-
-
Save koenbollen/464613 to your computer and use it in GitHub Desktop.
#!/usr/bin/env python | |
# | |
# Proof of Concept: UDP Hole Punching | |
# Two client connect to a server and get redirected to each other. | |
# | |
# This is the client. | |
# | |
# Koen Bollen <meneer koenbollen nl> | |
# 2010 GPL | |
# | |
import sys | |
import socket | |
from select import select | |
import struct | |
def bytes2addr( bytes ): | |
"""Convert a hash to an address pair.""" | |
if len(bytes) != 6: | |
raise ValueError, "invalid bytes" | |
host = socket.inet_ntoa( bytes[:4] ) | |
port, = struct.unpack( "H", bytes[-2:] ) | |
return host, port | |
def main(): | |
try: | |
master = (sys.argv[1], int(sys.argv[2])) | |
pool = sys.argv[3].strip() | |
except (IndexError, ValueError): | |
print >>sys.stderr, "usage: %s <host> <port> <pool>" % sys.argv[0] | |
sys.exit(65) | |
sockfd = socket.socket( socket.AF_INET, socket.SOCK_DGRAM ) | |
sockfd.sendto( pool, master ) | |
data, addr = sockfd.recvfrom( len(pool)+3 ) | |
if data != "ok "+pool: | |
print >>sys.stderr, "unable to request!" | |
sys.exit(1) | |
sockfd.sendto( "ok", master ) | |
print >>sys.stderr, "request sent, waiting for parkner in pool '%s'..." % pool | |
data, addr = sockfd.recvfrom( 6 ) | |
target = bytes2addr(data) | |
print >>sys.stderr, "connected to %s:%d" % target | |
while True: | |
rfds,_,_ = select( [0, sockfd], [], [] ) | |
if 0 in rfds: | |
data = sys.stdin.readline() | |
if not data: | |
break | |
sockfd.sendto( data, target ) | |
elif sockfd in rfds: | |
data, addr = sockfd.recvfrom( 1024 ) | |
sys.stdout.write( data ) | |
sockfd.close() | |
if __name__ == "__main__": | |
main() | |
# vim: expandtab shiftwidth=4 softtabstop=4 textwidth=79: |
#!/usr/bin/env python | |
# | |
# Proof of Concept: UDP Hole Punching | |
# Two client connect to a server and get redirected to each other. | |
# | |
# This is the rendezvous server. | |
# | |
# Koen Bollen <meneer koenbollen nl> | |
# 2010 GPL | |
# | |
import socket | |
import struct | |
import sys | |
def addr2bytes( addr ): | |
"""Convert an address pair to a hash.""" | |
host, port = addr | |
try: | |
host = socket.gethostbyname( host ) | |
except (socket.gaierror, socket.error): | |
raise ValueError, "invalid host" | |
try: | |
port = int(port) | |
except ValueError: | |
raise ValueError, "invalid port" | |
bytes = socket.inet_aton( host ) | |
bytes += struct.pack( "H", port ) | |
return bytes | |
def main(): | |
port = 4653 | |
try: | |
port = int(sys.argv[1]) | |
except (IndexError, ValueError): | |
pass | |
sockfd = socket.socket( socket.AF_INET, socket.SOCK_DGRAM ) | |
sockfd.bind( ("", port) ) | |
print "listening on *:%d (udp)" % port | |
poolqueue = {} | |
while True: | |
data, addr = sockfd.recvfrom(32) | |
print "connection from %s:%d" % addr | |
pool = data.strip() | |
sockfd.sendto( "ok "+pool, addr ) | |
data, addr = sockfd.recvfrom(2) | |
if data != "ok": | |
continue | |
print "request received for pool:", pool | |
try: | |
a, b = poolqueue[pool], addr | |
sockfd.sendto( addr2bytes(a), b ) | |
sockfd.sendto( addr2bytes(b), a ) | |
print "linked", pool | |
del poolqueue[pool] | |
except KeyError: | |
poolqueue[pool] = addr | |
if __name__ == "__main__": | |
main() | |
# vim: expandtab shiftwidth=4 softtabstop=4 textwidth=79: |
I've tried a few udp hole punch python scripts. None of them work out on the net through any kind of nat'd firewall. The thing is, in order for the hole punch to work you need to make an outbound connection THROUGH the nat. That is what I don't quite understand. When udp packets go out the nat should remember who it's from so that a response can come back through. If you don't send data in or out for a period of time your nat will clean up the states table and the incoming connection ability would be lost untill you make another outbound connection. You get around this by sending an "I'm alive" packet out. ...but where are you sending it if no one is connected yet? Any where? But still, despite this, I still can't get udp traffic in through a nat. You shouldn't need to set any special rules for this to work (just like you don't need to set special rules to get a response from Google.com in your browser.so who has any insight into making this work through a nat? I don't think it's the code per say but rather a lack of understanding of how the nat actually works. Any input on this?
This problem is relevant, I also tried to punch a hole through UDP and TCP using an external STUN server, and nothing happened either. If any of those present here managed to do this, leave a comment, I will be very grateful.
This doesn't work on windows, due only to the use of select on fd 0 (which isn't a thing on windows).
Will try to suggest a patch to this very useful example.