nat does not guarantee the consistency between the private and public IP addresses in all sessions. Instead, it assigns a new port number for each new session.

 

Assume that there is a server s there is an IP address on the public network, two private networks are connected to the public network by the NAT-A and NAT-B respectively, there is a client a behind the NAT-A, there is a client B behind the NAT-B, now, we need to use s to establish a direct TCP connection between A and B, that is, B holes in a so that a can directly connect to host B along the hole, as if the NAT-B does not exist.

The implementation process is as follows:
1. s starts two network listeners. One is the listener of the primary connection and the other is the listener of the assisted hole.
2. A and B maintain contact with the master connection of S.
3. When a needs to establish a direct TCP connection with B, first connect to the "assist hole" Port of S and send a request for assistance with the connection. At the same time, start listening on the port number. Note that to bind a socket to the same network terminal, you must set the so_reuseaddr attribute (that is, allow reuse) for these sockets. Otherwise, the listening will fail.
4, s [assist hole] After receiving the application of a through the [master connection] to notify B, and a after the NAT-A conversion of public network IP address and port information to B.
5. B First connects to the "assist hole" Port of s after receiving the connection notification from S, and disconnects immediately after sending some data, the purpose of this is to let s know the Internet IP address and port number of B after NAT-B conversion.
6. B tries to connect with the public IP address and port of a after the NAT-A is converted, according to different routers will have different results, some routers can establish a connection in this operation, most routers directly discard the SYN request packet that is not from, leading to connect failure, but the NAT-A will record the source address and port number of the connection, to prepare for the next real connection, this is called a hole, that is, B has made a hole in a, and next time a can directly connect to the port number that B just used.
7. Start listening on the same port while logging in to client B. B. After everything is ready, reply to the message "I am ready" through the master connection with S ", s tells a after receiving the Internet IP address and port number of B after NAT-B conversion.
8. After receiving the Internet IP address and port number of B replied by S, A starts to connect to Internet IP address and port number of B, since B tried to connect to a's public IP address and port in step 6, the NAT-A records the information of this connection, so when a actively connects to B, the NAT-B will think of it as valid SYN data and allow it to be established through a direct TCP connection.

With some knowledge, we will start to Implement UDP and TCP holes. This may take some time.

 

 

What is punching and why?

Due to the rapid development of the Internet, IPv4 addresses are insufficient, so each host cannot be assigned a public IP address, so Nat address translation is used.

Below is a picture I found online

Generally, a connection is actively initiated by a host in the private network (such as the "Computer A-01"), the packet is converted to the server on the public network (such as the "server "), after the connection is established, data can be transmitted in two directions. The NAT device allows hosts in the private network to send data to hosts in the public network, but does not allow active transmission in the opposite direction, however, in some special cases, it is necessary to connect hosts in different private networks (such as P2P software, network conferencing, and video transmission). The problem of tcp nat traversal must be solved.

Below are several types of NAT

The type of NAT device has a very important impact on tcp nat traversal. According to the port ing method, Nat can be divided into the following four categories. The first three Nat types can be collectively referred to as the cone type.
(1) Full Cone: Nat maps all requests from the same internal IP address and port to the same external IP address and port. Any external host can send IP packets to the internal host through the ing.
(2) Restricted Cone: Nat maps all requests from the same internal IP address and port to the same external IP address and port. However, an internal host can only send an IP packet to an external host whose IP address is X.
(3) Port restricted Cone: the port restriction clone is similar to the restriction clone, but the port number restriction is exceeded, that is, only the internal host is directed to the IP address X first, only when an external host whose port is P sends an IP packet can the external host send an IP packet whose source port is P to the internal host.
(4) symmetric NAT: This type of NAT is different from the preceding three types, when the same internal host uses the same port to communicate with the external host with different addresses, Nat maps the internal host differently. Symmetric Nat does not guarantee the consistency between the private and public IP addresses in all sessions. Instead, it assigns a new port number for each new session.

 

Assume that there is a server s there is an IP address on the public network, two private networks are connected to the public network by the NAT-A and NAT-B respectively, there is a client a behind the NAT-A, there is a client B behind the NAT-B, now, we need to use s to establish a direct TCP connection between A and B, that is, B holes in a so that a can directly connect to host B along the hole, as if the NAT-B does not exist.

The implementation process is as follows:
1. s starts two network listeners. One is the listener of the primary connection and the other is the listener of the assisted hole.
2. A and B maintain contact with the master connection of S.
3. When a needs to establish a direct TCP connection with B, first connect to the "assist hole" Port of S and send a request for assistance with the connection. At the same time, start listening on the port number. Note that to bind a socket to the same network terminal, you must set the so_reuseaddr attribute (that is, allow reuse) for these sockets. Otherwise, the listening will fail.
4, s [assist hole] After receiving the application of a through the [master connection] to notify B, and a after the NAT-A conversion of public network IP address and port information to B.
5. B First connects to the "assist hole" Port of s after receiving the connection notification from S, and disconnects immediately after sending some data, the purpose of this is to let s know the Internet IP address and port number of B after NAT-B conversion.
6. B tries to connect with the public IP address and port of a after the NAT-A is converted, according to different routers will have different results, some routers can establish a connection in this operation, most routers directly discard the SYN request packet that is not from, leading to connect failure, but the NAT-A will record the source address and port number of the connection, to prepare for the next real connection, this is called a hole, that is, B has made a hole in a, and next time a can directly connect to the port number that B just used.
7. Start listening on the same port while logging in to client B. B. After everything is ready, reply to the message "I am ready" through the master connection with S ", s tells a after receiving the Internet IP address and port number of B after NAT-B conversion.
8. After receiving the Internet IP address and port number of B replied by S, A starts to connect to Internet IP address and port number of B, since B tried to connect to a's public IP address and port in step 6, the NAT-A records the information of this connection, so when a actively connects to B, the NAT-B will think of it as valid SYN data and allow it to be established through a direct TCP connection.

with some knowledge, we will start to Implement UDP and TCP holes. It may take some time to do this.