TCP hole punching

TCP hole punching

NAT traversal through TCP hole punching is a method for establishing bidirectional TCP connections between Internet hosts in private networks using NAT. It does not work with all types of NATs as their behavior is not standardized.

Consider:=Network Drawing= iHostA <-..-> Na <- .. eHostX .. -> Nb <-..-> iHostB


iHostA = Internal Host at site A iHostB = Internal Host at site B Na = Nat Router at site A Nb = Nat Router at site B

The inventors of NATBlaster distinguished 6 cases described as (iHostA port allocation, iHostB port allocation, Loose Source Routing available)

=Cases=
* Case 1: (predictable, predictable, LSR)
* Case 2: (predictable, predictable, no LSR)
* Case 3: (random, predictable, LSR)
* Case 4: (random, predictable, no LSR)
* Case 5: (random, random, LSR)
* Case 6: (random, random, no LSR)

Cases 2 and 4 were implemented, with case2 as reported reliable openings, and case4 as reported with high probability.The LSR situations (case1,3,5) were not implemented because Loose Source Routing is most of the time blocked by Internet routers.Case 6 was not implemented and could only be solved by port-scanning methods (a costly 4,161,669,121 combinations to try!).

Luckily most p2p connections are of case2 or case4.

=Techniques=
*Port Prediction
*Seq + Ack numbers negotiation
*Low TTL Value determination

Methods of port Prediction

* Two sequential internal port allocation connections from A to X are received sequential by X. Hence predictable by X.
* Consistent translation is found when 2 connections from A to X are send from same internal portA and different ports on X. If X sees same external portA in both connections the translation is considered consistent, and also predictable by X.

eq + Ack numbers negotiation

Because both parties are connection TO each other (e.g 2 x CONNECT(), no LISTEN(), ACCEPT(), etc) to generate OUTBOUND traffic there is however a problem with:
* TCP Sequence numbers
* Acknowledgment numbers

The required state is just like after the three-way-handshake: Each host must have an acknowledge number = other sequence number + 1.This is achieved through Sequence and Acknowledgement Number coordination.

Low TTL Value determination

As some packets (syn, rst) MUST not receive the other host, as it would corrupt the connection setup in progress, we need to apply a trick with the TTL values.The Low TTL value is used to generate outbound packets that will open up the NAT, but will never reach the other host.

The Low TTL is calculated as follow:
* Send SYN with TTL of i=1
** Wait for ICMP TTL Exceed message
* i=i+1, loop....
*** Until ICMP Exceed messages are no longer received. The own NAT host has been traversed. LOW TTL Value = i+1
*** If the NAT host supports ICMP Exceed messages to internal hosts, the RST reply from buddy can be inspected. LOW TTL Value = i - 1

=OS Support=
* Setting LOW TTL Value with setsockopt() using IP_TTL option
* Socket options must not be persistent: After successful connection, seq + ack number negotiation, the TTL value must be normalized with setsockopt() again.
* Standard berkely socket library.
* Sniffing thread on the wire for SYN sequence numbers

=See also=
* NUTSS (Relies on spoofing packets!)
* Hole punching
* UDP hole punching

=External links=
* [http://midcom-p2p.sourceforge.net. Natcheck]
* [http://natblaster.sourceforge.net/ NATBlaster]


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Hole punching — is a computer networking technique for establishing communications between two parties in separate organizations who are both behind restrictive firewalls. Used for applications such as online gaming, P2P and VoIP, both clients establish a… …   Wikipedia

  • UDP hole punching — In computing, UDP hole punching refers to a commonly used NAT traversal technique.DescriptionNAT traversal through UDP hole punching is a method for establishing bidirectional UDP connections between Internet hosts in private networks using NAT.… …   Wikipedia

  • NAT traversal — is a general term for techniques that establish and maintain Internet protocol connections traversing network address translation (NAT) gateways. Network address translation breaks end to end connectivity. Intercepting and modifying traffic can… …   Wikipedia

  • Network address translation — NAT redirects here. For other uses, see Nat (disambiguation). In computer networking, network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device. The… …   Wikipedia

  • Tunnel (Netzwerktechnik) — Tunnel bzw. Tunneling bezeichnet den Gebrauch des Kommunikationsprotokolls eines Netzwerkdienstes als Transportmittel für Daten, die nicht zu diesem Dienst gehören. Die Tunnelsoftware wird sowohl auf dem Client als auch auf dem Server benötigt… …   Deutsch Wikipedia

  • Tunneling — Tunnel bzw. Tunneling bezeichnet den Gebrauch des Kommunikationsprotokolls eines Netzwerkdienstes als Transportmittel für Daten, die nicht zu diesem Dienst gehören. Die Tunnelsoftware wird sowohl auf dem Client als auch auf dem Server benötigt… …   Deutsch Wikipedia

  • VPN-Tunnel — Tunnel bzw. Tunneling bezeichnet den Gebrauch des Kommunikationsprotokolls eines Netzwerkdienstes als Transportmittel für Daten, die nicht zu diesem Dienst gehören. Die Tunnelsoftware wird sowohl auf dem Client als auch auf dem Server benötigt… …   Deutsch Wikipedia

  • Stateful Packet Inspection — Unter Stateful Packet Inspection (SPI), deutsche Bezeichnung Zustandsorientierte Paketüberprüfung , versteht man eine dynamische Paketfiltertechnik, bei der jedes Datenpaket einer bestimmten aktiven Session zugeordnet wird. Die Datenpakete werden …   Deutsch Wikipedia

  • Tunnel (Rechnernetz) — Tunnel bzw. Tunneling bezeichnet in einem Netzwerk die Konvertierung und Übertragung eines Kommunikationsprotokolls, das für den Transport in ein anderes Kommunikationsprotokoll eingebettet wird. Vor und hinter den Tunnelpartnern wird somit das… …   Deutsch Wikipedia

  • OpenVPN — ‎ Original author(s) James Yonan Developer(s) OpenVPN project / OpenVPN Technologies, Inc. Initial release 1.1.0 / April 10, 2002 …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”