udp hole punch and port restricted cone NAT

StackOverflow https://stackoverflow.com/questions/7992741

  •  20-02-2021
  •  | 
  •  

Question

I would like to understand how udp hole punching works when two hosts each behind the port restricted cone NAT establish connection.

As I understood, it happens in several stages and involves three hosts.

Host A and host B are behind the port restricted cone NAT.

Host C is a server that can receive packets from the hosts A and B.

  1. A sends a packet to C.
  2. C receives packet from A and determines A's external address:port pair
  3. B sends a packet to C.
  4. C receives packet from B and determines B's external address:port pair
  5. C sends the external address:port of B to A
  6. C sends the external address:port of A to B
  7. A sends packet_1 to B's external address
  8. B sends packet_2 to A's external address

The questions are:

How can A behind the restricted cone NAT receive a packet from B which is also behind the restricted cone NAT?

The port restricted cone NAT do not allow packets, in which the source address:port pair does not match the destination address:port pair of packets sent by it, to be received. Why do other packets sent between A and B arrive to A and to B?

Is it because the port restricted cone NAT considers packet_2 as the response from B?

So packet_1 will be lost but packet_2 arrives to B. Am I right?

Thank you in advance.

Était-ce utile?

La solution

FYI, here's a paper that addresses your questions and provides a detailed overview of NAT. A pdf version is available here.

Autres conseils

First, restricted cone nat means if A talks to C, B cannot use the hole punched between A and C to communicate with A assuming B is not behind the nat. Meaning, nat traversal does not work in this case.

How can A behind the resctricted cone NAT receive a packet from B which is also behind the restricted cone NAT?

In this case, it is a different situation, called hairpin condition. In other words, can B behind the nat use A's translated address from behind the nat? Some nats handle this case properly, others don't.

In your case, even if your nat handles hairpin conditions properly, B's packets won't be forwarded because of 'restricted cone'. So, the result is the same.

Why do other packets sendeded between A and B arrive to A and to B?

They won't in your case.

A sends packet_1 to B's external address
B sends packet_2 to A's external address


How can A behind the restricted cone NAT receive a packet from B which is also behind the restricted cone NAT?

Is it because the port restricted cone NAT considers packet_2 as the response from B?

So packet_1 will be lost but packet_2 arrives to B. Am I right?

You're absolutely right, please read about how skype works, it's what you looking for

I've written one: PyPunchP2P. See if someone can make use of it.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top