The SOCKET implements NAT traversal

In the current Ipv4nat prevailing network environment, it is very difficult for two users to connect directly to each other. A better solution is to use a user with a public network or server intermediary to achieve peer-to connect.

Nat:network address translation, network addresses translation. Because the number of IPV4 addresses is very limited, it is not possible for each network device to have an IP. NAT technology solves this problem very well. The routing device is assigned to a public address by the ISP, the routing device generates additional LAN address itself, and the information inside the LAN is transformed through the network address of the router, which realizes the communication between the internal network and the external network.

For common NAT, when an internal address sends a message to an external network: When the information arrives at the NAT device, the NAT device first queries its own address translation table. See if there is an address translation table for the internal address-port, and if not, the router is assigned to the address-port an available extranet port and is recorded in the Address translation table. The source address of the sent packet is modified to the public address of the NAT device, and the port becomes the assigned port (note that the contents of the IP header are modified directly, the external network is not able to know the address of the NAT internal host from the protocol header) and then sent to the specified external address.

External data is sent to an internal address: just mentioned, the external network is almost unknown to the destination intranet address. He only knows the IP and port of the public router (this is because the internal implementation contacted the external network to communicate externally to the intranet). The extranet only cares about which port the data was sent to before the router. The message is sent to this address and port. Because there is a corresponding address translation table on the NAT device. The data destined for the port will be mapped to the corresponding address and port on the intranet.

When the intranet device sends data to the extranet, the NAT device forwards and receives data for the intranet device using the public IP and its assigned port. The resulting conversion table will have a certain time limit. Most routers receive data according to the Internal Address Trust table, that is: Intranet device A through the NAT device s sent to the external network device B,B can be sent over the port s to send s and then go to a. However, another device in the network that knows the address of a on a NAT and a port is missing from this port cannot be sent through S to a. Because a does not send data to C, router s does not trust C only trust B. But if at this point a again sends the data to C, this can make s to add the trust of C, so that C can send data through s to a.

Through the above theory, we can realize the network traversal between different NAT. We need to use a mediation server to pass IP and port information on the NAT device for the device that needs to be connected.

UDP for NAT traversal (UDP punch):

The server is used to receive the IP and port on the NAT device for the device that requires NAT traversal, and if there are two devices A and B to establish a connection, they first send a UDP packet to the server separately. The server can get the IP and port of a and B converted on the NAT router via the packet. At this point a sends a request to the server for a connection to B, the server sends the address-port information of B to a, notifies A to B to send a connection, and sends a message to B and notifies him to connect a. At this point both A and B know each other's IP and port information. Each sends a UDP packet to the other address first. Here are a few things:

1, A and B have received the data sent by each other. (This may be the case where at least one router has trusted the other's address or the router does not trust the address.) It is also possible that the network is slow to transmit. After two routers send out data, the data arrives at two devices, and the two devices already trust each other.

2, A or B only one received the data sent by the other party. (This is the most common situation, because two packets arrive successively, the router that sends the data first has already generated the trust to send the address, and the other router receives the data because the packet has not been sent, at this time it does not trust the packet sent by the address)

3. No packets were received (

A, a, or B port changes on the NAT device

b, A and b belong to the same NAT, the NAT device does not support loopback conversion or does a connection limit

C, Nat One port trusts only one external address

）

In the third case, A and B may not be able to achieve UDP traversal through this environment. For the second case, A and b require a few more packets to be sent several seconds later. If not all of them will receive it. May not receive the port on this side of the NAT device is changed or NAT one port trusts only one external address and cannot connect. But it usually works.

Talk about the NAT of the mobile communication network. China Unicom's NAT is this: I use the unicom device to send UDP packets to the server, the server gets the port number is xxx, but I can not with another device to achieve NAT traversal. Finally, I debug found that I send data to another device Nat converted Port is another port. I send the data to the server again, but the original XXX port. Access to the data found that Unicom is using NAT3, for different addresses, Nat converted to different ports to communicate. Therefore, you cannot normally connect via a port that is received from the server.

Program implementation:

The first two devices that need to be punched are connected to a server located on the public network 118.112.50.95 (subject to conditions, one of which is also under 118.112.50.95 NAT for public network). And get each other's IP and port

Because this device is also located under the public network of the server, but is behind the NAT, his own public IP is also 118.112.50.95

The IP of the other device is 118.113.89.4

The ip:118.113.89.4 of this device, each other's IP is 118.112.50.95

We then use the first device (118.112.50.95) to initiate a UDP connection (118.113.89.4) request to the server to let the server tell (118.113.89.4) that the device is connected to itself. The two parties will then send a hellow data to each other every few seconds. Send Total five times

The device received 5 times Hellow

The device received only 4 times hellow. Because this device is the device that is being connected, sending the packet is a bit later. 118.112.50.95 the address of the packet that was sent first is discarded because it is not trusted. When you send a packet to 118.112.50.95. The server began to trust 118.112.50.95, so it received 118.112.50.95 sent over the remainder of the packet.

The program that accompanies the attachment is a mixture of the mediation server and the client (the lower-left corner, the lower-right corner client). On the left, after setting the listening port on the public network, you can connect with another program. The client in the upper-left corner of the list selects the destination address to connect to to notify the server to initiate the connection. Attachment

The SOCKET implements NAT traversal