P2P Nat Research
Part 1: Nat Introduction
Part 2: Nat type detection
Part 1: Nat Introduction
Various types of NAT (according to RFC)
Full cone NAT:
The Intranet host establishes a UDP socket (localip: localport). When the socket is used to send data to the external host for the first time, Nat will allocate a public network (publicip: publicport) to it ), in the future, this pair (publicip: publicport) will be used to send data to any external host using this socket ). In addition, as long as any external host knows this (publicip: publicport), it can send data to (publicip: publicport), and the Intranet host can receive this packet.
Restricted cone NAT:
The Intranet host establishes a UDP socket (localip: localport). When the socket is used to send data to the external host for the first time, Nat will allocate a public network (publicip: publicport) to it ), in the future, this pair (publicip: publicport) will be used to send data to any external host using this socket ). In addition, if any external host wants to send data to this Intranet host, as long as it knows this (publicip: publicport) and the Intranet host has previously used this socket to send data to this external Host IP address. As long as these two conditions are met, the external host can use its own (IP, any port) to send data to (publicip: publicport), the Intranet host can receive this packet
Port restricted cone NAT:
The Intranet host establishes a UDP socket (localip: localport). When the socket is used to send data to the external host for the first time, Nat will allocate a public network (publicip: publicport) to it ), in the future, this pair (publicip: publicport) will be used to send data to any external host using this socket ). In addition, if any external host wants to send data to this Intranet host, as long as it knows this (publicip: publicport) and the Intranet host previously uses this socket to this external host (IP, Port) sent data. As long as these two conditions are met, the external host can use its own (IP, Port) to send data to (publicip: publicport), the Intranet host can receive this packet
Symmetric NAT:
The Intranet host establishes a UDP socket (localip, localport), when this socket is used to send data to the external HOST 1 for the first time, Nat maps a (PublicIP-1, Port-1 ), after the Intranet host sent to external HOST 1 all data is using this (PublicIP-1, Port-1), if the Intranet host at the same time with this socket to external host 2 to send data, the first time to send, nat will assign it a (PublicIP-2, Port-2), after which all the data sent by the Intranet host to the external host 2 will use this (PublicIP-2, Port-2 ). if Nat has more than one public IP, the PublicIP-1 and PublicIP-2 may be different, if Nat only has one public ip, then port-1 and port-2 are definitely different, that is to say, it must not be that the PublicIP-1 is equal to the PublicIP-2 and port-1 is equal to Port-2. In addition, if any external host wants to send data to this Intranet host, it should first receive the data sent from the Intranet host before sending it back, otherwise, even if he knows that one (publicip, Port) of the Intranet host cannot send data to the Intranet host, this Nat cannot implement UDP-P2P communication.
Part 2: Nat type detection
Prerequisites: there is a public network server and two public network IP addresses (IP-1, IP-2) are bound ). This server performs UDP listening (IP-1, Port-1), (IP-2, Port-2), and responds according to client requirements.
Step 1: Check whether the client can perform UDP Communication and whether the client is behind Nat?
The client establishes a UDP socket and then uses this socket to send data packets to the server (IP-1, Port-1) to require the server to return the client's IP and port, the client immediately began to accept the packet after sending the request, set the socket timeout (300 ms) to prevent infinite congestion. repeat this process several times. If a request times out and cannot receive a response from the server, the client cannot perform UDP communication, which may be caused by firewall or NAT blocking, such a client cannot be P2P (detection stops ).
When the client can receive responses from the server, compare the client (IP, Port) returned by the server with the client socket (localip, localport. If they are the same, the client is not in Nat, and such a client has a public IP address, you can directly listen to the UDP port to receive data for Communication (detection stops ). Otherwise, the client performs further Nat type detection (CONTINUE) after Nat ).
Step 2: Check whether the client Nat is full cone Nat?
The client establishes a UDP socket and then uses this socket to send packets to the server (IP-1, Port-1) that requires the server to use another pair (IP-2, Port-2) send a data packet back in response to the client's request. The client receives the data packet immediately after sending the request. Set the socket timeout (300 ms) to avoid infinite congestion. repeat this process several times. If the request times out and the response from the server cannot be received, it indicates that the client Nat is not a full cone Nat. The specific type is subject to further detection (continue ). If a response UDP packet is received from the server (IP-2, Port-2), it indicates that the client is a full cone Nat so that the client can communicate with the UDP-P2P (detection stops ).
Step 3: Check whether the client Nat is elastic Nat?
The client establishes a UDP socket and then uses this socket to send data packets to the server (IP-1, Port-1) to require the server to return the client's IP and port, the client immediately began to accept the packet after sending the request, set the socket timeout (300 ms) to prevent infinite congestion. repeat this process until you receive a response (you must be able to receive the response, because the first step ensures that the client can perform UDP communication ).
Sending packets to the server (IP-2, Port-2) using a socket in the same way requires the server to return the client's IP and port.
Compare the client (IP, Port) returned from the server in the preceding two processes. If there is a difference between the two processes (IP, port), it indicates that the client is using hierarchical Nat, such clients cannot communicate with UDP-P2P (detection stops ). Otherwise it is restricted cone Nat, and whether it is port restricted cone Nat is to be detected (continue ).
Step 4: Check whether the client Nat is restricted cone Nat or port restricted cone Nat?
The client establishes a UDP socket and then uses this socket to send packets to the server (IP-1, Port-1) which requires the server to send a UDP packet to the client in response to a IP-1 and a port different from Port-1, the client starts to accept data packets immediately after sending the request. Set the socket timeout (300 ms) to prevent infinite congestion. repeat this process several times. If the response times out and cannot be received from the server, the client is a port restricted cone Nat. If the response is received from the server, the client is a restricted cone Nat. Both types of NAT can be used for UDP-P2P communication.
Note: The above detection process only shows whether the UDP-P2P can be drilled-in communication, the specific communication is generally based on rendezvous server. In addition, for the wide Ric Nat does not mean that the UDP-P2P can not communicate with holes, you can predict the port holes, but cannot guarantee success.