UDP打孔算法 [英] UDP Hole Punching Algorithm

问题描述

谁能举一个UDP打孔的例子?

Can anyone give an example of a UDP Hole Punching ?

其实我想写一个聊天程序，大家知道对方IP的时候就可以聊天了.但是这两台机器都将位于防火墙路由器后面.所以，我需要打个洞才能沟通.

Actually, I want to write a chat program with which people can chat when they know each other's IP. But both the machines will be behind a firewalled router. So, I need to punch a hole in order to communicate.

我想要一个这样的函数，在调用该函数时，会打出一个洞，未来的通信会很容易进行——如果这不是太多要求的话:)

I would like a function such that on calling the function, a hole would have been punched and future communications would move on easily - if that's not too much to ask for :)

推荐答案

简短的回答:不能可靠地完成.

Short Answer: it can't be done reliably.

长答案:

打孔"是指触发路由器的自动 NAT 规则以允许入站流量.当您发送 UDP 数据包时，路由器(通常)会创建一个临时规则，将您的源地址和端口映射到目标地址和端口，反之亦然.从目标地址和端口(没有其他)返回的 UDP 数据包被传递到原始源地址和端口(没有其他).此规则将在几分钟不活动后超时.

"Hole Punching" refers to triggering automatic NAT rules of a router in order to allow inbound traffic. When you send a UDP packet out, the router (usually) creates a temporary rule mapping your source address and port to the destination address and port, and vice versa. UDP packets returning from the destination address and port (and no other) are passed through to the original source address and port (and no other). This rule will timeout after some minutes of inactivity.

当两个端点都位于 NAT 或防火墙之后时，要使其工作，这需要两个端点大约同时向彼此发送数据包.这意味着双方需要知道彼此的公共 IP 地址和端口号，并且需要通过其他方式将这些信息相互通信.

Getting this to work when both end-points are behind NATs or firewalls would require that both end-points send packets to each-other at about the same time. This means that both sides need to know each-other's public IP addresses and port numbers and need to communicate this to each-other by some other means.

如果程序位于 NAT 之后，则无法直接确定自己的公共 IP 地址(它只会看到其私有地址，例如 192.168.x.x).但是由于您假设所涉及的人知道彼此的 IP 地址，因此这些人只需输入对方的地址即可.

There is no way for a program to directly determine its own public IP address if it is behind an NAT (it will only see its private address, such as 192.168.x.x). But since you are assuming that the humans involved know each-other's IP addresses, those humans can just type in the other's address.

但真正的问题是，程序也无法直接确定路由器在公共端使用的端口号.您的程序可能绑定到本地计算机上的 12345，但路由器可以将其映射到公共端的几乎任何端口.(想象一下您本地网络上的两台计算机都从端口 12345 发送出去，显然路由器必须将其中一台映射到不同的号码.)因此，即使您和人类可能知道您绑定到的本地端口号，也有无法知道路由器将向全世界显示的端口号.

But the real catch is that there is also no way for a program to directly determine what port number the router is using on the public side. Your program may be bound to 12345 on the local machine, but the router can map that to almost any port on the public side. (Imagine two computers on your local network both sending out from port 12345, obviously the router will have to map one of them to a different number.) So even though you and the humans may know what local port number you are bound to, there's no way to know what port number the router will show to the world.

这篇关于UDP打孔算法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！