为 NAT 后面的客户端创建 Tcp 连接 [英] Create Tcp connection for clients behind NAT
问题描述
对于 Linux 和 Windows 操作系统,有哪些软件库可用于此类任务?
Which software libraries does exist for such task for Linux, Windows OS?
RFC 中是否存在人们应该如何做的一些信息?
Does it exist some info in RFC how people should do it?
我很感兴趣如何为我的 C++ 项目创建功能,如该软件中所示:https://secure.logmein.com/ru/products/hamachi/download.aspx
I'm interesting how can I create functionality for my C++ project like presented here in that software: https://secure.logmein.com/ru/products/hamachi/download.aspx
推荐答案
如果你想通过 TURN 中继服务器建立连接,没有太大区别.唯一的区别是 TCP 和 UDP 创建连接的方式,而不是其他任何东西.
There is not much difference if you want to make a connection through TURN relay server. The only difference is how TCP and UDP creates connection and nothing else.
如果你想建立 P2P 连接,有一些很大的不同.
如果您在同一个网络中(在同一个 NAT 后面):在 UDP 中,您向对等候选人发送一个 stun 绑定请求,然后如果您收到回复,则您知道您已连接.同样在 TCP 中,您必须在一侧创建一个主动套接字,在另一侧创建一个被动套接字.然后从主动套接字发送syn并从被动套接字接收它,然后将syn ack发送到主动套接字.然后主动套接字发送一个确认并建立连接.
If you are in same network(behind same NAT): In UDP you send a stun binding request to your peer candidate and then if you get a response back then you know you are connected. Same in TCP you have to create one active socket on one side and one passive socket on another. And then send syn from active socket and receive it from passive socket and then send syn ack to the active socket. And then active socket send an ack and the connection is established.
如果你在不同的网络(在不同的 NAT 后面): 你必须使用 TCP 打孔技术来建立连接.因为如果之前没有数据包发送到 Syn 来自的地址,您的 NAT 将不允许 TCP 同步数据包通过.
If you are in different Network(behind different NAT): You have to employ TCP hole punching technique for making a connection. Because your NAT won't allow a TCP syn packet through if previously no packet was sent to the address the syn is coming from.
TCP打孔细节:
您必须使用 TCP 同时打开的套接字.此套接字以主动和被动模式运行.两端都需要知道彼此的私有和公共 IP:端口.TCP 同时打开会发生如下:
You have to use a TCP simultaneous open socket. This socket acts in both active and passive mode. Both end needs to know each others private and public IP:Port. TCP simultaneous open will happen as follows:
Peer A 不断向 Peer B 发送 SYNPeer B 不断向 Peer A 发送 SYN
Peer A keeps sending SYN to Peer B Peer B keeps sending SYN to Peer A
当 NAT-a 收到来自 Peer A 的传出 SYN 时,它会在其状态机中创建一个映射.当 NAT-b 收到来自 Peer B 的传出 SYN 时,它会在其状态机中创建一个映射.
When NAT-a receives the outgoing SYN from Peer A, it creates a mapping in its state machine. When NAT-b receives the outgoing SYN from Peer B, it creates a mapping in its state machine.
两个 SYN 都沿着网络路径在某处交叉,然后:
Both SYN cross somewhere along the network path, then:
来自 Peer A 的 SYN 到达 NAT-b,来自 Peer B 的 SYN 到达 NAT-a根据这些事件的时间(SYN 在网络中交叉的地方),至少其中一个 NAT 会让传入的 SYN 通过,并将其映射到内部目标对等方
SYN from Peer A reaches NAT-b, SYN from Peer B reaches NAT-a Depending on the timing of these events (where in the network the SYN cross), at least one of the NAT will let the incoming SYN through, and map it to the internal destination peer
收到 SYN 后,对等方发送回 SYN+ACK 并建立连接.
Upon receipt of the SYN, the peer sends a SYN+ACK back and the connection is established.
来自 WIKI.
还可以从此处了解有关 TCP 同时打开的连接的信息.要了解 NAT 过滤行为,请参阅此 答案.
Also to learn about TCP simultaneous open connection read from here. To learn about NAT filtering behavior see this answer.
这篇关于为 NAT 后面的客户端创建 Tcp 连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
