CN101217536A - A method, system and client to traverse network address transferring device/firewall - Google Patents
A method, system and client to traverse network address transferring device/firewall Download PDFInfo
- Publication number
- CN101217536A CN101217536A CNA2007103063394A CN200710306339A CN101217536A CN 101217536 A CN101217536 A CN 101217536A CN A2007103063394 A CNA2007103063394 A CN A2007103063394A CN 200710306339 A CN200710306339 A CN 200710306339A CN 101217536 A CN101217536 A CN 101217536A
- Authority
- CN
- China
- Prior art keywords
- client
- synchronization packets
- transmission control
- control protocol
- burrows
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for passing through network address conversion device or firewall, which comprises that a first client initiates a direct connecting request of a transmission control protocol to a second client by means of a hole punching auxiliary server which sends the public network IP address and the port number of the first client to the second client and sends the public network IP address and the port number of the second client to the first client. The first client acquires a transmission control protocol data package sequence which is obtained through tests and can be adopted in hole punching. According to the transmission control protocol package sequence which can be adopted in the hole punching, the first client and the second client send data packages to the public network IP address and the port number of each other with the help of the hole punching auxiliary server, until the direct connection of the transmission control protocol is established successfully. The invention also correspondingly discloses the system and clients corresponding to the method. The technical proposal provided by the embodiment of the invention improves the success probability of passing through network conversion devices.
Description
Technical field
The present invention relates to networking technology area, relate in particular to a kind of method, system and client of traverse network address transferring device/firewall.
Background technology
At present, there are a large amount of network address translation (Network Address Translation, NAT) equipment in the Internet.Network address translation apparatus has solved the problem of IPV4 address shortage, but is provided with obstacle also for simultaneously the direct connection of client in P2P (the Peer to Peer) network.Therefore, in the P2P network, need overcome the obstacle that network address translation apparatus produces, establish a communications link.
For achieving the above object, prior art has proposed a kind of method of TCP passing through network address switching device.See also Fig. 1, two private networks are connected to public network by NAT-A equipment 101 and NAT-B equipment 102 respectively, there is a customer end A 103 NAT-A equipment 101 back, there is a customer end B 104 NAT-B equipment 102 back, the secondary server 105 that burrows is used to assist customer end A and customer end B to set up direct TCP to be connected, promptly make a call to a hole to customer end A, allow customer end A be directly connected to customer end B, do not exist as NAT-B equipment along this hole by customer end B.The process of existing TCP cross-over NAT equipment is as follows:
1) secondary server that burrows starts two port snoopings, and one is to intercept main the connection, intercepts for assisting to burrow for one;
2) customer end A and customer end B respectively with keep in touch main connection of the secondary server that burrows;
3) need and customer end B when setting up direct TCP and being connected when customer end A, the assistance that customer end A at first connects the secondary server that the burrows port that burrows, and send and assist connection request, the while intercepts in this port startup;
4) burrow after secondary server receives the assistance connection request of customer end A, by main connect to send to customer end B connect notice, and public network IP address and the port numbers of customer end A after through the NAT-A device translates sent customer end B;
5) after customer end B is received and is connected notice, at first be connected with the assistance of the secondary server that the burrows port that burrows, careless disconnect immediately after sending some data, the purpose of doing like this is to allow public network IP address and the port numbers of secondary server record customer end B after through the NAT-B device translates that burrow;
6) customer end B attempts being connected with port with the public network IP address of customer end A, purpose is public network IP address and the port numbers for NAT-B equipment records customer end A, for next real connection is prepared, Here it is so-called burrowing, promptly customer end B is that customer end A has been beaten a hole on NAT-B equipment;
7) customer end B is replied " being ready to message " by main the connection to the secondary server that burrows after all are ready;
8) burrow secondary server after receiving above-mentioned answer message, the public network IP address and the port numbers of customer end B sent to customer end A;
9) customer end A is after information such as the public network IP address of receiving customer end B and port numbers, begin to connect the public network IP address and the port numbers of customer end B, because customer end B once attempted connecting the public network IP address and the port numbers of customer end A in step 6, therefore, the NAT-B equipment records information that this time connects, so when customer end A initiatively connects customer end B, NAT-B equipment can be thought the synchronization packets (synchronize that customer end A is sent, SYN) be legal data, permission is passed through, and connects thereby set up direct TCP.
In research and practice process to prior art, the inventor finds that the shortcoming of prior art is: the success rate of cross-over NAT equipment is very low, only could success under particular environment.This is because step 6 customer end B when attempting being connected with port numbers with the public network IP address of customer end A, some NAT device can think that this is an illegal connection request, at this moment, NAT-A equipment can send a reset message (Reset the connection to customer end B, RST), require customer end B and NAT-B device reset, this can cause the public network IP address and the port numbers of the customer end A of its record of NAT-B device clear, when step 9 customer end A initiatively connects customer end B, owing to there is not the record of customer end A on the NAT-B equipment, therefore, NAT-B equipment thinks that the connection request of customer end A is illegal, thereby the connection request of refusal customer end A, the direct connection failure of TCP.
Summary of the invention
The technical problem that the embodiment of the invention will solve provides a kind of method, system and client of traverse network address transferring device/firewall, can guarantee the success rate of very high passing through network conversion equipment.
For solving the problems of the technologies described above, embodiment provided by the present invention is achieved through the following technical solutions:
The embodiment of the invention provides a kind of method of traverse network address transferring device/firewall, comprising:
First client is initiated the direct connection request of transmission control protocol by the secondary server that burrows to second client;
The secondary server that burrows sends to second client with the public network IP address and the port numbers of first client, and the public network IP address and the port numbers of second client sent to first client;
First client is obtained and is tested the adoptable transmission control protocol data packet sequence that burrows that obtains;
First client and second client are under the assistance of the secondary server that burrows, and according to the described adoptable transmission control protocol packet sequence that burrows, public network IP address and port numbers transmission packet to the other side directly connect up to successfully setting up transmission control protocol.
The embodiment of the invention also provides a kind of first client, comprising:
Direct-connected request transmitting unit is used for initiating the direct connection request of transmission control protocol by the secondary server that burrows to second client;
The public network IP address receiving element is used to receive the burrow public network IP address and the port numbers of second client that secondary server returns;
The packet sequence acquiring unit is used to obtain and has tested the adoptable transmission control protocol packet sequence that burrows that obtains;
The direct-connected unit of setting up is used under the assistance of the secondary server that burrows, and according to the described adoptable transmission control protocol packet sequence that burrows, public network IP address and port numbers transmission packet to second client directly connect up to successfully setting up transmission control protocol.
The embodiment of the invention also provides a kind of system of traverse network address transferring device/firewall, comprising: first client, and second client, secondary server burrows;
First client is used for initiating the direct connection request of transmission control protocol by the secondary server that burrows to second client, and obtains and test the adoptable transmission control protocol packet sequence that burrows that obtains;
The secondary server that burrows is used for the public network IP address and the port numbers of first client are sent to second client, and the public network IP address and the port numbers of second client is sent to first client;
First client and second client are under the assistance of the secondary server that burrows, and according to the described adoptable transmission control protocol packet sequence that burrows, public network IP address and port numbers transmission packet to the other side directly connect up to successfully setting up transmission control protocol.
Technique scheme has following beneficial effect:
In the embodiment of the invention, since first client storage in advance the test the environmental testing result that burrows, first client can be according to test result, public network IP address and port numbers to second client send packet, avoided prior art to have improved the success rate of passing through network conversion equipment in the defective of cross-over NAT equipment under the particular environment.
Description of drawings
The networking diagram of the TCP passing through network address switching device that Fig. 1 provides for prior art;
Fig. 2 forms schematic diagram for the system of the passing through network address switching device that the embodiment of the invention provides
The method flow diagram of the passing through network address switching device that Fig. 3 provides for the embodiment of the invention;
The method flow diagram of the passing through network address switching device that Fig. 4 provides for first embodiment of the invention;
The method flow diagram of the passing through network address switching device that Fig. 5 provides for second embodiment of the invention;
The method flow diagram of the passing through network address switching device that Fig. 6 provides for third embodiment of the invention;
The method flow diagram of the passing through network address switching device that Fig. 7 provides for fourth embodiment of the invention;
The method flow diagram of the passing through network address switching device that Fig. 8 provides for fifth embodiment of the invention;
The method flow diagram of the passing through network address switching device that Fig. 9 provides for sixth embodiment of the invention.
Embodiment
The method of the traverse network address transferring device/firewall that the embodiment of the invention provides, system and client, needing to be used for the occasion of reliable data transmission at the P2P network, set up TCP and directly connect (TCP is direct-connected), the method that the embodiment of the invention provides also can abbreviate the TCP method that burrows as.
For the purpose that makes the embodiment of the invention, technical scheme, and advantage clearer, below in conjunction with accompanying drawing the embodiment of the invention is elaborated.
Below be the method that the example explanation embodiment of the invention provides with the method for passing through network address switching device, this method also can be used in passing fire wall.
See also Fig. 2, the system of the passing through network address switching device that provides for the embodiment of the invention forms schematic diagram, and this system comprises: customer end A (first client) 201, and customer end B (second client) 202, secondary server 203 burrows;
Wherein, the survey secondary server 203 that burrows, it is direct-connected to be used to assist customer end A 201 and customer end B 202 cross-over NAT equipments to set up TCP shown in dotted lines in Figure 2, burrow secondary server 203 assist customer end A 201 and customer end B 202 set up TCP direct-connected after, can not get involved data transmission procedure, transfer of data is independently finished by customer end A 201 and customer end B 202.
In embodiments of the present invention, at cross-over NAT equipment, set up TCP direct-connected before, client need be tested the environment that burrows, and preservation test result, the environmental testing that burrows comprises: whether the Test Operating System version meets the requirement that burrows, whether the test subscriber has superuser right (general windows user has superuser right), whether test can use operating system interface that the ttl value of public network IP address is set, and whether the TCP packet sequence shown in the test chart 1 is the TCP packet sequence that can be used for burrowing, wherein, the TCP packet sequence that can be used for burrowing is meant the TCP packet sequence that is not filtered by TNAT equipment.
Wherein, the operating system version test that whether meets the requirement that burrows, user and whether superuser right is arranged and whether can use operating system interface that the ttl value of IP address the is set interface that uses operating system to provide by client is independently finished.And in embodiments of the present invention, the operating system version of client is WinXP SP2 and above version, then meets the requirement that burrows.
In order to finish the test that TCP packet sequence shown in the his-and-hers watches 1 filters situation, further comprise in the system shown in Figure 2: testing server A204, testing server B205;
Wherein, testing server A204 is used to assist the filtration situation of TCP packet sequence shown in NAT device (NAT-A) his-and-hers watches 1 of customer end A 201 test client A, and promptly which the TCP packet sequence in the test client A free list 1 burrows; Testing server B205 is used to assist the filtration situation of TCP packet sequence shown in NAT device (NAT-B) his-and-hers watches 1 of customer end B 202 test client B, and promptly which the TCP packet sequence in the test client B free list 1 burrows.
It should be noted that for conserve network resources in embodiments of the present invention, if the environment that burrows does not change, then client can directly be obtained the test result of having preserved, and burrows according to this result, does not influence the realization of the embodiment of the invention.
TCP packet sequence shown in the following his-and-hers watches 1 is introduced.TCP packet sequence of each line display of table 1, wherein, the packet that first bag expression client sends to testing server, second bag and the 3rd bag expression testing server after receiving first bag, the packet that returns to client.
| Sequence number | First bag | Second bag | The 3rd bag |
| 1 | SYN out | SYN in | Do not have |
| 2 | SYN out | ICMP in | SYN in |
| 3 | SYNo ut | ICMP in | SYNACK in |
| 4 | SYN out | RST in | SYN in |
| 5 | SYN out | RST in | SYNACK in |
Table 1
Below in conjunction with system shown in Figure 2 the method that the embodiment of the invention provides is described in detail.
See also Fig. 3, the method for the passing through network address switching device that provides for the embodiment of the invention, this method comprises:
Step 301: customer end A is initiated the direct connection request of TCP by the secondary server that burrows to customer end B;
Step 302: the secondary server that burrows sends to customer end B with the public network IP address and the port numbers of customer end A, and the public network IP address and the port numbers of customer end B sent to customer end A;
Step 303: customer end A is obtained and is tested the adoptable TCP packet sequence that burrows that obtains;
Step 304: customer end A and customer end B are under the assistance of the secondary server that burrows, and according to the adoptable TCP packet sequence that burrows that step 303 obtains, public network IP address and port numbers transmission packet to the other side directly connect up to successfully setting up TCP.
If client is to carry out TCP for the first time to burrow, then said method further comprises the steps:
Customer end A and customer end B are tested the environment that burrows under the assistance of testing server;
Burrow environmental testing result and customer end B that customer end A is preserved self by the secondary server that burrows to its environmental testing result that burrows who returns.
Illustrating client and testing server, how to test which TCP packet sequence be the TCP sequence that can be used to burrow.Such as, customer end A is after testing server A sends first bag SYNout, client has been received second bag ICMPin and the 3rd bag SYNin that testing server returns, this explanation sequence number is that 2 TCP packet sequence is not filtered by NAT device, then the customer end A LSN is that 2 TCP packet sequence is the available TCP packet sequence that burrows, otherwise, if customer end A is not received the packet that testing server returns, illustrate that the TCP packet sequence is filtered by NAT device, then this sequence can not be used to burrow.
More than introduced the method for the cross-over NAT equipment that the embodiment of the invention provides, in other embodiments of the invention, any one position execution in step 303 that client can be before step 304 does not influence the realization of the embodiment of the invention.
During specific implementation, can there be the multiple different environmental testing result that burrows, below the specific implementation process of the embodiment of the invention be described in detail at the different environmental testing results that burrow.
See also Fig. 4, the method flow diagram of the cross-over NAT equipment that provides for first embodiment of the invention, this method comprises:
Step 401: the assistance that customer end A connects the secondary server that the burrows port that burrows, and send the direct connection request of TCP;
Step 402: after the secondary server that burrows is received described request, connect to customer end B transmission TCP connection notice, and the public network IP address of customer end A process NAT-A device translates is sent to customer end B with port numbers by main the connection by the master;
Customer end B is after receiving that TCP connects notice, be connected with the assistance of the secondary server that the burrows port that burrows, careless some data that send disconnect to the secondary server that burrows immediately, so that burrow public network IP address and the port numbers of secondary server record customer end B after the NAT-B device translates;
Step 403: the secondary server that burrows sends to customer end A by main public network IP address and the port numbers that connects customer end B;
At this moment, customer end A has been known the public network IP address and the port numbers of customer end B, and customer end B has also been known the public network IP address and the port numbers of customer end A;
Step 404: customer end A is obtained and is tested the adoptable TCP packet sequence that burrows that obtains, if described TCP sequence is that sequence number is a ㈠ spoon TCP packet sequence in the table 1, then customer end A is obtained the environmental testing result who has deposited, if the environmental testing result for system version for WinXP SP2 and more than, then enter step 405;
Step 405: customer end A sends a notification message to customer end B by the secondary server that burrows, and this notification message is used to notify public network IP address and the port numbers of customer end B to customer end A to send the SYN bag;
Step 406: customer end A and customer end B send public network IP address from the SYN bag to the other side and port numbers;
Step 407: customer end A and customer end B are returned synchronization packets acknowledge message (SYNACK) to the other side after receiving the SYN bag;
So far TCP is direct-connected sets up, and according to the regulation of Transmission Control Protocol, said method further comprises:
Step 408: customer end A and customer end B are returned acknowledge message (ACK) to the other side after receiving SYNACK.
See also Fig. 5, the method flow diagram of the passing through network address switching device that provides for second embodiment of the invention, the difference of this method and first embodiment is:
Step 504: customer end A is obtained and is tested the adoptable TCP packet sequence that burrows that obtains, if described TCP sequence is that sequence number is 2 TCP packet sequence in the table 1, then customer end A is obtained the environmental testing result who has deposited, if the environmental testing result for system version for can use operating system interface that the ttl value of public network IP address is set, then enter step 505;
Step 505: customer end A sends SYN bag by the secondary server that burrows to customer end B, and the ttl value that SYN bag carries the public network IP address of customer end B is set to low;
Wherein, the requirement of low ttl value is: ttl value can make the first SYN free clothing cross NAT-A equipment, but can not arrive customer end B;
And SYN bag utilizes bottom-layer network function oneself structure by customer end A.
Step 506: burrow secondary server to customer end A return the Internet Control Message Protocol bag (Internet Control Message Protocol, ICMP), the ttl value that ICMP bag carries the public network IP address of customer end A is set to expired;
Step 507: the secondary server that burrows sends a notification message to customer end B;
Step 508: customer end B sends the 2nd SYN bag to the public network IP address of customer end A and port numbers after receiving described notification message;
Step 509: customer end A sends the SYNACK bag to customer end B after receiving the 2nd SYN bag that customer end B is sent, so far TCP is direct-connected sets up.
See also Fig. 6, the method flow diagram of the cross-over NAT equipment that provides for third embodiment of the invention, the difference that this method and preamble have been stated embodiment is:
Step 604: customer end A is obtained and is tested the adoptable TCP packet sequence that burrows that obtains, if described TCP sequence is that sequence number is 3 TCP packet sequence in the table 1, then customer end A is obtained the environmental testing result who has deposited, if the environmental testing result is that operating system version is more than Win XP SP2 reaches for system version, the user has superuser right, and, can use operating system interface that the ttl value of public network IP address is set, then enter step 605;
Step 605: customer end A and customer end B send the SYN bag by the secondary server that burrows to the other side, and the ttl value that this SYN bag carries public network IP address is set to low ttl value;
Concrete, customer end A is carried the public network IP address of customer end B to the SYN bag that customer end B sends, the ttl value of this public network IP address is set to low ttl value, in like manner, customer end B is carried the public network IP address of customer end A to the 2nd SYN bag that customer end A sends, and the ttl value of this public network IP address is set to low ttl value;
And the requirement of low ttl value sees also the second embodiment relevant portion, repeats no more herein.
Step 606: the secondary server that burrows sends the ICMP bag respectively to customer end A and customer end B;
Wherein, the ICMP bag of issuing customer end A carries the public network IP address of customer end A, and the TTL of this public network IP address is set to expired, and in like manner, the ICMP that issues customer end B carries the public network IP address of customer end B, and the ttl value of this public network IP address is set to expired;
Step 607: customer end A and customer end B send the TCP sequence number of oneself to the other side by the secondary server that burrows after receiving the ICMP bag;
Wherein, TCP sequence number is that customer end A and customer end B oneself listen to sending the SYN bag to the other side when;
Step 608: customer end A and customer end B send the SYNACK bag to the other side after receiving the other side's TCP sequence number, so far TCP is direct-connected sets up.
More than introduced third embodiment of the invention, all packets all utilize bottom-layer network function oneself structure by customer end A and customer end B among this embodiment.
See also Fig. 7, the method flow diagram of the cross-over NAT equipment that provides for fourth embodiment of the invention, the difference that this method and preamble have been stated method is:
Step 704: customer end A is obtained and is tested the adoptable TCP packet sequence that burrows that obtains, if described TCP sequence is that sequence number is 4 TCP packet sequence in the table 1, then enters step 705;
Step 705: customer end A sends SYN bag to the public network IP address of customer end B and the NAT-B equipment of port numbers correspondence;
Wherein, SYN bag is the packet that customer end A is utilized bottom-layer network function oneself structure;
Step 706:NAT-B equipment returns RST message to customer end A, and RST message is that NAT-B equipment generates automatically;
Wherein, customer end A sends a SYN when wrapping NAT-B, owing to there is not the record of customer end A on the NAT-B equipment, so NAT-B equipment can generate a RST message automatically, and returns to customer end A, requires customer end A and NAT-A device reset.
Step 707: customer end A sends a notification message to customer end B by the secondary server that burrows;
Step 708: after customer end B receives down described notification message, send the 2nd SYN bag to the public network IP address of customer end A and port numbers;
Step 709: customer end A is returned the SYNACK bag to customer end B after receiving the 2nd SYN bag, so far TCP is direct-connected sets up.
See also Fig. 8, the method flow diagram of the cross-over NAT equipment that provides for fifth embodiment of the invention, the difference that this method and preamble have been stated embodiment is:
Step 804: customer end A is obtained and is tested the adoptable TCP packet sequence that burrows that obtains, if described TCP sequence is that sequence number is 5 TCP packet sequence in the table 1, then customer end A is obtained the environmental testing result who has deposited, if the environmental testing result for operating system version for WinXP SP2 and more than, the user has superuser right, then enters step 805;
Step 805: customer end A and customer end B send the SYN bag to the NAT device of the other side's public network IP address and port numbers correspondence respectively;
Step 806:NAT-A equipment and NAT-B equipment return RST message to customer end A and customer end B after receiving the SYN bag;
Step 807: customer end A and customer end B send to the other side by the secondary server that burrows with oneself TCP sequence;
Step 808: customer end A and customer end B are returned the SYNACK bag to the other side respectively after receiving the other side's TCP sequence number, so far TCP is direct-connected sets up.
More than the method that provides for fifth embodiment of the invention, except that RST message, other packet all utilizes bottom-layer network function oneself structure respectively by customer end A and customer end B in this method.
More than at the different environment that burrows the embodiment of the invention is introduced.
Further, in embodiments of the present invention, the method that above-mentioned five embodiment provide may operate on the same client, before beginning to burrow, obtain the test result of TCP packet sequence, if sequence number is N (N=1,2 in the table 1,5) TCP packet sequence is not filtered by NAT device, the method of selecting N embodiment to provide then, then, whether the test result of 2 column informations of test chart satisfies the requirement of N embodiment, if satisfy, then the method for using N embodiment to provide begins to burrow, if do not satisfy, then can not carry out TCP and burrow.Be that preamble has been stated 5 embodiment and needed the information of testing and not needing to test separately shown in the table 2, wherein, " √ " expression needs the information of test, and " * " expression does not need the information of testing.
Generally, the customer end B environmental testing result that oneself need be burrowed sends to customer end A by the secondary server that burrows, and the environmental testing result that burrows of burrow environmental testing result and the customer end B of customer end A by preserving oneself selects the method that burrows.
| The TCP method that burrows | Operating system version | Ttl value is set | Superuser right |
| Embodiment one | √ | × | × |
| Embodiment two | × | √ | × |
| Embodiment three | √ | √ | √ |
| Embodiment four | × | × | × |
| Embodiment five | √ | × | √ |
Table 2
More than introduced the method for the cross-over NAT equipment that the embodiment of the invention provides, in order to guarantee higher success rate, the method that the embodiment of the invention can be provided and the existing UDP method that burrows, and the method for super node interim data merges mutually.
See also Fig. 9, the fusion that provides for the embodiment of the invention method flow diagram of cross-over NAT equipment of the multiple mode that burrows, this method comprises:
Step 901: customer end A and customer end B utilize testing server A and testing server B to use the NAT type of Simple Traversal of UDP Through Network Address Translators test oneself;
The NAT type has four kinds: the tapered NAT of full duplex, the constrained NAT of IP, port restricted type NAT and symmetric form NAT.
Step 902: if customer end A judges that obtaining the obstructed or operation layer requirement of UDP must use TCP to burrow, then enter step 903, otherwise, enter step 904;
Step 903: customer end A is obtained the environmental testing result that burrows who has deposited, and according to described test result, the TCP method of burrowing of using the embodiment of the invention to provide is carried out TCP and burrowed;
Step 904: customer end A judges whether and can burrow, if can, then enter step 905, otherwise, step 906 entered;
Step 905: customer end A uses UDP to burrow according to the type of NAT device;
Step 906: customer end A triggers the super node interim data.
The embodiment of the invention also provides a kind of first client, and this client comprises:
Direct-connected request transmitting unit is used for initiating the direct connection request of TCP by the secondary server that burrows to customer end B;
The public network IP address receiving element is used to receive the burrow public network IP address and the port numbers of the customer end B that secondary server returns;
The packet sequence acquiring unit is used to obtain and has tested the adoptable transmission control protocol packet sequence that burrows that obtains;
The direct-connected unit of setting up is used under the assistance of the secondary server that burrows, and according to the described adoptable transmission control protocol packet sequence that burrows, public network IP address and port numbers transmission packet to customer end B directly connect up to successfully setting up TCP.
If first client is to carry out TCP for the first time to burrow, then above-mentioned first client further comprises:
The environmental testing unit is used for the test environment that burrows, and burrow environmental testing result and the customer end B of preserving first client storage self by the secondary server that burrows to its environmental testing result that burrows who returns.
The embodiment of the invention provides the specific implementation of several first clients at the different environmental testing results that burrows, and below describes in detail.
1, if sequence number is that 1 TCP packet sequence is the TCP sequence that can be used for burrowing in the table 1, then described client further comprises:
The test result acquiring unit is used to obtain the environmental testing result who has deposited, if test result is that operating system version meets the version condition that presets, then triggers the described direct-connected unit of setting up;
When specific implementation, the direct-connected unit of setting up comprises: synchronization packets transmitting element, synchronization packets receiving element, acknowledge message transmitting element;
The synchronization packets transmitting element is used for public network IP address and port numbers to customer end B, sends first synchronization packets;
The notification message transmitting element is used for sending a notification message to customer end B by the secondary server that burrows, and this notification message is used to notify public network IP address and the port numbers of customer end B to customer end A to send the SYN bag;
The synchronization packets receiving element is used to receive customer end B after receiving described notification message, second synchronization packets of transmission;
The acknowledge message transmitting element is used for after receiving described second synchronization packets, sends the synchronization packets acknowledge message to customer end B;
The acknowledge message receiving element is used to receive customer end B after receiving first synchronization packets, the synchronization packets acknowledge message of returning.
2, if sequence number is that 2 TCP packet sequence is the TCP sequence that can be used for burrowing in the table 1, then described client further comprises:
The test result acquiring unit is used to obtain the environmental testing result who has deposited, if test result for can use operating system interface that the ttl value of public network IP address is set, then triggers the described direct-connected unit of setting up;
When specific implementation, the direct-connected unit of setting up comprises:
The synchronization packets transmitting element is used for sending first synchronization packets by the secondary server that burrows to customer end B, and the ttl value that described first synchronization packets is carried the public network IP address of customer end B is set to low;
The protocol package receiving element is used to receive the internet control message protocol bag that secondary server returns that burrows, and the ttl value that described protocol package is carried the public network IP address of first client is set to expired;
The synchronization packets receiving element is used to receive second synchronization packets that customer end B sends;
The acknowledge message transmitting element is used for after the synchronization packets receiving element is received described second synchronization packets, sends the synchronization packets acknowledge message to customer end B.
3, if sequence number is that 3 TCP packet sequence is the TCP sequence that can be used for burrowing in the table 1, then described client further comprises:
The test result acquiring unit, be used to obtain the environmental testing result who has deposited, if test result be operating system version for WinXP SP2 and more than, can use operating system interface that the ttl value of public network IP address is set, and the user has superuser right, then triggers the described direct-connected unit of setting up;
When specific implementation, the direct-connected unit of setting up comprises:
The synchronization packets transmitting element is used for sending synchronization packets by the secondary server that burrows to customer end B, and the ttl value that described synchronization packets is carried the public network IP address of customer end B is set to low;
The protocol package receiving element is used to receive the internet control message protocol bag that secondary server returns that burrows, and the ttl value that described protocol package is carried the public network IP address of first client is set to expired;
The sequence number transmitting element is used for sending the first transmission control protocol sequence number by the secondary server that burrows to customer end B;
The sequence number receiving element is used to receive the second transmission control protocol sequence number of the customer end B that server sends of burrowing;
The acknowledge message transmitting element is used for after receiving the second transmission control protocol sequence number, sends the synchronization packets acknowledge message to customer end B;
The acknowledge message receiving element is used to receive customer end B after receiving the first transmission control protocol sequence number, the synchronization packets acknowledge message of returning.
4, if sequence number is that 4 TCP packet sequence is the TCP sequence that can be used for burrowing in the table 1, then when specific implementation, the direct-connected unit of setting up comprises:
The synchronization packets transmitting element is used for sending first synchronization packets to the public network IP address of customer end B and the network address translation apparatus of port numbers correspondence;
The reset message receiving element is used to receive the reset message that described network address translation apparatus returns;
The notification message transmitting element is used for sending a notification message to customer end B by the secondary server that burrows;
The synchronization packets receiving element is used to receive customer end B after notified message, second synchronization packets of transmission;
The acknowledge message transmitting element is used for returning the synchronization packets acknowledge message to customer end B after receiving described second synchronization packets.
5, if sequence number is that 5 TCP packet sequence is the TCP sequence that can be used for burrowing in the table 1, then described client further comprises
The test result acquiring unit is used to obtain the environmental testing result who has deposited, if test result is that operating system version is WinXP SP2, and the user has superuser right, then triggers the described direct-connected unit of setting up;
When specific implementation, the direct-connected unit of setting up comprises:
The synchronization packets transmitting element is used for sending first synchronization packets to the public network IP address of customer end B and the network address translation apparatus of port numbers correspondence;
The reset message receiving element is used to receive the reset message that described network address translation apparatus returns;
The sequence number transmitting element is used for sending the first transmission control protocol sequence number to the public network IP address and the port numbers of customer end B;
The sequence number receiving element is used to receive the second transmission control protocol sequence number that customer end B sends;
The acknowledge message transmitting element is used for returning the synchronization packets acknowledge message to customer end B after receiving the second transmission control protocol sequence number;
The acknowledge message receiving element is used to receive customer end B after receiving the first transmission control protocol sequence number, the synchronization packets acknowledge message of returning.
According to the requirement of Transmission Control Protocol, all further comprise in above-mentioned five kinds of direct-connected unit of setting up:
The response message transmitting element is used for after receiving the synchronization packets acknowledge message that second client is returned, and sends response message (ACK) to second client;
The response message receiving element is used to receive second client after receiving the synchronization packets acknowledge message that first client sends, the response message that returns.
In first client that the embodiment of the invention provides, further comprise: test packet transmitting element, test packet receiving element, sequential recording unit;
The test packet transmitting element is used for sending first synchronization packets to testing server,
The test packet receiving element is used for the packet that the acceptance test server returns;
If the packet that receives of test packet receiving element is second synchronization packets, sequential recording unit then, being used to write down the sequence that is made of described first synchronization packets and second synchronization packets is the transmission control protocol packet sequence that can be used for burrowing;
If it is the internet control message protocol bag and second synchronization packets that the test packet receiving element receives packet, sequential recording unit then, be used for record by described first synchronization packets, the internet control message protocol bag, and the sequence that second synchronization packets constitutes is the transmission control protocol packet sequence that can be used for burrowing;
If it is internet control message protocol bag and synchronization packets acknowledge message that the test packet receiving element receives packet, sequential recording unit then, be used for record by described first synchronization packets, the internet control message protocol bag, and the sequence that the synchronization packets acknowledge message constitutes is the transmission control protocol packet sequence that can be used for burrowing;
If it is the reset message and second synchronization packets that the test packet receiving element receives packet, sequential recording unit then, be used for record by described first synchronization packets, the sequence that the reset message and second synchronization packets constitute is the transmission control protocol packet sequence that can be used for burrowing;
If it is reset message and synchronization packets acknowledge message that the test packet receiving element receives packet, sequential recording unit then, be used for record by described first synchronization packets, the sequence that reset message and synchronization packets acknowledge message constitute is the transmission control protocol packet sequence that can be used for burrowing.
In order to guarantee the success rate of higher cross-over NAT equipment, first client that the embodiment of the invention provides further comprises:
The type of network address translation equipment test cell is used to utilize the type of testing server test network address-translating device;
The method that burrows selected cell, if judge obtain the User Datagram Protoco (UDP) bag can't by or the operation layer requirement use transmission control protocol to burrow, then trigger the test result acquiring unit, otherwise, judge whether and can burrow, if can, the direct-connected unit of setting up of user datagram then triggered, otherwise, trigger the super node interim data;
The direct-connected unit of setting up of user datagram is used for the type according to network address translation apparatus, uses User Datagram Protoco (UDP) to burrow.
More than method, system and the client of a kind of traverse network address transferring device/firewall provided by the present invention is described in detail, for one of ordinary skill in the art, thought according to the embodiment of the invention, part in specific embodiments and applications all can change, in sum, this description should not be construed as limitation of the present invention.
Claims (18)
1. the method for a traverse network address transferring device/firewall is characterized in that, comprising:
First client is initiated the direct connection request of transmission control protocol by the secondary server that burrows to second client;
The secondary server that burrows sends to second client with the public network IP address and the port numbers of first client, and the public network IP address and the port numbers of second client sent to first client;
First client is obtained and is tested the adoptable transmission control protocol data packet sequence that burrows that obtains;
First client and second client are under the assistance of the secondary server that burrows, and according to the described adoptable transmission control protocol packet sequence that burrows, public network IP address and port numbers transmission packet to the other side directly connect up to successfully setting up transmission control protocol.
2. the method for claim 1 is characterized in that, further comprises:
First client sends first synchronization packets to testing server,
If first client receives second synchronization packets that testing server returns, then the sequence that is made of described first synchronization packets and second synchronization packets is the first transmission control protocol packet sequence that can be used for burrowing;
If first client receives the internet control message protocol bag and second synchronization packets that testing server returns, then by described first synchronization packets, the internet control message protocol bag, and the sequence that second synchronization packets constitutes is the second transmission control protocol packet sequence that can be used for burrowing;
If first client receives internet control message protocol bag and the synchronization packets acknowledge message that testing server returns, then by described first synchronization packets, the internet control message protocol bag, and the sequence that the synchronization packets acknowledge message constitutes is the 3rd transmission control protocol packet sequence that can be used for burrowing;
If first client receives the reset message and second synchronization packets that testing server returns, then by described first synchronization packets, the sequence that the reset message and second synchronization packets constitute is the 4th transmission control protocol packet sequence that can be used for burrowing;
If first client receives reset message and the synchronization packets acknowledge message that testing server returns, then by described first synchronization packets, the sequence that reset message and synchronization packets acknowledge message constitute is the 5th transmission control protocol packet sequence that can be used for burrowing.
3. method as claimed in claim 2, it is characterized in that, adoptable transmission control protocol packet sequence is the described first transmission control protocol packet sequence if burrow, and then first client further comprises after obtaining and testing the adoptable transmission control protocol data packet sequence that burrows that obtains:
First client is obtained the environmental testing result who has deposited, if test result is that operating system version meets the version condition that presets, then described first client and second client send packet to the other side;
Wherein, described first client and second client send packet to the other side and specifically comprise:
First client sends a notification message to second client by the secondary server that burrows;
First client sends first synchronization packets to the public network IP address and the port numbers of second client;
Second client is after receiving described notification message, and public network IP address and port numbers to first client send second synchronization packets;
First client and second client are returned public network IP address from the synchronization packets acknowledge message to the other side and port numbers after receiving described synchronization packets, so far first and second clients are successfully set up transmission control protocol and directly connected.
4. method as claimed in claim 2, it is characterized in that, adoptable transmission control protocol packet sequence is the described second transmission control protocol packet sequence if burrow, and then first client further comprises after obtaining and testing the adoptable transmission control protocol data packet sequence that burrows that obtains:
First client is obtained the environmental testing result who has deposited, and for can use operating system interface that the ttl value of public network IP address is set, then described first client and second client send packet to the other side as if test result;
Wherein, described first client and second client send packet to the other side and specifically comprise:
First client sends first synchronization packets by the secondary server that burrows to second client, and the ttl value that described first synchronization packets is carried the public network IP address of second client is set to low;
The secondary server that burrows returns the internet control message protocol bag to first client, and the ttl value that described protocol package is carried the public network IP address of first client is set to expired;
The secondary server that burrows sends a notification message to second client;
Second client sends second synchronization packets to the public network IP address and the port numbers of first client after receiving described notification message;
After first client is received described second synchronization packets, send the second synchronization packets acknowledge message to second client, so far first and second clients are successfully set up transmission control protocol and are directly connected.
5. method as claimed in claim 2, it is characterized in that, adoptable transmission control protocol packet sequence is described the 3rd transmission control protocol packet sequence if burrow, and then first client further comprises after obtaining and testing the adoptable transmission control protocol data packet sequence that burrows that obtains:
First client is obtained the environmental testing result who has deposited, if test result is that operating system version meets the version condition that presets, can use operating system interface that the ttl value of public network IP address is set, and the user has superuser right, and then described first client and second client send packet to the other side;
Wherein, described first client and second client send packet to the other side and specifically comprise:
First client and second client send synchronization packets by the secondary server that burrows to the other side, and the ttl value of the public network IP address that described synchronization packets is carried is set to low;
The secondary server that burrows sends the internet control message protocol bag to first client and second client, and the ttl value of the public network IP address that described protocol package is carried is set to expired;
First client and second client send the transmission control protocol sequence number by the secondary server that burrows to the other side;
First client and second client send the synchronization packets acknowledge message to the other side after receiving described transmission control protocol sequence number, so far first and second clients are successfully set up transmission control protocol and directly connected.
6. method as claimed in claim 2 is characterized in that, if the adoptable transmission control protocol packet sequence that burrows is described the 4th transmission control protocol packet sequence, then described first client and second client send packet to the other side and specifically comprise:
First client sends first synchronization packets to the public network IP address of second client and the network address translation apparatus of port numbers correspondence;
Described network address translation apparatus returns reset message to the public network IP address and the port numbers of first client;
First client sends a notification message to second client by the secondary server that burrows;
Second client sends second synchronization packets to first client after receiving described message;
First client is returned the synchronization packets acknowledge message to second client after receiving described second synchronization packets, and so far first and second clients are successfully set up transmission control protocol and directly connected.
7. method as claimed in claim 2, it is characterized in that, adoptable transmission control protocol packet sequence is described the 5th transmission control protocol packet sequence if burrow, and then first client further comprises after obtaining and testing the adoptable transmission control protocol data packet sequence that burrows that obtains:
First client is obtained the environmental testing result who has deposited, if test result is that system version meets the version condition that presets, and the user has superuser right, and then first client and second client send packet to the other side;
Wherein, described first client and second client send packet to the other side and specifically comprise:
First client and second client send synchronization packets to the other side's the public network IP address and the network address translation apparatus of port numbers correspondence;
Network address translation apparatus returns reset message to the other side's client after receiving described synchronization packets;
First client and second client send public network IP address from the transmission control protocol sequence number to the other side and port numbers;
First client and second client are returned the synchronization packets acknowledge message to the other side after receiving the other side's transmission control protocol sequence number, so far first and second clients are successfully set up transmission control protocol and directly connected.
8. as described any one method of claim 1 to 7, it is characterized in that, initiate further to comprise before the direct connection request of transmission control protocol to second client by the secondary server that burrows in first client:
First client and second client are utilized the type of testing server test network address-translating device;
If first client judge obtain the User Datagram Protoco (UDP) bag can't by or the operation layer requirement use transmission control protocol to burrow, then first client is obtained the environmental testing result that burrows who has deposited, uses transmission control protocol to burrow;
Otherwise can first client be judged and be burrowed, if energy, then first client uses User Datagram Protoco (UDP) to burrow according to the type of network address translation apparatus, otherwise, trigger the super node interim data.
9. a client is characterized in that, comprising:
Direct-connected request transmitting unit is used for initiating the direct connection request of transmission control protocol by the secondary server that burrows to second client;
The public network IP address receiving element is used to receive the burrow public network IP address and the port numbers of second client that secondary server returns;
The packet sequence acquiring unit is used to obtain and has tested the adoptable transmission control protocol packet sequence that burrows that obtains;
The direct-connected unit of setting up is used under the assistance of the secondary server that burrows, and according to the described adoptable transmission control protocol packet sequence that burrows, public network IP address and port numbers transmission packet to second client directly connect up to successfully setting up transmission control protocol.
10. client as claimed in claim 9 is characterized in that, described client further comprises: test packet transmitting element, test packet receiving element, sequential recording unit;
The test packet transmitting element is used for sending first synchronization packets to testing server,
The test packet receiving element is used for the packet that the acceptance test server returns;
If the packet that receives of test packet receiving element is second synchronization packets, sequential recording unit then, being used to write down the sequence that is made of described first synchronization packets and second synchronization packets is the first transmission control protocol packet sequence that can be used for burrowing;
If it is the internet control message protocol bag and second synchronization packets that the test packet receiving element receives packet, sequential recording unit then, be used for record by described first synchronization packets, the internet control message protocol bag, and the sequence that second synchronization packets constitutes is the second transmission control protocol packet sequence that can be used for burrowing;
If it is internet control message protocol bag and synchronization packets acknowledge message that the test packet receiving element receives packet, sequential recording unit then, be used for record by described first synchronization packets, the internet control message protocol bag, and the sequence that the synchronization packets acknowledge message constitutes is the 3rd transmission control protocol packet sequence that can be used for burrowing;
If it is the reset message and second synchronization packets that the test packet receiving element receives packet, sequential recording unit then, be used for record by described first synchronization packets, the sequence that the reset message and second synchronization packets constitute is the 4th transmission control protocol packet sequence that can be used for burrowing;
If it is reset message and synchronization packets acknowledge message that the test packet receiving element receives packet, sequential recording unit then, be used for record by described first synchronization packets, the sequence that reset message and synchronization packets acknowledge message constitute is the 5th transmission control protocol packet sequence that can be used for burrowing.
11. client as claimed in claim 10 is characterized in that, if the adoptable transmission control protocol packet sequence that burrows is the described first transmission control protocol packet sequence, then described client further comprises:
The test result acquiring unit is used to obtain the environmental testing result who has deposited, if test result is that operating system version meets the version condition that presets, then triggers the described direct-connected unit of setting up;
Wherein, the described direct-connected unit of setting up specifically comprises:
The synchronization packets transmitting element is used for public network IP address and port numbers to second client, sends first synchronization packets;
The notification message transmitting element is used for sending a notification message to second client by the secondary server that burrows;
The synchronization packets receiving element is used to receive second client after receiving described notification message, second synchronization packets of transmission;
The acknowledge message transmitting element is used for after receiving described second synchronization packets, sends the synchronization packets acknowledge message to second client;
The acknowledge message receiving element is used to receive second client after receiving first synchronization packets, the synchronization packets acknowledge message of returning.
12. client as claimed in claim 10 is characterized in that, if the adoptable transmission control protocol packet sequence that burrows is the described second transmission control protocol packet sequence, then described client further comprises:
The test result acquiring unit is used to obtain the environmental testing result who has deposited, if test result for can use operating system interface that the ttl value of public network IP address is set, then triggers the described direct-connected unit of setting up;
Wherein, the described direct-connected unit of setting up specifically comprises:
The synchronization packets transmitting element is used for sending first synchronization packets by the secondary server that burrows to second client, and the ttl value that described first synchronization packets is carried the public network IP address of second client is set to low;
The protocol package receiving element is used to receive the internet control message protocol bag that secondary server returns that burrows, and the ttl value that described protocol package is carried the public network IP address of first client is set to expired;
The notification message transmitting element is used for sending a notification message to second client by the secondary server that burrows;
The synchronization packets receiving element is used to receive second client after receiving described notification message, second synchronization packets of transmission;
The acknowledge message transmitting element is used for sending the second synchronization packets acknowledge message to second client after receiving described second synchronization packets.
13. client as claimed in claim 10 is characterized in that, if the adoptable transmission control protocol packet sequence that burrows is described the 3rd transmission control protocol packet sequence, then described client further comprises:
The test result acquiring unit, be used to obtain the environmental testing result who has deposited,, can use operating system interface that the ttl value of public network IP address is set if test result is that operating system version meets the version condition that presets, and the user has superuser right, then triggers the described direct-connected unit of setting up;
Wherein, the described direct-connected unit of setting up specifically comprises:
The synchronization packets transmitting element is used for sending synchronization packets by the secondary server that burrows to second client, and the ttl value that described synchronization packets is carried the public network IP address of second client is set to low;
The protocol package receiving element is used to receive the internet control message protocol bag that secondary server returns that burrows, and the ttl value that described protocol package is carried the public network IP address of first client is set to expired;
The sequence number transmitting element is used for sending the first transmission control protocol sequence number by the secondary server that burrows to second client;
The sequence number receiving element is used to receive the second transmission control protocol sequence number of second client that server sends of burrowing;
The acknowledge message transmitting element is used for after receiving the second transmission control protocol sequence number, sends the synchronization packets acknowledge message to second client;
The acknowledge message receiving element is used to receive second client after receiving the first transmission control protocol sequence number, the synchronization packets acknowledge message of returning.
14. client as claimed in claim 10 is characterized in that, if the adoptable transmission control protocol packet sequence that burrows is described the 4th transmission control protocol packet sequence, the then described direct-connected unit of setting up specifically comprises:
The synchronization packets transmitting element is used for sending first synchronization packets to the public network IP address of second client and the network address translation apparatus of port numbers correspondence;
The reset message receiving element is used to receive the reset message that described network address translation apparatus returns;
The notification message transmitting element is used for sending a notification message to second client by the secondary server that burrows;
The synchronization packets receiving element is used to receive second client after receiving described notification message, second synchronization packets of transmission;
The acknowledge message transmitting element is used for returning the synchronization packets acknowledge message to second client after receiving described second synchronization packets.
15. client as claimed in claim 10 is characterized in that, if the adoptable transmission control protocol packet sequence that burrows is described the 5th transmission control protocol packet sequence, then described client further comprises:
The test result acquiring unit is used to obtain the test result of the environment of having deposited, if test result is that operating system version meets the version condition that presets, and the user has superuser right, then triggers the described direct-connected unit of setting up;
Wherein, the described direct-connected unit of setting up specifically comprises:
The synchronization packets transmitting element is used for sending first synchronization packets to the public network IP address of second client and the network address translation apparatus of port numbers correspondence;
The reset message receiving element is used to receive the reset message that described network address translation apparatus returns;
The sequence number transmitting element is used for sending the first transmission control protocol sequence number to the public network IP address and the port numbers of second client;
The sequence number receiving element is used to receive the second transmission control protocol sequence number that second client sends;
The acknowledge message transmitting element is used for returning the synchronization packets acknowledge message to second client after receiving the second transmission control protocol sequence number;
The acknowledge message receiving element is used to receive second client after receiving the first transmission control protocol sequence number, the synchronization packets acknowledge message of returning.
16., it is characterized in that described client further comprises as described any one client of claim 9 to 15:
The type of network address translation equipment test cell is used to utilize the type of testing server test network address-translating device;
The method that burrows selected cell, if judge obtain the User Datagram Protoco (UDP) bag can't by or the operation layer requirement use transmission control protocol to burrow, then trigger direct-connected request transmitting unit, otherwise, can judgement burrow, if can, then trigger the direct-connected unit of setting up of user data package, otherwise, trigger the super node interim data;
The direct-connected unit of setting up of user data package is used for the type according to network address translation apparatus, uses User Datagram Protoco (UDP) to burrow.
17. the system of a traverse network address transferring device/firewall is characterized in that, comprising: first client, second client, secondary server burrows;
First client is used for initiating the direct connection request of transmission control protocol by the secondary server that burrows to second client, and obtains and test the adoptable transmission control protocol packet sequence that burrows that obtains;
The secondary server that burrows is used for the public network IP address and the port numbers of first client are sent to second client, and the public network IP address and the port numbers of second client is sent to first client;
First client and second client are under the assistance of the secondary server that burrows, and according to the described adoptable transmission control protocol packet sequence that burrows, public network IP address and port numbers transmission packet to the other side directly connect up to successfully setting up transmission control protocol.
18. system as claimed in claim 17 is characterized in that, described system further comprises: first testing server and second testing server;
First testing server is used to assist first client to test the adoptable transmission control protocol packet sequence that burrows;
Second testing server is used to assist second client to test the adoptable transmission control protocol packet sequence that burrows.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007103063394A CN101217536B (en) | 2007-12-28 | 2007-12-28 | A method, system and client to traverse network address transferring device/firewall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007103063394A CN101217536B (en) | 2007-12-28 | 2007-12-28 | A method, system and client to traverse network address transferring device/firewall |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101217536A true CN101217536A (en) | 2008-07-09 |
| CN101217536B CN101217536B (en) | 2011-11-09 |
Family
ID=39623899
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007103063394A Active CN101217536B (en) | 2007-12-28 | 2007-12-28 | A method, system and client to traverse network address transferring device/firewall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101217536B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873324A (en) * | 2010-06-22 | 2010-10-27 | 北京神州泰岳软件股份有限公司 | Method for passing through firewall |
| CN101873359A (en) * | 2010-06-28 | 2010-10-27 | 北京神州泰岳软件股份有限公司 | Method for implementing UDP hole punching |
| CN104660722A (en) * | 2013-11-21 | 2015-05-27 | 倚强科技股份有限公司 | Network connection method and network system thereof |
| CN105306567A (en) * | 2015-10-23 | 2016-02-03 | 小米科技有限责任公司 | Method and device for terminal connection |
| WO2016161774A1 (en) * | 2015-04-07 | 2016-10-13 | 中兴通讯股份有限公司 | Method and apparatus for terminal application accessing nas |
| CN106331198A (en) * | 2015-06-29 | 2017-01-11 | 中兴通讯股份有限公司 | NAT traversal method and device |
| CN106605398A (en) * | 2014-07-10 | 2017-04-26 | 诺基亚通信公司 | Unique connection identifier |
| CN107580081A (en) * | 2017-09-18 | 2018-01-12 | 北京奇艺世纪科技有限公司 | A kind of NAT penetrating methods and device |
| CN109088958A (en) * | 2018-09-19 | 2018-12-25 | 腾讯数码(天津)有限公司 | Data transmission method and computer equipment |
| CN109451049A (en) * | 2018-12-15 | 2019-03-08 | 深圳壹账通智能科技有限公司 | Method for down loading, device, computer equipment and the storage medium of application program update packet |
| CN109660637A (en) * | 2018-11-16 | 2019-04-19 | 深圳市网心科技有限公司 | P2P burrows transmission method and system, electronic device and computer readable storage medium |
| CN109743238A (en) * | 2018-12-27 | 2019-05-10 | 北京天元特通信息技术股份有限公司 | A kind of distributed access systems |
| CN110266828A (en) * | 2019-06-11 | 2019-09-20 | 华为技术有限公司 | A kind of method, apparatus and network system for establishing end to end network connection |
| CN111464821A (en) * | 2020-04-01 | 2020-07-28 | 长沙文影网络科技有限公司 | Audio and video live broadcast P2P holing optimization method |
| CN112532757A (en) * | 2019-09-19 | 2021-03-19 | 华为技术有限公司 | NAT traversal method, equipment and system |
| CN114500062A (en) * | 2022-01-30 | 2022-05-13 | 北京百度网讯科技有限公司 | NAT traversal method, device, electronic equipment and storage medium |
| WO2022148361A1 (en) * | 2021-01-06 | 2022-07-14 | 上海哔哩哔哩科技有限公司 | Method, client, and system for establishing p2p connection |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100426769C (en) * | 2005-01-12 | 2008-10-15 | 腾讯科技(深圳)有限公司 | Method for establishing pier-to-pier direct channels |
| CN1917512B (en) * | 2005-08-18 | 2010-09-29 | 腾讯科技(深圳)有限公司 | Method for establishing direct connected peer-to-peer channel |
-
2007
- 2007-12-28 CN CN2007103063394A patent/CN101217536B/en active Active
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873324B (en) * | 2010-06-22 | 2013-11-06 | 北京神州泰岳软件股份有限公司 | Method for passing through firewall |
| CN101873324A (en) * | 2010-06-22 | 2010-10-27 | 北京神州泰岳软件股份有限公司 | Method for passing through firewall |
| CN101873359A (en) * | 2010-06-28 | 2010-10-27 | 北京神州泰岳软件股份有限公司 | Method for implementing UDP hole punching |
| CN101873359B (en) * | 2010-06-28 | 2013-04-24 | 北京神州泰岳软件股份有限公司 | Method for implementing UDP hole punching |
| CN104660722A (en) * | 2013-11-21 | 2015-05-27 | 倚强科技股份有限公司 | Network connection method and network system thereof |
| CN106605398B (en) * | 2014-07-10 | 2021-02-26 | 诺基亚通信公司 | Unique connection identifier |
| CN106605398A (en) * | 2014-07-10 | 2017-04-26 | 诺基亚通信公司 | Unique connection identifier |
| US10375175B2 (en) | 2015-04-07 | 2019-08-06 | Zte Corporation | Method and apparatus for terminal application accessing NAS |
| WO2016161774A1 (en) * | 2015-04-07 | 2016-10-13 | 中兴通讯股份有限公司 | Method and apparatus for terminal application accessing nas |
| CN106161663A (en) * | 2015-04-07 | 2016-11-23 | 中兴通讯股份有限公司 | Terminal applies accesses the method and device of NAS |
| CN106331198A (en) * | 2015-06-29 | 2017-01-11 | 中兴通讯股份有限公司 | NAT traversal method and device |
| CN105306567A (en) * | 2015-10-23 | 2016-02-03 | 小米科技有限责任公司 | Method and device for terminal connection |
| CN105306567B (en) * | 2015-10-23 | 2019-07-19 | 小米科技有限责任公司 | Method and device for terminal connection |
| CN107580081A (en) * | 2017-09-18 | 2018-01-12 | 北京奇艺世纪科技有限公司 | A kind of NAT penetrating methods and device |
| CN109088958B (en) * | 2018-09-19 | 2022-02-25 | 腾讯数码(天津)有限公司 | Data transmission method and computer equipment |
| CN109088958A (en) * | 2018-09-19 | 2018-12-25 | 腾讯数码(天津)有限公司 | Data transmission method and computer equipment |
| CN109660637A (en) * | 2018-11-16 | 2019-04-19 | 深圳市网心科技有限公司 | P2P burrows transmission method and system, electronic device and computer readable storage medium |
| CN109660637B (en) * | 2018-11-16 | 2024-01-19 | 深圳市网心科技有限公司 | P2P hole punching transmission method and system, electronic device and computer readable storage medium |
| CN109451049A (en) * | 2018-12-15 | 2019-03-08 | 深圳壹账通智能科技有限公司 | Method for down loading, device, computer equipment and the storage medium of application program update packet |
| CN109743238B (en) * | 2018-12-27 | 2021-07-30 | 北京思信飞扬信息技术股份有限公司 | Distributed access system |
| CN109743238A (en) * | 2018-12-27 | 2019-05-10 | 北京天元特通信息技术股份有限公司 | A kind of distributed access systems |
| CN110266828A (en) * | 2019-06-11 | 2019-09-20 | 华为技术有限公司 | A kind of method, apparatus and network system for establishing end to end network connection |
| CN112532757A (en) * | 2019-09-19 | 2021-03-19 | 华为技术有限公司 | NAT traversal method, equipment and system |
| CN113452805A (en) * | 2019-09-19 | 2021-09-28 | 华为技术有限公司 | NAT traversal method, equipment and system |
| CN113452805B (en) * | 2019-09-19 | 2022-06-07 | 华为技术有限公司 | NAT traversal method, equipment and system |
| US11784963B2 (en) | 2019-09-19 | 2023-10-10 | Huawei Technologies Co., Ltd. | NAT traversal method, device, and system |
| CN112532757B (en) * | 2019-09-19 | 2023-11-14 | 华为技术有限公司 | NAT traversal method, equipment and system |
| CN111464821A (en) * | 2020-04-01 | 2020-07-28 | 长沙文影网络科技有限公司 | Audio and video live broadcast P2P holing optimization method |
| CN111464821B (en) * | 2020-04-01 | 2022-04-26 | 长沙文影网络科技有限公司 | Audio and video live broadcast P2P holing optimization method |
| WO2022148361A1 (en) * | 2021-01-06 | 2022-07-14 | 上海哔哩哔哩科技有限公司 | Method, client, and system for establishing p2p connection |
| CN114500062A (en) * | 2022-01-30 | 2022-05-13 | 北京百度网讯科技有限公司 | NAT traversal method, device, electronic equipment and storage medium |
| CN114500062B (en) * | 2022-01-30 | 2024-04-02 | 北京百度网讯科技有限公司 | NAT traversal method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101217536B (en) | 2011-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101217536B (en) | A method, system and client to traverse network address transferring device/firewall | |
| CN105827623B (en) | Data center systems | |
| CN103108089B (en) | Connection establishment management method of network system and related system thereof | |
| CN105847343B (en) | Public network information detection method, apparatus and system for point-to-point transmission | |
| CN103051642A (en) | Method for realizing accessing of local area network equipment in firewall based on VPN (Virtual Private Network) and network system | |
| CN106604119B (en) | Network penetration method and system for private cloud equipment of smart television | |
| CN111435922B (en) | Bandwidth sharing method | |
| CN107682260B (en) | A kind of fast and reliable network communication method of multipath | |
| CN101895590A (en) | UDT-based system and method for realizing network address translator traversal | |
| CN105681445A (en) | Method and device for selecting point-to-point transmission path of data | |
| CN101834775A (en) | Media stream transmission method, system and user terminal | |
| CN106331198A (en) | NAT traversal method and device | |
| CN106657053B (en) | A kind of network security defence method based on end state transition | |
| US20050271047A1 (en) | Method and system for managing multiple overlapping address domains | |
| CN103516573B (en) | Data transmission method among client terminals in restricted network and client terminals | |
| CN107276846A (en) | A kind of gateway disaster recovery method, device and storage medium | |
| CN112688817B (en) | Network service issuing method, system and device based on government affair cloud and storage medium | |
| CN104348731A (en) | Community virtual network connection establishing method and network communication system | |
| CN105049543A (en) | P2P communication system and method crossing asymmetric NAT between intelligent routers | |
| CN107659436A (en) | A kind of method and device for preventing service disconnection | |
| EP1593230B1 (en) | Terminating a session in a network | |
| US10771511B2 (en) | Communication method to maintain an application session between a terminal and an application server | |
| US10375175B2 (en) | Method and apparatus for terminal application accessing NAS | |
| CN115022281B (en) | NAT penetration method, client and system | |
| WO2016155204A1 (en) | Test processing method and apparatus for message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190807 Address after: 518057 Nanshan District science and technology zone, Guangdong, Zhejiang Province, science and technology in the Tencent Building on the 1st floor of the 35 layer Co-patentee after: Tencent cloud computing (Beijing) limited liability company Patentee after: Tencent Technology (Shenzhen) Co., Ltd. Address before: 2, 518044, East 410 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District Patentee before: Tencent Technology (Shenzhen) Co., Ltd. |
|
| TR01 | Transfer of patent right |