P2P bypass Nat

/// What to do?
A (inside company) connect to cnblogs by http_proxy and post a document with content public_addr, private_addr, and find whether any other clients connect it too.
If find, then try to connect them, and display the information of them
Later, user can select another client, and send files or message

/// Python send file by HTTP
Http://stackoverflow.com/questions/68477/send-file-using-post-from-a-python-script
Http://stackoverflow.com/questions/150517/send-file-using-post-from-a-python-script

/// Python using HTTP Proxy

# Http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection

# Import OS, urllib
# OS. Environ ["http_proxy"] = "http: // proxyserver: 3128"
# DATA = urllib. urlopen ("http://www.google.com"). Read ()
# Print data

# Import urllib2, urllib

# Proxy = urllib2.proxyhandler ({'http': 'http: // aaants10.aaaex.asmpt.com: 80 '})
# Auth = urllib2.httpbasicauthhandler ()
# Opener = urllib2.build _ opener (proxy, auth, urllib2.httphandler)
# Urllib2.install _ opener (opener)

# Conn = urllib2.urlopen ('HTTP: // python.org ')
# Return_str = conn. Read ()
# Print return_str

Import urllib2

Def get_proxy_opener (proxyurl = 'HTTP: // route: 80', proxyuser = "aaaex \ aeejshe", proxypass = "hejinshou", proxyscheme = "HTTP "):
Password_mgr = urllib2.httppasswordmgrwithdefaultrealm ()
Password_mgr.add_password (none, proxyurl, proxyuser, proxypass)

Proxy_handler = urllib2.proxyhandler ({proxyscheme: proxyurl })
Proxy_auth_handler = urllib2.proxybasicauthhandler (password_mgr)

Return urllib2.build _ opener (proxy_handler, proxy_auth_handler)

If _ name _ = "_ main __":
Import sys
Url_opener = get_proxy_opener ()
# Print url_opener.open ('HTTP: // www.google.com '). Read ()
Urllib2.install _ opener (url_opener)
Print urllib2.urlopen ('HTTP: // www.google.com '). Read ()

# If Len (SYS. argv)> 4:
# Url_opener = get_proxy_opener (* SYS. argv [1: 4])
# For URL in SYS. argv [4:]:
# Print url_opener.open (URL). Headers
# Else:
# Print "Usage:", SYS. argv [0], "proxy user pass fetchills ..."

/// NAT traversal through NAT traversal

Http://zh.wikipedia.org/wiki/NAT%E7%A9%BF%E9%80%8F
Two common NAT traversal technologies are UDP holes and stun. In addition, there are turn, ice, ALG, and SBC.
Nat penetration

* Session traversal utilities for NAT (Stun)
* Traversal Using relay NAT (turn)
* NAT-T negotiation of NAT-traversal in the IKE
* Teredo tunneling uses NAT traversal to provide IPv6 connectivity.
* Session Border controller (SBC)
* UDP hole punching)
* TCP hole punching)

[Zookeeper] Nat penetration is based on Nat Control

* Realm-specific IP (rsip)
* Middlebox communications (midcom)
* Socks
* Nat port mapping protocol (nat pmp)
* Internet gateway device (IGD) protocol, defined by the Universal Plug and Play (UPnP) forum.
* Application Layer Gateway (ALG)

[Nat penetration integration]

* Interactive connectivity establishment (ICE)
 
UDP Punch hole UDP hole punching
This operation requires a full-bandwidth NAT (full-cone Nat, also known as one-to-one Nat) configuration before it works properly. Neither restricted Nat nor dynamic Nat can use this technology.

This technology is widely used in P2P and VoIP domains. It is one of the technologies that Skype uses to protect against fire attacks and Nat attacks.

The hypothetical host has two master machines (a and B) that are located separately on the respective private network. The N1 and N2 are two Nat configurations; S is a public server that uses an IP address that can be accessed from anywhere in the world.

Step 1: Set up UDP protocol for A and B and for S. Set up UDP protocol for N1 and N2 in NAT and allocate external ports for the specified time.

Step 2: S. Return these ports to A and B.

Step 3: A and B directly attempt to access the NAT settings of the peer through the desired port; NAT configuration rules are used to distribute distributed packets to a and B.

Xstunt correspondence handler (C/C ++ TCP penetrating Nat correspondence handler)
Http://www.cis.nctu.edu.tw /~ Gis87577/xdreaming/xstunt/index_chinese.html

Blogs
Http://javascript.iteye.com/blog/151463

Source Codes
Http://www.cnblogs.com/yrh2847189/archive/2007/06/20/790013.html
Http://blog.csdn.net/markman101/archive/2010/08/31/5853703.aspx
Https://gist.github.com/224795

#! /Usr/bin/ENV Python
#
# Udp_hole_punch_tester.py-UDP hole punching Test Tool
#
# Usage: udp_hole_punch_tester.py remote_host remote_port
#
# Run this script simultaneously on 2 hosts to test if they can punch
# A udp hole to each other.
#
# * Remote_port shocould be identical on 2 hosts.
# * If remote_port <1024, must be root.
# * Tested on Python 2.5.
#
# Copyright (c) 2009 Dmitriy samovskiy, http://somic.org
#
# License: Apache license, version 2.0
# Http://www.apache.org/licenses/
#

Import sys, OS, time, socket, random
From select import select

Def log (* ARGs ):
Print time. asctime (), ''. Join ([STR (x) for X in ARGs])

Def puncher (remote_host, Port ):
Sock = socket. socket (socket. af_inet, socket. sock_dgram)
Sock. BIND ('', Port ))

My_token = STR (random. Random ())
Log ("my_token =", my_token)
Remote_token = "_"

Sock. setblocking (0)
Sock. setTimeout (5)

Remote_knows_our_token = false

For I in range (60 ):
R, W, X = select ([sock], [sock], [], 0)

If remote_token! = "_" And remote_knows_our_token:
Log ("we are done-hole was punched from both ends ")
Break

If R:
data, ADDR = sock. recvfrom (1024)
log ("Recv:", data)
If remote_token = "_":
remote_token = data. split () [0]
log ("remote_token is now", remote_token)
If Len (data. split () = 3:
log ("remote end signals it knows our token")
remote_knows_our_token = true

If W:
Data = "% S % s" % (my_token, remote_token)
If remote_token! = "_": Data + = "OK"
Log ("sending:", data)
Sock. sendto (data, (remote_host, Port ))
Log ("sent", I)
Time. Sleep (0.5)

Log ("done ")
Sock. Close ()

Return remote_token! = "_"

If _ name _ = '_ main __':
Remote_host = SYS. argv [1]
Port = int (SYS. argv [2])

If puncher (remote_host, Port ):
Log ("Punched UDP hole to % s: % d successfully" % (remote_host, Port ))
Else:
Log ("failed to Punch hole ")

 

TCP penetration Nat
Http://nutss.gforge.cis.cornell.edu//jstunt-examples.php
Echo server and echo Client

Download and install Java 1.5.0 or later
Download the jar package that contains the stunt library and example server/client applications.
The source code for the sample applications is at echoserver. Java and echoclient. java.
Start the server, on a host behind a NAT, by executing: Java-CP stunt. Jar echoserver you@your.domain.com.
Connect the client to your echoserver by executing: Java-CP stunt. Jar echoclient you@your.domain.com
To connect to the Cornell echoserver, use echo@nutss.net as the destination when starting the client.
If everything goes well, you'll see something along the lines of: SERVER: accepted saikat930@ed.u.cs.cornell.edu, and client: Greetings saikat930@ed.u.cs.cornell.edu, This Is The echoserver at echo@nutss.net. Now you say something.
You'll be able to type lines at the client's console and have them be echoed by the server when you press Enter.
The library takes between 200 ms to 1 second to connect, but slow DNS (sometimes due to the NAT) can increase the connection time by a bit.
Hi all,
(Apologies if you get multiple copies of this)

I am pleased to announce the availability of our open-source TCP Nat
Traversal/hole-punching library based on our research published in [1].

[1] "characterization and measurement of TCP traversal through NATs
And firewils ", S. Guha and P. Francis. IMC 2005.
Http://nutss.net/pub/imc05-tcpnat.pdf

The key result of the paper is: tcp nat traversal can work 85%-90%
The time today (without any special assumptions about NATs), and 100%
The time between pairs of certain popular, well-behaved NATs. See [1]
For more details.

An open-source Java library for tcp nat traversal is now available:
Webpage: http://nutss.net/stunt.php
FAQ: http://nutss.net/jstunt-faq.php
Library and example: http://nutss.net/jstunt-examples.php

The above library has been tested for pair-wise connectivity limit SS 11
Brands of NATs from Windows and Linux Hosts. NATs tested were Linksys,
Dlink, Netgear, Belkin, 3Com, Netopia, Allied Telesyn, SMC, trendnet,
USR, Buffalo tech. Out of the 121 possible pair-wise combinations, 113
Connections are successful. The only ones that failed are when both
Endpoints are behind the _ Same _ NAT device that does not support TCP
Hairpin-behavior yet (see [1]).

The Java library is released under lgpl; contact me if this does not
Meet your needs. Feel free to extend it/port it etc.

Q: I am a P2P developer/researcher. How does this help me?
A: The Library adds tcp nat traversal out-of-the-box. This increases
Connectivity in your P2P network since two users behind their NATs can
Now exchange data without having to go through an intermediary node. You
Can:
-Use this library as is (for development of P2P software, research,
Small deployments, etc in Java)
-Study it to provide tcp nat traversal in your existing P2P
Applications in your language of choice.
-Etc.

If you have any questions, comments, suggestions, or problems, do not
Hesitate to contact me. Cheers,
--
Saikat

Attachment: signature. ASC
Description: This is a digitally signed message part