为NAT后面的客户端创建Tcp连接 [英] Create Tcp connection for clients behind NAT

问题描述

在Linux，Windows OS上，有哪些软件库可用于此类任务?

Which software libraries does exist for such task for Linux, Windows OS?

在RFC中是否存在一些信息，人们应该怎么做?

Does it exist some info in RFC how people should do it?

我很有趣如何为该软件的此处显示的C ++项目创建功能: https://secure.logmein.com/ru/products/hamachi/download.aspx

I'm interesting how can I create functionality for my C++ project like presented here in that software: https://secure.logmein.com/ru/products/hamachi/download.aspx

推荐答案

如果您要通过TURN中继服务器建立连接，则没有太大区别.唯一的区别是TCP和UDP如何创建连接，而没有其他内容.

There is not much difference if you want to make a connection through TURN relay server. The only difference is how TCP and UDP creates connection and nothing else.

要建立P2P连接，有一些大差异.

如果您在同一网络中(在同一NAT之后):在UDP中，您向对等候选人发送了一个眩晕绑定请求，然后如果您收到响应，那么您就知道已经连接了.与TCP相同，您必须在一侧创建一个主动套接字，在另一侧创建一个被动套接字.然后从主动套接字发送syn并从被动套接字接收它，然后将syn ack发送到主动套接字.然后活动套接字发送一个ack并建立连接.

If you are in same network(behind same NAT): In UDP you send a stun binding request to your peer candidate and then if you get a response back then you know you are connected. Same in TCP you have to create one active socket on one side and one passive socket on another. And then send syn from active socket and receive it from passive socket and then send syn ack to the active socket. And then active socket send an ack and the connection is established.

如果您位于不同的网络(位于不同的NAT之后)::您必须使用TCP穿孔技术来建立连接.因为您的NAT不允许TCP syn数据包通过，如果以前没有任何数据包发送到syn来源的地址.

If you are in different Network(behind different NAT): You have to employ TCP hole punching technique for making a connection. Because your NAT won't allow a TCP syn packet through if previously no packet was sent to the address the syn is coming from.

TCP打孔的详细信息:

您必须使用TCP同时打开套接字.此套接字在主动和被动模式下均起作用.两端都需要彼此了解私有和公共IP:Port. TCP同时打开将发生以下情况:

You have to use a TCP simultaneous open socket. This socket acts in both active and passive mode. Both end needs to know each others private and public IP:Port. TCP simultaneous open will happen as follows:

1)对等体A不断向对等体B发送SYN 对等B不断向对等A发送SYN

1) Peer A keeps sending SYN to Peer B Peer B keeps sending SYN to Peer A

2)当NAT-a从对等方A接收到传出SYN时，它将在其状态机中创建一个映射. 当NAT-b从对等B接收到传出SYN时，它将在其状态机中创建一个映射.

2) When NAT-a receives the outgoing SYN from Peer A, it creates a mapping in its state machine. When NAT-b receives the outgoing SYN from Peer B, it creates a mapping in its state machine.

3)两个SYN都沿着网络路径穿越某个地方，然后:

3) Both SYN cross somewhere along the network path, then:

对等体A的SYN到达NAT-b，对等体B的SYN到达NAT-a 根据这些事件的时间安排(SYN在网络中的哪个位置)， 至少一个NAT将让传入的SYN通过，并将其映射到内部目标对等点

SYN from Peer A reaches NAT-b, SYN from Peer B reaches NAT-a Depending on the timing of these events (where in the network the SYN cross), at least one of the NAT will let the incoming SYN through, and map it to the internal destination peer

4)接收到SYN后，对等方会发回SYN + ACK并建立连接.

4) Upon receipt of the SYN, the peer sends a SYN+ACK back and the connection is established.

来自 WIKI .

还可以从此处了解有关TCP同时打开连接的信息.要了解NAT过滤行为，请参阅以下

Also to learn about TCP simultaneous open connection read from here. To learn about NAT filtering behavior see this answer.

这篇关于为NAT后面的客户端创建Tcp连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！