CN104717311B

CN104717311B - Method, network node and the system that a kind of NAT is passed through

Info

Publication number: CN104717311B
Application number: CN201310683510.9A
Authority: CN
Inventors: 章新斌; 杨光华; 孙楠; 秦瑞
Original assignee: China Mobile Communications Group Co Ltd
Current assignee: China Mobile Communications Group Co Ltd
Priority date: 2013-12-12
Filing date: 2013-12-12
Publication date: 2018-06-15
Anticipated expiration: 2033-12-12
Also published as: CN104717311A

Abstract

The present invention relates to method, network node and the system that technical field of the computer network more particularly to a kind of NAT are passed through, to it is existing using TURN methods when, when scanning server actively initiates scan request, can not realize the problem of NAT is passed through.In method provided in an embodiment of the present invention, the second node in the first node and internet in Intranet establishes the P2P connections that second node can be made to traverse to Intranet；First node is established the first Socks with second node and is connect；Second node is issued to the first device forwards of Intranet by the first port of the first internet device the data packet of the first port of the first equipment of Intranet by the first Socks connections via first node.It realizes that NAT is passed through by using P2P connections, and using Socks agent skill groups forwarding data, can not realize that NAT is passed through when solving the problems, such as internet device actively to the equipment transmission data of Intranet.

Description

Method, network node and the system that a kind of NAT is passed through

Technical field

A kind of passed through the present invention relates to technical field of the computer network more particularly to NAT method, network node and it is System.

Background technology

Network address translation (Network Address Translation, NAT) is a kind of to be converted into internal address mutually The switch technology of networking address available for solving the problems, such as lP address shortages, and can also be effectively prevented from from internet Attack ensures the Host Security of Intranet.

NAT is passed through（NAT traversal）It is a kind of technology for being used to implement internet device and accessing Intranet equipment.At present There are many NAT crossing technologies, wherein being passed through around NAT using relaying（Traversal Using Relays around NAT, TURN) it is a kind of more ripe NAT crossing technologies.

Utilize TURN servers（TURN SERVER）The model that progress NAT is passed through is as shown in Figure 1, TURN servers are in TURN clients in internet（TURN Client）In Intranet.TURN clients can bind a host transmission address （HOST TRANSPORT ADDRESS）, including Internet protocol（Internet Protocol, IP）Address and port numbers（Fig. 1 In be 10.1.1.2:49712）；Equally, TURN servers can also bind a TURN server transports address（TURN SERVER TRANSPORT ADDRESS）（It is 192.0.2.15 in Fig. 1:3478）；TURN clients actively utilize the host of oneself to transmit ground Location and TURN server transport address communications, TURN client transmissions address can be converted to the Internet transmission address by NAT, referred to as Server mappings transmit address（SERVER-REFLEXIVE transport address）（It is 192.0.2.1 in Fig. 1: 7000）, it can be that the server mappings transmit address and distribute a corresponding forwarding transmission address that TURN servers, which are received after message, （RELAY TRANSPORT ADDRESS）（Here it is：192.0.2.15:50000）.After being allocated successfully, TURN clients Host transmits address and forms one-to-one relationship, internet host PEER A with forwarding transmission address（It transmits address 192.0.2.210:49191）As long as transmitting address communication with the forwarding, TURN servers will forward the data to corresponding clothes Business device mapping transmission address, the TURN clients of Intranet can receive internet host PEER A transmissions after NAT maps Data, it is achieved thereby that NAT is passed through.

It is interior if internet host is want to communicate with some port of intranet host when being passed through using TURN progress NAT The port of host's machine actively must initiate to ask to TURN servers, after TURN servers is its distribution forwarding transmission addresses, Internet host could communicate with the intranet host；And if it is desired to from internet host PEER A actively to TURN client Request is initiated in some port at end, then data packet can be dropped due to unallocated forwarding transmission address.

In large-scale cloud scanning system, when scanning target is in Intranet（I.e. scanning target is accessed by NAT and interconnected Net）, and when scanning server is in internet, carries out NAT using TURN and pass through that there are the following problems：When being scanned, one As be from scanning server directly to scanning target send scan data rather than scanning target actively initiate ask, therefore The corresponding forwarding transmission address of scanning target is not had on TURN servers, so as to realize that NAT is passed through.

Invention content

The embodiment of the present invention provides method, network node and the system that a kind of NAT is passed through, existing using TURN to solve During method, when scanning server actively initiates scan request, the problem of NAT is passed through can not be realized.

In a first aspect, the embodiment of the present invention provides a kind of method that NAT is passed through, including：

First node in Intranet establishes request by sending out P2P connections to the second node in internet, The P2P that second node can be made to traverse in the Intranet with second node foundation is connect；

First node is received as Socks servers and is sent out as the second node of Socks clients by the P2P connections That send establishes the request of the first Socks connections, and establishing the first Socks with second node connect；

The first device forwards first node from first node to the Intranet by the first Socks connections at second node The first data packet received, is traversed to using the P2P connections in the Intranet wherein first data packet is second node And the first port by the first internet device forwarded issues the data packet of the first port of the first equipment of the Intranet.

The NAT for realizing second node to first node by using P2P connections is passed through, and is turned using Socks agent skill groups Data are sent out, can not realize that NAT is passed through when solving the problems, such as internet device actively to the equipment transmission data of Intranet.

Preferably, being established after the first Socks connect in first node and second node, further include：

First node is sent the second data packet received at the first equipment of the Intranet by the first Socks connections To second node；

Wherein, second data packet is to issue the first internet device by the first port of the first equipment of the Intranet First port data packet.

The first equipment that this preferred embodiment realizes Intranet is sent to the data of internet device.

Preferably, after first node establishes the P2P connections, the first Socks connections are established in first node reception Before request, this method further includes：

First node to second node transmission to keep the data packet of the P2P connections so that the Intranet of first node Address and Intranet port numbers remain unchanged after NAT maps.

By using this preferred embodiment, the process of P2P connections can be established again again to avoid after P2P connections have been broken. And due to being communicated between the peer-entities of first node and the peer-entities of second node with fixed port, and connect It is always maintained at, therefore no matter how the port of Socks clients or Sock server transmission datas changes, in pair of first node Wait and data forwarding always carried out with fixing address and port between the peer-entities of entities and second node, reached source port and The convergence of destination interface, so as to pass through any kind of NAT.

It is connect preferably, first node establishes the first Socks with second node, including：

What first node reception second node was sent is used to establish the message of the first Socks connections, and obtains in message First Socks connection identifier；

There is no first in correspondence of the Socks connections for determining to have recorded with Socks connection identifier for first node It during Socks connection identifier, establishes the first Socks with second node and connect, and record the first Socks connections and connect with the first Socks Connect the correspondence of mark.

Using this preferred embodiment, a Socks connection identifier is distributed for each Socks connection, is different Socks connections Corresponding data packet adds corresponding Socks connection identifier, so as to support multiple Socks connections simultaneously, and then realizes mutually Scanning server in networking is scanned multiple ports of the scanning target in Intranet.

Preferably, first node forwards first data packet, including：

First node obtains first after first data packet is received at second node from first data packet Socks connection identifier；

If the first Socks connection identifier according to having recorded determines described first with the first Socks correspondences connecting Data packet corresponds to the first Socks connections, then first data packet is transmitted to the of the Intranet by the first Socks connections One equipment.

This preferred embodiment is given when multiple Socks connections exist simultaneously, the scheme of the forwarding of the first data packet.

Preferably, first node and second node establish the first Socks connect including：First node receives second node hair That send is used to establish the message of the first Socks connections, and obtains the first Socks connection identifier in message；First node is true The fixed Socks connections recorded are with being not present the first Socks connection identifier in the correspondence of Socks connection identifier when, with the Two nodes establish the first Socks connections, and record the first Socks connections and the correspondence of the first Socks connection identifier；

Second data packet is sent to second node by first node, including：First node is from the of the Intranet After second data packet is received at one equipment, the first Socks connection identifier is added in second data packet, passes through first Socks connections are transmitted to the first internet device via second node.

This preferred embodiment is given there are during multiple Socks connections, the specific implementation of the forwarding of the second data packet.

Second aspect, the embodiment of the present invention additionally provide the method that another NAT is passed through, and this method includes：

Second node in internet receives the P2P connections that the first node being located in Intranet is sent and establishes request, The P2P that second node can be made to traverse in the Intranet with first node foundation is connect；

Second node is traversed to by the P2P connections in the Intranet as Socks clients, is taken to as Socks The request of the first Socks connections is established in the first node transmission of business device, is established the first Socks with first node and is connect；

Second node is traversed in the Intranet using the P2P connections by the first Socks connections, will be from first mutually The first data packet received at networked devices is transmitted to first node, so that first data packet is transmitted to institute by first node The first equipment of Intranet is stated, wherein first data packet is to be sent to the Intranet by the first port of the first internet device The first equipment first port data packet.

Preferably, being established after the first Socks connect in second node and first node, this method further includes：

The second data packet received at first node is transmitted to the first interconnection by second node by the first Socks connections Net equipment；

Preferably, being established after the P2P connect in second node and first node, second node is sent to first node It establishes before the request of the first Socks connections, this method further includes：

Second node receive that first node sends to keep the data packet of the P2P connections, wherein, it is described protecting The data packet of the P2P connections is held for the internal address of first node and Intranet port numbers to be made to be kept not after NAT maps Become.

It is connect preferably, second node establishes the first Socks with first node, including：

Second node determines to establish the first Socks connections when receiving the first data packet for the first time, for the first Socks connections point With the first Socks connection identifier, the correspondence that the first Socks connection identifier is connect with the first Socks is recorded；

First Socks connection identifier is placed in for establishing in the message of the first Socks connections by second node, using described P2P connections, which are traversed in the Intranet, is sent to first node, so that first node receives first obtained after message in message Socks connection identifier, and there is no first in correspondence of the Socks connections for determining to have recorded with Socks connection identifier It during Socks connection identifier, establishes the first Socks with second node and connect, and record the first Socks connections and connect with the first Socks Connect the correspondence of mark.

Preferably, second node forwards first data packet, including：

Second node adds after first data packet is received at the first internet device in first data packet Add the first Socks connection identifier, first data packet is traversed to using the P2P connections in the Intranet and is sent to first Node, so that first node obtains the first Socks connection identifier from the data packet received, and according to first recorded After Socks connection identifier and the correspondence of the first Socks connections determine the corresponding first Socks connections of first data packet, First data packet is transmitted to the first equipment of the Intranet by the first Socks connections.

Preferably, second node and first node establish the first Socks connect including：Second node receives the first number for the first time It determines to establish the first Socks connections during according to packet, the first Socks connection identifier, record first is distributed for the first Socks connections The correspondence that Socks connection identifier is connect with the first Socks；First Socks connection identifier is placed in build by second node In the message of vertical first Socks connections, traversed in the Intranet using the P2P connections and be sent to first node, so that the One node receives the first Socks connection identifier obtained after message in message, and in the Socks connections for determining to have recorded and When the first Socks connection identifier being not present in the correspondence of Socks connection identifier, establish the first Socks with second node and connect It connects, and records the first Socks connections and the correspondence of the first Socks connection identifier；

Second data packet is transmitted to the first internet device and included by second node：Second node is from from first segment The first Socks connection identifier is obtained in second data packet of point, according to the first Socks connection identifier and first recorded After the correspondence of Socks connections determines that second data packet corresponds to the first Socks connections, second data packet is passed through First Socks connections are transmitted to the first equipment of internet.

The third aspect, the embodiment of the present invention provide it is a kind of to realize network node that NAT is passed through, at the network node In Intranet, the network node includes：

Peer-entities establishes request for sending out P2P connections to the second node in internet, makes the network section Point is connect with the P2P that second node foundation can be such that second node traverses in the Intranet；

Socks servers, for receiving the foundation that second node is sent as Socks clients by the P2P connections The request of first Socks connections is established the first Socks with second node and is connect；

The peer-entities is additionally operable to：Pass through the first Socks connections to the first device forwards first node of the Intranet The first data packet received at second node, is passed through wherein first data packet is second node using the P2P connections The first port by the first internet device forwarded into the Intranet issues the first end of the first equipment of the Intranet The data packet of mouth.

Preferably, the peer-entities is additionally operable to：

It is established after the first Socks connect in the Socks servers and second node, passing through the first Socks connections will The second data packet received at the first equipment of the Intranet is sent to second node；

Preferably, the peer-entities is additionally operable to：

After the peer-entities establishes the P2P connections, the first Socks companies are established in the Socks servers reception Before the request connect, to second node transmission to keep the data packet of the P2P connections, so that the internal address of first node And Intranet port numbers remain unchanged after NAT maps.

Preferably, the peer-entities is specifically used for：

Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks in message Connection identifier；

Determining the Socks connections that have recorded and there is no the first Socks in the correspondence of Socks connection identifier to connect During mark, the Socks servers is notified to establish the first Socks with second node and connect, and record the first Socks connections and the The correspondence of one Socks connection identifier.

Preferably, the peer-entities is specifically used for：

After first data packet is received at second node, the first Socks companies are obtained from first data packet Connect mark；

Preferably, the peer-entities is additionally operable to：

Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks in message Connection identifier；There is no the first Socks in correspondence of the Socks connections for determining to have recorded with Socks connection identifier to connect When connecing mark, the Socks servers is notified to establish the first Socks with second node and connect, and record the first Socks connections and The correspondence of first Socks connection identifier；

After second data packet is received at the first equipment from the Intranet, is added in second data packet One Socks connection identifier is transmitted to the first internet device by the first Socks connections via second node.

Fourth aspect, the embodiment of the present invention provide another realizing network node that NAT is passed through, the network node In internet, the network node includes：

Peer-entities establishes request, with first node for receiving the P2P connections that the first node being located in Intranet is sent Foundation can make the network node traverse to the P2P connections in the Intranet；

Socks clients, for being traversed in the Intranet by the P2P connections, to as Socks servers One node sends the request for establishing the first Socks connections, establishes the first Socks with first node and connect；

The peer-entities is additionally operable to：By the first Socks connections, traversed in the Intranet using the P2P connections, The first data packet received at the first internet device is transmitted to first node, so that first node is by first data Packet is transmitted to the first equipment of the Intranet, wherein first data packet is the first port transmission by the first internet device To the data packet of the first port of the first equipment of the Intranet.

Preferably, the peer-entities is additionally operable to：

It is established after the first Socks connect in the Socks clients and first node, passing through the first Socks connections will The second data packet received at first node is transmitted to the first internet device；

Preferably, the peer-entities is additionally operable to：

It is established after the P2P connect with first node, the Socks clients establish first to first node transmission Before the request of Socks connections, receive first node send to keep the data packet of the P2P connections, wherein, the use The internal address of first node and Intranet port numbers is made to be protected after NAT maps to keep the data packet of the P2P connections It holds constant.

Preferably, the peer-entities is specifically used for：

It determines to establish the first Socks connections when receiving the first data packet for the first time, first is distributed for the first Socks connections Socks connection identifier, the correspondence that the first Socks connection identifier of record is connect with the first Socks；

First Socks connection identifier is placed in for establishing in the message of the first Socks connections, utilizes the P2P connections It traverses in the Intranet and is sent to first node, so that first node receives the first Socks obtained in message after message and connects Mark is connect, and there is no the first Socks companies in correspondence of the Socks connections for determining to have recorded with Socks connection identifier It when connecing mark, establishes the first Socks with the Socks clients and connect, and record the first Socks connections and connect with the first Socks Connect the correspondence of mark.

Preferably, the peer-entities is specifically used for：

After first data packet is received at the first internet device, first is added in first data packet First data packet is traversed to using the P2P connections in the Intranet and is sent to first node by Socks connection identifier, So that first node obtains the first Socks connection identifier from the data packet received, and connect according to the first Socks recorded It connects after mark determines the corresponding first Socks connections of first data packet with the correspondence of the first Socks connections, by described the One data packet is transmitted to the first equipment of the Intranet by the first Socks connections.

Preferably, the peer-entities is specifically used for：It determines to establish the first Socks when receiving the first data packet for the first time Connection distributes the first Socks connection identifier for the first Socks connections, records the first Socks connection identifier and the first Socks connects The correspondence connect；First Socks connection identifier is placed in for establishing in the message of the first Socks connections, utilizes the P2P Connection traverses in the Intranet and is sent to first node, so that first node receives first obtained after message in message Socks connection identifier, and there is no first in correspondence of the Socks connections for determining to have recorded with Socks connection identifier It during Socks connection identifier, establishes the first Socks with the Socks clients and connect, and record the first Socks connections and first The correspondence of Socks connection identifier；

The first Socks connection identifier is obtained from the second data packet from first node, according to first recorded After Socks connection identifier and the correspondence of the first Socks connections determine the corresponding first Socks connections of second data packet, Second data packet is transmitted to the first equipment of internet by the first Socks connections.

5th aspect, the embodiment of the present invention provide a kind of to realize system that NAT is passed through, which includes：Positioned at interior First node in net and the second node in internet,

First node includes：First peer-entities and Socks servers；

Second node includes：Second peer-entities and Socks clients；

The P2P that second node is traversed in the Intranet can be made by having between first peer-entities and the second peer-entities Connection；

There is the first Socks connections between Socks servers and Socks clients；

The first data packet from the first internet device that Socks clients are used to receive is connected by the first Socks It connects, is traversed in the Intranet using the P2P connections and issue Socks servers；

Socks servers are used to first data packet that the Socks clients received are sent being transmitted to the Intranet In the first equipment；

Wherein, first data packet is that the first equipment of the Intranet is issued by the first port of the first internet device First port data packet.

Description of the drawings

Fig. 1 is the schematic diagram passed through in the prior art using TURN servers progress NAT；

Fig. 2 is provided in an embodiment of the present invention realizing the structure diagram of system that NAT is passed through；

Fig. 3 is the procedure schematic diagram that NAT provided in an embodiment of the present invention is passed through；

Fig. 4 is the form schematic diagram of the first data packet and the second data packet when being not added with Socks connection identifier；

Fig. 5 is the form schematic diagram of the first data packet and the second data packet after being added to Socks connection identifier；

Fig. 6 is the method flow diagram that the NAT provided in an embodiment of the present invention illustrated from first node side is passed through；

Fig. 7 is the method flow diagram that the NAT provided in an embodiment of the present invention illustrated from second node side is passed through；

Fig. 8 is the structure diagram of first node；

Fig. 9 is the structure diagram of second node；

Figure 10 is the message interaction process figure of the embodiment of the present invention one；

Figure 11 is the flow chart of the watcher thread of the peer-entities in second node；

Figure 12 is the flow chart of the peer-entities in second node and Socks client communication threads；

Figure 13 is the peer-entities in second node and the flow chart of first node communication thread；

Figure 14 is the flow chart of the peer-entities in first node and Socks client communication threads；

Figure 15 is the peer-entities in first node and the flow chart of first node communication thread.

Specific embodiment

Include in the system that NAT provided in an embodiment of the present invention is passed through：First node in Intranet and positioned at interconnection Second node in net, wherein, first node includes：First peer-entities and secure session pass through fire wall（sessions Traversal across firewall securely, Socks）Server；Second node includes：Second peer-entities and Socks clients；Having between first peer-entities and the second peer-entities can make second node traverse to the P2P in Intranet Connection；There is the first Socks connections between Socks servers and Socks clients；What Socks clients were used to receive comes From the first data packet of the first internet device by the first Socks connections, traversed in Intranet and issued using P2P connections Socks servers；Socks servers are used to the first data packet that the Socks clients received are sent being transmitted in Intranet First equipment；Wherein, the first data packet is the first of the first equipment that Intranet is issued by the first port of the first internet device The data packet of port.By using system provided in an embodiment of the present invention, the scanning server in internet actively to When scanning target in Intranet initiates scan request, data forwarding is realized using Socks clients and Socks servers, It can realize that the data for forwarding Socks clients are worn using the P2P connections between the first peer-entities and the second peer-entities More in Intranet.

It should be noted that, although provided in background technology be in internet server scanning Intranet in scanning mesh Target example, but in fact, system and method provided in an embodiment of the present invention can realize that any internet device is actively inside NAT during net equipment transmission data packet is passed through.

Illustrate below in conjunction with the accompanying drawings provided in an embodiment of the present invention realizing the system that NAT passes through and the side that NAT is passed through Method.

Fig. 2 is provided in an embodiment of the present invention realizing the structure diagram of system that NAT is passed through.It as shown in Fig. 2, should System includes：First node 201 in Intranet and the second node in internet 202, wherein,

First node 201 includes：First peer-entities 2011 and Socks servers 2012；

Second node 202 includes：Second peer-entities 2021 and Socks clients 2022；

Having between first peer-entities 2011 and the second peer-entities 2021 can make second node 202 traverse to Intranet In P2P connections；

There is the first Socks connections between Socks servers 2012 and Socks clients 2022；

The first data packet from the first internet device that Socks clients are used to receive is connected by the first Socks It connects, is traversed in Intranet using P2P connections and issue Socks servers；

Socks servers are used for be transmitted to the first data packet that the Socks clients received are sent in Intranet first Equipment；

Wherein, the first data packet is the first end for the first equipment that Intranet is issued by the first port of the first internet device The data packet of mouth.

It should be noted that in order to it is simple, clearly show that connection relation between the system and other network equipments, figure An internet device and an Intranet equipment are illustrated only in 2, multiple is connected in practical application, may be present with the system Internet device and Intranet equipment.About provided in an embodiment of the present invention realizing between each node of system that NAT is passed through Interacting message, the Socks clients of peer-entities, the Socks servers of first node and second node in each node Operation principle can refer to the method that NAT below is passed through, as space is limited, here not in repeated description.

Based on same inventive concept, the embodiment of the present invention additionally provides a kind of method that NAT is passed through.Fig. 3 is real for the present invention Apply the procedure schematic diagram that the NAT of example offer is passed through.As shown in figure 3, this method comprises the following steps：

S301：First node in Intranet is established by sending out P2P connections to the second node in internet Request, the P2P that second node can be made to traverse in Intranet with second node foundation are connect；

S302：Second node as Socks clients is connected by P2P to the first node for being used as Socks servers The request for establishing the first Socks connections sent, establishes the first Socks with second node and connect；

S303：Second node is traversed in Intranet using P2P connections by the first Socks connections, will be from the first internet The first data packet received at equipment is transmitted to first node, and first node is to first the first data packet of device forwards of Intranet；

Wherein, the first data packet be second node using P2P connections traverse in Intranet and forward by the first internet The first port of equipment issues the data packet of the first port of the first equipment of Intranet.

Socks（Such as Socks4, Socks5）It is a kind of agent skill group, workflow is as follows：First, Socks client It holds to Sock servers and sends solicited message, Socks servers give response to the request of Socks clients.Socks clients After the response for receiving Socks servers, destination IP and port numbers are sent to Socks servers, Socks servers use this IP Address is established with destination host with port numbers and is connected.Later, the information that Socks clients are sent out is transmitted to by Socks servers The information that destination host is sent out is sent to client by destination host, and agent process is completed.

In embodiments of the present invention, since first node is in Intranet（So the Socks servers of first node are in In Intranet）, and second node is in internet（So the Socks clients of second node are in internet）, Socks visitors Family end is directly initiated the connection without normal direction Socks servers.Mode used in the embodiment of the present invention is, respectively in first node and Increase logic entity, i.e. peer-entities in two nodes, for establishing connection between Socks servers and Socks clients, and Forward data therebetween.

When scanning server only scans a target port, the above method can realize that NAT is passed through.But if scanning When server needs to scan multiple ports, if Socks servers can only establish a Socks connection, only simply forward The request data of Socks clients can not then realize that multiport scans.Optionally, it can realize that multiport is swept by following methods It retouches, you can selection of land, after step S302, this method further includes：

The second data packet received at the first equipment of Intranet is sent to the by first node by the first Socks connections Two nodes；Second data packet is transmitted to the first internet device by second node；

Wherein, the second data packet is that the first end of the first internet device is issued by the first port of the first equipment of Intranet The data packet of mouth.

Optionally, in step S301, second node establishes request receiving the P2P connections that first node sends out, record the One node passes through the transformed IP address of NAT and port numbers, in this way, being connected in second node subsequently through P2P to first node During transmission data packet, it can be achieved with NAT and pass through.

Optionally, after step S301, before step S302, this method further includes：

Second node receive first node send to keep the data packet of P2P connections, wherein, P2P to be kept to connect The data packet connect is used to that the internal address of first node and Intranet port numbers to be made to remain unchanged after NAT maps.

Such as：First node can be sent to second node comprising keep-alive message by periodicity（KeepAlive）Number According to packet, so that the internal address of first node and Intranet port numbers remain unchanged after NAT maps, periodicity can also be passed through Empty packet is sent to second node（dummy）So that the internal address and Intranet port numbers of first node are kept after NAT maps It is constant.

Optionally, in step S302, the first Socks connections are established between first node and second node, including：

When second node receives the first data packet for the first time（I.e. first node is received for the first time by the first of the first internet device During the data packet that port is sent to the first port of the first equipment of Intranet）, determine to establish the first Socks connections, be first Socks connections distribute the first Socks connection identifier, and the first Socks connection identifier of record is corresponding with the first Socks connections to close System；

First Socks connection identifier is placed in for establishing in the message of the first Socks connections by second node, utilizes P2P Connection, which traverses to, is sent to first node in Intranet,；

First node receives the first Socks connection identifier obtained after message in message, and in the Socks for determining to have recorded Connection is with being not present the first Socks connection identifier in the correspondence of Socks connection identifier when, first is established with second node Socks connections, and record the first Socks connections and the correspondence of the first Socks connection identifier.

Here, the methods and techniques effect to illustrate this alternative is applied with the scanning in background technology.

When the target port that scanning server needs scan changes, Socks clients can detect this variation, And can a new Socks be established with destination interface with new source port again and connected, i.e., it may be deposited during single pass In multiple Socks connections, for different targeted scans ports, can be established respectively between Socks clients and Socks servers Socks connections.

Therefore, can be the newly-established Socks connections point after a Socks connection request is received in second node side With a Socks connection identifier, when sending the message for establishing Socks connections to first node, the Socks connections are carried Mark；First node after receiving that message, can obtain Socks connection identifier from message, when the Socks for determining to have recorded connects It is connected in the correspondence of Socks connection identifier there is no during the Socks connection identifier, establishes Socks with second node and connect, And record the correspondence that the Socks connection identifier is connect with Socks.

Therefore, after the Socks connections are established between first node and second node, first node and second node The correspondence that the Socks is connected to the Socks connection identifier will be recorded.Following table 1 is that a kind of optional Socks connects Connect the mapping table with Socks connection identifier.

Table 1Socks connections and the mapping table of Socks connection identifier

SOCKET	Socks connection identifier
		SOCKET1	ID1
SOCKET2	ID2
		……	……
SOCKETn	IDn

Optionally, second node and first node forward the first data packet, including：

Second node adds first after the first data packet is received at the first internet device in the first data packet First data packet using P2P connections is traversed to and first node is sent in Intranet by Socks connection identifier；

First node obtains the first Socks companies after the first data packet is received at second node from the first data packet Connect mark；And the first data are being determined with the first Socks correspondences connecting according to the first Socks connection identifier recorded After the corresponding first Socks connections of packet, the first data packet is transmitted to the first equipment of Intranet by the first Socks connections.

Optionally, first node and second node forward the second data packet, including：

After first node receives the second data packet at the first equipment from Intranet, first is added in the second data packet Socks connection identifier issues second node by the first Socks connections；

Second node obtains the first Socks connection identifier from the second data packet from first node, has remembered in basis The first Socks connection identifier and the correspondence of the first Socks connections of record determine the corresponding first Socks connections of the second data packet Afterwards, the second data packet is transmitted to the first equipment of internet by the first Socks connections.

When being not added with Socks connection identifier, the form of the first data packet and the second data packet can refer to Fig. 4, be added to After Socks connection identifier, the form of the first data packet and the second data packet can refer to Fig. 5.

Since transport layer port number only has 16, the length of Socks connection identifier is up to 2 bytes.Optionally, may be used Socks connection identifier is set as fixed 2 byte length, ensures that the one-to-one correspondence that Socks connection identifier is connect with Socks closes System.Alternatively, in order to improve data transmission efficiency, the expense of Socks connection identifier is reduced, the length of Socks connection identifier can be with Depending on the maximum Socks connections number that the NAT ride through system that embodiment provides according to the present invention can be supported simultaneously.

Increase Socks connection identifier solve the problems, such as it is as follows：Even if scanning target can first be sent out by some port Single pass application is played, forwarding transmission address is obtained in TURN servers, but single pass process is often to scanning target Multiple port transmission datas, and these ports can not be known in advance by scanning target, for symmetric NAT, if by sweeping It retouches port and did not send out data to internet in advance, then internet data also directly can not reach this by passing through NAT anyway Port.Using this preferred embodiment, solves the scanning process in multiple target ports, carrying out NAT using TURN passes through with office It is sex-limited.

With being carried out using only TURN compared with NAT passes through, system that realizations NAT provided in an embodiment of the present invention is passed through fills Scanning of the scanning server to the scanning target in Intranet supported with method in internet is put, is carried without the scanning target Scan forward server transmission data.Due to the presence of peer-entities, the data packet between scanning server and scanning target is all It will be transmitted using the NAT channels got through between peer-entities.Since peer-entities can be responsible for getting through the logical of this passing through NAT Road, therefore scanning server and scanning target all no longer need to be concerned about NAT crossing problems, also there is no need to scan target from being swept Port is retouched in advance to outer net transmission data.

Simultaneously as the transparent communication problem between peer-entities and Socks servers and Socks clients is realized, It can ensure that Socks clients are pellucidly set up Socks with Socks servers by peer-entities and connect, and Socks client Between end and scanning server, connection can be also set up between Socks servers and scanning target, so as to ensure scanning server Each data packet sent may pass through the corresponding ports that these connections are forwarded to corresponding scanning target, ensure that scanning clothes Business device can carry out correct scanning process under any type of NAT environment.

When the preferred embodiment using the embodiment of the present invention, a Socks connection identifier is distributed for each Socks connection, Corresponding Socks connection identifier is added for the corresponding data packet of different Socks connections, so as to multiple Socks be supported to connect simultaneously It connects, and then realizes the scanning server in internet and multiple ports of the scanning target in Intranet are scanned.

In specific implementation, the peer-entities of second node mainly has three classes thread：

1st, it is responsible for monitoring the watcher thread of connection request（Referring to example one）；

2nd, it is responsible for the thread Peer_to_Peer to communicate with the peer-entities of first node（Referring to example two）；

3rd, it is responsible for the thread Peer_to_Socks with Socks client communications（Referring to example three）.

Watcher thread monitors all Socks connection requests and starts Peer_to_Socks threads.When it is from Socks client After end receives Socks connection requests, new SOCKET is distributed for the Socks to be established connections, distributes Socks connection identifier, note The Socks connection identifier is recorded to connect with the Socks（That is the newly assigned SOCKET）Correspondence, start Peer_to_ later Socks threads.

Peer_to_Peer threads safeguard that one sends buffering area and a reception for each Peer_to_Socks thread Buffering area after the peer-entities of second node receives the second data packet from the peer-entities of first node, can first look at Then it is corresponding to be placed into the Socks connection identifier by the Socks connection identifier in two data packets for the second data packet received The reception buffering area of SOCKET；The corresponding Peer_to_Socks threads of the reception buffering area can be by second data packet from reception It is taken out in buffering area, removes and give the second data packet to Socks clients after the Socks connection identifier in second data packet. Equally, when a Peer_to_Socks thread receives the first data packet from Socks clients, which can be corresponding by its Socks connection identifier is added to the head of first data packet and is placed in the corresponding transmission buffering area of the thread, Peer_ To_Peer threads find there are data in the transmission buffering area, and the equity that will be taken the data away and be sent to first node is real Body.

Similar with the peer-entities of second node, the peer-entities of first node also has two class primary threads：With the second section The thread Peer_to_Peer of the peer-entities communication of point（Referring to example four）And the thread Peer_ with Socks server communications to_Socks（Referring to example five）.Each Peer_to_Socks threads are also required to safeguard one jointly with Peer_to_Peer threads A transmission buffering area and reception buffering area, principle is similar with the peer-entities of second node, and which is not described herein again.

Based on identical inventive concept, the embodiment of the present invention also each provides the method that the NAT of first node side is passed through The method passed through with the NAT of second node side, illustrates respectively below in conjunction with the accompanying drawings.

Fig. 6 is the method flow diagram that the NAT provided in an embodiment of the present invention illustrated from first node side is passed through.Such as Fig. 6 institutes Show, this method includes：

S601：First node in Intranet is established by sending out P2P connections to the second node in internet Request, the P2P that second node can be made to traverse in Intranet with second node foundation are connect；

S602：First node is received as Socks servers and is connected as the second node of Socks clients by P2P The request for establishing the first Socks connections sent, establishes the first Socks with second node and connect；

S603：The first device forwards first node from first node to Intranet by the first Socks connections from second node Locate the first data packet received, wherein the first data packet be second node using P2P connections traverse in Intranet and forwarding by The first port of first internet device issues the data packet of the first port of the first equipment of Intranet.

Optionally, after step S602, this method further includes：

The second data packet received at the first equipment of Intranet is sent to the by first node by the first Socks connections Two nodes；

Optionally, after step S601, before step S602, this method further includes：

First node to second node transmission to keep the data packet of P2P connections so that the internal address of first node And Intranet port numbers remain unchanged after NAT maps.

Optionally, first node is established the first Socks with second node and is connect, including：

Optionally, first node forwards the first data packet, including：

First node obtains the first Socks companies after the first data packet is received at second node from the first data packet Connect mark；

If the first Socks connection identifier according to having recorded determines the first data with the first Socks correspondences connecting First data packet is then transmitted to the first equipment of Intranet by the corresponding first Socks connections of packet by the first Socks connections.

Optionally, first node and second node establish the first Socks connect including：First node receives second node hair That send is used to establish the message of the first Socks connections, and obtains the first Socks connection identifier in message；First node is true The fixed Socks connections recorded are with being not present the first Socks connection identifier in the correspondence of Socks connection identifier when, with the Two nodes establish the first Socks connections, and record the first Socks connections and the correspondence of the first Socks connection identifier；

Second data packet is sent to second node by first node, including：First node is at the first equipment from Intranet After receiving the second data packet, the first Socks connection identifier is added in the second data packet, by the first Socks connections via the Two nodes are transmitted to the first internet device.

Fig. 7 is the method flow diagram that the NAT provided in an embodiment of the present invention illustrated from second node side is passed through.Such as Fig. 7 institutes Show, this method comprises the following steps：

S701：Second node in internet receives the P2P connections that the first node being located in Intranet is sent and establishes Request, the P2P that second node can be made to traverse in Intranet with first node foundation are connect；

S702：Second node is traversed to by P2P connections in Intranet as Socks clients, to as Socks servers First node transmission establish the requests of the first Socks connections, establish the first Socks with first node and connect；

S703：Second node is traversed in Intranet using P2P connections by the first Socks connections, will be from the first internet The first data packet received at equipment is transmitted to first node, so that the first data packet is transmitted to the first of Intranet by first node Equipment, wherein the first data packet is the first port for the first equipment that Intranet is sent to by the first port of the first internet device Data packet.

Optionally, after step S702, this method further includes：

Optionally, after step S701, before step S702, this method further includes：

Optionally, second node is established the first Socks with first node and is connect, including：

First Socks connection identifier is placed in for establishing in the message of the first Socks connections by second node, utilizes P2P Connection, which traverses to, is sent to first node in Intranet, so that first node receives the first Socks obtained in message after message and connects Mark is connect, and there is no the first Socks companies in correspondence of the Socks connections for determining to have recorded with Socks connection identifier It when connecing mark, establishes the first Socks with second node and connect, and record the first Socks connections and the first Socks connection identifier Correspondence.

Optionally, second node forwards the first data packet, including：

Second node adds first after the first data packet is received at the first internet device in the first data packet First data packet using P2P connections is traversed to and first node is sent in Intranet, so that first node by Socks connection identifier The first Socks connection identifier is obtained from the data packet received, and according to the first Socks connection identifier and first recorded After the correspondence of Socks connections determines that the first data packet corresponds to the first Socks connections, the first data packet is passed through first Socks connections are transmitted to the first equipment of Intranet.

Optionally, second node and first node establish the first Socks connect including：Second node receives the first number for the first time It determines to establish the first Socks connections during according to packet, the first Socks connection identifier, record first is distributed for the first Socks connections The correspondence that Socks connection identifier is connect with the first Socks；First Socks connection identifier is placed in build by second node In the message of vertical first Socks connections, traversed to using P2P connections and first node is sent in Intranet, so that first segment is checked and accepted The first Socks connection identifier in message is obtained after to message, and mark is connect with Socks in the Socks connections for determining to have recorded It when the first Socks connection identifier being not present in the correspondence of knowledge, establishes the first Socks with second node and connect, and record the One Socks connections and the correspondence of the first Socks connection identifier；

Second data packet is transmitted to the first internet device and included by second node：Second node is from from first node The first Socks connection identifier is obtained in second data packet, according to the first Socks connection identifier and the first Socks recorded After the correspondence of connection determines that the second data packet corresponds to the first Socks connections, the second data packet is passed through into the first Socks connections It is transmitted to the first equipment of internet.

Based on same inventive concept, the embodiment of the present invention additionally provides two kinds to realize network node that NAT is passed through, under Face illustrates two kinds of network nodes with reference to attached drawing.

Fig. 8 is the first to realize the structure diagram of network node that NAT is passed through.As shown in figure 8, the network node Including：

Peer-entities 801 establishes request for sending out P2P connections to the second node in internet, makes network section Point is connect with the P2P that second node foundation can be such that second node traverses in Intranet；

Socks servers 802 establish as Socks clients for receiving second node by what P2P connections were sent The request of one Socks connections is established the first Socks with second node and is connect；

Peer-entities 801 is additionally operable to：To Intranet the first device forwards first node by the first Socks connections from second The first data packet received at node, is traversed in Intranet using P2P connections and is forwarded wherein the first data packet is second node The first port by the first internet device issue Intranet the first equipment first port data packet.

Optionally, peer-entities 801 is additionally operable to：

It is established after the first Socks connect in Socks servers 802 and second node, it will be from by the first Socks connections The second data packet received at first equipment of Intranet is sent to second node；

Optionally, peer-entities 801 is additionally operable to：

After peer-entities 801 establishes P2P connections, Socks servers 802, which receive, establishes asking for the first Socks connections Before asking, to second node transmission to keep the data packet of P2P connections, so that the internal address of first node and Intranet port It number is remained unchanged after NAT maps.

Optionally, peer-entities 801 is specifically used for：

Determining the Socks connections that have recorded and there is no the first Socks in the correspondence of Socks connection identifier to connect During mark, notice Socks servers 802 are established the first Socks with second node and connects, and the first Socks connections of record and the The correspondence of one Socks connection identifier.

Optionally, peer-entities 801 is specifically used for：

After the first data packet is received at second node, the first Socks connection identifier is obtained from the first data packet；

Optionally, peer-entities 801 is additionally operable to：

Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks in message Connection identifier；There is no the first Socks in correspondence of the Socks connections for determining to have recorded with Socks connection identifier to connect When connecing mark, notice Socks servers 802 are established the first Socks with second node and connects, and the first Socks connections of record and The correspondence of first Socks connection identifier；

After the second data packet is received at the first equipment from Intranet, the first Socks connections are added in the second data packet Mark, the first internet device is transmitted to by the first Socks connections via second node.

Fig. 9 is second provided in an embodiment of the present invention realizing the structure diagram of network node that NAT is passed through.Such as Shown in Fig. 9, which includes：

Peer-entities 901 establishes request, with first for receiving the P2P connections that the first node being located in Intranet is sent Node foundation can make network node traverse to the P2P connections in Intranet；

Socks clients 902, for being traversed in Intranet by P2P connections, to the first segment as Socks servers Point sends the request for establishing the first Socks connections, establishes the first Socks with first node and connect；

Peer-entities 901 is additionally operable to：By the first Socks connections, traversed in Intranet using P2P connections, it will be from first The first data packet received at internet device is transmitted to first node, so that the first data packet is transmitted to Intranet by first node The first equipment, wherein the first data packet is the of the first equipment that Intranet is sent to by the first port of the first internet device The data packet of Single port.

Optionally, peer-entities 901 is additionally operable to：

It is established after the first Socks connect in Socks clients 902 and first node, it will be from by the first Socks connections The second data packet received at first node is transmitted to the first internet device；

Optionally, peer-entities 901 is additionally operable to：

It is established after P2P connect with first node, Socks clients 902 establish the first Socks to first node transmission Before the request of connection, receive first node send to keep the data packet of P2P connections, wherein, P2P to be kept to connect Data packet for the internal address of first node and Intranet port numbers to be made to be remained unchanged after NAT maps.

Optionally, peer-entities 901 is specifically used for：

First Socks connection identifier is placed in for establishing in the message of the first Socks connections, is passed through using P2P connections First node is sent into Intranet, so that first node receives the first Socks connection identifier obtained after message in message, and When the first Socks connection identifier is not present in correspondence of the Socks connections for determining to have recorded with Socks connection identifier, The first Socks is established with Socks clients 902 to connect, and records the first Socks connections and pair of the first Socks connection identifier It should be related to.

Optionally, peer-entities 901 is specifically used for：

After the first data packet is received at the first internet device, the first Socks connections are added in the first data packet Mark, the first data packet using P2P connections is traversed to, first node is sent in Intranet, so that first node is from the number received It is connect according to the first Socks connection identifier of acquisition in packet, and according to the first Socks connection identifier recorded with the first Socks Correspondence determine the first data packet correspond to the first Socks connections after, the first data packet is forwarded by the first Socks connections To the first equipment of Intranet.

Optionally, peer-entities 901 is specifically used for：It determines to establish the first Socks when receiving the first data packet for the first time Connection distributes the first Socks connection identifier for the first Socks connections, records the first Socks connection identifier and the first Socks connects The correspondence connect；First Socks connection identifier is placed in for establishing in the message of the first Socks connections, is connected using P2P It traverses to and first node is sent in Intranet, so that first node receives the first Socks connections obtained in message after message and marks Know, and determining the Socks connections that have recorded and there is no the first Socks in the correspondence of Socks connection identifier to connect mark It during knowledge, establishes the first Socks with Socks clients 902 and connect, and record the first Socks connections and the first Socks connection identifier Correspondence；

The first Socks connection identifier is obtained from the second data packet from first node, according to first recorded After Socks connection identifier and the correspondence of the first Socks connections determine the corresponding first Socks connections of the second data packet, by Two data packets are transmitted to the first equipment of internet by the first Socks connections.

Embodiment one

Embodiment one illustrates the full message interaction flow of NAT crossing process and scanning process by taking scanning process as an example. Figure 10 is the message interaction process figure of the embodiment of the present invention one.As shown in Figure 10, the process of embodiment one includes the following steps：

S1001：The peer-entities P2P Peer A of first node are sent out to the peer-entities P2P Peer B of second node Connection request Connect；

S1002：P2P Peer B send request to P2P Node A and receive Accept, to receive asking for P2P Peer A It asks, and records P2P Node A by the transformed IP address of NAT and port numbers；

S1003：P2P Peer A periodically send keep-alive information Keep Alive to P2P Peer B；

S1004：Scanning server initiates scan request to Socks clients, and scan request includes the Intranet to be scanned In scanning target IP address of internal network and port numbers；

S1005：Socks clients construct Socks connection request Socks Connect according to scan request, which please Seek the IP address and port numbers of scanning target that the scanning server for carrying and obtaining is thought in the Intranet of scanning；

S1006：P2P Peer B forward the Socks connection requests to forward the Socks to P2P Peer A, P2P Peer A Connection request gives Socks servers；

S1007：Socks servers parse the Socks connection requests, obtain purpose IP address and port numbers, and to target Host（Scan target）Send out connection request Connect；

S1008：Scanning target receives request, and sending request to Socks servers receives Accept；

S1009：Socks servers send Socks connections to P2P Peer A and are successfully established SocksSucceed, P2P Peer A forward it to P2P Peer B, then are transmitted to Socks clients by P2P Node B, and Socks connections are successfully established；

S1010：Socks clients send scanning response to scanning server；

S1011：Data Data is passed sequentially through Socks clients, P2P by scanning server after scanning response is received Peer B, P2P Peer A, Socks servers, finally issue scanning target；

S1012：Scanning result Result is passed sequentially through Socks servers, P2P Node A, P2P Node by scanning target B, Socks clients are sent to scanning server.

It is passed through by above-mentioned steps S1001~S1012, the NAT for completing single pass process.

The peer-entities watcher thread of example one, second node

Figure 11 is the flow chart of the peer-entities watcher thread of second node, which is responsible for monitoring Socks connection requests And start Peer_to_Socks threads.As shown in figure 11, the peer-entities watcher thread of second node includes the following steps：

S1101:Monitor Socks connection requests;

S1102：Judge whether to receive Socks connection requests from Socks clients, if so, step S1103 is performed, it is no Then return to step S1101;

S1103：New SOCKET is distributed for the Socks to be established connections, establishes Socks connections；

S1104：Socks connections for the foundation distribute Socks connection identifier, and record the Socks connections and the Socks The correspondence of connection identifier（That is the correspondence of the SOCKET of the distribution and the Socks connection identifier）；

S1105：Start Peer_to_Socks threads.

The peer-entities Peer_to_Peer threads of example two, second node

Figure 12 is the flow chart of the peer-entities Peer_to_Peer threads of second node, which is responsible for and first node Peer-entities communication.As shown in figure 12, Peer_to_Peer threads include the following steps：

S1201：Judge whether the second data packet that the peer-entities for receiving first node is sent, if so, performing step Otherwise S1202 performs step S1204；

S1202：The Socks connection identifier of the second data packet header is taken out, is searched according to Socks connection identifier corresponding SOCKET；

S1203：The second data packet for having removed Socks connection identifier is put into corresponding reception buffering area；

S1204：Judge that certain sends whether buffering area there are data, if so, performing step S1205, otherwise return to step S1201；

S1205：It takes out and sends peer-entities of the Data Concurrent in buffering area to first node；

S1206：Empty the transmission buffering area.

The peer-entities Peer_to_Socks threads of example three, second node

Figure 13 is the flow chart of the peer-entities Peer_to_Socks threads of second node, which is responsible for and Socks visitors Family end communicates.As shown in figure 13, Peer_to_Socks threads include the following steps：

S1301：Judge whether to receive the first data packet of Socks clients transmission, if so, step S1302 is performed, it is no Then perform step S1304；

S1302：The Socks connections are inserted into the first data packet（That is SOCKET）Corresponding Socks connection identifier；

S1303：The first data packet for inserting Socks connection identifier is put into corresponding send of the Socks connections to buffer Area, later return to step S1301；

S1304：Judge to receive whether buffering area has the second data packet, if so, then performing step S1305, otherwise, return to step Rapid S1301；

S1305：Socks connection identifier is removed from the second data packet；

S1306：Second data packet is sent to Socks clients, empties reception buffering area, later return to step S1301.

The peer-entities Peer_to_Peer threads of example four, first node

Figure 14 is the flow chart of the peer-entities Peer_to_Peer threads of first node.As shown in figure 14, the thread packet Include following steps：

S1401：Judge whether the first data packet that the peer-entities for receiving second node is sent, if so, performing step Otherwise S1402 performs step S1407；

S1402：The Socks connection identifier of the first data packet header is taken out, it is corresponding to search the Socks connection identifier SOCKET；

S1403：It judges whether corresponding SOCKET, if so, performing step S1404, otherwise performs step S1405；

S1404：First data packet is put into corresponding reception buffering area；

S1405：New distribution SOCKET, establishes Socks with Socks servers and connect；

S1406：Socks connection identifier and the correspondence of SOCKET are recorded, performs step S1404 later；

S1407：Judge that certain sends whether buffering area there are data, if so then execute step S1408, otherwise return to step S1401；

S1408：Take out peer-entities of the Data Concurrent to second node；

S1409：The transmission buffering area is emptied, later return to step S1401.

The peer-entities Peer_to_Socks threads of example five, first node

Figure 15 is the flow chart of the peer-entities Peer_to_Socks threads of first node.As shown in figure 15, the thread packet Include following steps：

S1501：Judge whether to receive the second data packet that Socks servers are sent, if so, step S1502 is performed, it is no Then perform step S1504；

S1502：The corresponding Socks connection identifier of the Socket is inserted into the second data packet received；

S1503：The second data packet for being inserted into Socks connection identifier is put into transmission buffering area；

S1504：Judge to receive whether buffering area has the first data packet, if so, by the Socks connections in the first data packet Mark is removed, otherwise return to step S1501；

S1505：The first data packet for having removed Socks connection identifier is sent to Socks servers, and it is slow to empty reception Area is rushed, later return to step S1501.

It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program Product.Therefore, the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware can be used in the present invention Apply the form of example.Moreover, the computer for wherein including computer usable program code in one or more can be used in the present invention Usable storage medium（Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.）The computer program production of upper implementation The form of product.

The present invention be with reference to according to the method for the embodiment of the present invention, equipment（System）And the flow of computer program product Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real The device of function specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.

These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.

These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps are performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.

Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation Property concept, then additional changes and modifications may be made to these embodiments.So appended claims be intended to be construed to include it is excellent It selects embodiment and falls into all change and modification of the scope of the invention.

Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims

1. a kind of method that NAT is passed through, which is characterized in that this method includes：

First node in Intranet establishes request by sending out P2P connections to the second node in internet, with the The foundation of two nodes can make second node traverse to the P2P connections in the Intranet；

First node receives what is sent as the second node of Socks clients by the P2P connections as Socks servers The request of the first Socks connections is established, establishing the first Socks with second node connect；

First node is received to the first device forwards first node of the Intranet by the first Socks connections at second node The first data packet, traversed in the Intranet and turned using the P2P connections wherein first data packet is second node The first port by the first internet device of hair issues the data packet of the first port of the first equipment of the Intranet.

2. the method as described in claim 1, which is characterized in that establish the first Socks with second node in first node and connect Later, it further includes：

The second data packet received at the first equipment of the Intranet is sent to the by first node by the first Socks connections Two nodes；

Wherein, second data packet is that the first internet device is issued by the first port of the first equipment of the Intranet The data packet of Single port.

3. the method as described in claim 1, which is characterized in that after first node establishes the P2P connections, first node Reception is established before the request of the first Socks connections, and this method further includes：

First node to second node transmission to keep the data packet of the P2P connections so that the internal address of first node And Intranet port numbers remain unchanged after NAT maps.

4. the method as described in claim 1 or 3, which is characterized in that first node establishes the first Socks companies with second node It connects, including：

First node receive that second node sends for establishing the message of the first Socks connections, and obtain in message first Socks connection identifier；

There is no the first Socks in correspondence of the Socks connections for determining to have recorded with Socks connection identifier for first node It during connection identifier, establishes the first Socks with second node and connect, and record the first Socks connections and the first Socks connection identifier Correspondence.

5. method as claimed in claim 4, which is characterized in that first node forwards first data packet, including：

If the first Socks connection identifier according to having recorded determines first data with the first Socks correspondences connecting The corresponding first Socks connections of packet, then be transmitted to the first of the Intranet by the first Socks connections by first data packet and set It is standby.

6. method as claimed in claim 2, which is characterized in that

First node and second node establish the first Socks connect including：What first node reception second node was sent is used to build The message of vertical first Socks connections, and obtain the first Socks connection identifier in message；First node is determining what is recorded Socks connections are with being not present the first Socks connection identifier in the correspondence of Socks connection identifier when, established with second node First Socks connections, and record the first Socks connections and the correspondence of the first Socks connection identifier；

Second data packet is sent to second node by first node, including：First node is set from the first of the Intranet After standby place receives second data packet, the first Socks connection identifier is added in second data packet, passes through first Socks connections are transmitted to the first internet device via second node.

7. a kind of method that NAT is passed through, which is characterized in that this method includes：

Second node in internet, which receives the P2P connections that the first node being located in Intranet is sent, to be established and asks, with the The foundation of one node can make second node traverse to the P2P connections in the Intranet；

Second node is traversed to by the P2P connections in the Intranet as Socks clients, to as Socks servers First node transmission establish the requests of the first Socks connections, establish the first Socks with first node and connect；

Second node is traversed in the Intranet using the P2P connections by the first Socks connections, will be from the first internet The first data packet received at equipment is transmitted to first node, so that first data packet is transmitted in described by first node First equipment of net, wherein first data packet is that the Intranet is sent to by the first port of the first internet device The data packet of the first port of one equipment.

8. the method for claim 7, which is characterized in that establish the first Socks with first node in second node and connect Later, this method further includes：

The second data packet received at first node is transmitted to the first internet by the first Socks connections and set by second node It is standby；

9. the method for claim 7, which is characterized in that establish the P2P with first node in second node and connect it Afterwards, before second node establishes the request of the first Socks connections to first node transmission, this method further includes：

Second node receive first node send to keep the data packet of the P2P connections, wherein, it is described to keep The data packet of P2P connections is stated for the internal address of first node and Intranet port numbers to be made to be remained unchanged after NAT maps.

10. the method as described in claim 7 or 9, which is characterized in that second node establishes the first Socks companies with first node It connects, including：

Second node determines to establish the first Socks connections when receiving the first data packet for the first time, is that the first Socks connections distribute the One Socks connection identifier, the correspondence that the first Socks connection identifier of record is connect with the first Socks；

First Socks connection identifier is placed in for establishing in the message of the first Socks connections by second node, utilizes the P2P Connection traverses in the Intranet and is sent to first node, so that first node receives first obtained after message in message Socks connection identifier, and there is no first in correspondence of the Socks connections for determining to have recorded with Socks connection identifier It during Socks connection identifier, establishes the first Socks with second node and connect, and record the first Socks connections and connect with the first Socks Connect the correspondence of mark.

11. method as claimed in claim 10, which is characterized in that second node forwards first data packet, including：

Second node adds after first data packet is received at the first internet device in first data packet First data packet is traversed to using the P2P connections in the Intranet and is sent to first segment by one Socks connection identifier Point, so that first node obtains the first Socks connection identifier from the data packet received, and according to first recorded After Socks connection identifier and the correspondence of the first Socks connections determine the corresponding first Socks connections of first data packet, First data packet is transmitted to the first equipment of the Intranet by the first Socks connections.

12. method as claimed in claim 8, which is characterized in that

Second node and first node establish the first Socks connect including：Second node determines when receiving the first data packet for the first time The first Socks connections are established, the first Socks connection identifier, record the first Socks connections mark are distributed for the first Socks connections Know the correspondence being connect with the first Socks；First Socks connection identifier is placed in establish the first Socks by second node In the message of connection, traversed in the Intranet using the P2P connections and be sent to first node, disappeared so that first node receives The first Socks connection identifier in message is obtained after breath, and in the Socks connections for determining to have recorded and Socks connection identifier It when the first Socks connection identifier being not present in correspondence, establishes the first Socks with second node and connect, and record first Socks connections and the correspondence of the first Socks connection identifier；

Second data packet is transmitted to the first internet device and included by second node：Second node is from from first node The first Socks connection identifier is obtained in second data packet, according to the first Socks connection identifier and the first Socks recorded After the correspondence of connection determines that second data packet corresponds to the first Socks connections, second data packet is passed through first Socks connections are transmitted to the first equipment of internet.

13. a kind of to realize network node that NAT is passed through, the network node is in Intranet, which is characterized in that the net Network node includes：

Peer-entities, for the second node in internet send out P2P connections establish request, make the network node with Second node foundation can make second node traverse to the P2P connections in the Intranet；

Socks servers establish first as Socks clients for receiving second node by what the P2P connections were sent The request of Socks connections is established the first Socks with second node and is connect；

The peer-entities is additionally operable to：To the Intranet the first device forwards first node by the first Socks connections from The first data packet received at two nodes, wherein first data packet is second node traverses to institute using the P2P connections The first port by the first internet device stated in Intranet and forwarded issues the first port of the first equipment of the Intranet Data packet.

14. network node as claimed in claim 13, which is characterized in that the peer-entities is additionally operable to：

It is established after the first Socks connect in the Socks servers and second node, it will be from institute by the first Socks connections It states the second data packet received at the first equipment of Intranet and is sent to second node；

15. network node as claimed in claim 13, which is characterized in that the peer-entities is additionally operable to：

After the peer-entities establishes the P2P connections, the first Socks connections are established in the Socks servers reception Before request, to second node transmission to keep the data packet of the P2P connections, so that the internal address of first node and interior Net port numbers remain unchanged after NAT maps.

16. the network node as described in claim 13 or 15, which is characterized in that the peer-entities is specifically used for：

Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks connections in message Mark；

There is no the first Socks connection identifier in correspondence of the Socks connections for determining to have recorded with Socks connection identifier When, the Socks servers is notified to establish the first Socks with second node and connect, and record the first Socks connections and first The correspondence of Socks connection identifier.

17. network node as claimed in claim 16, which is characterized in that the peer-entities is specifically used for：

After first data packet is received at second node, the first Socks connections mark is obtained from first data packet Know；

18. network node as claimed in claim 14, which is characterized in that the peer-entities is additionally operable to：

Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks connections in message Mark；Determining the Socks connections that have recorded and there is no the first Socks in the correspondence of Socks connection identifier to connect mark During knowledge, the Socks servers is notified to establish the first Socks with second node and connect, and record the first Socks connections and first The correspondence of Socks connection identifier；

After second data packet is received at the first equipment from the Intranet, first is added in second data packet Socks connection identifier is transmitted to the first internet device by the first Socks connections via second node.

19. a kind of to realize network node that NAT is passed through, the network node is located in internet, which is characterized in that described Network node includes：

Peer-entities is established request for receiving the P2P connections that the first node being located in Intranet is sent, is established with first node The network node can be made to traverse to the P2P connections in the Intranet；

Socks clients, for being traversed in the Intranet by the P2P connections, to the first segment as Socks servers Point sends the request for establishing the first Socks connections, establishes the first Socks with first node and connect；

The peer-entities is additionally operable to：By the first Socks connections, traversed in the Intranet using the P2P connections, it will be from The first data packet received at first internet device is transmitted to first node, so that first node turns first data packet The first equipment of the Intranet is issued, wherein first data packet is to be sent to institute by the first port of the first internet device State the data packet of the first port of the first equipment of Intranet.

20. network node as claimed in claim 19, which is characterized in that the peer-entities is additionally operable to：

It is established after the first Socks connect in the Socks clients and first node, it will be from by the first Socks connections The second data packet received at one node is transmitted to the first internet device；

21. network node as claimed in claim 19, which is characterized in that the peer-entities is additionally operable to：

22. the network node as described in claim 19 or 21, which is characterized in that the peer-entities is specifically used for：

First Socks connection identifier is placed in for establishing in the message of the first Socks connections, is passed through using the P2P connections First node is sent into the Intranet, so that first node receives the first Socks connections obtained in message after message and marks Know, and determining the Socks connections that have recorded and there is no the first Socks in the correspondence of Socks connection identifier to connect mark It during knowledge, establishes the first Socks with the Socks clients and connect, and record the first Socks connections and connect mark with the first Socks The correspondence of knowledge.

23. network node as claimed in claim 22, which is characterized in that the peer-entities is specifically used for：

After first data packet is received at the first internet device, the first Socks is added in first data packet First data packet is traversed to using the P2P connections in the Intranet and is sent to first node by connection identifier, so that the One node obtains the first Socks connection identifier from the data packet received, and according to the first Socks connection identifier recorded After determining the corresponding first Socks connections of first data packet with the correspondence of the first Socks connections, by first data Packet is transmitted to the first equipment of the Intranet by the first Socks connections.

24. network node as claimed in claim 23, which is characterized in that

The peer-entities is specifically used for：It determines to establish the first Socks connections when receiving the first data packet for the first time, is first Socks connections distribute the first Socks connection identifier, and the first Socks connection identifier of record is corresponding with the first Socks connections to close System；First Socks connection identifier is placed in for establishing in the message of the first Socks connections, is traversed to using the P2P connections First node is sent in the Intranet, so that first node receives the first Socks connection identifier obtained after message in message, And there is no the first Socks connection identifier in correspondence of the Socks connections for determining to have recorded with Socks connection identifier When, it establishes the first Socks with the Socks clients and connect, and record the first Socks connections and the first Socks connection identifier Correspondence；

The first Socks connection identifier is obtained from the second data packet from first node, according to the first Socks recorded After connection identifier and the correspondence of the first Socks connections determine the corresponding first Socks connections of second data packet, will described in Second data packet is transmitted to the first equipment of internet by the first Socks connections.

25. a kind of to realize system that NAT is passed through, which includes：First node in Intranet and positioned at internet In second node, it is characterised in that：

First node includes：First peer-entities and Socks servers；

Second node includes：Second peer-entities and Socks clients；

Having between first peer-entities and the second peer-entities, which can make second node traverse to the P2P in the Intranet, connects It connects；

There is the first Socks connections between Socks servers and Socks clients；

Socks clients are used for the first data packet from the first internet device that will be received and pass through the first Socks connections, profit It is traversed in the Intranet with the P2P connections and issues Socks servers；

Socks servers are used to first data packet that the Socks clients received are sent being transmitted in the Intranet First equipment；

Wherein, first data packet is the of the first equipment that the Intranet is issued by the first port of the first internet device The data packet of Single port.