Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

TCP Hole Punch (NAT Traversal) Library or something?

Tags:

c#

tcp

nat

I want to do TCP Hole Punching (NAT Traversal) in C#. It can be done with a rendezvous server if needed. I found http://sharpstunt.codeplex.com/ but can not get this to work. Ideally i need some method which i give a Port Number (int) as parameter that after a call to this method is available ("Port Forwarded") at the NAT. It would be also OK if the method just returns some port number which is then available at the NAT. Has anybody done this in C# ? Can you give me working examples for sharpstunt or something else?

like image 294
TobiHeidi Avatar asked Mar 14 '10 19:03

TobiHeidi


People also ask

How does NAT hole punching work?

UDP hole punching is one of the most common techniques used to establish UDP connections with systems behind NAT. It is called UDP hole punching because it punches a hole in the firewall of the network which allows a packet from an outside system to successfully reach the desired client on a network using NAT.


1 Answers

In each network scenario, TCP hole punching operates in a similar way to UDP hole punching. For example, if two peers A and B are behind different NATs, each peer’s first SYN packet sent to the other peer opens up a hole associated with its public address in its respective NAT. If A’s first SYN packet to B reaches B’s NAT before B’s first SYN packet to A reaches B’s NAT, B’s NAT considers A’s SYN packet unsolicited and drops it. However, subsequently B’s first SYN packet can travel through A’s NAT successfully because A’s NAT recognises B’s public address as the destination of the outgoing session that A has initiated.

So yes. It's possible to TCP holepunch. I don't see why anyone would think otherwise.

Also, could you not create this type of bahaviour manually? It doesn't need to depend on any specific protocol as long as the steps are the same to gather all of the required information.

In general, TCP hole punching (3.2.1) proceeds as follows:

Clients: A, B Server: S

• A uses its connection with S to ask S for a connection with B. • S replies to A with B’s private and public addresses, and simultaneously sends A’s addresses to B.

• A and B asynchronously make outgoing connection at- tempts (send SYN packets) to each other’s public and private addresses, from the same port that they used to register with S. At the same time, they listen for TCP incoming connection attempts on their local TCP ports.

• A and B wait for a SYN-ACK response to their out- going SYN packets, or an incoming connection request (SYN packet). If a connection fails, the peer can retry it up to a maximum timeout period.

• Once the three-way handshake process has completed, the peers authenticate each other. If the authentica- tion fails, the peers close that connection and wait until another connection is successfully authenticated. The first successfully authenticated connection will be used to transfer TCP data.

(I know this isn't much of an answer but there wasn't enough room for a comment).

like image 103
SilverX Avatar answered Sep 19 '22 16:09

SilverX