UDP Server to client communication - UDP being stateless, how to by-pass router?

Question

In a recent series of question I have asked alot about UDP, boost::asio and c++ in general.

My latest question, which doesn't seem to have an answer here at Stackoverflow, is this:

In a client/server application, it is quite okay to require that the server open a port in any firewall, so that messages are allowed in. However, doing the same for clients is definately not a great user experience.

TCP-connections typically achieve this due to the fact that most routers support stateful packet inspection, allowing response packets through if the original request originated from the local host.

It is not quite clear to me how this would work with UDP, since UDP is stateless, and there is no such thing as "response packets" (to my knowledge). How should I account for this in my client application?

Thanks for any answers!

Answer 1

UDP itself is stateless, but the firewall typically is not. The convention on UDP is that if a request goes out from client:port_A to server:port_B, then the response will come back from server:port_B to client:port_A.

The firewall can take advantage of this. If it sees a UDP request go out from the client, it adds an entry to its state table that lets it recognise the response(s), to allow them in. Because UDP is stateless and has no indication of connection termination, the firewall will typically implement a timeout - if no traffic occurs between that UDP address pair for a certain amount of time, the association in the firewall's state table is removed.

So - to take advantage of this in your client application, simply ensure that your server sends responses back from the same port that it uses to receive the requests.