Introduction
STUN - Simple Traversal of User Datagram Protocol (UDP) through Network Address Translators (NATs). In few words, it just helps you to map your local computer IP:port to public IP:port.
STUN working idea is pretty simple. The client just sends a UDP packet out to the STUN server and the server answers back with IP:port you connected. STUN does three tests to detect the NAT type.
In test I, the client sends a STUN Binding Request to a server,
without any flags set in the CHANGE-REQUEST attribute,
and without the RESPONSE-ADDRESS attribute. This causes the server
to send the response back to the address and port that the request came from.
In test II, the client sends a Binding Request with both the
"change IP" and "change port" flags from the CHANGE-REQUEST attribute set.
In test III, the client sends a Binding Request with only the "change port" flag set.
+--------+
| Test |
| I |
+--------+
|
|
V
/\ /\
N / \ Y / \ Y +--------+
UDP <-------/Resp\--------->/ IP \------------->| Test |
Blocked \ ? / \Same/ | II |
\ / \? / +--------+
\/ \/ |
| N |
| V
V /\
+--------+ Sym. N / \
| Test | UDP <---/Resp\
| II | Firewall \ ? /
+--------+ \ /
| \/
V |Y
/\ /\ |
Symmetric N / \ +--------+ N / \ V
NAT <--- / IP \<-----| Test |<--- /Resp\ Open
\Same/ | I | \ ? / Internet
\? / +--------+ \ /
\/ \/
| |Y
| |
| V
| Full
| Cone
V /\
+--------+ / \ Y
| Test |------>/Resp\---->Restricted
| III | \ ? /
+--------+ \ /
\/
|N
| Port
+------>Restricted
/// <summary>
/// UDP is always blocked.
/// </summary>
UdpBlocked,
/// <summary>
/// No NAT, public IP, no firewall.
/// </summary>
OpenInternet,
/// <summary>
/// No NAT, public IP, but symmetric UDP firewall.
/// </summary>
SymmetricUdpFirewall,
/// <summary>
/// A full cone NAT is one where all requests from the same internal
/// IP address and port are mapped to the same external IP address and port.
/// Furthermore, any external host can send a packet to the internal host,
/// by sending a packet to the mapped external address.
/// </summary>
FullCone,
/// <summary>
/// A restricted cone NAT is one where all requests from the same
/// internal IP address and port are mapped to the same external IP address and port.
/// Unlike a full cone NAT, an external host (with IP address X)
/// can send a packet to the internal host only if the internal host
/// had previously sent a packet to IP address X.
/// </summary>
RestrictedCone,
/// <summary>
/// A port restricted cone NAT is like a restricted cone NAT, but the restriction
/// includes port numbers. Specifically, an external host can send a packet,
/// with source IP address X and source port P, to the internal host only if
/// the internal host had previously sent a packet to IP address X and port P.
/// </summary>
PortRestrictedCone,
/// <summary>
/// A symmetric NAT is one where all requests
/// from the same internal IP address and port,
/// to a specific destination IP address and port, are mapped to the same external
/// IP address and port. If the same host sends a packet with the same source address
/// and port, but to a different destination, a different mapping is used.
/// Furthermore, only the external host that
/// receives a packet can send a UDP packet back to the internal host.
/// </summary>
Symmetric
Using the Code
Socket socket = new Socket
(AddressFamily.InterNetwork,SocketType.Dgram,ProtocolType.Udp);
socket.Bind(new IPEndPoint(IPAddress.Any,0));
STUN_Result result = STUN_Client.Query("stunserver.org",3478,socket);
if(result.NetType != STUN_NetType.UdpBlocked){
}
else{
IPEndPoint publicEP = result.PublicEndPoint;
}
History
- 20.04.2007 - Initial version
