本文介绍了一种名为Hole Punching的技术,它允许位于不同组织内的两个受限制防火墙保护的客户端建立通信。该技术常用于在线游戏、P2P应用和VoIP服务中。通过利用第三方服务器来交换客户端的外部和内部地址信息,从而实现穿透防火墙的目的。
Hole punching is a computer networking technique for establishing communications between two parties in separate organizations who are both behind restrictive firewalls. Used for applications such as online gaming, P2P and VoIP, both clients establish a connection with an unrestricted third-party server that uncovers external and internal address information for them. Since each client initiated the request to the server, the server knows their IP addresses and port numbers assigned for that session, which it shares one to the other. Having valid port numbers causes the firewalls to accept the incoming packets from each side. ICMP hole punching, UDP hole punching and TCP hole punching respectively use Internet Control Message, User Datagram and Transmission Control Protocols. Using TCP nefarious hole punching, it is possible to send compressed SYN packets through into a common ACK path.
这里有TCP,UDP和ICMP保持穿孔的各种技术的链接。在
一般来说,要从a到B打孔(都在NAT之后),需要一个第三方服务器C,它们都可以首先连接到该服务器。服务器将A的连接信息发送到B,反之亦然。A&B然后使用此信息尝试彼此直接连接,但该过程并非100%可靠。在
如果你没有第三方服务器,那么我认为它不会工作。在
编辑
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
