Created
July 5, 2010 19:10
-
-
Save koenbollen/464613 to your computer and use it in GitHub Desktop.
Proof of Concept: UDP Hole Punching
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # Proof of Concept: UDP Hole Punching | |
| # Two client connect to a server and get redirected to each other. | |
| # | |
| # This is the client. | |
| # | |
| # Koen Bollen <meneer koenbollen nl> | |
| # 2010 GPL | |
| # | |
| import sys | |
| import socket | |
| from select import select | |
| import struct | |
| def bytes2addr( bytes ): | |
| """Convert a hash to an address pair.""" | |
| if len(bytes) != 6: | |
| raise ValueError, "invalid bytes" | |
| host = socket.inet_ntoa( bytes[:4] ) | |
| port, = struct.unpack( "H", bytes[-2:] ) | |
| return host, port | |
| def main(): | |
| try: | |
| master = (sys.argv[1], int(sys.argv[2])) | |
| pool = sys.argv[3].strip() | |
| except (IndexError, ValueError): | |
| print >>sys.stderr, "usage: %s <host> <port> <pool>" % sys.argv[0] | |
| sys.exit(65) | |
| sockfd = socket.socket( socket.AF_INET, socket.SOCK_DGRAM ) | |
| sockfd.sendto( pool, master ) | |
| data, addr = sockfd.recvfrom( len(pool)+3 ) | |
| if data != "ok "+pool: | |
| print >>sys.stderr, "unable to request!" | |
| sys.exit(1) | |
| sockfd.sendto( "ok", master ) | |
| print >>sys.stderr, "request sent, waiting for parkner in pool '%s'..." % pool | |
| data, addr = sockfd.recvfrom( 6 ) | |
| target = bytes2addr(data) | |
| print >>sys.stderr, "connected to %s:%d" % target | |
| while True: | |
| rfds,_,_ = select( [0, sockfd], [], [] ) | |
| if 0 in rfds: | |
| data = sys.stdin.readline() | |
| if not data: | |
| break | |
| sockfd.sendto( data, target ) | |
| elif sockfd in rfds: | |
| data, addr = sockfd.recvfrom( 1024 ) | |
| sys.stdout.write( data ) | |
| sockfd.close() | |
| if __name__ == "__main__": | |
| main() | |
| # vim: expandtab shiftwidth=4 softtabstop=4 textwidth=79: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # Proof of Concept: UDP Hole Punching | |
| # Two client connect to a server and get redirected to each other. | |
| # | |
| # This is the rendezvous server. | |
| # | |
| # Koen Bollen <meneer koenbollen nl> | |
| # 2010 GPL | |
| # | |
| import socket | |
| import struct | |
| import sys | |
| def addr2bytes( addr ): | |
| """Convert an address pair to a hash.""" | |
| host, port = addr | |
| try: | |
| host = socket.gethostbyname( host ) | |
| except (socket.gaierror, socket.error): | |
| raise ValueError, "invalid host" | |
| try: | |
| port = int(port) | |
| except ValueError: | |
| raise ValueError, "invalid port" | |
| bytes = socket.inet_aton( host ) | |
| bytes += struct.pack( "H", port ) | |
| return bytes | |
| def main(): | |
| port = 4653 | |
| try: | |
| port = int(sys.argv[1]) | |
| except (IndexError, ValueError): | |
| pass | |
| sockfd = socket.socket( socket.AF_INET, socket.SOCK_DGRAM ) | |
| sockfd.bind( ("", port) ) | |
| print "listening on *:%d (udp)" % port | |
| poolqueue = {} | |
| while True: | |
| data, addr = sockfd.recvfrom(32) | |
| print "connection from %s:%d" % addr | |
| pool = data.strip() | |
| sockfd.sendto( "ok "+pool, addr ) | |
| data, addr = sockfd.recvfrom(2) | |
| if data != "ok": | |
| continue | |
| print "request received for pool:", pool | |
| try: | |
| a, b = poolqueue[pool], addr | |
| sockfd.sendto( addr2bytes(a), b ) | |
| sockfd.sendto( addr2bytes(b), a ) | |
| print "linked", pool | |
| del poolqueue[pool] | |
| except KeyError: | |
| poolqueue[pool] = addr | |
| if __name__ == "__main__": | |
| main() | |
| # vim: expandtab shiftwidth=4 softtabstop=4 textwidth=79: |
This problem is relevant, I also tried to punch a hole through UDP and TCP using an external STUN server, and nothing happened either. If any of those present here managed to do this, leave a comment, I will be very grateful.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've tried a few udp hole punch python scripts. None of them work out on the net through any kind of nat'd firewall. The thing is, in order for the hole punch to work you need to make an outbound connection THROUGH the nat. That is what I don't quite understand. When udp packets go out the nat should remember who it's from so that a response can come back through. If you don't send data in or out for a period of time your nat will clean up the states table and the incoming connection ability would be lost untill you make another outbound connection. You get around this by sending an "I'm alive" packet out. ...but where are you sending it if no one is connected yet? Any where? But still, despite this, I still can't get udp traffic in through a nat. You shouldn't need to set any special rules for this to work (just like you don't need to set special rules to get a response from Google.com in your browser.so who has any insight into making this work through a nat? I don't think it's the code per say but rather a lack of understanding of how the nat actually works. Any input on this?