Geek Answers Handbook

How is a TCP tunnel through reliable UDP?

Suppose I have a reliable UDP library and you want to tunnel arbitrary TCP connections through it. This is my current approach to this, but I feel that it may not be very effective. Any suggestions are welcome.

  • The client establishes a reliable UDP connection to the server.
  • The client runs the local SOCKS5 proxy, which receives data from any application that connects to it and forwards it through a reliable UDP connection. Each packet includes a 4-byte identifier unique to each SOCKS connection.
  • The server is receiving data. If the 4-byte identifier is new, it establishes a new connection to its local TCP socket and sends the data, and also creates a new stream that receives any responses from the server and forwards them through a reliable UDP connection with the corresponding identifier. If the 4-byte identifier is out of date, it simply sends data over the existing TCP connection.
  • The client receives the data by sending it through an existing SOCKS connection with any application that it launched.

Currently, this seems to work for creating simple HTML requests from the browser, but since the server is not directly connected to the client, it cannot tell when the client ends the connection. Is there a better way to do this?

EDITOR: No, this is not homework. And please do not worry if you are not aware of the benefits of reliable UDP libraries or, for that matter, have not heard of them before. Thanks.

+6
c ++ c networking sockets network-programming
source share
3 answers

The most efficient way is when two endpoints are directly exchanged with each other. If they communicate with different protocols, you need at least one proxy server / gateway / traffic converter. In this case, there is no way to get around two of these converters, since now you have 3 parts: the endpoint client, network traffic, and the endpoint server. I do not see how you could make it more effective under the circumstances.

As with completed connections, if you use a tunnel, use it for all traffic, i.e. transfer all client and server requests to another. If the interrupt cannot be sent to the server, the problem occurs on the client side - the client endpoint does not report its write completion in the client tunnel. If this happens, you can transfer this completion to the server.

0
source share

There are several options ready to use:

  • OpenVPN : either IP or ethernet tunnels Frames over UDP
  • Teredo : IPv6 tunnels over UDPv4, manage NAT traversal and full IPv6 compatibility
  • UDT : non-standard, reliable, high-performance, multi-transport, TCP-like protocol over UDP. Optionally allows you to manage NAT bypass, and then takes it from there.
+9
source share

You will have to report the loss of the client TCP connection on the server side through your UDP tunnel (and vice versa, if the server must first close the connection).

Otherwise, regardless of the fact that the HTTP server does not know that the client is disconnected, you will skip connections on the side that did not initiate the closure of the connection.

One way to do this is to reserve the special value of your 32-bit connection identifier — say, 0x00000000 or 0xffffffff — as representing the management pack, not the connection data. The next is another 4-byte field representing the connection identifier, and the next is the opcode field. The first operation code you can define is "Connection completed."

  • If your client side of the tunnel detects that the client application has closed its TCP connection, it sends a Connection-Terminated packet for the corresponding connection identifier on the tunnel;
  • If your client side of the tunnel receives the “Terminate Connection” operation code from the server side, it closes its connection with the client application;

and similar for the server side of the tunnel.

0
source share

More articles:


All Articles