Comment by abcd_f
7 hours ago
Claimed elegance is based on a very bold assumption that the NAT device preserves the source port of outbound connection.
Hardly the case in even half of typical deployment cases.
7 hours ago
Claimed elegance is based on a very bold assumption that the NAT device preserves the source port of outbound connection.
Hardly the case in even half of typical deployment cases.
My internet provider didn't even maintain the ip-address. They have a pool of egress routes and seems to route round-robin. Basically every new connection can be from any address in the pool.
I had to call them to make it stop since it tripped the VPN solution at work, that interpreted it as a MIM attack. They disabled it no questions asked as soon as I called, so I guess it mostly works for most people, but not all.
But on that note, isn't it basically time now for IPv6 so we can stop shit like this and go to directly addressable devices like everyone did in the early 90s.
I like your comment, but it seems the author acknowledged this as a caveat to the algorithm.
>Many home routers try to preserve the source port in external mappings. This is a property called “equal delta mapping” – it won’t work on all routers but for our algorithm we’re sacrificing coverage for simplicity.
So to what percentage is this coverage sacrificed exactly? No idea. Not as useful if the percentage is high, as you are implying.
It’s the same assumption is required for any hole punching handshake (including STUN).
> This is a property called “equal delta mapping”
FWIW I’ve worked in computer networking for 20 years and have never heard it called this. This blog is the only source that comes up when I search for that exact term. I wonder where the author got it from.
> It’s the same assumption is required for any hole punching handshake (including STUN).
This is incorrect.
Hole punching requires being able to predict external port. That's it. If the port remains the same, it certainly simplifies things, but ports going up (or down) by 1 (or 2, or 5) with each new mapping is quite common, trivial to detect and to punch through.
>equal delta mapping
Very clearly a hallucination
I wonder how many new technical terms are going to be created by LLMs - not to say that this post was N necessarily written by an LLM (but, who knows!)
i was also thinking about this, what keeps you from just using a (predefined) random port (or 10)?
Can't both sides just keep trying different ports until they get lucky? There's not that many of them, and even if it takes several minutes to get a match, that's better than nothing at all.