STUN
stun for nat detect
STUN
STUN探测类型
探测方式
根据 RFC 3489 / 5780:
| 维度 | 含义 |
|---|---|
| Primary IP | A |
| Alternate IP | B |
| Primary Port | P1 |
| Alternate Port | P2 |
STUN Server 必须能从不同的 (IP, Port) 组合回应:
| 测试 | 源 IP | 源 Port |
|---|---|---|
| Test I | A | P1 |
| Test II | A | P2 |
| Test III | B | P1 |
| Test IV | B | P2 |
客户端通过 是否能收到这些回应 判断:
- NAT filtering behavior
- NAT mapping behavior
STUN server
1
2
3
4
5
6
stunserver \
--mode full \
--primaryinterface 128.34.56.78 \
--altinterface 128.34.56.79 \
--primaryport 3478 \
--altport 3479
STUN client
1
stunclient --mode full 128.34.56.78
Mapping行为(NatBehavior)
决定:公网映射端口是否稳定、是否与对端有关
| Behavior 枚举 | 标准术语 | 含义 |
|---|---|---|
| DirectMapping | 无 NAT | 无地址/端口转换 |
| EndpointIndependentMapping | EIM | 同一内网 IP:Port → 同一公网 IP:Port(与对端无关) |
| AddressDependentMapping | ADM | 映射依赖对端 IP |
| AddressAndPortDependentMapping | APDM | 映射依赖对端 IP + Port |
Filtering行为(FilterBehavior)
决定:外部“谁”能主动打进来
| Filtering 枚举 | 标准术语 | 含义 |
|---|---|---|
| DirectConnectionFiltering | 无过滤 | 任意外部可直连 |
| EndpointIndependentFiltering | EIF | 任意端口,只要 IP 匹配即可 |
| AddressDependentFiltering | ADF | 需 IP 匹配 |
| AddressAndPortDependentFiltering | APDF | 需 IP + Port 都匹配 |
映射到四大NAT类型
| Mapping(Behavior) | Filtering | NAT 类型 |
|---|---|---|
| EndpointIndependentMapping | EndpointIndependentFiltering | Full Cone NAT |
| EndpointIndependentMapping | AddressDependentFiltering | Restricted Cone NAT |
| EndpointIndependentMapping | AddressAndPortDependentFiltering | Port Restricted Cone NAT |
| AddressDependentMapping | 任意 | Symmetric NAT |
| AddressAndPortDependentMapping | 任意 | Symmetric NAT |
| DirectMapping | DirectConnectionFiltering | Open Internet(无 NAT) |
只要 Mapping 不是 Endpoint Independent,一律判定为 Symmetric NAT
过滤方式在 Symmetric NAT 场景下已经“无实用价值”
Full Cone NAT
特征
- 映射固定
- 无过滤(任何外部都能打进)
Mapping = EndpointIndependentMapping
Filtering = EndpointIndependentFiltering
Restricted Cone NAT
特征
- 映射固定
- 只限制对端 IP,不限制端口
Mapping = EndpointIndependentMapping
Filtering = AddressDependentFiltering
Port Restricted Cone NAT
特征
- 映射固定
- 同时限制对端 IP + Port
Mapping = EndpointIndependentMapping
Filtering = AddressAndPortDependentFiltering
Symmetric NAT
特征
- 映射随对端变化,映射依赖对端 IP + Port
Mapping = AddressDependentMapping
Mapping = AddressAndPortDependentMapping
代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
enum NatType {
Nat_OpenInternet,
Nat_FullCone,
Nat_RestrictedCone,
Nat_PortRestrictedCone,
Nat_Symmetric,
Nat_Unknown
};
NatType DetectNatType(NatBehavior mapping, NatFiltering filtering)
{
if (mapping == DirectMapping)
return Nat_OpenInternet;
if (mapping != EndpointIndependentMapping)
return Nat_Symmetric;
switch (filtering)
{
case EndpointIndependentFiltering:
return Nat_FullCone;
case AddressDependentFiltering:
return Nat_RestrictedCone;
case AddressAndPortDependentFiltering:
return Nat_PortRestrictedCone;
default:
return Nat_Unknown;
}
}
This post is licensed under CC BY 4.0 by the author.