Flutterby™! : NAT and inbound

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

NAT and inbound

2011-06-13 20:56:29.916054+00 by Dan Lyke 4 comments

Help: Post Skype, I was pretty sure that there now exists a technology that lets a machine behind a NAT firewall allow an inbound connection. Use pattern would be that Machine A publishes its availability to Server S, Machine B gets credential information from Server S and can then initiate a connection from B to A.

Any hints? This is basically what Skype does, and I know I read an article about how they did it at some point, but I'd like to be able to implement something similar.

comments in descending chronological order (reverse):

#Comment Re: made: 2011-06-16 00:10:37.663619+00 by: Dan Lyke

Okay, I'm now digging through the natblaster code to see if that's the right starting point to clean it up, make it cross-platform, and run a server for.

#Comment Re: made: 2011-06-14 00:48:25.190036+00 by: spc476

You're right in that UDP has no session data, but the article you pointed out says as much, and pretty much describes in greater detail what I was getting at.

A normal TCP connection is three way (one side does an active open, the other a passive open). What I'm describing, a simultaneous open, is when both sides do an active open.

#Comment Re: made: 2011-06-13 23:32:06.605808+00 by: JT [edit history]

Here is a nice explanation.
And your explanation is backwards spc, UDP is connectionless and requires no session information, TCP is reliable with a three-way handshake of SYN, SYN/ACK, and ACK which establishes the sequence and acknowledgement numbers for data verification. Here's the rfc outlining TCP, it's a boring but informative read, page 30 is where they talk about the three-way handshake.

#Comment Re: made: 2011-06-13 23:04:53.341206+00 by: spc476 [edit history]

For UDP, both sides just need to send a packet to each other to establish a "connect" through the NAT.

The TCP state machine does allow for a simultaneous open, where both sides send a SYN packet. I think it might be prone to some form of race condition, but it's something I've been wanting to try for some time. Given A, B and S, you have:

A opens connection to S, sends port it will listen on
B opens connection to S, sends port it will listen on
S sends B's public address and port to A
S sends A's public address and port to B
A connects to B/B connects to A

In theory, the simultaneous open should work.