Negotiate connection to peers behind firewalls (using glia hole-punching API)

[mrausch]

See:

• http://en.wikipedia.org/wiki/UDP_hole_punching
• http://www.heise-online.co.uk/security/How-Skype-Co-get-round-firewalls--/features/82481
• http://stackoverflow.com/questions/8892142/udp-hole-punching-algorithm
• https://gist.github.com/koenbollen/464613

see https://github.com/ciex/glia/issues/22

[cafca]

Algorithm

Let A and B be the two hosts, each in its own private network; N1 and N2 are the two NAT devices with globally reachable IP addresses P1 and P2 respectively; S is a public server with a well-known globally reachable IP address.

1. A and B each begin a UDP conversation with S; the NAT devices N1 and N2 create UDP translation states and assign temporary external port numbers
2. S examines the UDP packet to see if the source port used by A and B match what is actually received (otherwise, N1 or N2 must be performing port randomization thus making hole punching more difficult)
3. If ports were not randomized, A and B select ports X and Y respectively and advise S of these ports; S then tells A to send a UDP packet to P2:Y and B to connect to P1:X
4. A and B contact each other's NAT devices directly.
   • If ports were randomized, it may be possible for A to contact B through the source port received by S as long as port randomization is not performed by B on a per-outbound host basis.
   • On some routers where port randomization is performed on a per-outbound host basis, the ports are not randomly selected, but actually sequential, making it possible to establish a conversation through guessing nearby ports.

Source: http://en.wikipedia.org/wiki/UDP_hole_punching#Algorithm

[cafca]

Test NAT devices for hole punching abilities http://nattest.net.in.tum.de/test.php

[cafca]

http://stackoverflow.com/questions/8523330/programming-p2p-application/8524609#8524609