p2p bypass NAT
///what to do?
A(inside company) connect to cnblogs by http_proxy and post a document with content public_addr, private_addr, and find whether any other clients connect it too.
If find, then try to connect them, and display the information of them
later, user can select another client, and send files or message
///python send file by http
http://stackoverflow.com/questions/68477/send-file-using-post-from-a-python-script
http://stackoverflow.com/questions/150517/send-file-using-post-from-a-python-script
///python using http proxy
# http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection
# import os, urllib
#os.environ["http_proxy"] = "http://proxyserver:3128"
# data = urllib.urlopen("http://www.google.com").read()
# print data
# import urllib2, urllib
# proxy = urllib2.ProxyHandler({'http': 'http://aaants10.aaaex.asmpt.com:80'})
# auth = urllib2.HTTPBasicAuthHandler()
# opener = urllib2.build_opener(proxy, auth, urllib2.HTTPHandler)
# urllib2.install_opener(opener)
# conn = urllib2.urlopen('http://python.org')
# return_str = conn.read()
# print return_str
import urllib2
def get_proxy_opener(proxyurl='http://aaants10.aaaex.asmpt.com:80', proxyuser="aaaex\\aeejshe", proxypass="hejinshou", proxyscheme="http"):
password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
password_mgr.add_password(None, proxyurl, proxyuser, proxypass)
proxy_handler = urllib2.ProxyHandler({proxyscheme: proxyurl})
proxy_auth_handler = urllib2.ProxyBasicAuthHandler(password_mgr)
return urllib2.build_opener(proxy_handler, proxy_auth_handler)
if __name__ == "__main__":
import sys
url_opener = get_proxy_opener()
# print url_opener.open('http://www.google.com').read()
urllib2.install_opener(url_opener)
print urllib2.urlopen('http://www.google.com').read()
#if len(sys.argv) > 4:
#url_opener = get_proxy_opener(*sys.argv[1:4])
#for url in sys.argv[4:]:
# print url_opener.open(url).headers
#else:
# print "Usage:", sys.argv[0], "proxy user pass fetchurls..."
///NAT穿越 NAT traversal
http://zh.wikipedia.org/wiki/NAT%E7%A9%BF%E9%80%8F
兩種常用的NAT穿越技術是:UDP打洞和STUN。除此之外,還有TURN, ICE, ALG,以及SBC。
NAT 穿透技術與 NAT 行為
* Session Traversal Utilities for NAT (STUN)
* Traversal Using Relay NAT (TURN)
* NAT-T Negotiation of NAT-Traversal in the IKE
* Teredo tunneling uses NAT traversal to provide IPv6 connectivity.
* Session Border Controller (SBC)
* UDP打洞(UDP hole punching)
* TCP打洞(TCP hole punching)
[編輯] NAT 穿透基於 NAT 控制
* Realm-Specific IP (RSIP)
* Middlebox Communications (MIDCOM)
* SOCKS
* NAT Port Mapping Protocol (NAT PMP)
* Internet Gateway Device (IGD) Protocol, defined by the Universal Plug and Play (UPnP) Forum.
* Application Layer Gateway (ALG)
[編輯] NAT 穿透整合技術
* Interactive Connectivity Establishment (ICE)
UDP打洞 udp hole punching
這項技術需要一個完全圓錐型NAT (Full-cone NAT, also known as one-to-one NAT) 設備才能夠正常工作。受限圓錐型NAT和對稱型NAT都不能使用這項技術。
這項技術在P2P軟體和VoIP電話領域被廣泛採用。它是Skype用以繞過防火牆和NAT設備的技術之一。
假設有兩台分別處於各自的私有網路中的主機:A和B;N1和N2是兩個NAT設備;S是一個使用了一個眾所周知的、從全球任何地方都能訪問得到的IP位址的公共伺服器
步驟一:A和B分別和S建立UDP連接;NAT設備N1和N2創建UDP轉換狀態並分配臨時的外部埠號
步驟二:S將這些埠號傳回A和B
步驟三:A和B通過轉換好的埠直接聯繫到對方的NAT設備;NAT設備則利用先前創建的轉換狀態將分組發往A和B
XSTUNT 函式庫(C/C++ TCP 穿透 NAT 函式庫)
http://www.cis.nctu.edu.tw/~gis87577/xDreaming/XSTUNT/index_chinese.html
blogs
http://javascript.iteye.com/blog/151463
source codes
http://www.cnblogs.com/yrh2847189/archive/2007/06/20/790013.html
http://blog.csdn.net/markman101/archive/2010/08/31/5853703.aspx
https://gist.github.com/224795
#!/usr/bin/env python
#
# udp_hole_punch_tester.py - UDP Hole Punching test tool
#
# Usage: udp_hole_punch_tester.py remote_host remote_port
#
# Run this script simultaneously on 2 hosts to test if they can punch
# a UDP hole to each other.
#
# * remote_port should be identical on 2 hosts.
# * if remote_port < 1024, must be root.
# * tested on python 2.5.
#
# Copyright (C) 2009 Dmitriy Samovskiy, http://somic.org
#
# License: Apache License, Version 2.0
# http://www.apache.org/licenses/
#
import sys, os, time, socket, random
from select import select
def log(*args):
print time.asctime(), ' '.join([str(x) for x in args])
def puncher(remote_host, port):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind(('', port))
my_token = str(random.random())
log("my_token =", my_token)
remote_token = "_"
sock.setblocking(0)
sock.settimeout(5)
remote_knows_our_token = False
for i in range(60):
r,w,x = select([sock], [sock], [], 0)
if remote_token != "_" and remote_knows_our_token:
log("we are done - hole was punched from both ends")
break
if r:
data, addr = sock.recvfrom(1024)
log("recv:", data)
if remote_token == "_":
remote_token = data.split()[0]
log("remote_token is now", remote_token)
if len(data.split()) == 3:
log("remote end signals it knows our token")
remote_knows_our_token = True
if w:
data = "%s %s" % (my_token, remote_token)
if remote_token != "_": data += " ok"
log("sending:", data)
sock.sendto(data, (remote_host, port))
log("sent", i)
time.sleep(0.5)
log("done")
sock.close()
return remote_token != "_"
if __name__ == '__main__':
remote_host = sys.argv[1]
port = int(sys.argv[2])
if puncher(remote_host, port):
log("Punched UDP hole to %s:%d successfully" % (remote_host, port))
else:
log("Failed to punch hole")
A(inside company) connect to cnblogs by http_proxy and post a document with content public_addr, private_addr, and find whether any other clients connect it too.
If find, then try to connect them, and display the information of them
later, user can select another client, and send files or message
///python send file by http
http://stackoverflow.com/questions/68477/send-file-using-post-from-a-python-script
http://stackoverflow.com/questions/150517/send-file-using-post-from-a-python-script
///python using http proxy
# http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection
# import os, urllib
#os.environ["http_proxy"] = "http://proxyserver:3128"
# data = urllib.urlopen("http://www.google.com").read()
# print data
# import urllib2, urllib
# proxy = urllib2.ProxyHandler({'http': 'http://aaants10.aaaex.asmpt.com:80'})
# auth = urllib2.HTTPBasicAuthHandler()
# opener = urllib2.build_opener(proxy, auth, urllib2.HTTPHandler)
# urllib2.install_opener(opener)
# conn = urllib2.urlopen('http://python.org')
# return_str = conn.read()
# print return_str
import urllib2
def get_proxy_opener(proxyurl='http://aaants10.aaaex.asmpt.com:80', proxyuser="aaaex\\aeejshe", proxypass="hejinshou", proxyscheme="http"):
password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
password_mgr.add_password(None, proxyurl, proxyuser, proxypass)
proxy_handler = urllib2.ProxyHandler({proxyscheme: proxyurl})
proxy_auth_handler = urllib2.ProxyBasicAuthHandler(password_mgr)
return urllib2.build_opener(proxy_handler, proxy_auth_handler)
if __name__ == "__main__":
import sys
url_opener = get_proxy_opener()
# print url_opener.open('http://www.google.com').read()
urllib2.install_opener(url_opener)
print urllib2.urlopen('http://www.google.com').read()
#if len(sys.argv) > 4:
#url_opener = get_proxy_opener(*sys.argv[1:4])
#for url in sys.argv[4:]:
# print url_opener.open(url).headers
#else:
# print "Usage:", sys.argv[0], "proxy user pass fetchurls..."
///NAT穿越 NAT traversal
http://zh.wikipedia.org/wiki/NAT%E7%A9%BF%E9%80%8F
兩種常用的NAT穿越技術是:UDP打洞和STUN。除此之外,還有TURN, ICE, ALG,以及SBC。
NAT 穿透技術與 NAT 行為
* Session Traversal Utilities for NAT (STUN)
* Traversal Using Relay NAT (TURN)
* NAT-T Negotiation of NAT-Traversal in the IKE
* Teredo tunneling uses NAT traversal to provide IPv6 connectivity.
* Session Border Controller (SBC)
* UDP打洞(UDP hole punching)
* TCP打洞(TCP hole punching)
[編輯] NAT 穿透基於 NAT 控制
* Realm-Specific IP (RSIP)
* Middlebox Communications (MIDCOM)
* SOCKS
* NAT Port Mapping Protocol (NAT PMP)
* Internet Gateway Device (IGD) Protocol, defined by the Universal Plug and Play (UPnP) Forum.
* Application Layer Gateway (ALG)
[編輯] NAT 穿透整合技術
* Interactive Connectivity Establishment (ICE)
UDP打洞 udp hole punching
這項技術需要一個完全圓錐型NAT (Full-cone NAT, also known as one-to-one NAT) 設備才能夠正常工作。受限圓錐型NAT和對稱型NAT都不能使用這項技術。
這項技術在P2P軟體和VoIP電話領域被廣泛採用。它是Skype用以繞過防火牆和NAT設備的技術之一。
假設有兩台分別處於各自的私有網路中的主機:A和B;N1和N2是兩個NAT設備;S是一個使用了一個眾所周知的、從全球任何地方都能訪問得到的IP位址的公共伺服器
步驟一:A和B分別和S建立UDP連接;NAT設備N1和N2創建UDP轉換狀態並分配臨時的外部埠號
步驟二:S將這些埠號傳回A和B
步驟三:A和B通過轉換好的埠直接聯繫到對方的NAT設備;NAT設備則利用先前創建的轉換狀態將分組發往A和B
XSTUNT 函式庫(C/C++ TCP 穿透 NAT 函式庫)
http://www.cis.nctu.edu.tw/~gis87577/xDreaming/XSTUNT/index_chinese.html
blogs
http://javascript.iteye.com/blog/151463
source codes
http://www.cnblogs.com/yrh2847189/archive/2007/06/20/790013.html
http://blog.csdn.net/markman101/archive/2010/08/31/5853703.aspx
https://gist.github.com/224795
#!/usr/bin/env python
#
# udp_hole_punch_tester.py - UDP Hole Punching test tool
#
# Usage: udp_hole_punch_tester.py remote_host remote_port
#
# Run this script simultaneously on 2 hosts to test if they can punch
# a UDP hole to each other.
#
# * remote_port should be identical on 2 hosts.
# * if remote_port < 1024, must be root.
# * tested on python 2.5.
#
# Copyright (C) 2009 Dmitriy Samovskiy, http://somic.org
#
# License: Apache License, Version 2.0
# http://www.apache.org/licenses/
#
import sys, os, time, socket, random
from select import select
def log(*args):
print time.asctime(), ' '.join([str(x) for x in args])
def puncher(remote_host, port):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind(('', port))
my_token = str(random.random())
log("my_token =", my_token)
remote_token = "_"
sock.setblocking(0)
sock.settimeout(5)
remote_knows_our_token = False
for i in range(60):
r,w,x = select([sock], [sock], [], 0)
if remote_token != "_" and remote_knows_our_token:
log("we are done - hole was punched from both ends")
break
if r:
data, addr = sock.recvfrom(1024)
log("recv:", data)
if remote_token == "_":
remote_token = data.split()[0]
log("remote_token is now", remote_token)
if len(data.split()) == 3:
log("remote end signals it knows our token")
remote_knows_our_token = True
if w:
data = "%s %s" % (my_token, remote_token)
if remote_token != "_": data += " ok"
log("sending:", data)
sock.sendto(data, (remote_host, port))
log("sent", i)
time.sleep(0.5)
log("done")
sock.close()
return remote_token != "_"
if __name__ == '__main__':
remote_host = sys.argv[1]
port = int(sys.argv[2])
if puncher(remote_host, port):
log("Punched UDP hole to %s:%d successfully" % (remote_host, port))
else:
log("Failed to punch hole")
tcp穿透nat
http://nutss.gforge.cis.cornell.edu//jstunt-examples.php
Echo Server and Echo Client
Download and install Java 1.5.0 or later
Download the JAR package that contains the STUNT library and example server/client applications.
The source code for the sample applications is at EchoServer.java and EchoClient.java.
Start the server, on a host behind a NAT, by executing: java -cp stunt.jar EchoServer you@your.domain.com
Connect the client to your echoserver by executing: java -cp stunt.jar EchoClient you@your.domain.com
To connect to the Cornell EchoServer, use echo@nutss.net as the destination when starting the client.
If everything goes well, you'll see something along the lines of: Server: Accepted saikat930@ed.u.cs.cornell.edu, and Client: Greetings saikat930@ed.u.cs.cornell.edu, this is the EchoServer at echo@nutss.net. Now you say something.
You'll be able to type lines at the Client's console and have them be echoed by the server when you press enter.
The library takes between 200ms to 1 second to connect, but slow DNS (sometimes due to the NAT) can increase the connection time by a bit.
Hi all,
(apologies if you get multiple copies of this)
I am pleased to announce the availability of our open-source TCP NAT
Traversal/Hole-Punching library based on our research published in [1].
[1] "Characterization and Measurement of TCP Traversal through NATs
and Firewalls", S. Guha and P. Francis. IMC 2005.
http://nutss.net/pub/imc05-tcpnat.pdf
The key result of the paper is: TCP NAT traversal can work 85%-90% of
the time today (without any special assumptions about NATs), and 100% of
the time between pairs of certain popular, well-behaved NATs. See [1]
for more details.
An open-source Java library for TCP NAT Traversal is now available:
webpage: http://nutss.net/stunt.php
faq: http://nutss.net/jstunt-faq.php
library and example: http://nutss.net/jstunt-examples.php
The above library has been tested for pair-wise connectivity across 11
brands of NATs from Windows and Linux hosts. NATs tested were Linksys,
DLink, Netgear, Belkin, 3Com, Netopia, Allied Telesyn, SMC, Trendnet,
USR, Buffalo Tech. Out of the 121 possible pair-wise combinations, 113
connections are successful. The only ones that failed are when both the
endpoints are behind the _same_ NAT device that does not support TCP
hairpin-behavior yet (see [1]).
The java library is released under LGPL; contact me if this does not
meet your needs. Feel free to extend it/port it etc.
Q: I am a P2P developer/researcher. How does this help me?
A: The library adds TCP NAT traversal out-of-the-box. This increases the
connectivity in your P2P network since two users behind their NATs can
now exchange data without having to go through an intermediary node. You
can:
- Use this library as is (for development of P2P software, research,
small deployments, etc in java)
- Study it to provide TCP NAT Traversal in your existing P2P
applications in your language of choice.
- etc.
If you have any questions, comments, suggestions, or problems, do not
hesitate to contact me. Cheers,
--
Saikat
Attachment: signature.asc
Description: This is a digitally signed message part
http://nutss.gforge.cis.cornell.edu//jstunt-examples.php
Echo Server and Echo Client
Download and install Java 1.5.0 or later
Download the JAR package that contains the STUNT library and example server/client applications.
The source code for the sample applications is at EchoServer.java and EchoClient.java.
Start the server, on a host behind a NAT, by executing: java -cp stunt.jar EchoServer you@your.domain.com
Connect the client to your echoserver by executing: java -cp stunt.jar EchoClient you@your.domain.com
To connect to the Cornell EchoServer, use echo@nutss.net as the destination when starting the client.
If everything goes well, you'll see something along the lines of: Server: Accepted saikat930@ed.u.cs.cornell.edu, and Client: Greetings saikat930@ed.u.cs.cornell.edu, this is the EchoServer at echo@nutss.net. Now you say something.
You'll be able to type lines at the Client's console and have them be echoed by the server when you press enter.
The library takes between 200ms to 1 second to connect, but slow DNS (sometimes due to the NAT) can increase the connection time by a bit.
Hi all,
(apologies if you get multiple copies of this)
I am pleased to announce the availability of our open-source TCP NAT
Traversal/Hole-Punching library based on our research published in [1].
[1] "Characterization and Measurement of TCP Traversal through NATs
and Firewalls", S. Guha and P. Francis. IMC 2005.
http://nutss.net/pub/imc05-tcpnat.pdf
The key result of the paper is: TCP NAT traversal can work 85%-90% of
the time today (without any special assumptions about NATs), and 100% of
the time between pairs of certain popular, well-behaved NATs. See [1]
for more details.
An open-source Java library for TCP NAT Traversal is now available:
webpage: http://nutss.net/stunt.php
faq: http://nutss.net/jstunt-faq.php
library and example: http://nutss.net/jstunt-examples.php
The above library has been tested for pair-wise connectivity across 11
brands of NATs from Windows and Linux hosts. NATs tested were Linksys,
DLink, Netgear, Belkin, 3Com, Netopia, Allied Telesyn, SMC, Trendnet,
USR, Buffalo Tech. Out of the 121 possible pair-wise combinations, 113
connections are successful. The only ones that failed are when both the
endpoints are behind the _same_ NAT device that does not support TCP
hairpin-behavior yet (see [1]).
The java library is released under LGPL; contact me if this does not
meet your needs. Feel free to extend it/port it etc.
Q: I am a P2P developer/researcher. How does this help me?
A: The library adds TCP NAT traversal out-of-the-box. This increases the
connectivity in your P2P network since two users behind their NATs can
now exchange data without having to go through an intermediary node. You
can:
- Use this library as is (for development of P2P software, research,
small deployments, etc in java)
- Study it to provide TCP NAT Traversal in your existing P2P
applications in your language of choice.
- etc.
If you have any questions, comments, suggestions, or problems, do not
hesitate to contact me. Cheers,
--
Saikat
Attachment: signature.asc
Description: This is a digitally signed message part