CN104717311B - Method, network node and the system that a kind of NAT is passed through - Google Patents
Method, network node and the system that a kind of NAT is passed through Download PDFInfo
- Publication number
- CN104717311B CN104717311B CN201310683510.9A CN201310683510A CN104717311B CN 104717311 B CN104717311 B CN 104717311B CN 201310683510 A CN201310683510 A CN 201310683510A CN 104717311 B CN104717311 B CN 104717311B
- Authority
- CN
- China
- Prior art keywords
- socks
- node
- connections
- data packet
- intranet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to method, network node and the system that technical field of the computer network more particularly to a kind of NAT are passed through, to it is existing using TURN methods when, when scanning server actively initiates scan request, can not realize the problem of NAT is passed through.In method provided in an embodiment of the present invention, the second node in the first node and internet in Intranet establishes the P2P connections that second node can be made to traverse to Intranet;First node is established the first Socks with second node and is connect;Second node is issued to the first device forwards of Intranet by the first port of the first internet device the data packet of the first port of the first equipment of Intranet by the first Socks connections via first node.It realizes that NAT is passed through by using P2P connections, and using Socks agent skill groups forwarding data, can not realize that NAT is passed through when solving the problems, such as internet device actively to the equipment transmission data of Intranet.
Description
Technical field
A kind of passed through the present invention relates to technical field of the computer network more particularly to NAT method, network node and it is
System.
Background technology
Network address translation (Network Address Translation, NAT) is a kind of to be converted into internal address mutually
The switch technology of networking address available for solving the problems, such as lP address shortages, and can also be effectively prevented from from internet
Attack ensures the Host Security of Intranet.
NAT is passed through(NAT traversal)It is a kind of technology for being used to implement internet device and accessing Intranet equipment.At present
There are many NAT crossing technologies, wherein being passed through around NAT using relaying(Traversal Using Relays around
NAT, TURN) it is a kind of more ripe NAT crossing technologies.
Utilize TURN servers(TURN SERVER)The model that progress NAT is passed through is as shown in Figure 1, TURN servers are in
TURN clients in internet(TURN Client)In Intranet.TURN clients can bind a host transmission address
(HOST TRANSPORT ADDRESS), including Internet protocol(Internet Protocol, IP)Address and port numbers(Fig. 1
In be 10.1.1.2:49712);Equally, TURN servers can also bind a TURN server transports address(TURN SERVER
TRANSPORT ADDRESS)(It is 192.0.2.15 in Fig. 1:3478);TURN clients actively utilize the host of oneself to transmit ground
Location and TURN server transport address communications, TURN client transmissions address can be converted to the Internet transmission address by NAT, referred to as
Server mappings transmit address(SERVER-REFLEXIVE transport address)(It is 192.0.2.1 in Fig. 1:
7000), it can be that the server mappings transmit address and distribute a corresponding forwarding transmission address that TURN servers, which are received after message,
(RELAY TRANSPORT ADDRESS)(Here it is:192.0.2.15:50000).After being allocated successfully, TURN clients
Host transmits address and forms one-to-one relationship, internet host PEER A with forwarding transmission address(It transmits address
192.0.2.210:49191)As long as transmitting address communication with the forwarding, TURN servers will forward the data to corresponding clothes
Business device mapping transmission address, the TURN clients of Intranet can receive internet host PEER A transmissions after NAT maps
Data, it is achieved thereby that NAT is passed through.
It is interior if internet host is want to communicate with some port of intranet host when being passed through using TURN progress NAT
The port of host's machine actively must initiate to ask to TURN servers, after TURN servers is its distribution forwarding transmission addresses,
Internet host could communicate with the intranet host;And if it is desired to from internet host PEER A actively to TURN client
Request is initiated in some port at end, then data packet can be dropped due to unallocated forwarding transmission address.
In large-scale cloud scanning system, when scanning target is in Intranet(I.e. scanning target is accessed by NAT and interconnected
Net), and when scanning server is in internet, carries out NAT using TURN and pass through that there are the following problems:When being scanned, one
As be from scanning server directly to scanning target send scan data rather than scanning target actively initiate ask, therefore
The corresponding forwarding transmission address of scanning target is not had on TURN servers, so as to realize that NAT is passed through.
Invention content
The embodiment of the present invention provides method, network node and the system that a kind of NAT is passed through, existing using TURN to solve
During method, when scanning server actively initiates scan request, the problem of NAT is passed through can not be realized.
In a first aspect, the embodiment of the present invention provides a kind of method that NAT is passed through, including:
First node in Intranet establishes request by sending out P2P connections to the second node in internet,
The P2P that second node can be made to traverse in the Intranet with second node foundation is connect;
First node is received as Socks servers and is sent out as the second node of Socks clients by the P2P connections
That send establishes the request of the first Socks connections, and establishing the first Socks with second node connect;
The first device forwards first node from first node to the Intranet by the first Socks connections at second node
The first data packet received, is traversed to using the P2P connections in the Intranet wherein first data packet is second node
And the first port by the first internet device forwarded issues the data packet of the first port of the first equipment of the Intranet.
The NAT for realizing second node to first node by using P2P connections is passed through, and is turned using Socks agent skill groups
Data are sent out, can not realize that NAT is passed through when solving the problems, such as internet device actively to the equipment transmission data of Intranet.
Preferably, being established after the first Socks connect in first node and second node, further include:
First node is sent the second data packet received at the first equipment of the Intranet by the first Socks connections
To second node;
Wherein, second data packet is to issue the first internet device by the first port of the first equipment of the Intranet
First port data packet.
The first equipment that this preferred embodiment realizes Intranet is sent to the data of internet device.
Preferably, after first node establishes the P2P connections, the first Socks connections are established in first node reception
Before request, this method further includes:
First node to second node transmission to keep the data packet of the P2P connections so that the Intranet of first node
Address and Intranet port numbers remain unchanged after NAT maps.
By using this preferred embodiment, the process of P2P connections can be established again again to avoid after P2P connections have been broken.
And due to being communicated between the peer-entities of first node and the peer-entities of second node with fixed port, and connect
It is always maintained at, therefore no matter how the port of Socks clients or Sock server transmission datas changes, in pair of first node
Wait and data forwarding always carried out with fixing address and port between the peer-entities of entities and second node, reached source port and
The convergence of destination interface, so as to pass through any kind of NAT.
It is connect preferably, first node establishes the first Socks with second node, including:
What first node reception second node was sent is used to establish the message of the first Socks connections, and obtains in message
First Socks connection identifier;
There is no first in correspondence of the Socks connections for determining to have recorded with Socks connection identifier for first node
It during Socks connection identifier, establishes the first Socks with second node and connect, and record the first Socks connections and connect with the first Socks
Connect the correspondence of mark.
Using this preferred embodiment, a Socks connection identifier is distributed for each Socks connection, is different Socks connections
Corresponding data packet adds corresponding Socks connection identifier, so as to support multiple Socks connections simultaneously, and then realizes mutually
Scanning server in networking is scanned multiple ports of the scanning target in Intranet.
Preferably, first node forwards first data packet, including:
First node obtains first after first data packet is received at second node from first data packet
Socks connection identifier;
If the first Socks connection identifier according to having recorded determines described first with the first Socks correspondences connecting
Data packet corresponds to the first Socks connections, then first data packet is transmitted to the of the Intranet by the first Socks connections
One equipment.
This preferred embodiment is given when multiple Socks connections exist simultaneously, the scheme of the forwarding of the first data packet.
Preferably, first node and second node establish the first Socks connect including:First node receives second node hair
That send is used to establish the message of the first Socks connections, and obtains the first Socks connection identifier in message;First node is true
The fixed Socks connections recorded are with being not present the first Socks connection identifier in the correspondence of Socks connection identifier when, with the
Two nodes establish the first Socks connections, and record the first Socks connections and the correspondence of the first Socks connection identifier;
Second data packet is sent to second node by first node, including:First node is from the of the Intranet
After second data packet is received at one equipment, the first Socks connection identifier is added in second data packet, passes through first
Socks connections are transmitted to the first internet device via second node.
This preferred embodiment is given there are during multiple Socks connections, the specific implementation of the forwarding of the second data packet.
Second aspect, the embodiment of the present invention additionally provide the method that another NAT is passed through, and this method includes:
Second node in internet receives the P2P connections that the first node being located in Intranet is sent and establishes request,
The P2P that second node can be made to traverse in the Intranet with first node foundation is connect;
Second node is traversed to by the P2P connections in the Intranet as Socks clients, is taken to as Socks
The request of the first Socks connections is established in the first node transmission of business device, is established the first Socks with first node and is connect;
Second node is traversed in the Intranet using the P2P connections by the first Socks connections, will be from first mutually
The first data packet received at networked devices is transmitted to first node, so that first data packet is transmitted to institute by first node
The first equipment of Intranet is stated, wherein first data packet is to be sent to the Intranet by the first port of the first internet device
The first equipment first port data packet.
The NAT for realizing second node to first node by using P2P connections is passed through, and is turned using Socks agent skill groups
Data are sent out, can not realize that NAT is passed through when solving the problems, such as internet device actively to the equipment transmission data of Intranet.
Preferably, being established after the first Socks connect in second node and first node, this method further includes:
The second data packet received at first node is transmitted to the first interconnection by second node by the first Socks connections
Net equipment;
Wherein, second data packet is to issue the first internet device by the first port of the first equipment of the Intranet
First port data packet.
The first equipment that this preferred embodiment realizes Intranet is sent to the data of internet device.
Preferably, being established after the P2P connect in second node and first node, second node is sent to first node
It establishes before the request of the first Socks connections, this method further includes:
Second node receive that first node sends to keep the data packet of the P2P connections, wherein, it is described protecting
The data packet of the P2P connections is held for the internal address of first node and Intranet port numbers to be made to be kept not after NAT maps
Become.
By using this preferred embodiment, the process of P2P connections can be established again again to avoid after P2P connections have been broken.
And due to being communicated between the peer-entities of first node and the peer-entities of second node with fixed port, and connect
It is always maintained at, therefore no matter how the port of Socks clients or Sock server transmission datas changes, in pair of first node
Wait and data forwarding always carried out with fixing address and port between the peer-entities of entities and second node, reached source port and
The convergence of destination interface, so as to pass through any kind of NAT.
It is connect preferably, second node establishes the first Socks with first node, including:
Second node determines to establish the first Socks connections when receiving the first data packet for the first time, for the first Socks connections point
With the first Socks connection identifier, the correspondence that the first Socks connection identifier is connect with the first Socks is recorded;
First Socks connection identifier is placed in for establishing in the message of the first Socks connections by second node, using described
P2P connections, which are traversed in the Intranet, is sent to first node, so that first node receives first obtained after message in message
Socks connection identifier, and there is no first in correspondence of the Socks connections for determining to have recorded with Socks connection identifier
It during Socks connection identifier, establishes the first Socks with second node and connect, and record the first Socks connections and connect with the first Socks
Connect the correspondence of mark.
Using this preferred embodiment, a Socks connection identifier is distributed for each Socks connection, is different Socks connections
Corresponding data packet adds corresponding Socks connection identifier, so as to support multiple Socks connections simultaneously, and then realizes mutually
Scanning server in networking is scanned multiple ports of the scanning target in Intranet.
Preferably, second node forwards first data packet, including:
Second node adds after first data packet is received at the first internet device in first data packet
Add the first Socks connection identifier, first data packet is traversed to using the P2P connections in the Intranet and is sent to first
Node, so that first node obtains the first Socks connection identifier from the data packet received, and according to first recorded
After Socks connection identifier and the correspondence of the first Socks connections determine the corresponding first Socks connections of first data packet,
First data packet is transmitted to the first equipment of the Intranet by the first Socks connections.
This preferred embodiment is given when multiple Socks connections exist simultaneously, the scheme of the forwarding of the first data packet.
Preferably, second node and first node establish the first Socks connect including:Second node receives the first number for the first time
It determines to establish the first Socks connections during according to packet, the first Socks connection identifier, record first is distributed for the first Socks connections
The correspondence that Socks connection identifier is connect with the first Socks;First Socks connection identifier is placed in build by second node
In the message of vertical first Socks connections, traversed in the Intranet using the P2P connections and be sent to first node, so that the
One node receives the first Socks connection identifier obtained after message in message, and in the Socks connections for determining to have recorded and
When the first Socks connection identifier being not present in the correspondence of Socks connection identifier, establish the first Socks with second node and connect
It connects, and records the first Socks connections and the correspondence of the first Socks connection identifier;
Second data packet is transmitted to the first internet device and included by second node:Second node is from from first segment
The first Socks connection identifier is obtained in second data packet of point, according to the first Socks connection identifier and first recorded
After the correspondence of Socks connections determines that second data packet corresponds to the first Socks connections, second data packet is passed through
First Socks connections are transmitted to the first equipment of internet.
This preferred embodiment is given there are during multiple Socks connections, the specific implementation of the forwarding of the second data packet.
The third aspect, the embodiment of the present invention provide it is a kind of to realize network node that NAT is passed through, at the network node
In Intranet, the network node includes:
Peer-entities establishes request for sending out P2P connections to the second node in internet, makes the network section
Point is connect with the P2P that second node foundation can be such that second node traverses in the Intranet;
Socks servers, for receiving the foundation that second node is sent as Socks clients by the P2P connections
The request of first Socks connections is established the first Socks with second node and is connect;
The peer-entities is additionally operable to:Pass through the first Socks connections to the first device forwards first node of the Intranet
The first data packet received at second node, is passed through wherein first data packet is second node using the P2P connections
The first port by the first internet device forwarded into the Intranet issues the first end of the first equipment of the Intranet
The data packet of mouth.
The NAT for realizing second node to first node by using P2P connections is passed through, and is turned using Socks agent skill groups
Data are sent out, can not realize that NAT is passed through when solving the problems, such as internet device actively to the equipment transmission data of Intranet.
Preferably, the peer-entities is additionally operable to:
It is established after the first Socks connect in the Socks servers and second node, passing through the first Socks connections will
The second data packet received at the first equipment of the Intranet is sent to second node;
Wherein, second data packet is to issue the first internet device by the first port of the first equipment of the Intranet
First port data packet.
The first equipment that this preferred embodiment realizes Intranet is sent to the data of internet device.
Preferably, the peer-entities is additionally operable to:
After the peer-entities establishes the P2P connections, the first Socks companies are established in the Socks servers reception
Before the request connect, to second node transmission to keep the data packet of the P2P connections, so that the internal address of first node
And Intranet port numbers remain unchanged after NAT maps.
By using this preferred embodiment, the process of P2P connections can be established again again to avoid after P2P connections have been broken.
And due to being communicated between the peer-entities of first node and the peer-entities of second node with fixed port, and connect
It is always maintained at, therefore no matter how the port of Socks clients or Sock server transmission datas changes, in pair of first node
Wait and data forwarding always carried out with fixing address and port between the peer-entities of entities and second node, reached source port and
The convergence of destination interface, so as to pass through any kind of NAT.
Preferably, the peer-entities is specifically used for:
Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks in message
Connection identifier;
Determining the Socks connections that have recorded and there is no the first Socks in the correspondence of Socks connection identifier to connect
During mark, the Socks servers is notified to establish the first Socks with second node and connect, and record the first Socks connections and the
The correspondence of one Socks connection identifier.
Using this preferred embodiment, a Socks connection identifier is distributed for each Socks connection, is different Socks connections
Corresponding data packet adds corresponding Socks connection identifier, so as to support multiple Socks connections simultaneously, and then realizes mutually
Scanning server in networking is scanned multiple ports of the scanning target in Intranet.
Preferably, the peer-entities is specifically used for:
After first data packet is received at second node, the first Socks companies are obtained from first data packet
Connect mark;
If the first Socks connection identifier according to having recorded determines described first with the first Socks correspondences connecting
Data packet corresponds to the first Socks connections, then first data packet is transmitted to the of the Intranet by the first Socks connections
One equipment.
This preferred embodiment is given when multiple Socks connections exist simultaneously, the scheme of the forwarding of the first data packet.
Preferably, the peer-entities is additionally operable to:
Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks in message
Connection identifier;There is no the first Socks in correspondence of the Socks connections for determining to have recorded with Socks connection identifier to connect
When connecing mark, the Socks servers is notified to establish the first Socks with second node and connect, and record the first Socks connections and
The correspondence of first Socks connection identifier;
After second data packet is received at the first equipment from the Intranet, is added in second data packet
One Socks connection identifier is transmitted to the first internet device by the first Socks connections via second node.
This preferred embodiment is given there are during multiple Socks connections, the specific implementation of the forwarding of the second data packet.
Fourth aspect, the embodiment of the present invention provide another realizing network node that NAT is passed through, the network node
In internet, the network node includes:
Peer-entities establishes request, with first node for receiving the P2P connections that the first node being located in Intranet is sent
Foundation can make the network node traverse to the P2P connections in the Intranet;
Socks clients, for being traversed in the Intranet by the P2P connections, to as Socks servers
One node sends the request for establishing the first Socks connections, establishes the first Socks with first node and connect;
The peer-entities is additionally operable to:By the first Socks connections, traversed in the Intranet using the P2P connections,
The first data packet received at the first internet device is transmitted to first node, so that first node is by first data
Packet is transmitted to the first equipment of the Intranet, wherein first data packet is the first port transmission by the first internet device
To the data packet of the first port of the first equipment of the Intranet.
The NAT for realizing second node to first node by using P2P connections is passed through, and is turned using Socks agent skill groups
Data are sent out, can not realize that NAT is passed through when solving the problems, such as internet device actively to the equipment transmission data of Intranet.
Preferably, the peer-entities is additionally operable to:
It is established after the first Socks connect in the Socks clients and first node, passing through the first Socks connections will
The second data packet received at first node is transmitted to the first internet device;
Wherein, second data packet is to issue the first internet device by the first port of the first equipment of the Intranet
First port data packet.
The first equipment that this preferred embodiment realizes Intranet is sent to the data of internet device.
Preferably, the peer-entities is additionally operable to:
It is established after the P2P connect with first node, the Socks clients establish first to first node transmission
Before the request of Socks connections, receive first node send to keep the data packet of the P2P connections, wherein, the use
The internal address of first node and Intranet port numbers is made to be protected after NAT maps to keep the data packet of the P2P connections
It holds constant.
By using this preferred embodiment, the process of P2P connections can be established again again to avoid after P2P connections have been broken.
And due to being communicated between the peer-entities of first node and the peer-entities of second node with fixed port, and connect
It is always maintained at, therefore no matter how the port of Socks clients or Sock server transmission datas changes, in pair of first node
Wait and data forwarding always carried out with fixing address and port between the peer-entities of entities and second node, reached source port and
The convergence of destination interface, so as to pass through any kind of NAT.
Preferably, the peer-entities is specifically used for:
It determines to establish the first Socks connections when receiving the first data packet for the first time, first is distributed for the first Socks connections
Socks connection identifier, the correspondence that the first Socks connection identifier of record is connect with the first Socks;
First Socks connection identifier is placed in for establishing in the message of the first Socks connections, utilizes the P2P connections
It traverses in the Intranet and is sent to first node, so that first node receives the first Socks obtained in message after message and connects
Mark is connect, and there is no the first Socks companies in correspondence of the Socks connections for determining to have recorded with Socks connection identifier
It when connecing mark, establishes the first Socks with the Socks clients and connect, and record the first Socks connections and connect with the first Socks
Connect the correspondence of mark.
Using this preferred embodiment, a Socks connection identifier is distributed for each Socks connection, is different Socks connections
Corresponding data packet adds corresponding Socks connection identifier, so as to support multiple Socks connections simultaneously, and then realizes mutually
Scanning server in networking is scanned multiple ports of the scanning target in Intranet.
Preferably, the peer-entities is specifically used for:
After first data packet is received at the first internet device, first is added in first data packet
First data packet is traversed to using the P2P connections in the Intranet and is sent to first node by Socks connection identifier,
So that first node obtains the first Socks connection identifier from the data packet received, and connect according to the first Socks recorded
It connects after mark determines the corresponding first Socks connections of first data packet with the correspondence of the first Socks connections, by described the
One data packet is transmitted to the first equipment of the Intranet by the first Socks connections.
This preferred embodiment is given when multiple Socks connections exist simultaneously, the scheme of the forwarding of the first data packet.
Preferably, the peer-entities is specifically used for:It determines to establish the first Socks when receiving the first data packet for the first time
Connection distributes the first Socks connection identifier for the first Socks connections, records the first Socks connection identifier and the first Socks connects
The correspondence connect;First Socks connection identifier is placed in for establishing in the message of the first Socks connections, utilizes the P2P
Connection traverses in the Intranet and is sent to first node, so that first node receives first obtained after message in message
Socks connection identifier, and there is no first in correspondence of the Socks connections for determining to have recorded with Socks connection identifier
It during Socks connection identifier, establishes the first Socks with the Socks clients and connect, and record the first Socks connections and first
The correspondence of Socks connection identifier;
The first Socks connection identifier is obtained from the second data packet from first node, according to first recorded
After Socks connection identifier and the correspondence of the first Socks connections determine the corresponding first Socks connections of second data packet,
Second data packet is transmitted to the first equipment of internet by the first Socks connections.
This preferred embodiment is given there are during multiple Socks connections, the specific implementation of the forwarding of the second data packet.
5th aspect, the embodiment of the present invention provide a kind of to realize system that NAT is passed through, which includes:Positioned at interior
First node in net and the second node in internet,
First node includes:First peer-entities and Socks servers;
Second node includes:Second peer-entities and Socks clients;
The P2P that second node is traversed in the Intranet can be made by having between first peer-entities and the second peer-entities
Connection;
There is the first Socks connections between Socks servers and Socks clients;
The first data packet from the first internet device that Socks clients are used to receive is connected by the first Socks
It connects, is traversed in the Intranet using the P2P connections and issue Socks servers;
Socks servers are used to first data packet that the Socks clients received are sent being transmitted to the Intranet
In the first equipment;
Wherein, first data packet is that the first equipment of the Intranet is issued by the first port of the first internet device
First port data packet.
The NAT for realizing second node to first node by using P2P connections is passed through, and is turned using Socks agent skill groups
Data are sent out, can not realize that NAT is passed through when solving the problems, such as internet device actively to the equipment transmission data of Intranet.
Description of the drawings
Fig. 1 is the schematic diagram passed through in the prior art using TURN servers progress NAT;
Fig. 2 is provided in an embodiment of the present invention realizing the structure diagram of system that NAT is passed through;
Fig. 3 is the procedure schematic diagram that NAT provided in an embodiment of the present invention is passed through;
Fig. 4 is the form schematic diagram of the first data packet and the second data packet when being not added with Socks connection identifier;
Fig. 5 is the form schematic diagram of the first data packet and the second data packet after being added to Socks connection identifier;
Fig. 6 is the method flow diagram that the NAT provided in an embodiment of the present invention illustrated from first node side is passed through;
Fig. 7 is the method flow diagram that the NAT provided in an embodiment of the present invention illustrated from second node side is passed through;
Fig. 8 is the structure diagram of first node;
Fig. 9 is the structure diagram of second node;
Figure 10 is the message interaction process figure of the embodiment of the present invention one;
Figure 11 is the flow chart of the watcher thread of the peer-entities in second node;
Figure 12 is the flow chart of the peer-entities in second node and Socks client communication threads;
Figure 13 is the peer-entities in second node and the flow chart of first node communication thread;
Figure 14 is the flow chart of the peer-entities in first node and Socks client communication threads;
Figure 15 is the peer-entities in first node and the flow chart of first node communication thread.
Specific embodiment
The embodiment of the present invention provides method, network node and the system that a kind of NAT is passed through, existing using TURN to solve
During method, when scanning server actively initiates scan request, the problem of NAT is passed through can not be realized.
Include in the system that NAT provided in an embodiment of the present invention is passed through:First node in Intranet and positioned at interconnection
Second node in net, wherein, first node includes:First peer-entities and secure session pass through fire wall(sessions
Traversal across firewall securely, Socks)Server;Second node includes:Second peer-entities and
Socks clients;Having between first peer-entities and the second peer-entities can make second node traverse to the P2P in Intranet
Connection;There is the first Socks connections between Socks servers and Socks clients;What Socks clients were used to receive comes
From the first data packet of the first internet device by the first Socks connections, traversed in Intranet and issued using P2P connections
Socks servers;Socks servers are used to the first data packet that the Socks clients received are sent being transmitted in Intranet
First equipment;Wherein, the first data packet is the first of the first equipment that Intranet is issued by the first port of the first internet device
The data packet of port.By using system provided in an embodiment of the present invention, the scanning server in internet actively to
When scanning target in Intranet initiates scan request, data forwarding is realized using Socks clients and Socks servers,
It can realize that the data for forwarding Socks clients are worn using the P2P connections between the first peer-entities and the second peer-entities
More in Intranet.
It should be noted that, although provided in background technology be in internet server scanning Intranet in scanning mesh
Target example, but in fact, system and method provided in an embodiment of the present invention can realize that any internet device is actively inside
NAT during net equipment transmission data packet is passed through.
Illustrate below in conjunction with the accompanying drawings provided in an embodiment of the present invention realizing the system that NAT passes through and the side that NAT is passed through
Method.
Fig. 2 is provided in an embodiment of the present invention realizing the structure diagram of system that NAT is passed through.It as shown in Fig. 2, should
System includes:First node 201 in Intranet and the second node in internet 202, wherein,
First node 201 includes:First peer-entities 2011 and Socks servers 2012;
Second node 202 includes:Second peer-entities 2021 and Socks clients 2022;
Having between first peer-entities 2011 and the second peer-entities 2021 can make second node 202 traverse to Intranet
In P2P connections;
There is the first Socks connections between Socks servers 2012 and Socks clients 2022;
The first data packet from the first internet device that Socks clients are used to receive is connected by the first Socks
It connects, is traversed in Intranet using P2P connections and issue Socks servers;
Socks servers are used for be transmitted to the first data packet that the Socks clients received are sent in Intranet first
Equipment;
Wherein, the first data packet is the first end for the first equipment that Intranet is issued by the first port of the first internet device
The data packet of mouth.
It should be noted that in order to it is simple, clearly show that connection relation between the system and other network equipments, figure
An internet device and an Intranet equipment are illustrated only in 2, multiple is connected in practical application, may be present with the system
Internet device and Intranet equipment.About provided in an embodiment of the present invention realizing between each node of system that NAT is passed through
Interacting message, the Socks clients of peer-entities, the Socks servers of first node and second node in each node
Operation principle can refer to the method that NAT below is passed through, as space is limited, here not in repeated description.
Based on same inventive concept, the embodiment of the present invention additionally provides a kind of method that NAT is passed through.Fig. 3 is real for the present invention
Apply the procedure schematic diagram that the NAT of example offer is passed through.As shown in figure 3, this method comprises the following steps:
S301:First node in Intranet is established by sending out P2P connections to the second node in internet
Request, the P2P that second node can be made to traverse in Intranet with second node foundation are connect;
S302:Second node as Socks clients is connected by P2P to the first node for being used as Socks servers
The request for establishing the first Socks connections sent, establishes the first Socks with second node and connect;
S303:Second node is traversed in Intranet using P2P connections by the first Socks connections, will be from the first internet
The first data packet received at equipment is transmitted to first node, and first node is to first the first data packet of device forwards of Intranet;
Wherein, the first data packet be second node using P2P connections traverse in Intranet and forward by the first internet
The first port of equipment issues the data packet of the first port of the first equipment of Intranet.
Socks(Such as Socks4, Socks5)It is a kind of agent skill group, workflow is as follows:First, Socks client
It holds to Sock servers and sends solicited message, Socks servers give response to the request of Socks clients.Socks clients
After the response for receiving Socks servers, destination IP and port numbers are sent to Socks servers, Socks servers use this IP
Address is established with destination host with port numbers and is connected.Later, the information that Socks clients are sent out is transmitted to by Socks servers
The information that destination host is sent out is sent to client by destination host, and agent process is completed.
In embodiments of the present invention, since first node is in Intranet(So the Socks servers of first node are in
In Intranet), and second node is in internet(So the Socks clients of second node are in internet), Socks visitors
Family end is directly initiated the connection without normal direction Socks servers.Mode used in the embodiment of the present invention is, respectively in first node and
Increase logic entity, i.e. peer-entities in two nodes, for establishing connection between Socks servers and Socks clients, and
Forward data therebetween.
When scanning server only scans a target port, the above method can realize that NAT is passed through.But if scanning
When server needs to scan multiple ports, if Socks servers can only establish a Socks connection, only simply forward
The request data of Socks clients can not then realize that multiport scans.Optionally, it can realize that multiport is swept by following methods
It retouches, you can selection of land, after step S302, this method further includes:
The second data packet received at the first equipment of Intranet is sent to the by first node by the first Socks connections
Two nodes;Second data packet is transmitted to the first internet device by second node;
Wherein, the second data packet is that the first end of the first internet device is issued by the first port of the first equipment of Intranet
The data packet of mouth.
Optionally, in step S301, second node establishes request receiving the P2P connections that first node sends out, record the
One node passes through the transformed IP address of NAT and port numbers, in this way, being connected in second node subsequently through P2P to first node
During transmission data packet, it can be achieved with NAT and pass through.
Optionally, after step S301, before step S302, this method further includes:
Second node receive first node send to keep the data packet of P2P connections, wherein, P2P to be kept to connect
The data packet connect is used to that the internal address of first node and Intranet port numbers to be made to remain unchanged after NAT maps.
Such as:First node can be sent to second node comprising keep-alive message by periodicity(KeepAlive)Number
According to packet, so that the internal address of first node and Intranet port numbers remain unchanged after NAT maps, periodicity can also be passed through
Empty packet is sent to second node(dummy)So that the internal address and Intranet port numbers of first node are kept after NAT maps
It is constant.
By using this preferred embodiment, the process of P2P connections can be established again again to avoid after P2P connections have been broken.
And due to being communicated between the peer-entities of first node and the peer-entities of second node with fixed port, and connect
It is always maintained at, therefore no matter how the port of Socks clients or Sock server transmission datas changes, in pair of first node
Wait and data forwarding always carried out with fixing address and port between the peer-entities of entities and second node, reached source port and
The convergence of destination interface, so as to pass through any kind of NAT.
Optionally, in step S302, the first Socks connections are established between first node and second node, including:
When second node receives the first data packet for the first time(I.e. first node is received for the first time by the first of the first internet device
During the data packet that port is sent to the first port of the first equipment of Intranet), determine to establish the first Socks connections, be first
Socks connections distribute the first Socks connection identifier, and the first Socks connection identifier of record is corresponding with the first Socks connections to close
System;
First Socks connection identifier is placed in for establishing in the message of the first Socks connections by second node, utilizes P2P
Connection, which traverses to, is sent to first node in Intranet,;
First node receives the first Socks connection identifier obtained after message in message, and in the Socks for determining to have recorded
Connection is with being not present the first Socks connection identifier in the correspondence of Socks connection identifier when, first is established with second node
Socks connections, and record the first Socks connections and the correspondence of the first Socks connection identifier.
Here, the methods and techniques effect to illustrate this alternative is applied with the scanning in background technology.
When the target port that scanning server needs scan changes, Socks clients can detect this variation,
And can a new Socks be established with destination interface with new source port again and connected, i.e., it may be deposited during single pass
In multiple Socks connections, for different targeted scans ports, can be established respectively between Socks clients and Socks servers
Socks connections.
Therefore, can be the newly-established Socks connections point after a Socks connection request is received in second node side
With a Socks connection identifier, when sending the message for establishing Socks connections to first node, the Socks connections are carried
Mark;First node after receiving that message, can obtain Socks connection identifier from message, when the Socks for determining to have recorded connects
It is connected in the correspondence of Socks connection identifier there is no during the Socks connection identifier, establishes Socks with second node and connect,
And record the correspondence that the Socks connection identifier is connect with Socks.
Therefore, after the Socks connections are established between first node and second node, first node and second node
The correspondence that the Socks is connected to the Socks connection identifier will be recorded.Following table 1 is that a kind of optional Socks connects
Connect the mapping table with Socks connection identifier.
Table 1Socks connections and the mapping table of Socks connection identifier
SOCKET | Socks connection identifier |
SOCKET1 | ID1 |
SOCKET2 | ID2 |
…… | …… |
SOCKETn | IDn |
Optionally, second node and first node forward the first data packet, including:
Second node adds first after the first data packet is received at the first internet device in the first data packet
First data packet using P2P connections is traversed to and first node is sent in Intranet by Socks connection identifier;
First node obtains the first Socks companies after the first data packet is received at second node from the first data packet
Connect mark;And the first data are being determined with the first Socks correspondences connecting according to the first Socks connection identifier recorded
After the corresponding first Socks connections of packet, the first data packet is transmitted to the first equipment of Intranet by the first Socks connections.
Optionally, first node and second node forward the second data packet, including:
After first node receives the second data packet at the first equipment from Intranet, first is added in the second data packet
Socks connection identifier issues second node by the first Socks connections;
Second node obtains the first Socks connection identifier from the second data packet from first node, has remembered in basis
The first Socks connection identifier and the correspondence of the first Socks connections of record determine the corresponding first Socks connections of the second data packet
Afterwards, the second data packet is transmitted to the first equipment of internet by the first Socks connections.
When being not added with Socks connection identifier, the form of the first data packet and the second data packet can refer to Fig. 4, be added to
After Socks connection identifier, the form of the first data packet and the second data packet can refer to Fig. 5.
Since transport layer port number only has 16, the length of Socks connection identifier is up to 2 bytes.Optionally, may be used
Socks connection identifier is set as fixed 2 byte length, ensures that the one-to-one correspondence that Socks connection identifier is connect with Socks closes
System.Alternatively, in order to improve data transmission efficiency, the expense of Socks connection identifier is reduced, the length of Socks connection identifier can be with
Depending on the maximum Socks connections number that the NAT ride through system that embodiment provides according to the present invention can be supported simultaneously.
Increase Socks connection identifier solve the problems, such as it is as follows:Even if scanning target can first be sent out by some port
Single pass application is played, forwarding transmission address is obtained in TURN servers, but single pass process is often to scanning target
Multiple port transmission datas, and these ports can not be known in advance by scanning target, for symmetric NAT, if by sweeping
It retouches port and did not send out data to internet in advance, then internet data also directly can not reach this by passing through NAT anyway
Port.Using this preferred embodiment, solves the scanning process in multiple target ports, carrying out NAT using TURN passes through with office
It is sex-limited.
With being carried out using only TURN compared with NAT passes through, system that realizations NAT provided in an embodiment of the present invention is passed through fills
Scanning of the scanning server to the scanning target in Intranet supported with method in internet is put, is carried without the scanning target
Scan forward server transmission data.Due to the presence of peer-entities, the data packet between scanning server and scanning target is all
It will be transmitted using the NAT channels got through between peer-entities.Since peer-entities can be responsible for getting through the logical of this passing through NAT
Road, therefore scanning server and scanning target all no longer need to be concerned about NAT crossing problems, also there is no need to scan target from being swept
Port is retouched in advance to outer net transmission data.
Simultaneously as the transparent communication problem between peer-entities and Socks servers and Socks clients is realized,
It can ensure that Socks clients are pellucidly set up Socks with Socks servers by peer-entities and connect, and Socks client
Between end and scanning server, connection can be also set up between Socks servers and scanning target, so as to ensure scanning server
Each data packet sent may pass through the corresponding ports that these connections are forwarded to corresponding scanning target, ensure that scanning clothes
Business device can carry out correct scanning process under any type of NAT environment.
When the preferred embodiment using the embodiment of the present invention, a Socks connection identifier is distributed for each Socks connection,
Corresponding Socks connection identifier is added for the corresponding data packet of different Socks connections, so as to multiple Socks be supported to connect simultaneously
It connects, and then realizes the scanning server in internet and multiple ports of the scanning target in Intranet are scanned.
In specific implementation, the peer-entities of second node mainly has three classes thread:
1st, it is responsible for monitoring the watcher thread of connection request(Referring to example one);
2nd, it is responsible for the thread Peer_to_Peer to communicate with the peer-entities of first node(Referring to example two);
3rd, it is responsible for the thread Peer_to_Socks with Socks client communications(Referring to example three).
Watcher thread monitors all Socks connection requests and starts Peer_to_Socks threads.When it is from Socks client
After end receives Socks connection requests, new SOCKET is distributed for the Socks to be established connections, distributes Socks connection identifier, note
The Socks connection identifier is recorded to connect with the Socks(That is the newly assigned SOCKET)Correspondence, start Peer_to_ later
Socks threads.
Peer_to_Peer threads safeguard that one sends buffering area and a reception for each Peer_to_Socks thread
Buffering area after the peer-entities of second node receives the second data packet from the peer-entities of first node, can first look at
Then it is corresponding to be placed into the Socks connection identifier by the Socks connection identifier in two data packets for the second data packet received
The reception buffering area of SOCKET;The corresponding Peer_to_Socks threads of the reception buffering area can be by second data packet from reception
It is taken out in buffering area, removes and give the second data packet to Socks clients after the Socks connection identifier in second data packet.
Equally, when a Peer_to_Socks thread receives the first data packet from Socks clients, which can be corresponding by its
Socks connection identifier is added to the head of first data packet and is placed in the corresponding transmission buffering area of the thread, Peer_
To_Peer threads find there are data in the transmission buffering area, and the equity that will be taken the data away and be sent to first node is real
Body.
Similar with the peer-entities of second node, the peer-entities of first node also has two class primary threads:With the second section
The thread Peer_to_Peer of the peer-entities communication of point(Referring to example four)And the thread Peer_ with Socks server communications
to_Socks(Referring to example five).Each Peer_to_Socks threads are also required to safeguard one jointly with Peer_to_Peer threads
A transmission buffering area and reception buffering area, principle is similar with the peer-entities of second node, and which is not described herein again.
Based on identical inventive concept, the embodiment of the present invention also each provides the method that the NAT of first node side is passed through
The method passed through with the NAT of second node side, illustrates respectively below in conjunction with the accompanying drawings.
Fig. 6 is the method flow diagram that the NAT provided in an embodiment of the present invention illustrated from first node side is passed through.Such as Fig. 6 institutes
Show, this method includes:
S601:First node in Intranet is established by sending out P2P connections to the second node in internet
Request, the P2P that second node can be made to traverse in Intranet with second node foundation are connect;
S602:First node is received as Socks servers and is connected as the second node of Socks clients by P2P
The request for establishing the first Socks connections sent, establishes the first Socks with second node and connect;
S603:The first device forwards first node from first node to Intranet by the first Socks connections from second node
Locate the first data packet received, wherein the first data packet be second node using P2P connections traverse in Intranet and forwarding by
The first port of first internet device issues the data packet of the first port of the first equipment of Intranet.
Optionally, after step S602, this method further includes:
The second data packet received at the first equipment of Intranet is sent to the by first node by the first Socks connections
Two nodes;
Wherein, the second data packet is that the first end of the first internet device is issued by the first port of the first equipment of Intranet
The data packet of mouth.
Optionally, after step S601, before step S602, this method further includes:
First node to second node transmission to keep the data packet of P2P connections so that the internal address of first node
And Intranet port numbers remain unchanged after NAT maps.
Optionally, first node is established the first Socks with second node and is connect, including:
What first node reception second node was sent is used to establish the message of the first Socks connections, and obtains in message
First Socks connection identifier;
There is no first in correspondence of the Socks connections for determining to have recorded with Socks connection identifier for first node
It during Socks connection identifier, establishes the first Socks with second node and connect, and record the first Socks connections and connect with the first Socks
Connect the correspondence of mark.
Optionally, first node forwards the first data packet, including:
First node obtains the first Socks companies after the first data packet is received at second node from the first data packet
Connect mark;
If the first Socks connection identifier according to having recorded determines the first data with the first Socks correspondences connecting
First data packet is then transmitted to the first equipment of Intranet by the corresponding first Socks connections of packet by the first Socks connections.
Optionally, first node and second node establish the first Socks connect including:First node receives second node hair
That send is used to establish the message of the first Socks connections, and obtains the first Socks connection identifier in message;First node is true
The fixed Socks connections recorded are with being not present the first Socks connection identifier in the correspondence of Socks connection identifier when, with the
Two nodes establish the first Socks connections, and record the first Socks connections and the correspondence of the first Socks connection identifier;
Second data packet is sent to second node by first node, including:First node is at the first equipment from Intranet
After receiving the second data packet, the first Socks connection identifier is added in the second data packet, by the first Socks connections via the
Two nodes are transmitted to the first internet device.
Fig. 7 is the method flow diagram that the NAT provided in an embodiment of the present invention illustrated from second node side is passed through.Such as Fig. 7 institutes
Show, this method comprises the following steps:
S701:Second node in internet receives the P2P connections that the first node being located in Intranet is sent and establishes
Request, the P2P that second node can be made to traverse in Intranet with first node foundation are connect;
S702:Second node is traversed to by P2P connections in Intranet as Socks clients, to as Socks servers
First node transmission establish the requests of the first Socks connections, establish the first Socks with first node and connect;
S703:Second node is traversed in Intranet using P2P connections by the first Socks connections, will be from the first internet
The first data packet received at equipment is transmitted to first node, so that the first data packet is transmitted to the first of Intranet by first node
Equipment, wherein the first data packet is the first port for the first equipment that Intranet is sent to by the first port of the first internet device
Data packet.
Optionally, after step S702, this method further includes:
The second data packet received at first node is transmitted to the first interconnection by second node by the first Socks connections
Net equipment;
Wherein, the second data packet is that the first end of the first internet device is issued by the first port of the first equipment of Intranet
The data packet of mouth.
Optionally, after step S701, before step S702, this method further includes:
Second node receive first node send to keep the data packet of P2P connections, wherein, P2P to be kept to connect
The data packet connect is used to that the internal address of first node and Intranet port numbers to be made to remain unchanged after NAT maps.
Optionally, second node is established the first Socks with first node and is connect, including:
Second node determines to establish the first Socks connections when receiving the first data packet for the first time, for the first Socks connections point
With the first Socks connection identifier, the correspondence that the first Socks connection identifier is connect with the first Socks is recorded;
First Socks connection identifier is placed in for establishing in the message of the first Socks connections by second node, utilizes P2P
Connection, which traverses to, is sent to first node in Intranet, so that first node receives the first Socks obtained in message after message and connects
Mark is connect, and there is no the first Socks companies in correspondence of the Socks connections for determining to have recorded with Socks connection identifier
It when connecing mark, establishes the first Socks with second node and connect, and record the first Socks connections and the first Socks connection identifier
Correspondence.
Optionally, second node forwards the first data packet, including:
Second node adds first after the first data packet is received at the first internet device in the first data packet
First data packet using P2P connections is traversed to and first node is sent in Intranet, so that first node by Socks connection identifier
The first Socks connection identifier is obtained from the data packet received, and according to the first Socks connection identifier and first recorded
After the correspondence of Socks connections determines that the first data packet corresponds to the first Socks connections, the first data packet is passed through first
Socks connections are transmitted to the first equipment of Intranet.
Optionally, second node and first node establish the first Socks connect including:Second node receives the first number for the first time
It determines to establish the first Socks connections during according to packet, the first Socks connection identifier, record first is distributed for the first Socks connections
The correspondence that Socks connection identifier is connect with the first Socks;First Socks connection identifier is placed in build by second node
In the message of vertical first Socks connections, traversed to using P2P connections and first node is sent in Intranet, so that first segment is checked and accepted
The first Socks connection identifier in message is obtained after to message, and mark is connect with Socks in the Socks connections for determining to have recorded
It when the first Socks connection identifier being not present in the correspondence of knowledge, establishes the first Socks with second node and connect, and record the
One Socks connections and the correspondence of the first Socks connection identifier;
Second data packet is transmitted to the first internet device and included by second node:Second node is from from first node
The first Socks connection identifier is obtained in second data packet, according to the first Socks connection identifier and the first Socks recorded
After the correspondence of connection determines that the second data packet corresponds to the first Socks connections, the second data packet is passed through into the first Socks connections
It is transmitted to the first equipment of internet.
Based on same inventive concept, the embodiment of the present invention additionally provides two kinds to realize network node that NAT is passed through, under
Face illustrates two kinds of network nodes with reference to attached drawing.
Fig. 8 is the first to realize the structure diagram of network node that NAT is passed through.As shown in figure 8, the network node
Including:
Peer-entities 801 establishes request for sending out P2P connections to the second node in internet, makes network section
Point is connect with the P2P that second node foundation can be such that second node traverses in Intranet;
Socks servers 802 establish as Socks clients for receiving second node by what P2P connections were sent
The request of one Socks connections is established the first Socks with second node and is connect;
Peer-entities 801 is additionally operable to:To Intranet the first device forwards first node by the first Socks connections from second
The first data packet received at node, is traversed in Intranet using P2P connections and is forwarded wherein the first data packet is second node
The first port by the first internet device issue Intranet the first equipment first port data packet.
Optionally, peer-entities 801 is additionally operable to:
It is established after the first Socks connect in Socks servers 802 and second node, it will be from by the first Socks connections
The second data packet received at first equipment of Intranet is sent to second node;
Wherein, the second data packet is that the first end of the first internet device is issued by the first port of the first equipment of Intranet
The data packet of mouth.
Optionally, peer-entities 801 is additionally operable to:
After peer-entities 801 establishes P2P connections, Socks servers 802, which receive, establishes asking for the first Socks connections
Before asking, to second node transmission to keep the data packet of P2P connections, so that the internal address of first node and Intranet port
It number is remained unchanged after NAT maps.
Optionally, peer-entities 801 is specifically used for:
Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks in message
Connection identifier;
Determining the Socks connections that have recorded and there is no the first Socks in the correspondence of Socks connection identifier to connect
During mark, notice Socks servers 802 are established the first Socks with second node and connects, and the first Socks connections of record and the
The correspondence of one Socks connection identifier.
Optionally, peer-entities 801 is specifically used for:
After the first data packet is received at second node, the first Socks connection identifier is obtained from the first data packet;
If the first Socks connection identifier according to having recorded determines the first data with the first Socks correspondences connecting
First data packet is then transmitted to the first equipment of Intranet by the corresponding first Socks connections of packet by the first Socks connections.
Optionally, peer-entities 801 is additionally operable to:
Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks in message
Connection identifier;There is no the first Socks in correspondence of the Socks connections for determining to have recorded with Socks connection identifier to connect
When connecing mark, notice Socks servers 802 are established the first Socks with second node and connects, and the first Socks connections of record and
The correspondence of first Socks connection identifier;
After the second data packet is received at the first equipment from Intranet, the first Socks connections are added in the second data packet
Mark, the first internet device is transmitted to by the first Socks connections via second node.
Fig. 9 is second provided in an embodiment of the present invention realizing the structure diagram of network node that NAT is passed through.Such as
Shown in Fig. 9, which includes:
Peer-entities 901 establishes request, with first for receiving the P2P connections that the first node being located in Intranet is sent
Node foundation can make network node traverse to the P2P connections in Intranet;
Socks clients 902, for being traversed in Intranet by P2P connections, to the first segment as Socks servers
Point sends the request for establishing the first Socks connections, establishes the first Socks with first node and connect;
Peer-entities 901 is additionally operable to:By the first Socks connections, traversed in Intranet using P2P connections, it will be from first
The first data packet received at internet device is transmitted to first node, so that the first data packet is transmitted to Intranet by first node
The first equipment, wherein the first data packet is the of the first equipment that Intranet is sent to by the first port of the first internet device
The data packet of Single port.
Optionally, peer-entities 901 is additionally operable to:
It is established after the first Socks connect in Socks clients 902 and first node, it will be from by the first Socks connections
The second data packet received at first node is transmitted to the first internet device;
Wherein, the second data packet is that the first end of the first internet device is issued by the first port of the first equipment of Intranet
The data packet of mouth.
Optionally, peer-entities 901 is additionally operable to:
It is established after P2P connect with first node, Socks clients 902 establish the first Socks to first node transmission
Before the request of connection, receive first node send to keep the data packet of P2P connections, wherein, P2P to be kept to connect
Data packet for the internal address of first node and Intranet port numbers to be made to be remained unchanged after NAT maps.
Optionally, peer-entities 901 is specifically used for:
It determines to establish the first Socks connections when receiving the first data packet for the first time, first is distributed for the first Socks connections
Socks connection identifier, the correspondence that the first Socks connection identifier of record is connect with the first Socks;
First Socks connection identifier is placed in for establishing in the message of the first Socks connections, is passed through using P2P connections
First node is sent into Intranet, so that first node receives the first Socks connection identifier obtained after message in message, and
When the first Socks connection identifier is not present in correspondence of the Socks connections for determining to have recorded with Socks connection identifier,
The first Socks is established with Socks clients 902 to connect, and records the first Socks connections and pair of the first Socks connection identifier
It should be related to.
Optionally, peer-entities 901 is specifically used for:
After the first data packet is received at the first internet device, the first Socks connections are added in the first data packet
Mark, the first data packet using P2P connections is traversed to, first node is sent in Intranet, so that first node is from the number received
It is connect according to the first Socks connection identifier of acquisition in packet, and according to the first Socks connection identifier recorded with the first Socks
Correspondence determine the first data packet correspond to the first Socks connections after, the first data packet is forwarded by the first Socks connections
To the first equipment of Intranet.
Optionally, peer-entities 901 is specifically used for:It determines to establish the first Socks when receiving the first data packet for the first time
Connection distributes the first Socks connection identifier for the first Socks connections, records the first Socks connection identifier and the first Socks connects
The correspondence connect;First Socks connection identifier is placed in for establishing in the message of the first Socks connections, is connected using P2P
It traverses to and first node is sent in Intranet, so that first node receives the first Socks connections obtained in message after message and marks
Know, and determining the Socks connections that have recorded and there is no the first Socks in the correspondence of Socks connection identifier to connect mark
It during knowledge, establishes the first Socks with Socks clients 902 and connect, and record the first Socks connections and the first Socks connection identifier
Correspondence;
The first Socks connection identifier is obtained from the second data packet from first node, according to first recorded
After Socks connection identifier and the correspondence of the first Socks connections determine the corresponding first Socks connections of the second data packet, by
Two data packets are transmitted to the first equipment of internet by the first Socks connections.
Embodiment one
Embodiment one illustrates the full message interaction flow of NAT crossing process and scanning process by taking scanning process as an example.
Figure 10 is the message interaction process figure of the embodiment of the present invention one.As shown in Figure 10, the process of embodiment one includes the following steps:
S1001:The peer-entities P2P Peer A of first node are sent out to the peer-entities P2P Peer B of second node
Connection request Connect;
S1002:P2P Peer B send request to P2P Node A and receive Accept, to receive asking for P2P Peer A
It asks, and records P2P Node A by the transformed IP address of NAT and port numbers;
S1003:P2P Peer A periodically send keep-alive information Keep Alive to P2P Peer B;
S1004:Scanning server initiates scan request to Socks clients, and scan request includes the Intranet to be scanned
In scanning target IP address of internal network and port numbers;
S1005:Socks clients construct Socks connection request Socks Connect according to scan request, which please
Seek the IP address and port numbers of scanning target that the scanning server for carrying and obtaining is thought in the Intranet of scanning;
S1006:P2P Peer B forward the Socks connection requests to forward the Socks to P2P Peer A, P2P Peer A
Connection request gives Socks servers;
S1007:Socks servers parse the Socks connection requests, obtain purpose IP address and port numbers, and to target
Host(Scan target)Send out connection request Connect;
S1008:Scanning target receives request, and sending request to Socks servers receives Accept;
S1009:Socks servers send Socks connections to P2P Peer A and are successfully established SocksSucceed, P2P
Peer A forward it to P2P Peer B, then are transmitted to Socks clients by P2P Node B, and Socks connections are successfully established;
S1010:Socks clients send scanning response to scanning server;
S1011:Data Data is passed sequentially through Socks clients, P2P by scanning server after scanning response is received
Peer B, P2P Peer A, Socks servers, finally issue scanning target;
S1012:Scanning result Result is passed sequentially through Socks servers, P2P Node A, P2P Node by scanning target
B, Socks clients are sent to scanning server.
It is passed through by above-mentioned steps S1001~S1012, the NAT for completing single pass process.
The peer-entities watcher thread of example one, second node
Figure 11 is the flow chart of the peer-entities watcher thread of second node, which is responsible for monitoring Socks connection requests
And start Peer_to_Socks threads.As shown in figure 11, the peer-entities watcher thread of second node includes the following steps:
S1101:Monitor Socks connection requests;
S1102:Judge whether to receive Socks connection requests from Socks clients, if so, step S1103 is performed, it is no
Then return to step S1101;
S1103:New SOCKET is distributed for the Socks to be established connections, establishes Socks connections;
S1104:Socks connections for the foundation distribute Socks connection identifier, and record the Socks connections and the Socks
The correspondence of connection identifier(That is the correspondence of the SOCKET of the distribution and the Socks connection identifier);
S1105:Start Peer_to_Socks threads.
The peer-entities Peer_to_Peer threads of example two, second node
Figure 12 is the flow chart of the peer-entities Peer_to_Peer threads of second node, which is responsible for and first node
Peer-entities communication.As shown in figure 12, Peer_to_Peer threads include the following steps:
S1201:Judge whether the second data packet that the peer-entities for receiving first node is sent, if so, performing step
Otherwise S1202 performs step S1204;
S1202:The Socks connection identifier of the second data packet header is taken out, is searched according to Socks connection identifier corresponding
SOCKET;
S1203:The second data packet for having removed Socks connection identifier is put into corresponding reception buffering area;
S1204:Judge that certain sends whether buffering area there are data, if so, performing step S1205, otherwise return to step
S1201;
S1205:It takes out and sends peer-entities of the Data Concurrent in buffering area to first node;
S1206:Empty the transmission buffering area.
The peer-entities Peer_to_Socks threads of example three, second node
Figure 13 is the flow chart of the peer-entities Peer_to_Socks threads of second node, which is responsible for and Socks visitors
Family end communicates.As shown in figure 13, Peer_to_Socks threads include the following steps:
S1301:Judge whether to receive the first data packet of Socks clients transmission, if so, step S1302 is performed, it is no
Then perform step S1304;
S1302:The Socks connections are inserted into the first data packet(That is SOCKET)Corresponding Socks connection identifier;
S1303:The first data packet for inserting Socks connection identifier is put into corresponding send of the Socks connections to buffer
Area, later return to step S1301;
S1304:Judge to receive whether buffering area has the second data packet, if so, then performing step S1305, otherwise, return to step
Rapid S1301;
S1305:Socks connection identifier is removed from the second data packet;
S1306:Second data packet is sent to Socks clients, empties reception buffering area, later return to step S1301.
The peer-entities Peer_to_Peer threads of example four, first node
Figure 14 is the flow chart of the peer-entities Peer_to_Peer threads of first node.As shown in figure 14, the thread packet
Include following steps:
S1401:Judge whether the first data packet that the peer-entities for receiving second node is sent, if so, performing step
Otherwise S1402 performs step S1407;
S1402:The Socks connection identifier of the first data packet header is taken out, it is corresponding to search the Socks connection identifier
SOCKET;
S1403:It judges whether corresponding SOCKET, if so, performing step S1404, otherwise performs step
S1405;
S1404:First data packet is put into corresponding reception buffering area;
S1405:New distribution SOCKET, establishes Socks with Socks servers and connect;
S1406:Socks connection identifier and the correspondence of SOCKET are recorded, performs step S1404 later;
S1407:Judge that certain sends whether buffering area there are data, if so then execute step S1408, otherwise return to step
S1401;
S1408:Take out peer-entities of the Data Concurrent to second node;
S1409:The transmission buffering area is emptied, later return to step S1401.
The peer-entities Peer_to_Socks threads of example five, first node
Figure 15 is the flow chart of the peer-entities Peer_to_Socks threads of first node.As shown in figure 15, the thread packet
Include following steps:
S1501:Judge whether to receive the second data packet that Socks servers are sent, if so, step S1502 is performed, it is no
Then perform step S1504;
S1502:The corresponding Socks connection identifier of the Socket is inserted into the second data packet received;
S1503:The second data packet for being inserted into Socks connection identifier is put into transmission buffering area;
S1504:Judge to receive whether buffering area has the first data packet, if so, by the Socks connections in the first data packet
Mark is removed, otherwise return to step S1501;
S1505:The first data packet for having removed Socks connection identifier is sent to Socks servers, and it is slow to empty reception
Area is rushed, later return to step S1501.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program
Product.Therefore, the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware can be used in the present invention
Apply the form of example.Moreover, the computer for wherein including computer usable program code in one or more can be used in the present invention
Usable storage medium(Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The computer program production of upper implementation
The form of product.
The present invention be with reference to according to the method for the embodiment of the present invention, equipment(System)And the flow of computer program product
Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real
The device of function specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps are performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or
The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation
Property concept, then additional changes and modifications may be made to these embodiments.So appended claims be intended to be construed to include it is excellent
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (25)
1. a kind of method that NAT is passed through, which is characterized in that this method includes:
First node in Intranet establishes request by sending out P2P connections to the second node in internet, with the
The foundation of two nodes can make second node traverse to the P2P connections in the Intranet;
First node receives what is sent as the second node of Socks clients by the P2P connections as Socks servers
The request of the first Socks connections is established, establishing the first Socks with second node connect;
First node is received to the first device forwards first node of the Intranet by the first Socks connections at second node
The first data packet, traversed in the Intranet and turned using the P2P connections wherein first data packet is second node
The first port by the first internet device of hair issues the data packet of the first port of the first equipment of the Intranet.
2. the method as described in claim 1, which is characterized in that establish the first Socks with second node in first node and connect
Later, it further includes:
The second data packet received at the first equipment of the Intranet is sent to the by first node by the first Socks connections
Two nodes;
Wherein, second data packet is that the first internet device is issued by the first port of the first equipment of the Intranet
The data packet of Single port.
3. the method as described in claim 1, which is characterized in that after first node establishes the P2P connections, first node
Reception is established before the request of the first Socks connections, and this method further includes:
First node to second node transmission to keep the data packet of the P2P connections so that the internal address of first node
And Intranet port numbers remain unchanged after NAT maps.
4. the method as described in claim 1 or 3, which is characterized in that first node establishes the first Socks companies with second node
It connects, including:
First node receive that second node sends for establishing the message of the first Socks connections, and obtain in message first
Socks connection identifier;
There is no the first Socks in correspondence of the Socks connections for determining to have recorded with Socks connection identifier for first node
It during connection identifier, establishes the first Socks with second node and connect, and record the first Socks connections and the first Socks connection identifier
Correspondence.
5. method as claimed in claim 4, which is characterized in that first node forwards first data packet, including:
First node obtains first after first data packet is received at second node from first data packet
Socks connection identifier;
If the first Socks connection identifier according to having recorded determines first data with the first Socks correspondences connecting
The corresponding first Socks connections of packet, then be transmitted to the first of the Intranet by the first Socks connections by first data packet and set
It is standby.
6. method as claimed in claim 2, which is characterized in that
First node and second node establish the first Socks connect including:What first node reception second node was sent is used to build
The message of vertical first Socks connections, and obtain the first Socks connection identifier in message;First node is determining what is recorded
Socks connections are with being not present the first Socks connection identifier in the correspondence of Socks connection identifier when, established with second node
First Socks connections, and record the first Socks connections and the correspondence of the first Socks connection identifier;
Second data packet is sent to second node by first node, including:First node is set from the first of the Intranet
After standby place receives second data packet, the first Socks connection identifier is added in second data packet, passes through first
Socks connections are transmitted to the first internet device via second node.
7. a kind of method that NAT is passed through, which is characterized in that this method includes:
Second node in internet, which receives the P2P connections that the first node being located in Intranet is sent, to be established and asks, with the
The foundation of one node can make second node traverse to the P2P connections in the Intranet;
Second node is traversed to by the P2P connections in the Intranet as Socks clients, to as Socks servers
First node transmission establish the requests of the first Socks connections, establish the first Socks with first node and connect;
Second node is traversed in the Intranet using the P2P connections by the first Socks connections, will be from the first internet
The first data packet received at equipment is transmitted to first node, so that first data packet is transmitted in described by first node
First equipment of net, wherein first data packet is that the Intranet is sent to by the first port of the first internet device
The data packet of the first port of one equipment.
8. the method for claim 7, which is characterized in that establish the first Socks with first node in second node and connect
Later, this method further includes:
The second data packet received at first node is transmitted to the first internet by the first Socks connections and set by second node
It is standby;
Wherein, second data packet is that the first internet device is issued by the first port of the first equipment of the Intranet
The data packet of Single port.
9. the method for claim 7, which is characterized in that establish the P2P with first node in second node and connect it
Afterwards, before second node establishes the request of the first Socks connections to first node transmission, this method further includes:
Second node receive first node send to keep the data packet of the P2P connections, wherein, it is described to keep
The data packet of P2P connections is stated for the internal address of first node and Intranet port numbers to be made to be remained unchanged after NAT maps.
10. the method as described in claim 7 or 9, which is characterized in that second node establishes the first Socks companies with first node
It connects, including:
Second node determines to establish the first Socks connections when receiving the first data packet for the first time, is that the first Socks connections distribute the
One Socks connection identifier, the correspondence that the first Socks connection identifier of record is connect with the first Socks;
First Socks connection identifier is placed in for establishing in the message of the first Socks connections by second node, utilizes the P2P
Connection traverses in the Intranet and is sent to first node, so that first node receives first obtained after message in message
Socks connection identifier, and there is no first in correspondence of the Socks connections for determining to have recorded with Socks connection identifier
It during Socks connection identifier, establishes the first Socks with second node and connect, and record the first Socks connections and connect with the first Socks
Connect the correspondence of mark.
11. method as claimed in claim 10, which is characterized in that second node forwards first data packet, including:
Second node adds after first data packet is received at the first internet device in first data packet
First data packet is traversed to using the P2P connections in the Intranet and is sent to first segment by one Socks connection identifier
Point, so that first node obtains the first Socks connection identifier from the data packet received, and according to first recorded
After Socks connection identifier and the correspondence of the first Socks connections determine the corresponding first Socks connections of first data packet,
First data packet is transmitted to the first equipment of the Intranet by the first Socks connections.
12. method as claimed in claim 8, which is characterized in that
Second node and first node establish the first Socks connect including:Second node determines when receiving the first data packet for the first time
The first Socks connections are established, the first Socks connection identifier, record the first Socks connections mark are distributed for the first Socks connections
Know the correspondence being connect with the first Socks;First Socks connection identifier is placed in establish the first Socks by second node
In the message of connection, traversed in the Intranet using the P2P connections and be sent to first node, disappeared so that first node receives
The first Socks connection identifier in message is obtained after breath, and in the Socks connections for determining to have recorded and Socks connection identifier
It when the first Socks connection identifier being not present in correspondence, establishes the first Socks with second node and connect, and record first
Socks connections and the correspondence of the first Socks connection identifier;
Second data packet is transmitted to the first internet device and included by second node:Second node is from from first node
The first Socks connection identifier is obtained in second data packet, according to the first Socks connection identifier and the first Socks recorded
After the correspondence of connection determines that second data packet corresponds to the first Socks connections, second data packet is passed through first
Socks connections are transmitted to the first equipment of internet.
13. a kind of to realize network node that NAT is passed through, the network node is in Intranet, which is characterized in that the net
Network node includes:
Peer-entities, for the second node in internet send out P2P connections establish request, make the network node with
Second node foundation can make second node traverse to the P2P connections in the Intranet;
Socks servers establish first as Socks clients for receiving second node by what the P2P connections were sent
The request of Socks connections is established the first Socks with second node and is connect;
The peer-entities is additionally operable to:To the Intranet the first device forwards first node by the first Socks connections from
The first data packet received at two nodes, wherein first data packet is second node traverses to institute using the P2P connections
The first port by the first internet device stated in Intranet and forwarded issues the first port of the first equipment of the Intranet
Data packet.
14. network node as claimed in claim 13, which is characterized in that the peer-entities is additionally operable to:
It is established after the first Socks connect in the Socks servers and second node, it will be from institute by the first Socks connections
It states the second data packet received at the first equipment of Intranet and is sent to second node;
Wherein, second data packet is that the first internet device is issued by the first port of the first equipment of the Intranet
The data packet of Single port.
15. network node as claimed in claim 13, which is characterized in that the peer-entities is additionally operable to:
After the peer-entities establishes the P2P connections, the first Socks connections are established in the Socks servers reception
Before request, to second node transmission to keep the data packet of the P2P connections, so that the internal address of first node and interior
Net port numbers remain unchanged after NAT maps.
16. the network node as described in claim 13 or 15, which is characterized in that the peer-entities is specifically used for:
Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks connections in message
Mark;
There is no the first Socks connection identifier in correspondence of the Socks connections for determining to have recorded with Socks connection identifier
When, the Socks servers is notified to establish the first Socks with second node and connect, and record the first Socks connections and first
The correspondence of Socks connection identifier.
17. network node as claimed in claim 16, which is characterized in that the peer-entities is specifically used for:
After first data packet is received at second node, the first Socks connections mark is obtained from first data packet
Know;
If the first Socks connection identifier according to having recorded determines first data with the first Socks correspondences connecting
The corresponding first Socks connections of packet, then be transmitted to the first of the Intranet by the first Socks connections by first data packet and set
It is standby.
18. network node as claimed in claim 14, which is characterized in that the peer-entities is additionally operable to:
Receive second node transmission is used to establish the message of the first Socks connections, and obtains the first Socks connections in message
Mark;Determining the Socks connections that have recorded and there is no the first Socks in the correspondence of Socks connection identifier to connect mark
During knowledge, the Socks servers is notified to establish the first Socks with second node and connect, and record the first Socks connections and first
The correspondence of Socks connection identifier;
After second data packet is received at the first equipment from the Intranet, first is added in second data packet
Socks connection identifier is transmitted to the first internet device by the first Socks connections via second node.
19. a kind of to realize network node that NAT is passed through, the network node is located in internet, which is characterized in that described
Network node includes:
Peer-entities is established request for receiving the P2P connections that the first node being located in Intranet is sent, is established with first node
The network node can be made to traverse to the P2P connections in the Intranet;
Socks clients, for being traversed in the Intranet by the P2P connections, to the first segment as Socks servers
Point sends the request for establishing the first Socks connections, establishes the first Socks with first node and connect;
The peer-entities is additionally operable to:By the first Socks connections, traversed in the Intranet using the P2P connections, it will be from
The first data packet received at first internet device is transmitted to first node, so that first node turns first data packet
The first equipment of the Intranet is issued, wherein first data packet is to be sent to institute by the first port of the first internet device
State the data packet of the first port of the first equipment of Intranet.
20. network node as claimed in claim 19, which is characterized in that the peer-entities is additionally operable to:
It is established after the first Socks connect in the Socks clients and first node, it will be from by the first Socks connections
The second data packet received at one node is transmitted to the first internet device;
Wherein, second data packet is that the first internet device is issued by the first port of the first equipment of the Intranet
The data packet of Single port.
21. network node as claimed in claim 19, which is characterized in that the peer-entities is additionally operable to:
It is established after the P2P connect with first node, the Socks clients establish first to first node transmission
Before the request of Socks connections, receive first node send to keep the data packet of the P2P connections, wherein, the use
The internal address of first node and Intranet port numbers is made to be protected after NAT maps to keep the data packet of the P2P connections
It holds constant.
22. the network node as described in claim 19 or 21, which is characterized in that the peer-entities is specifically used for:
It determines to establish the first Socks connections when receiving the first data packet for the first time, first is distributed for the first Socks connections
Socks connection identifier, the correspondence that the first Socks connection identifier of record is connect with the first Socks;
First Socks connection identifier is placed in for establishing in the message of the first Socks connections, is passed through using the P2P connections
First node is sent into the Intranet, so that first node receives the first Socks connections obtained in message after message and marks
Know, and determining the Socks connections that have recorded and there is no the first Socks in the correspondence of Socks connection identifier to connect mark
It during knowledge, establishes the first Socks with the Socks clients and connect, and record the first Socks connections and connect mark with the first Socks
The correspondence of knowledge.
23. network node as claimed in claim 22, which is characterized in that the peer-entities is specifically used for:
After first data packet is received at the first internet device, the first Socks is added in first data packet
First data packet is traversed to using the P2P connections in the Intranet and is sent to first node by connection identifier, so that the
One node obtains the first Socks connection identifier from the data packet received, and according to the first Socks connection identifier recorded
After determining the corresponding first Socks connections of first data packet with the correspondence of the first Socks connections, by first data
Packet is transmitted to the first equipment of the Intranet by the first Socks connections.
24. network node as claimed in claim 23, which is characterized in that
The peer-entities is specifically used for:It determines to establish the first Socks connections when receiving the first data packet for the first time, is first
Socks connections distribute the first Socks connection identifier, and the first Socks connection identifier of record is corresponding with the first Socks connections to close
System;First Socks connection identifier is placed in for establishing in the message of the first Socks connections, is traversed to using the P2P connections
First node is sent in the Intranet, so that first node receives the first Socks connection identifier obtained after message in message,
And there is no the first Socks connection identifier in correspondence of the Socks connections for determining to have recorded with Socks connection identifier
When, it establishes the first Socks with the Socks clients and connect, and record the first Socks connections and the first Socks connection identifier
Correspondence;
The first Socks connection identifier is obtained from the second data packet from first node, according to the first Socks recorded
After connection identifier and the correspondence of the first Socks connections determine the corresponding first Socks connections of second data packet, will described in
Second data packet is transmitted to the first equipment of internet by the first Socks connections.
25. a kind of to realize system that NAT is passed through, which includes:First node in Intranet and positioned at internet
In second node, it is characterised in that:
First node includes:First peer-entities and Socks servers;
Second node includes:Second peer-entities and Socks clients;
Having between first peer-entities and the second peer-entities, which can make second node traverse to the P2P in the Intranet, connects
It connects;
There is the first Socks connections between Socks servers and Socks clients;
Socks clients are used for the first data packet from the first internet device that will be received and pass through the first Socks connections, profit
It is traversed in the Intranet with the P2P connections and issues Socks servers;
Socks servers are used to first data packet that the Socks clients received are sent being transmitted in the Intranet
First equipment;
Wherein, first data packet is the of the first equipment that the Intranet is issued by the first port of the first internet device
The data packet of Single port.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310683510.9A CN104717311B (en) | 2013-12-12 | 2013-12-12 | Method, network node and the system that a kind of NAT is passed through |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310683510.9A CN104717311B (en) | 2013-12-12 | 2013-12-12 | Method, network node and the system that a kind of NAT is passed through |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104717311A CN104717311A (en) | 2015-06-17 |
CN104717311B true CN104717311B (en) | 2018-06-15 |
Family
ID=53416258
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310683510.9A Active CN104717311B (en) | 2013-12-12 | 2013-12-12 | Method, network node and the system that a kind of NAT is passed through |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104717311B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10645059B2 (en) * | 2016-04-11 | 2020-05-05 | Western Digital Technologies, Inc. | Establishing connections between data storage devices |
CN109698869B (en) * | 2017-10-23 | 2022-02-25 | 中国移动通信有限公司研究院 | Private network crossing method, communication node and storage medium |
CN109510810A (en) * | 2018-09-20 | 2019-03-22 | 广州亦云信息技术股份有限公司 | A kind of virtual resource access method and device based on P2P |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101431511A (en) * | 2007-11-09 | 2009-05-13 | 友讯科技股份有限公司 | Method for penetrating fire wall and establishing on-line channel between network terminal apparatus |
CN101442492A (en) * | 2008-12-26 | 2009-05-27 | 中国科学院计算技术研究所 | Method and system for implementing NAT penetration in P2P network |
CN101841484A (en) * | 2010-05-12 | 2010-09-22 | 中国科学院计算技术研究所 | Method and system for realizing NAT traversal in structured P2P network |
-
2013
- 2013-12-12 CN CN201310683510.9A patent/CN104717311B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101431511A (en) * | 2007-11-09 | 2009-05-13 | 友讯科技股份有限公司 | Method for penetrating fire wall and establishing on-line channel between network terminal apparatus |
CN101442492A (en) * | 2008-12-26 | 2009-05-27 | 中国科学院计算技术研究所 | Method and system for implementing NAT penetration in P2P network |
CN101841484A (en) * | 2010-05-12 | 2010-09-22 | 中国科学院计算技术研究所 | Method and system for realizing NAT traversal in structured P2P network |
Non-Patent Citations (2)
Title |
---|
基于P2P的远程协助系统;梁雪云;《万方学位论文》;20091231;第25-26页 * |
面向云计算的漏洞扫描代理的设计与实现;沈佳坤;《中国优秀硕士学位论文全文数据库》;20131115;第I139-132页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104717311A (en) | 2015-06-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104090825B (en) | Dynamic migration computer network | |
CN101707619B (en) | Message filtering method, device and network device | |
CN102334111B (en) | Providing logical networking functionality for managed computer networks | |
CN104618243B (en) | Method for routing, apparatus and system, Scheduling of Gateway method and device | |
CN104038422B (en) | Message forwarding method and gateway | |
CN103947172B (en) | A kind of offer method of network traversal service, apparatus and system | |
CN101321128B (en) | Communication equipment, communication network system and communication method | |
CN107431727A (en) | Anycast and the flow transmission of the mapping based on terminal user are used in overlay network | |
CN103516542A (en) | Network system, and management apparatus and switch thereof | |
CN103957287A (en) | Internet of things device P2P connection method based on NAT penetration adapter | |
CN104883390B (en) | A kind of method and device accessing third party's video monitoring equipment | |
CN101098272A (en) | Seed enquiring method of P2P system and P2P server | |
CN101800781B (en) | Tunnel transition method and system for passing through NAT | |
CN104243427B (en) | The online moving method of virtual machine, data pack transmission method and equipment | |
CN103618801B (en) | Method, equipment and the system of a kind of P2P resource-sharing | |
CN106210092A (en) | A kind of P2P traversing method merging UPNP and STUN and system thereof | |
CN104717311B (en) | Method, network node and the system that a kind of NAT is passed through | |
CN104601738B (en) | A kind of distributed network address conversion system | |
CN101179581A (en) | Method for performing media transmission using ICE relay candidate address | |
CN112437168B (en) | Intranet penetration system | |
CN114500523B (en) | Fixed IP application publishing method based on container cloud platform | |
CN103503413B (en) | Method and device for transmitting network information | |
CN102404417A (en) | Method and device for accessing external network | |
CN108566345A (en) | Flow scheduling processing method, user side translater and core interpreter | |
CN104144218B (en) | A kind of end to end connection method for building up and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |