search

jselbie / stunserver

Version 1.2. This is the source code to STUNTMAN - an open source STUN server and client code by john selbie. Compliant with the latest RFCs including 5389, 5769, and 5780. Also includes backwards compatibility for RFC 3489. Compiles on Linux, MacOS, BSD, Solaris, and Win32 with Cygwin. Windows binaries avaialble from www.stunprotocol.org.
http://www.stunprotocol.org
Apache License 2.0
1.41k stars 347 forks source link

test questions #46

Closed gengfeipeng closed 2 years ago

gengfeipeng commented 2 years ago

Why the detected filter types are all AddressAndPortDependentFiltering, but the map detection has EndpointIndependentMapping and AddressAndPortDependentMapping types. Is there anything to pay attention to in filter detection?

jselbie commented 2 years ago

The Behavior test measures how predictable the port mapping is with respect to source address (ip and port) to destination address. Most well behaved NATs will have Endpoint Independent Mapping - meaning that the same external port is used to map to the internal ip:port pair regardless of what remote address is used.

Some NAT environments (whether a result of a NAT device or the ISP) are Address and Port dependent mapping - which means the port mapping is difficult to predict. Subsequent P2P or VOIP calls may need a relay server.

The Filtering test measures how open the device can be reached from addresses and ports it did not originally send to. Given that most NATs act as firewalls in addition to the PC having its own local firewall, incoming packets are simply dropped if there was not any corresponding outbound packet sent to the remote address it originated from. Hence, unless you've turned off your PC's firewall and connect it directly to the internet (without a NAT), you are almost guaranteed to have Address and Port Dependent Filtering.

Does that make sense? I can elaborate more if needed.

For what it's worth, I don't find the Behavior and Filtering tests particularly useful for establishing connectivity with another endpoint. They are best used to simply log the NAT type so you can debug the reasons for a failed connectivity failure later.

On Thu, Jan 27, 2022 at 12:50 AM gengfeipeng @.***> wrote:

Why the detected filter types are all AddressAndPortDependentFiltering, but the map detection has EndpointIndependentMapping and AddressAndPortDependentMapping types. Is there anything to pay attention to in filter detection?

— Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/46, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSF2QZPITS4OYZ2I5RXTUYEBONANCNFSM5M5IJQ4Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you are subscribed to this thread.Message ID: @.***>