CN114500062A - NAT traversal method, device, electronic equipment and storage medium - Google Patents
NAT traversal method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114500062A CN114500062A CN202210113988.7A CN202210113988A CN114500062A CN 114500062 A CN114500062 A CN 114500062A CN 202210113988 A CN202210113988 A CN 202210113988A CN 114500062 A CN114500062 A CN 114500062A
- Authority
- CN
- China
- Prior art keywords
- communication
- equipment
- terminal
- association information
- opposite
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 99
- 238000004891 communication Methods 0.000 claims abstract description 662
- 238000013519 translation Methods 0.000 claims abstract description 3
- 238000004080 punching Methods 0.000 claims description 94
- 238000013507 mapping Methods 0.000 claims description 35
- 238000005516 engineering process Methods 0.000 claims description 21
- 230000004044 response Effects 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 13
- 238000001514 detection method Methods 0.000 claims description 11
- 238000010586 diagram Methods 0.000 description 15
- 238000001914 filtration Methods 0.000 description 11
- 230000005641 tunneling Effects 0.000 description 9
- 230000003993 interaction Effects 0.000 description 7
- 230000000694 effects Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000001413 cellular effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 239000000126 substance Substances 0.000 description 3
- 235000008694 Humulus lupulus Nutrition 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure provides a NAT traversal method, apparatus, electronic device and storage medium, which relate to the technical field of communications, and further relate to the technical field of network address translation, and the method includes: acquiring equipment association information of communication equipment at two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device; and under the condition that the device role of the local communication device is determined to be the communication slave device according to the device association information, sending a traversing data packet to the communication master device so as to traverse the firewall and the NAT gateway between the two end communication devices through the traversing data packet. The embodiment of the disclosure can improve the success rate of crossing between network devices.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to the field of Network Address Translator (NAT) technologies.
Background
NAT is a technology for converting an internal network (intranet) private IP (Internet Protocol Address) Address into an external network (public network) public IP Address, so that multiple hosts in one organization can share Internet connection and connect to the Internet with one or a few public network IP addresses. The existence of NAT presents an obstacle to communication between hosts in different intranets. The NAT traversal technology is a technology that enables hosts in different internal networks to be interconnected by adopting certain technical measures.
Disclosure of Invention
The embodiment of the disclosure provides a method and a device for NAT traversal, electronic equipment and a storage medium, which can improve the success rate of traversal among network devices.
In a first aspect, an embodiment of the present disclosure provides a NAT traversal method, including:
acquiring equipment association information of communication equipment at two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
and under the condition that the device role of the local communication device is determined to be the communication slave device according to the device association information, sending a traversing data packet to the communication master device so as to traverse the firewall and the NAT gateway between the two end communication devices through the traversing data packet.
In a second aspect, an embodiment of the present disclosure provides a NAT traversal method, including:
acquiring equipment association information of communication equipment at two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
and under the condition that the device role of the local communication device is determined to be the communication master device according to the device association information, sending a punching request data packet to the communication slave device according to a ready notification request sent by the intermediate server, so that the punching request data packet passes through a firewall and an NAT gateway between the communication devices at two ends.
In a third aspect, an embodiment of the present disclosure provides a NAT traversal method, including:
the two-end communication equipment acquires equipment association information; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
the communication equipment at the two ends determines the equipment role of the communication equipment at the local end according to the equipment association information;
one end communication equipment of the two end communication equipment sends a traversing data packet to the communication main equipment under the condition that the equipment role of the local end communication equipment is determined to be the communication slave equipment according to the equipment association information;
and under the condition that the other end communication equipment of the two-end communication equipment determines that the equipment role of the local end communication equipment is the communication master equipment according to the equipment association information, sending a punching request data packet to communication slave equipment according to a ready notification request sent by the intermediate server so as to pass through a firewall and an NAT gateway between the two-end communication equipment through the punching request data packet.
In a fourth aspect, an embodiment of the present disclosure provides a NAT traversal apparatus, including:
the first equipment associated information acquisition module is used for acquiring equipment associated information of communication equipment at two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
and the traversing data packet sending module is used for sending a traversing data packet to the communication main equipment under the condition that the equipment role of the local communication equipment is determined to be the communication slave equipment according to the equipment association information so as to traverse the firewall and the NAT gateway between the two end communication equipment through the traversing data packet.
In a fifth aspect, an embodiment of the present disclosure provides a NAT traversal apparatus, including:
the second equipment associated information module is used for acquiring the equipment associated information of the communication equipment at the two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
and the punching request data packet sending module is used for sending a punching request data packet to the communication slave equipment according to the ready notification request sent by the intermediate server under the condition that the equipment role of the local communication equipment is determined to be the communication master equipment according to the equipment association information, so that the punching request data packet passes through a firewall and an NAT gateway between the communication equipment at the two ends.
In a sixth aspect, an embodiment of the present disclosure provides an electronic device, including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the NAT traversal method provided in the embodiments of the first or second aspect.
In a seventh aspect, this disclosed embodiment further provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the NAT traversal method provided in the first or second aspect.
In an eighth aspect, this disclosure further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the NAT traversal method provided in the first aspect or the second aspect is implemented.
According to the method and the device for determining the communication master device and the communication slave device, after the two-end communication device obtains the device association information, the device role of the local-end communication device is determined according to the device association information, so that the two-end communication device is determined as the communication master device and the communication slave device. Correspondingly, the communication slave equipment sends a traversing data packet to the communication master equipment, and the communication master equipment sends a punching request data packet to the communication slave equipment according to the ready notification request sent by the intermediate server, so that the problem of low traversing success rate between network equipment caused by firewall interception in the prior art is solved by the fact that the punching request data packet traverses the firewall and the NAT gateway between the communication equipment at two ends, and the traversing success rate between the network equipment can be improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a schematic flow chart of a conventional UDP hole punching method;
fig. 2 is a flowchart of a NAT traversal method provided in an embodiment of the present disclosure;
fig. 3 is a flowchart of a NAT traversal method provided by the embodiment of the present disclosure;
fig. 4 is a schematic flowchart illustrating a two-end communication device determining a device role according to an embodiment of the present disclosure;
fig. 5 is a flowchart of a NAT traversal method provided by the embodiment of the present disclosure;
fig. 6 is a flowchart of a NAT traversal method provided by the embodiment of the present disclosure;
fig. 7 is a flowchart of a NAT traversal method provided by an embodiment of the present disclosure;
fig. 8 is a schematic diagram illustrating an effect of a two-terminal communication device detecting a network segment according to an embodiment of the present disclosure;
fig. 9 is a schematic diagram illustrating an effect of an intermediate server sending device association information to a two-end communication device according to an embodiment of the present disclosure;
fig. 10 is a schematic diagram illustrating an effect of a UDP hole punching process between two end communication devices according to an embodiment of the present disclosure;
fig. 11 is a block diagram of a NAT traversal apparatus according to an embodiment of the present disclosure;
fig. 12 is a block diagram of a NAT traversal apparatus according to an embodiment of the present disclosure;
fig. 13 is a schematic structural diagram of an electronic device for implementing a NAT traversal method performed by a communication slave device or a communication master device according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
NAT traversal (NAT traversal) involves a common problem in TCP (Transmission Control Protocol)/IP networks, namely the problem of establishing connections between hosts in a private TCP/IP network using NAT devices. The commonly used NAT Traversal method mainly includes an ALG (Application Layer Gateway) mode, a MIDCOM (Middlebox Communications, middle box Communications Protocol) mode, a STUN (Simple Traversal of UDP over NAT, UDP packet Simple Traversal network address translation) mode, a TURN (Traversal Using relay Traversal NAT) mode, a UDP (User Datagram Protocol ) hole punching, TCP hole punching, and the like. Among them, the UDP hole punching technology is currently used in many cases. The UDP hole punching technology is to establish a related entry on each NAT gateway with the assistance of an intermediate server, so that messages sent by both communication parties can directly traverse the NAT gateway of the other party, thereby implementing direct communication of P2P (Peer to Peer).
Fig. 1 is a flow chart illustrating a conventional UDP hole punching method. In a specific example, as shown in fig. 1, it is assumed that there are two devices a and B, which are located behind respective NAT gateways NAT _ a and NAT _ B, respectively. When a first attempts to establish a point-to-point connection with B, a packet is sent to NAT _ B. However, NAT _ B finds that there is no mapping between device a and device B before the table lookup (i.e., a's request cannot be forwarded to B), and the packet from a is discarded. In order to bypass the limitation of NAT, the existing UDP hole punching method needs to use a server S on a public network for address forwarding. Specifically, the existing UDP hole punching method may include the following steps:
(1) a establishes connection (Session A-S) with S, registers the intranet address of itself 10.0.0.1:4321 with S; s will simultaneously record the address 155.99.25.11:62000 of A on the public network. B establishes connection with S (Session B-S), registers the intranet address of itself 10.1.1.3:4321 with S; s records the addresses 138.76.29.7:31000 of B in public network at the same time.
(2) A sends a Request to S, and acquires the address of B (Request Connection to B); s will simultaneously Forward the address of A to B (Forward A' S Endpoints to B). Both a and B then begin to attempt to send packets to each other.
(3) When A sends a packet to B for the first time (Send to B at), it will generate a mapping in NAT _ A (10.0.0.1:4321,138.76.29.7: 31000); at this time, NAT _ B does not have mapping records of a and B, and the packet is still discarded.
(4) When B sends a packet to A for the first time (Send to A at), it will generate a mapping in NAT _ B (10.1.1.3:4321,155.99.25.11: 62000); the B request is successful because NAT _ a has previously created a mapping for a and B.
(5) When A sends data packet to B for the second time, because NAT _ B also has mapping record of A and B, A also requests successfully, then the hole is completed, A and B can directly establish point-to-point connection (Session A-B).
However, currently mainstream UDP hole punching techniques only consider NAT traversal, do not consider firewall traversal, or do not have a suitable firewall traversal method. After the two ends of P2P exchange the external network IP and the port of the two parties through the intermediate server, both try to send data packets to the other party, that is, both parties send data packets to the opposite device at the same time without limiting the packet sending sequence, so that the following problems may exist in the NAT gateway at any end: inbound UDP packets cannot match the destination IP and port of outbound UDP packets and are therefore filtered out by firewall rules. Once the above messages are identified as illegal messages by the firewall, the subsequent messages of the same source IP and port can be filtered out, so that the traversing fails. Therefore, when the existing UDP hole punching method is adopted to traverse the NAT, the traversing success rate between network devices is low, and most of the traversing success rate is about 30%.
In an example, fig. 2 is a flowchart of a NAT traversal method provided in an embodiment of the present disclosure, where the present embodiment is applicable to a case where NAT traversal is implemented by defining device roles to determine packet sending sequences of different devices, and the method may be performed by a NAT traversal apparatus configured by a communication slave device, where the apparatus may be implemented by software and/or hardware, and may be generally integrated in an electronic device. The electronic device may be a terminal device or a server device, and the specific device type of the electronic device is not limited in the embodiments of the present disclosure. Accordingly, as shown in fig. 2, the method includes the following operations:
s110, acquiring equipment association information of communication equipment at two ends; the device association information includes local device association information of the local communication device and opposite device association information of the opposite communication device.
The two-end communication device also may be a two-end electronic device that needs to communicate, and the device type of the two-end communication device may be a terminal device, a server device, or the like, as long as there is a communication requirement. The device association information may be related information of the communication device. Illustratively, the device association information may include, but is not limited to, a public network IP address, a private network IP address of the device, and a type of network used by the device. The local terminal communication device is also a local device for executing the NAT traversal method, and correspondingly, the local terminal device association information may be device association information of the local terminal communication device. The peer-to-peer communication device also refers to a peer-to-peer device that performs the NAT traversal method in cooperation with the local device, and correspondingly, the peer-to-peer device association information may be device association information of the peer-to-peer communication device.
In the embodiment of the present disclosure, when two end communication devices that need to communicate send communication interaction data, first, network devices, that is, NAT devices and the like, between the two end communication devices need to be traversed. Before passing through the network device between the two-end communication devices, the two-end communication devices can respectively acquire the home terminal device association information of the home terminal communication device and the opposite terminal device association information of the opposite terminal communication device.
And S120, under the condition that the device role of the local communication device is determined to be the communication slave device according to the device association information, sending a traversing data packet to the communication master device so as to traverse the firewall and the NAT gateway between the two end communication devices through the traversing data packet.
The communication slave device and the communication master device may have two device roles set for the communication devices at both ends, wherein the communication slave device may actively send a traversal packet to the communication master device, and the communication master device may respond to the traversal packet sent by the communication slave device. The traversal data packet can be a data message which is sent by the communication slave device to the communication master device and is used for traversing the NAT gateway. Optionally, the traversal data packet may be a plurality of different data packets sent by the communication slave device to the communication master device at different stages according to a certain packet sending rule. It can be understood that the first packet in the traversal packet is a packet sent by the communication slave device to the communication master device for the first time when the two-end communication device starts to traverse the NAT gateway.
Correspondingly, when one of the two-end communication devices determines that the device role of the local-end communication device is the communication slave device according to the obtained device association information of the two-end communication device, the communication master device can be actively sent a traversing data packet. The other end communication device of the two-end communication device can determine the device role of the local end communication device as the communication master device according to the obtained device association information of the two-end communication device. At this time, the communication master device needs to wait for receiving the data packet sent by the communication slave device and then make a relevant response, but cannot send the data packet to the communication slave device while the communication slave device sends the traversing data packet.
Therefore, the device roles of the two-end communication devices in the process of traversing the NAT are determined through the device association information of the two-end communication devices, and the packet sending sequence of the two-end communication devices for traversing the NAT can be limited, so that the communication slave device firstly sends a traversal data packet to the communication master device, and the two-end communication devices are prevented from simultaneously sending the traversal data packet to the opposite-end communication devices. At this time, the traversing data packet sent by the communication slave device alone can break through the filtering rule of the firewall, and can effectively traverse the firewall and the NAT gateway between the communication devices at two ends, thereby improving the success rate of NAT gateway traversal.
According to the embodiment of the disclosure, after the device association information is acquired by one end communication device of the two end communication devices, when the device role of the local end communication device is determined to be the communication slave device according to the device association information, the traversal data packet is sent to the communication master device, so that the traversal data packet traverses the firewall and the NAT gateway between the two end communication devices, the problem of low traversal success rate between the network devices caused by firewall interception in the prior art is solved, and the traversal success rate between the network devices can be improved.
In an example, fig. 3 is a flowchart of a NAT traversal method provided in the embodiment of the present disclosure, and the embodiment of the present disclosure performs optimization and improvement on the basis of the technical solutions of the foregoing embodiments, and provides various specific optional implementation manners of obtaining device association information of two-end communication devices, determining a device role of a local-end communication device as a communication slave device according to the device association information, and sending a traversal data packet to a communication master device. A NAT traversal method as shown in fig. 3 includes:
s210, acquiring the home terminal routing hop count between the home terminal communication device and the target NAT gateway through a network segment detection technology.
The network segment detection technology is also a technology for detecting a network segment between two devices. The target NAT gateway can be a home terminal NAT gateway or an opposite terminal NAT gateway. The home terminal NAT gateway is also the NAT gateway of the public network where the home terminal communication device is located, and the opposite terminal NAT gateway is also the NAT gateway of the public network where the opposite terminal communication device is located. The number of local end routing hops is also the number of network segments between the local end communication equipment and the local end NAT gateway.
Before the communication equipment at the two ends starts to traverse the NAT gateway, the communication slave equipment needs to hop number of the local end route between the local end communication equipment and the target NAT gateway because the role of the communication equipment is not determined yet. Therefore, the two-end communication device can first obtain the home terminal routing hop count between the home terminal communication device and the target NAT gateway through the network segment detection technology. Or, after the communication devices at both ends respectively determine the device roles, the communication slave device obtains the home terminal routing hop count between the home terminal communication device and the target NAT gateway through the network segment detection technology. Optionally, the network segment probing technique may be, for example, an ICMP (Internet Control Message Protocol) route trace technique.
It should be noted that fig. 3 is only a schematic diagram of an implementation manner, and step S210 may be executed as a first step of the NAT traversal method, or may also be executed as an intermediate step. For example, it may be arranged to be executed after step S250, and the embodiment of the present disclosure does not limit this.
And S220, acquiring local terminal equipment association information acquired by the local terminal communication equipment.
In the embodiment of the present disclosure, before the communication devices at both ends pass through the NAT gateway, the local end device association information may be collected at the local end respectively.
And S230, sending the local terminal equipment association information to an intermediate server so as to send the local terminal equipment association information to the opposite terminal communication equipment through the intermediate server.
The intermediate server may be a server for assisting the two-end communication device to traverse the NAT gateway.
S240, receiving the opposite terminal device association information of the opposite terminal communication device sent by the intermediate server.
Correspondingly, after the communication devices at the two ends respectively collect the local device association information at the local end, the collected local device association information can be sent to the intermediate server. The intermediate server may send the home device association information of each device to the peer communication device. For example, assuming that the two end communication devices are a and B, the intermediate server may send the local device association information of a to B, that is, a may receive the opposite device association information of B sent by the intermediate server, and send the local device association information of B to a, that is, B may receive the opposite device association information of a sent by the intermediate server, thereby implementing sharing of the local device association information.
Optionally, the local device association information and the peer device association information may include, but are not limited to: device address information, NAT gateway type, and device network type. The device address information may include intranet address information and extranet address information, and the extranet address information may be acquired by the intermediate server and added to the local device association information and the opposite device association information. The NAT gateway type, that is, the type of the public network NAT gateway where the two-end communication device is located, may include, but is not limited to, a full cone type, a limited cone type or an IP limited cone type, a PORT limited cone type or an IP + PORT limited cone type, a symmetric type, and the like, and specifically needs to be determined according to the public network NAT gateway where the two-end communication device is located. The device network type, that is, the type of network used by the device, may include, but is not limited to, mobile data, wired network, wireless network type, and the like, which is not limited in this disclosure.
According to the technical scheme, the intermediate servers of the two communication devices share the local device correlation information, so that the communication device of the opposite side can acquire the device correlation information of the two sides in time, and data support can be provided for the subsequent passing through of the NAT gateway between the two sides conveniently.
And S250, determining the device role of the local terminal communication device as a communication slave device according to the device association information.
In an optional embodiment of the present disclosure, determining, according to the device association information, that the device role of the local communication device is a communication slave device may include: determining the home terminal associated network type of the home terminal communication equipment according to the home terminal equipment associated information; determining the opposite-end associated network type of the opposite-end communication equipment according to the opposite-end equipment associated information; and under the condition that the network complexity of the home terminal associated network type is lower than that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication slave device.
The home terminal is associated with the network type, that is, the network type of the home terminal device or the network type of the NAT gateway where the home terminal device is located, and the opposite terminal is associated with the network type, that is, the network type of the opposite terminal device or the network type of the NAT gateway where the opposite terminal device is located.
Specifically, after the device association information is obtained, the two-end communication devices may respectively determine the home terminal association network type of the home terminal communication device according to the home terminal device association information, and determine the opposite terminal association network type of the opposite terminal communication device according to the opposite terminal device association information. Further, the home terminal associated network type and the opposite terminal associated network type are compared and analyzed. If the network complexity of the home terminal associated network type is determined to be lower than that of the opposite terminal associated network type, for example, the network complexity of the home terminal device network type is lower than that of the opposite terminal device network type, or the network complexity of the home terminal NAT gateway is lower than that of the opposite terminal NAT gateway, the device role of the home terminal communication device may be determined to be a communication slave device.
It can be understood that when the network complexity of the associated network type of the one-end communication device is high, the problem of high difficulty of firewall interception is caused. Therefore, the device role of the end communication device with the lower network complexity associated with the network type needs to be determined as the communication slave device, so as to reduce the difficulty of intercepting the passing data packet by the firewall.
In an optional embodiment of the present disclosure, determining that the network complexity of the home-end associated network type is lower than the network complexity of the peer-end associated network type may include: under the condition that the home terminal NAT gateway of the home terminal communication equipment is determined to be a conical NAT gateway and the opposite terminal NAT gateway of the opposite terminal communication equipment is determined to be a symmetrical NAT gateway, the network complexity degree of the home terminal associated network type is determined to be lower than that of the opposite terminal associated network type; and under the condition that the equipment network type of the local terminal communication equipment is determined to be a broadband network and the equipment network type of the opposite terminal communication equipment is determined to be a mobile network, determining that the network complexity of the local terminal associated network type is lower than that of the opposite terminal associated network type.
Fig. 4 is a flowchart illustrating a two-end communication device determining a device role according to an embodiment of the present disclosure. In a specific example, as shown in fig. 4, first, the network type of the NAT gateway of the two-end communication device may be determined. If one end communication device determines that the home terminal NAT gateway of the home terminal communication device is a conical NAT gateway and the opposite terminal NAT gateway of the opposite terminal communication device is a symmetrical NAT gateway, it can be determined that the network complexity of the home terminal associated network type is lower than that of the opposite terminal associated network type, that is, the device role of the home terminal communication device is determined to be a communication slave device (slave). At this time, the counterpart communication device may determine that its device role is a communication master (master). If the network complexity of the network types of the NAT gateways of the two-end communication devices is the same, the device network types of the two-end communication devices can be further determined. For example, if it is determined that the device network type of the local-end communication device is the broadband network and the device network type of the opposite-end communication device is the mobile network, it may be determined that the network complexity of the local-end associated network type is lower than that of the opposite-end associated network type, that is, the device role of the local-end communication device is determined to be the communication slave device. At this time, the peer communication device may determine that its device role is a communication master device.
In an optional embodiment of the present disclosure, the NAT traversal method may further include: and under the condition that the network complexity of the home terminal associated network type is determined to be the same as that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication slave device according to a random setting strategy.
The random setting strategy is also a strategy for randomly determining the roles of the devices for the communication devices at the two ends.
Correspondingly, if the network complexity of the home-end associated network type is the same as that of the opposite-end associated network type, the device role cannot be determined according to the associated network type, for example, the device role of the two-end communication device cannot be determined according to the NAT gateway and the device network type, the device role of the two-end communication device can be determined according to the random setting policy, so as to avoid the problem that the device role of the two-end communication device cannot be determined in time. In the process of determining the device roles of the communication devices at the two ends according to the random setting strategy, the communication device at the home end has an opportunity to determine the device role as a communication slave device.
For example, the random setting policy may be to determine the device role according to the device ID numbers of the two-end communication devices. Specifically, the one-side communication device having the shorter device ID number may be determined as a communication slave device, and the one-side communication device having the longer device ID number may be determined as a communication master device.
It should be noted that the two end communication devices may determine the device role of the local end communication device according to the obtained device association information and the preset determination rule of the device role, respectively.
S260, setting a first TTL value of an outbound data packet according to the home terminal routing hop count, and sending the outbound data packet containing the first TTL value to the communication main equipment.
The first TTL (Time To Live) value may be a TTL value set by the communication slave device for the outbound packet. The outbound data packet may be the first data packet in a traversal packet. And the outbound data packet is discarded after reaching the target NAT gateway, so that the NAT gateway of the communication slave equipment generates a mapping record, and a firewall of the communication slave equipment generates an outbound record.
After the role of the device is determined, the communication slave device may set a first TTL value to an outbound packet traversing the packet according to the detected home-end routing hop count. The purpose of setting the first TTL value is: the outbound data packet is discarded after reaching the target NAT gateway, and the outbound data packet does not reach the communication master device and is received, but the NAT gateway of the communication slave device can generate a mapping record from the communication slave device to the communication master device, and the mapping record can record a mapping relationship from an internal network IP address of the communication slave device to a public network IP address of the communication master device. Meanwhile, the outbound data packet can also enable the firewall of the communication slave equipment to generate an outbound record, and the outbound record can record the outbound situation of the public network IP address of the communication master equipment in the firewall of the communication slave equipment.
S270, sending a ready notification request to an intermediate server so as to request the communication master device to send a punching request data packet to the local terminal communication device through the intermediate server.
The ready notification request may be a type of request sent by the communication slave device to the intermediate server to inform the intermediate server that the communication slave device is ready to traverse the NAT gateway. The hole request packet may be a request packet sent by the communication master device to the communication slave device for the first time in the process of traversing the NAT gateway.
When the communication slave device sends an outbound data packet to the communication master device for the first time, and generates a mapping record at the local NAT gateway through the outbound data packet, after the local firewall generates the outbound record, a ready notification request may be sent to the intermediate server. After receiving the ready notification request, the intermediate server may forward the ready notification request to the communication master device, or directly request the communication master device to send a punching request packet to the communication slave device.
According to the technical scheme, the communication slave device can enable the communication slave device end to generate the outbound record in the local firewall by sending the outbound data packet to the communication master device so as to break through the filtering rule of the local firewall, and the data packet sent from the communication slave device to the communication master device cannot be filtered and intercepted by the local firewall. Meanwhile, the outbound data packet can also generate a mapping record at the home terminal NAT gateway of the communication slave device, so that the communication slave device breaks through the filtering rule of the home terminal NAT gateway, and the data packet sent by the communication slave device to the communication master device is not filtered and intercepted by the home terminal NAT gateway.
S280, receiving the punching request data packet sent by the communication master device.
After the communication master device sends a hole-punching request data packet to the communication slave device, a mapping record is generated at a home-end NAT gateway of the communication master device, and the mapping record can record a mapping relationship from an intranet IP address of the communication master device to a public network IP address of the communication slave device. Meanwhile, the data packet of the punching request can also enable a firewall of the communication main equipment to generate an outbound record, and the outbound record can record the outbound condition of the public network IP address of the communication slave equipment in the firewall of the communication main equipment. Because the outbound data packet sent by the communication slave device already creates the mapping of the communication devices at two ends at the home terminal NAT gateway, and the firewall of the communication slave device already has the outbound record of the communication master device, the punching request data packet sent by the communication master device conforms to the inbound rule of the firewall of the communication slave device and the filtering rule of the NAT gateway, and can reach the communication slave device.
And S290, feeding back a hole response data packet to the communication master device so as to establish the point-to-point connection between the communication master device and the communication slave device.
The hole-making response data packet may be a response data packet generated by the communication slave device according to the hole-making request data packet.
When the communication slave device receives the punching request data packet, a punching response data packet can be fed back to the communication master device. When the communication master device sends the punching request data packet, the local-end NAT gateway creates the mapping of the communication devices at the two ends, and the firewall of the communication master device has the outbound record of the communication slave device, so that the punching response data packet sent by the communication slave device conforms to the inbound rule of the firewall of the communication master device and the filtering rule of the NAT gateway, and can reach the communication master device. At this time, both the communication slave device and the communication master device can break the filtering rule at the local firewall and the local NAT gateway, send the data packet normally, and can establish the point-to-point connection normally.
According to the technical scheme, the roles of the communication slave equipment and the communication slave equipment are determined according to the network environments of the communication equipment at two ends, so that the communication slave equipment firstly sends an outbound data packet to the communication slave equipment, and after the NAT traversal readiness is determined, the communication master equipment is informed to feed back a tunneling request data packet to the communication slave equipment through the intermediate server, so that a tunneling response data packet is fed back to the communication slave equipment after the tunneling request data packet is received, the situation that the two communication parties try to send data messages to the other party in parallel and the data messages are intercepted and filtered by a firewall and an NAT gateway is avoided, and the success rate of traversal between the network equipment is improved.
In an example, fig. 5 is a flowchart of a NAT traversal method provided in an embodiment of the present disclosure, where this embodiment is applicable to a case where NAT traversal is implemented by defining device roles to determine packet sending sequences of different devices, and this method may be executed by a NAT traversal apparatus configured by a communication master device, where the apparatus may be implemented by software and/or hardware, and may be generally integrated in an electronic device. The electronic device may be a terminal device or a server device, and the specific device type of the electronic device is not limited in the embodiments of the present disclosure. Accordingly, as shown in fig. 5, the method includes the following operations:
s310, acquiring equipment association information of communication equipment at two ends; the device association information includes local device association information of the local communication device and opposite device association information of the opposite communication device.
And S320, under the condition that the device role of the local communication device is determined to be the communication master device according to the device association information, sending a punching request data packet to the communication slave device according to a ready notification request sent by the intermediate server, so that the punching request data packet penetrates through a firewall and an NAT gateway between the two communication devices.
According to the embodiment of the disclosure, after the device association information is acquired by one end communication device of the two end communication devices, when the device role of the local end communication device is determined to be the communication master device according to the device association information, the hole punching request data packet is sent to the communication slave device according to the ready notification request sent by the intermediate server, so that the firewall and the NAT gateway between the two end communication devices are crossed by the hole punching request data packet, the problem of low crossing success rate between the network devices caused by firewall interception in the prior art is solved, and the crossing success rate between the network devices can be improved.
In an example, fig. 6 is a flowchart of a NAT traversal method provided in the embodiment of the present disclosure, and the embodiment of the present disclosure performs optimization and improvement on the basis of the technical solutions of the foregoing embodiments, and provides various specific optional implementation manners of obtaining device association information of two-end communication devices, determining a device role of a local-end communication device as a communication master device according to the device association information, and sending a hole punching request packet to a communication slave device. As shown in fig. 6, a NAT traversal method includes:
and S410, acquiring the home terminal routing hop count from the home terminal communication equipment to the target NAT gateway through a network segment detection technology.
Before the communication devices at two ends pass through the NAT gateway, because the roles of the devices are not determined yet, the communication slave devices need to hop according to the local end routing between the local end communication devices and the target NAT gateway. Therefore, the two-end communication device can first obtain the home terminal routing hop count between the home terminal communication device and the target NAT gateway through the network segment detection technology. Or, after the communication devices at both ends respectively determine the device roles, the communication slave device obtains the home terminal routing hop count between the home terminal communication device and the target NAT gateway through the network segment detection technology. Optionally, the network segment probing technique may be, for example, ICMP route trace technique.
It should be noted that fig. 6 is only a schematic diagram of an implementation manner, and step S410 may be executed as a first step of the NAT traversal method, and may also be executed as an intermediate step, for example, the step S450 may be arranged to be executed, which is not limited by the embodiment of the present disclosure. Alternatively, the execution may be skipped when the device role is determined to be the communication master. For example, after performing steps S420-S450, step S460 is performed directly.
And S420, acquiring local terminal equipment association information acquired by the local terminal communication equipment.
S430, sending the local terminal equipment association information to an intermediate server so as to send the local terminal equipment association information to the opposite terminal communication equipment through the intermediate server.
S440, receiving the opposite terminal device association information of the opposite terminal communication device sent by the intermediate server.
Wherein the local terminal device association information and the opposite terminal device association information include: device address information, NAT gateway type, and device network type; the device address information may include intranet address information and extranet address information, and the extranet address information may be acquired by the intermediate server and added to the local device association information and the opposite device association information.
According to the technical scheme, the intermediate servers of the two communication devices share the local device correlation information, so that the communication device of the opposite side can acquire the device correlation information of the two sides in time, and data support can be provided for the subsequent passing through of the NAT gateway between the two sides conveniently.
S450, determining the device role of the local communication device as the communication master device according to the device association information.
In an optional embodiment of the present disclosure, determining, according to the device association information, that the device role of the local communication device is a communication master device may include: determining the home terminal associated network type of the home terminal communication equipment according to the home terminal equipment associated information; determining the opposite-end associated network type of the opposite-end communication equipment according to the opposite-end equipment associated information; and under the condition that the network complexity of the home terminal associated network type is higher than that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication master device.
Specifically, after the device association information is obtained, the two-end communication devices may respectively determine the home terminal association network type of the home terminal communication device according to the home terminal device association information, and determine the opposite terminal association network type of the opposite terminal communication device according to the opposite terminal device association information. Further, the home terminal associated network type and the opposite terminal associated network type are compared and analyzed. If the network complexity of the home terminal associated network type is determined to be higher than that of the opposite terminal associated network type, for example, the network complexity of the home terminal device network type is higher than that of the opposite terminal device network type, or the network complexity of the home terminal NAT gateway is higher than that of the opposite terminal NAT gateway, it may be determined that the device role of the home terminal communication device is the communication master device.
It can be understood that when the network complexity of the associated network type of the one-end communication device is high, the problem of high difficulty of firewall interception is caused. Therefore, the device role of the end communication device with the lower network complexity associated with the network type needs to be determined as the communication slave device, so as to reduce the difficulty of intercepting the passing data packet by the firewall.
In an optional embodiment of the present disclosure, determining that the network complexity of the home-end associated network type is higher than the network complexity of the peer-end associated network type may include: under the condition that the home terminal NAT gateway of the opposite terminal communication equipment is determined to be a conical NAT gateway and the opposite terminal NAT gateway of the home terminal communication equipment is determined to be a symmetrical NAT gateway, the network complexity degree of the home terminal associated network type is determined to be higher than that of the opposite terminal associated network type; and under the condition that the equipment network type of the opposite-end communication equipment is determined to be a broadband network and the equipment network type of the local-end communication equipment is determined to be a mobile network, determining that the network complexity of the local-end associated network type is higher than that of the opposite-end associated network type.
In an optional embodiment of the present disclosure, the NAT traversal method may further include: and under the condition that the network complexity of the home terminal associated network type is determined to be the same as that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication master device according to a random setting strategy.
And S460, after receiving the ready notification request sent by the intermediate server, setting a second TTL value of the punching request data packet according to the default TTL value.
The second TTL value may be a TTL value set by the communication host device for the tunneling request packet.
In order to avoid that the tunneling request packet is discarded before reaching the communication slave device, the communication slave device may set the second TTL value of the tunneling request packet to the default TTL value when setting it. Optionally, the default TTL value may be 64, and the specific value of the default TTL value is not limited in the embodiments of the present disclosure.
S470, sending a punching request data packet including the second TTL value to the communication slave device, so that a NAT gateway of the communication slave device generates a mapping record, and a firewall of the communication slave device generates an outbound record.
After the role of the device is determined, the communication slave device may set a first TTL value to an outbound packet traversing the packet according to the detected home-end routing hop count. The purpose of setting the first TTL value is: the outbound data packet is discarded after reaching the target NAT gateway, and the outbound data packet does not reach the communication master device and is received, but the NAT gateway of the communication slave device can generate a mapping record from the communication slave device to the communication master device, and the mapping record can record a mapping relationship from an internal network IP address of the communication slave device to a public network IP address of the communication master device. Meanwhile, the outbound data packet can also enable the firewall of the communication slave equipment to generate an outbound record, and the outbound record can record the outbound situation of the public network IP address of the communication master equipment in the firewall of the communication slave equipment.
At this time, the communication master device does not need to set a second TTL value to the punching request packet according to the detected home-end routing hop count, and only needs to set the second TTL value to a default TTL value. Therefore, if the local end routing hop count is detected after the device role is determined, the communication master device does not need to detect the local end routing hop count, and the communication slave device can detect the local end routing hop count only.
Correspondingly, when the communication slave device sends an outbound data packet to the communication master device for the first time, and generates a mapping record at the local NAT gateway through the outbound data packet, after the local firewall generates the outbound record, a ready notification request can be sent to the intermediate server. After receiving the ready notification request, the intermediate server may forward the ready notification request to the communication master device, or directly request the communication master device to send a punching request packet to the communication slave device.
At this time, after sending the hole request packet to the communication slave device, the communication master device may generate a mapping record at the home-end NAT gateway of the communication master device, where the mapping record may record a mapping relationship from the intranet IP address of the communication master device to the public network IP address of the communication slave device. Meanwhile, the data packet of the punching request can also enable a firewall of the communication main equipment to generate an outbound record, and the outbound record can record the outbound condition of the public network IP address of the communication slave equipment in the firewall of the communication main equipment. Because the outbound data packet sent by the communication slave device already creates the mapping of the communication devices at the two ends at the NAT gateway at the home terminal, and the firewall of the communication slave device already has the outbound record of the communication master device, the punching request data packet sent by the communication master device conforms to the inbound rule of the firewall of the communication slave device and the filtering rule of the NAT gateway, and can reach the communication slave device.
S480, receiving a hole punching response data packet sent by the communication master device to establish point-to-point connection between the communication master device and the communication slave device.
When the communication slave device receives the punching request data packet, a punching response data packet can be fed back to the communication master device. When the communication master device sends the punching request data packet, the local-end NAT gateway creates the mapping of the communication devices at the two ends, and the firewall of the communication master device has the outbound record of the communication slave device, so that the punching response data packet sent by the communication slave device conforms to the inbound rule of the firewall of the communication master device and the filtering rule of the NAT gateway, and can reach the communication master device. At this time, both the communication slave device and the communication master device can break the filtering rule at the local firewall and the local NAT gateway, send the data packet normally, and can establish the point-to-point connection normally.
According to the technical scheme, the roles of the communication slave equipment and the communication slave equipment are determined according to the network environments of the communication equipment at two ends, so that the communication slave equipment firstly sends an outbound data packet to the communication slave equipment, and after the NAT traversal readiness is determined, the communication master equipment is informed to feed back a tunneling request data packet to the communication slave equipment through the intermediate server, so that a tunneling response data packet is fed back to the communication slave equipment after the tunneling request data packet is received, the situation that the two communication parties try to send data messages to the other party in parallel and the data messages are intercepted and filtered by a firewall and an NAT gateway is avoided, and the success rate of traversal between the network equipment is improved.
In an example, fig. 7 is a flowchart of a NAT traversal method provided in an embodiment of the present disclosure, where this embodiment is applicable to a case where NAT traversal is implemented by defining a device role to determine a packet sending sequence of different devices. Accordingly, as shown in fig. 7, the method includes the following operations:
and S510, the two-end communication equipment acquires the equipment association information.
The device association information includes local device association information of the local communication device and opposite device association information of the opposite communication device.
S520, the communication equipment at the two ends determines the equipment role of the communication equipment at the local end according to the equipment association information.
And S530, one end communication device of the two end communication devices sends a traversing data packet to the communication main device under the condition that the device role of the local end communication device is determined to be the communication slave device according to the device association information.
And S540, under the condition that the other end communication equipment of the two-end communication equipment determines that the equipment role of the local end communication equipment is the communication master equipment according to the equipment association information, sending a punching request data packet to communication slave equipment according to a ready notification request sent by the intermediate server, so that the punching request data packet passes through a firewall and an NAT gateway between the two-end communication equipment.
According to the method and the device for determining the communication master device and the communication slave device, after the two-end communication device obtains the device association information, the device role of the local-end communication device is determined according to the device association information, so that the two-end communication device is determined as the communication master device and the communication slave device. Correspondingly, the communication slave equipment sends a traversing data packet to the communication master equipment, and the communication master equipment sends a punching request data packet to the communication slave equipment according to the ready notification request sent by the intermediate server, so that the problem of low traversing success rate between network equipment caused by firewall interception in the prior art is solved by the punching request data packet to traverse the firewall and the NAT gateway between the communication equipment at two ends, and the traversing success rate between the network equipment can be improved.
In one example, the specific flow of the NAT traversal method is described in detail by using two-end communication devices a and B (abbreviated as A, B) as execution subjects at the same time. Correspondingly, the specific flow of the NAT traversal method may include the following operations:
(1) fig. 8 is a schematic diagram illustrating an effect of a two-terminal communication device detecting a network segment according to an embodiment of the present disclosure. In a specific example, as shown in fig. 8, a and B respectively detect the hop count between the home terminal and the NAT gateway having the IP address of the external network by using the ICMP route trace technology. Suppose a actually detects a NAT gateway hop count of 2 and B actually detects a NAT gateway hop count of 5.
(2) A establishes a connection with S (Session a-S), registers with the intermediate server S its own intranet address 10.0.0.1:4321, NAT type (here assumed to be port limited cone), and network type (cellular mobile network or broadband network, etc.). At this point, S will also record the address 155.99.25.11:62000 of A on the public network. B establishes connection with S (Session B-S), and registers the intranet address 10.1.1.3:4321, NAT type and network type with S. At this point, S records the addresses 138.76.29.7:31000 of B in public network.
(3) Fig. 9 is a schematic diagram illustrating an effect of an intermediate server sending device association information to a two-end communication device according to an embodiment of the present disclosure. In a specific example, as shown in fig. 9, after S collects address information, NAT type and network type information at both ends A, B, S sends address information (including intranet address and public network address), NAT type and network type (Forward a 'S Endpoints to B) of a to B, and sends address information (including intranet address and public network address), NAT type and network type (Forward B' S Endpoints to a) of B to a.
(4) Selecting master and slave roles based on the network environment condition of the device A, B; in the embodiment, A is selected as slave, and B is selected as master; the rules are as follows:
4.1, an NAT gateway at one end is in a cone shape (comprising a port limited cone shape, an IP limited cone shape and a full cone shape), a symmetric network is at one end, a communication device at the symmetric network end is taken as a master, and a communication device at the cone network end is taken as a slave;
4.2, one end is in the mobile cellular network, and the other end is the broadband network; taking mobile cellular network equipment as a master and broadband network equipment as a slave;
4.3, otherwise randomly selecting one end as master.
(5) A as slave end firstly starts to send data message of outbound data packet to B. It should be noted that if the NAT device at the a-side is cone-shaped and the NAT device at the B-side is symmetrical, the a-side may change the destination port continuously and send a certain number of packets to the B-side, so as to improve the success rate of hole punching. Meanwhile, a needs to set TTL of the outbound packet to 2 (based on actually detecting the number of hops of the NAT gateway). Thus, after the data message reaches the NAT _ A gateway on the A side, the TTL is abandoned due to timeout. Thus, a mapping (10.0.0.1:4321,138.76.29.7:31000) record is generated in the NAT _ A gateway, and an outbound record (UDP138.76.29.7:31000) is also recorded on the firewall of the A end, so that the outbound data packet does not reach the B end. Then A requests S, and B is informed to send a punching request data packet to A.
(6) And B is used as a master end, and starts to send a punching request data packet request to A after receiving the notification of A and being ready. It should be noted that, if the NAT device at the a-side is cone-shaped and the NAT device at the B-side is symmetrical, the B-side continuously changes the local port and sends a certain number of data packets of the hole request to the a-side, so as to improve the success rate of hole punching. The TTL of the hole request packet is 64 default. This creates a mapping (10.1.1.3:4321,155.99.25.11:62000) record in the NAT _ B gateway. Because the mapping between A and B has been created by NAT _ A before, and the firewall on the NAT _ A side has the outbound record (UDP138.76.29.7:31000), the punching request packet sent by B conforms to the inbound rule of firewall on A side and the filtering rule of NAT, and can reach A side.
(7) And after receiving the punching request data packet of the B end, the A end replies a punching response data packet to the B end. Because the NAT _ B has created the mapping between A and B before, and the firewall on the NAT _ B side has the outbound record (UDP 155.99.25.11:62000), the punching response data packet sent by A conforms to the inbound rule of the firewall on the B side and the filtering rule of NAT, and can reach the B side. Then, the hole punching is completed, and a and B can directly establish a point-to-point connection (Session a-B), as shown in fig. 10, which is an effect diagram of the UDP hole punching process between the two end communication devices.
Most of the network terminal devices are in the protection states of the NAT and the firewall, and a central node of the cloud is usually needed to establish data interaction with each other. And the large-flow data interaction between the network terminal devices brings great bandwidth cost and central server cost. The peer-to-peer communication of the P2P established between the devices can bypass the cloud center node, and becomes a main means for reducing the data interaction cost between the network devices at present. Currently, the success rate of UDP hole punching in existing P2P communication is generally low, and most of the success rate is about 30%. The NAT traversal method provided by the embodiment of the disclosure can greatly improve the success rate of UDP (user Datagram protocol) holing between network devices and reduce the interaction cost between the network devices.
The NAT traversal method provided by the embodiment of the disclosure can be applied to various communication scenes, such as video call, live broadcast, on-demand and other scenes of various products, the punching success rate between devices can reach more than 80%, the flow and machine cost of a central node are reduced through high punching success rate, and the comprehensive cost can be greatly saved.
It should be noted that any permutation and combination between the technical features in the above embodiments also belong to the scope of the present disclosure.
In an example, fig. 11 is a structural diagram of a NAT traversal apparatus provided in an embodiment of the present disclosure, and the embodiment of the present disclosure is applicable to a case where NAT traversal is implemented by defining device roles to determine packet sending sequences of different devices, and the apparatus is implemented by software and/or hardware and is specifically configured in a communication slave device. The communication slave device may be a terminal device or a server device, and the specific device type of the electronic device is not limited in the embodiments of the present disclosure.
Fig. 11 shows a NAT traversal apparatus 600, including: a first device association information obtaining module 610 and a traversal data packet sending module 620. Wherein the content of the first and second substances,
a first device association information obtaining module 610, configured to obtain device association information of communication devices at two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
a traversal data packet sending module 620, configured to send a traversal data packet to a communication master device to traverse a firewall and an NAT gateway between the two end communication devices through the traversal data packet, when it is determined that the device role of the local end communication device is a communication slave device according to the device association information.
According to the embodiment of the disclosure, after the device association information is acquired by one end communication device of the two end communication devices, when the device role of the local end communication device is determined to be the communication slave device according to the device association information, the traversal data packet is sent to the communication master device, so that the traversal data packet traverses the firewall and the NAT gateway between the two end communication devices, the problem of low traversal success rate between the network devices caused by firewall interception in the prior art is solved, and the traversal success rate between the network devices can be improved.
Optionally, the traversal data packet sending module 620 is specifically configured to: determining the home terminal associated network type of the home terminal communication equipment according to the home terminal equipment associated information; determining the opposite-end associated network type of the opposite-end communication equipment according to the opposite-end equipment associated information; and under the condition that the network complexity of the home terminal associated network type is lower than that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication slave device.
Optionally, the traversal data packet sending module 620 is specifically configured to: under the condition that the home terminal NAT gateway of the home terminal communication equipment is determined to be a conical NAT gateway and the opposite terminal NAT gateway of the opposite terminal communication equipment is determined to be a symmetrical NAT gateway, the network complexity degree of the home terminal associated network type is determined to be lower than that of the opposite terminal associated network type; and under the condition that the equipment network type of the local terminal communication equipment is determined to be a broadband network and the equipment network type of the opposite terminal communication equipment is determined to be a mobile network, determining that the network complexity of the local terminal associated network type is lower than that of the opposite terminal associated network type.
Optionally, the traversal data packet sending module 620 is further configured to: and under the condition that the network complexity of the home terminal associated network type is determined to be the same as that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication slave device according to a random setting strategy.
Optionally, the first device association information obtaining module 610 is specifically configured to: acquiring local terminal equipment associated information acquired by local terminal communication equipment; receiving opposite-end equipment association information of the opposite-end communication equipment, which is sent by the intermediate server; the NAT traversal device further comprises: the first local terminal equipment association information sending module is used for sending the local terminal equipment association information to an intermediate server so as to send the local terminal equipment association information to the opposite terminal communication equipment through the intermediate server; wherein the local terminal device association information and the opposite terminal device association information include: device address information, NAT gateway type, and device network type.
Optionally, the NAT traversal device further includes: the first route hop number acquisition module is used for acquiring the local end route hop number between the local end communication equipment and the target NAT gateway through a network segment detection technology; the traversal data packet sending module 620 is specifically configured to: setting a first TTL value of an outbound data packet according to the local end routing hop count; sending an outbound data packet including the first TTL value to the communication master device; the outbound data packet is discarded after reaching the target NAT gateway, so that the NAT gateway of the communication slave equipment generates a mapping record, and a firewall of the communication slave equipment generates an outbound record; and sending a ready notification request to an intermediate server so as to request the communication master device to send a punching request data packet to the local terminal communication device through the intermediate server.
Optionally, the NAT traversal device further includes: a data packet receiving module for receiving the data packet of the hole request sent by the communication master device; and the punching response data packet feedback module is used for feeding back a punching response data packet to the communication master equipment so as to establish point-to-point connection between the communication master equipment and the communication slave equipment.
The NAT traversal device can execute the NAT traversal method executed by the communication slave device provided by any embodiment of the disclosure, and has corresponding functional modules and beneficial effects of the execution method. Technical details that are not described in detail in this embodiment can be referred to a NAT traversal method performed by a communication slave device provided in any embodiment of the present disclosure.
In an example, fig. 12 is a structural diagram of a NAT traversal apparatus provided in an embodiment of the present disclosure, where the embodiment of the present disclosure is applicable to a case where NAT traversal is implemented by defining device roles to determine packet sending sequences of different devices, and the apparatus is implemented by software and/or hardware and is specifically configured in a communication master device. The communication master device may be a terminal device or a server device, and the embodiment of the present disclosure does not limit a specific device type of the electronic device.
Fig. 12 shows a NAT traversal device 700, which includes: a second device association information module 710 and a hole request packet transmission module 720. Wherein the content of the first and second substances,
a second device association information module 710, configured to obtain device association information of communication devices at two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
and a punching request packet sending module 720, configured to send a punching request packet to a communication slave device according to a ready notification request sent by the intermediate server when it is determined that the device role of the local-end communication device is the communication master device according to the device association information, so that the punching request packet passes through a firewall and an NAT gateway between the two end communication devices.
According to the embodiment of the disclosure, after the device association information is acquired by one end communication device of the two end communication devices, when the device role of the local end communication device is determined to be the communication master device according to the device association information, the hole punching request data packet is sent to the communication slave device according to the ready notification request sent by the intermediate server, so that the firewall and the NAT gateway between the two end communication devices are crossed by the hole punching request data packet, the problem of low crossing success rate between the network devices caused by firewall interception in the prior art is solved, and the crossing success rate between the network devices can be improved.
Optionally, the punching request packet sending module 720 is specifically configured to: determining the home terminal associated network type of the home terminal communication equipment according to the home terminal equipment associated information; determining the opposite-end associated network type of the opposite-end communication equipment according to the opposite-end equipment associated information; and under the condition that the network complexity of the home terminal associated network type is higher than that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication master device.
Optionally, the punching request packet sending module 720 is specifically configured to: under the condition that the home terminal NAT gateway of the opposite terminal communication equipment is determined to be a conical NAT gateway and the opposite terminal NAT gateway of the home terminal communication equipment is determined to be a symmetrical NAT gateway, the network complexity degree of the home terminal associated network type is determined to be higher than that of the opposite terminal associated network type; and under the condition that the equipment network type of the opposite-end communication equipment is determined to be a broadband network and the equipment network type of the local-end communication equipment is determined to be a mobile network, determining that the network complexity of the local-end associated network type is higher than that of the opposite-end associated network type.
Optionally, the punching request packet sending module 720 is further configured to: and under the condition that the network complexity of the home terminal associated network type is determined to be the same as that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication master device according to a random setting strategy.
Optionally, the second device association information module 710 is specifically configured to: acquiring local terminal equipment associated information acquired by local terminal communication equipment; receiving opposite-end equipment association information of the opposite-end communication equipment, which is sent by the intermediate server; the NAT traversal device further comprises: the second local terminal equipment associated information sending module is used for sending the local terminal equipment associated information to an intermediate server so as to send the local terminal equipment associated information to the opposite terminal communication equipment through the intermediate server; wherein the local terminal device association information and the opposite terminal device association information include: device address information, NAT gateway type, and device network type.
Optionally, the NAT traversal device further includes: the second routing hop number acquisition module is used for acquiring the home terminal routing hop number between the home terminal communication equipment and the target NAT gateway through a network segment detection technology; the punching request packet sending module 720 is specifically configured to: after the ready notification request is received, setting a second TTL value of the punching request data packet according to a default TTL value; sending a punching request data packet comprising the second TTL value to the communication slave equipment so that a NAT gateway of the communication master equipment generates a mapping record and a firewall of the communication master equipment generates an outbound record; the NAT traversal device further comprises: and the punching response data packet receiving module is used for receiving the punching response data packet sent by the communication master equipment so as to establish point-to-point connection between the communication master equipment and the communication slave equipment.
The NAT traversal device can execute the NAT traversal method executed by the communication master device provided by any embodiment of the disclosure, and has corresponding functional modules and beneficial effects of the execution method. For details of the technology that are not described in detail in this embodiment, reference may be made to a NAT traversal method performed by a communication master device provided in any embodiment of the present disclosure.
In one example, the present disclosure also provides an electronic device, a readable storage medium, and a computer program product.
Fig. 13 illustrates a schematic block diagram of an example electronic device 800 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 13, the apparatus 800 includes a computing unit 801 that can perform various appropriate actions and processes in accordance with a computer program stored in a Read Only Memory (ROM)802 or a computer program loaded from a storage unit 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data required for the operation of the device 800 can also be stored. The calculation unit 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.
A number of components in the device 800 are connected to the I/O interface 805, including: an input unit 806, such as a keyboard, a mouse, or the like; an output unit 807 such as various types of displays, speakers, and the like; a storage unit 808, such as a magnetic disk, optical disk, or the like; and a communication unit 809 such as a network card, modem, wireless communication transceiver, etc. The communication unit 809 allows the device 800 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), blockchain networks, and the internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome. The server may also be a server of a distributed system, or a server that incorporates a blockchain.
According to the method and the device for determining the communication master device and the communication slave device, after the two-end communication device obtains the device association information, the device role of the local-end communication device is determined according to the device association information, so that the two-end communication device is determined as the communication master device and the communication slave device. Correspondingly, the communication slave equipment sends a traversing data packet to the communication master equipment, and the communication master equipment sends a punching request data packet to the communication slave equipment according to the ready notification request sent by the intermediate server, so that the problem of low traversing success rate between network equipment caused by firewall interception in the prior art is solved by the fact that the punching request data packet traverses the firewall and the NAT gateway between the communication equipment at two ends, and the traversing success rate between the network equipment can be improved.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (22)
1. A NAT traversal method for network address translation includes:
acquiring equipment association information of communication equipment at two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
and under the condition that the device role of the local communication device is determined to be the communication slave device according to the device association information, sending a traversing data packet to the communication master device so as to traverse the firewall and the NAT gateway between the two end communication devices through the traversing data packet.
2. The method of claim 1, wherein determining that the device role of the local communication device is a communication slave device according to the device association information comprises:
determining the home terminal associated network type of the home terminal communication equipment according to the home terminal equipment associated information;
determining the opposite-end associated network type of the opposite-end communication equipment according to the opposite-end equipment associated information;
and under the condition that the network complexity of the home terminal associated network type is lower than that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication slave device.
3. The method of claim 2, wherein determining that the network complexity of the home associated network type is lower than the network complexity of the peer associated network type comprises:
under the condition that the home terminal NAT gateway of the home terminal communication equipment is determined to be a conical NAT gateway and the opposite terminal NAT gateway of the opposite terminal communication equipment is determined to be a symmetrical NAT gateway, the network complexity degree of the home terminal associated network type is determined to be lower than that of the opposite terminal associated network type;
and under the condition that the equipment network type of the local terminal communication equipment is determined to be a broadband network and the equipment network type of the opposite terminal communication equipment is determined to be a mobile network, determining that the network complexity of the local terminal associated network type is lower than that of the opposite terminal associated network type.
4. The method of claim 2, further comprising:
and under the condition that the network complexity of the home terminal associated network type is determined to be the same as that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication slave device according to a random setting strategy.
5. The method of claim 1, wherein obtaining device association information of two-end communication devices comprises:
acquiring local terminal equipment associated information acquired by local terminal communication equipment;
receiving opposite-end equipment association information of the opposite-end communication equipment, which is sent by an intermediate server;
the method further comprises the following steps:
sending the local terminal equipment association information to an intermediate server so as to send the local terminal equipment association information to the opposite terminal communication equipment through the intermediate server;
wherein the local terminal device association information and the opposite terminal device association information include: device address information, NAT gateway type, and device network type.
6. The method of claim 1, further comprising:
acquiring the home terminal routing hop number between the home terminal communication equipment and a target NAT gateway through a network segment detection technology;
the sending of the traversing data packet to the communication master device comprises:
setting a first TTL value of an outbound data packet according to the local end routing hop count;
sending an outbound data packet including the first TTL value to the communication master device; the outbound data packet is discarded after reaching the target NAT gateway, so that the NAT gateway of the communication slave equipment generates a mapping record, and a firewall of the communication slave equipment generates an outbound record;
and sending a ready notification request to an intermediate server so as to request the communication master device to send a punching request data packet to the local terminal communication device through the intermediate server.
7. The method of claim 6, further comprising:
receiving the punching request data packet sent by the communication master device;
feeding back a hole response data packet to the communication master device so as to establish the point-to-point connection between the communication master device and the communication slave device.
8. A NAT traversal method comprises the following steps:
acquiring equipment association information of communication equipment at two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
and under the condition that the device role of the local communication device is determined to be the communication master device according to the device association information, sending a punching request data packet to the communication slave device according to a ready notification request sent by the intermediate server, so that the punching request data packet passes through a firewall and an NAT gateway between the communication devices at two ends.
9. The method of claim 8, wherein determining that the device role of the local communication device is a communication master device according to the device association information comprises:
determining the home terminal associated network type of the home terminal communication equipment according to the home terminal equipment associated information;
determining the opposite-end associated network type of the opposite-end communication equipment according to the opposite-end equipment associated information;
and under the condition that the network complexity of the home terminal associated network type is higher than that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication master device.
10. The method of claim 9, wherein determining that the network complexity of the home associated network type is higher than the network complexity of the peer associated network type comprises:
under the condition that the home terminal NAT gateway of the opposite terminal communication equipment is determined to be a conical NAT gateway and the opposite terminal NAT gateway of the home terminal communication equipment is determined to be a symmetrical NAT gateway, the network complexity degree of the home terminal associated network type is determined to be higher than that of the opposite terminal associated network type;
and under the condition that the equipment network type of the opposite-end communication equipment is determined to be a broadband network and the equipment network type of the local-end communication equipment is determined to be a mobile network, determining that the network complexity of the local-end associated network type is higher than that of the opposite-end associated network type.
11. The method of claim 9, further comprising:
and under the condition that the network complexity of the home terminal associated network type is determined to be the same as that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication master device according to a random setting strategy.
12. The method of claim 8, wherein obtaining device association information of two-end communication devices comprises:
acquiring local terminal equipment associated information acquired by local terminal communication equipment;
receiving opposite-end equipment association information of the opposite-end communication equipment, which is sent by the intermediate server;
the method further comprises the following steps:
sending the local terminal equipment association information to an intermediate server so as to send the local terminal equipment association information to the opposite terminal communication equipment through the intermediate server;
wherein the local terminal device association information and the opposite terminal device association information include: device address information, NAT gateway type, and device network type.
13. The method of claim 8, further comprising:
acquiring the home terminal routing hop number between the home terminal communication equipment and a target NAT gateway through a network segment detection technology;
the sending of the punching request data packet to the communication slave device according to the ready notification request sent by the intermediate server comprises:
after the ready notification request is received, setting a second TTL value of the punching request data packet according to a default TTL value;
sending a punching request data packet comprising the second TTL value to the communication slave equipment so that a NAT gateway of the communication master equipment generates a mapping record and a firewall of the communication master equipment generates an outbound record;
the method further comprises the following steps:
and receiving a punching response data packet sent by the communication master device to establish point-to-point connection between the communication master device and the communication slave device.
14. A NAT traversal method comprises the following steps:
the two-end communication equipment acquires equipment association information; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
the communication equipment at the two ends determines the equipment role of the communication equipment at the local end according to the equipment association information;
one end communication equipment of the two end communication equipment sends a traversing data packet to the communication main equipment under the condition that the equipment role of the local end communication equipment is determined to be the communication slave equipment according to the equipment association information;
and under the condition that the other end communication equipment of the two-end communication equipment determines that the equipment role of the local end communication equipment is the communication master equipment according to the equipment association information, sending a punching request data packet to communication slave equipment according to a ready notification request sent by the intermediate server so as to pass through a firewall and an NAT gateway between the two-end communication equipment through the punching request data packet.
15. A NAT traversal apparatus, comprising:
the first equipment associated information acquisition module is used for acquiring equipment associated information of communication equipment at two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
and the traversing data packet sending module is used for sending a traversing data packet to the communication main equipment under the condition that the equipment role of the local communication equipment is determined to be the communication slave equipment according to the equipment association information so as to traverse the firewall and the NAT gateway between the two end communication equipment through the traversing data packet.
16. The apparatus according to claim 15, wherein the traversal packet sending module is specifically configured to:
determining the home terminal associated network type of the home terminal communication equipment according to the home terminal equipment associated information;
determining the opposite-end associated network type of the opposite-end communication equipment according to the opposite-end equipment associated information;
and under the condition that the network complexity of the home terminal associated network type is lower than that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication slave device.
17. The apparatus according to claim 16, wherein the traversal packet sending module is specifically configured to:
under the condition that the home terminal NAT gateway of the home terminal communication equipment is determined to be a conical NAT gateway and the opposite terminal NAT gateway of the opposite terminal communication equipment is determined to be a symmetrical NAT gateway, the network complexity degree of the home terminal associated network type is determined to be lower than that of the opposite terminal associated network type;
and under the condition that the equipment network type of the local terminal communication equipment is determined to be a broadband network and the equipment network type of the opposite terminal communication equipment is determined to be a mobile network, determining that the network complexity of the local terminal associated network type is lower than that of the opposite terminal associated network type.
18. The apparatus of claim 16, the traversal packet sending module further configured to:
and under the condition that the network complexity of the home terminal associated network type is determined to be the same as that of the opposite terminal associated network type, determining the device role of the home terminal communication device as the communication slave device according to a random setting strategy.
19. A NAT traversal apparatus, comprising:
the second equipment associated information module is used for acquiring the equipment associated information of the communication equipment at the two ends; the device association information comprises local terminal device association information of the local terminal communication device and opposite terminal device association information of the opposite terminal communication device;
and the punching request data packet sending module is used for sending a punching request data packet to the communication slave equipment according to the ready notification request sent by the intermediate server under the condition that the equipment role of the local communication equipment is determined to be the communication master equipment according to the equipment association information, so that the punching request data packet passes through a firewall and an NAT gateway between the communication equipment at the two ends.
20. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the NAT traversal method of any of claims 1-7 or to perform the NAT traversal method of any of claims 8-13.
21. A non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the NAT traversal method of any of claims 1-7 or to perform the NAT traversal method of any of claims 8-13.
22. A computer program product comprising computer programs/instructions, characterized in that the computer programs/instructions, when executed by a processor, implement the NAT traversal method of any of claims 1-7 or perform the NAT traversal method of any of claims 8-13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210113988.7A CN114500062B (en) | 2022-01-30 | 2022-01-30 | NAT traversal method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210113988.7A CN114500062B (en) | 2022-01-30 | 2022-01-30 | NAT traversal method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114500062A true CN114500062A (en) | 2022-05-13 |
| CN114500062B CN114500062B (en) | 2024-04-02 |
Family
ID=81478493
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210113988.7A Active CN114500062B (en) | 2022-01-30 | 2022-01-30 | NAT traversal method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114500062B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1719776A (en) * | 2004-07-10 | 2006-01-11 | 深圳市凌宇创展科技有限公司 | Communication method of passing through NAT and fire wall |
| CN101217536A (en) * | 2007-12-28 | 2008-07-09 | 腾讯科技(深圳)有限公司 | A method, system and client to traverse network address transferring device/firewall |
| CN101262447A (en) * | 2008-04-21 | 2008-09-10 | 中国科学院计算技术研究所 | A method for system terminal to establish NAT channel penetration |
| US20080316994A1 (en) * | 2007-06-22 | 2008-12-25 | Ubiquisys Limited | Synchronization in a mobile communications network |
| US20090199290A1 (en) * | 2008-02-01 | 2009-08-06 | Secure Computing Corporation | Virtual private network system and method |
| CN101883156A (en) * | 2010-06-22 | 2010-11-10 | 北京神州泰岳软件股份有限公司 | Method for traversing NAT (Network Address Translation) equipment |
| CN102710807A (en) * | 2012-05-29 | 2012-10-03 | 北京中视里程科技有限公司 | NAT through method |
| CN104506513A (en) * | 2014-12-16 | 2015-04-08 | 北京星网锐捷网络技术有限公司 | Firewall flow graph backup method, firewall and firewall system |
| CN106210092A (en) * | 2016-07-19 | 2016-12-07 | 天彩电子(深圳)有限公司 | A kind of P2P traversing method merging UPNP and STUN and system thereof |
| CN108989488A (en) * | 2018-09-06 | 2018-12-11 | 腾讯科技(深圳)有限公司 | Traversing method, device and the storage medium of network address translation apparatus |
| US10412122B1 (en) * | 2016-01-22 | 2019-09-10 | Cisco Technology, Inc. | Dynamic per-session NAT-behavior selection |
| CN113452805A (en) * | 2019-09-19 | 2021-09-28 | 华为技术有限公司 | NAT traversal method, equipment and system |
-
2022
- 2022-01-30 CN CN202210113988.7A patent/CN114500062B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1719776A (en) * | 2004-07-10 | 2006-01-11 | 深圳市凌宇创展科技有限公司 | Communication method of passing through NAT and fire wall |
| US20080316994A1 (en) * | 2007-06-22 | 2008-12-25 | Ubiquisys Limited | Synchronization in a mobile communications network |
| CN101217536A (en) * | 2007-12-28 | 2008-07-09 | 腾讯科技(深圳)有限公司 | A method, system and client to traverse network address transferring device/firewall |
| US20090199290A1 (en) * | 2008-02-01 | 2009-08-06 | Secure Computing Corporation | Virtual private network system and method |
| CN101262447A (en) * | 2008-04-21 | 2008-09-10 | 中国科学院计算技术研究所 | A method for system terminal to establish NAT channel penetration |
| CN101883156A (en) * | 2010-06-22 | 2010-11-10 | 北京神州泰岳软件股份有限公司 | Method for traversing NAT (Network Address Translation) equipment |
| CN102710807A (en) * | 2012-05-29 | 2012-10-03 | 北京中视里程科技有限公司 | NAT through method |
| CN104506513A (en) * | 2014-12-16 | 2015-04-08 | 北京星网锐捷网络技术有限公司 | Firewall flow graph backup method, firewall and firewall system |
| US10412122B1 (en) * | 2016-01-22 | 2019-09-10 | Cisco Technology, Inc. | Dynamic per-session NAT-behavior selection |
| CN106210092A (en) * | 2016-07-19 | 2016-12-07 | 天彩电子(深圳)有限公司 | A kind of P2P traversing method merging UPNP and STUN and system thereof |
| CN108989488A (en) * | 2018-09-06 | 2018-12-11 | 腾讯科技(深圳)有限公司 | Traversing method, device and the storage medium of network address translation apparatus |
| CN113452805A (en) * | 2019-09-19 | 2021-09-28 | 华为技术有限公司 | NAT traversal method, equipment and system |
Non-Patent Citations (2)
| Title |
|---|
| GENGSHENG ZHENG: "A New Tunnel Scheme for Multimedia Communications Traversing NAT/Firewall in NGN", 《SIXTH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED COMPUTING APPLICATIONS AND TECHNOLOGIES (PDCAT\'05)》 * |
| 蒋丹青;: "基于链路自适应的移动VPN系统网关设计与实现", 计算机安全, no. 01 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114500062B (en) | 2024-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11595433B2 (en) | Event driven route control | |
| CN106716976B (en) | Media sessions between network endpoints | |
| CN110247784B (en) | Method and device for determining network topology structure | |
| CN102291320B (en) | MAC (media access control) address learning method and edge device | |
| US8650312B2 (en) | Connection establishing management methods for use in a network system and network systems using the same | |
| US10375193B2 (en) | Source IP address transparency systems and methods | |
| US20060215654A1 (en) | Method and apparatus for detecting and recovering from faults associated with transport protocol connections across network address translators | |
| US10212126B2 (en) | System for mediating connection | |
| EP3026872A1 (en) | Packet forwarding method, apparatus, and system | |
| US20210075590A1 (en) | Method and apparatus for establishing blockchain node connection, and device | |
| US9049122B2 (en) | Bandwidth probing messages | |
| CN106302322B (en) | Virtual machine data flow management method and system | |
| CN109561164B (en) | NAT table entry management method and device and NAT equipment | |
| CN114500633B (en) | Data forwarding method, related device, program product and data transmission system | |
| CN114095415B (en) | Route determination method, device, gateway equipment and storage medium | |
| EP3944582A1 (en) | Monitoring of abnormal host | |
| CN114500062B (en) | NAT traversal method and device, electronic equipment and storage medium | |
| CN114598532B (en) | Connection establishment method, device, electronic equipment and storage medium | |
| US10375175B2 (en) | Method and apparatus for terminal application accessing NAS | |
| CN110381007B (en) | TCP acceleration method and device | |
| CN110753135A (en) | IP address configuration method, configuration equipment and storage medium | |
| CN114915748A (en) | Method, system and related device for dynamically switching audio and video communication modes | |
| US10367725B2 (en) | Network programming | |
| CN115225634B (en) | Data forwarding method, device and computer program product under virtual network | |
| US10142126B2 (en) | Scalable dynamic overlay tunnel management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |