Flutterby™! : NAT and inbound

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

NAT and inbound

2011-06-13 22:56:29.916054+02 by Dan Lyke 4 comments

Help: Post Skype, I was pretty sure that there now exists a technology that lets a machine behind a NAT firewall allow an inbound connection. Use pattern would be that Machine A publishes its availability to Server S, Machine B gets credential information from Server S and can then initiate a connection from B to A.

Any hints? This is basically what Skype does, and I know I read an article about how they did it at some point, but I'd like to be able to implement something similar.

comments in descending chronological order (reverse):

#Comment Re: made: 2011-06-16 02:10:37.663619+02 by: Dan Lyke

Okay, I'm now digging through the natblaster code to see if that's the right starting point to clean it up, make it cross-platform, and run a server for.

#Comment Re: made: 2011-06-14 02:48:25.190036+02 by: spc476

You're right in that UDP has no session data, but the article you pointed out says as much, and pretty much describes in greater detail what I was getting at.

A normal TCP connection is three way (one side does an active open, the other a passive open). What I'm describing, a simultaneous open, is when both sides do an active open.

#Comment Re: made: 2011-06-14 01:32:06.605808+02 by: JT [edit history]

Here is a nice explanation.

And your explanation is backwards spc, UDP is connectionless and requires no session information, TCP is reliable with a three-way handshake of SYN, SYN/ACK, and ACK which establishes the sequence and acknowledgement numbers for data verification. Here's the rfc outlining TCP, it's a boring but informative read, page 30 is where they talk about the three-way handshake.

#Comment Re: made: 2011-06-14 01:04:53.341206+02 by: spc476 [edit history]

For UDP, both sides just need to send a packet to each other to establish a "connect" through the NAT.

The TCP state machine does allow for a simultaneous open, where both sides send a SYN packet. I think it might be prone to some form of race condition, but it's something I've been wanting to try for some time. Given A, B and S, you have:

A opens connection to S, sends port it will listen on

B opens connection to S, sends port it will listen on

S sends B's public address and port to A

S sends A's public address and port to B

A connects to B/B connects to A

In theory, the simultaneous open should work.

Comment policy

We will not edit your comments. However, we may delete your comments, or cause them to be hidden behind another link, if we feel they detract from the conversation. Commercial plugs are fine, if they are relevant to the conversation, and if you don't try to pretend to be a consumer. Annoying endorsements will be deleted if you're lucky, if you're not a whole bunch of people smarter and more articulate than you will ridicule you, and we will leave such ridicule in place.

Flutterby™ is a trademark claimed by

Dan Lyke
for the web publications at www.flutterby.com and www.flutterby.net.