... | @@ -2,7 +2,32 @@ |
... | @@ -2,7 +2,32 @@ |
|
|
|
|
|
Snowflake uses STUN ([RFC 5780](https://tools.ietf.org/html/rfc5780)) to traverse NATs and allow clients to connect to proxies that can be run on volunteer home networks: in browser extensions, on mobile phones, or as a command line program on a home desktop.
|
|
Snowflake uses STUN ([RFC 5780](https://tools.ietf.org/html/rfc5780)) to traverse NATs and allow clients to connect to proxies that can be run on volunteer home networks: in browser extensions, on mobile phones, or as a command line program on a home desktop.
|
|
|
|
|
|
## TURN servers
|
|
## Types of NATs
|
|
|
|
|
|
## NAT and Filtering Behaviour
|
|
Not all NAT and firewall configurations are the same. Two specific peers are not necessarily guaranteed to be able to form a P2P connection using STUN. There are two different factors that determine whether the NATs are two peers are **compatible**: The NAT mapping behaviour and the NAT filtering behaviour.
|
|
|
|
|
|
|
|
### NAT Mapping Behaviour
|
|
|
|
|
|
|
|
A NAT's mapping behaviour determines how an *internal* (ip, port) pair is mapped to an *external* (ip, port) pair. The internal pair is the address and port assigned to the application on the user's machine. The external pair is the address and port that are visible to the rest of the internet.
|
|
|
|
|
|
|
|
There are many different ways to perform this mapping, but for simplicity we will consider the following three general types:
|
|
|
|
- **Address-independent (AI)** mapping: internal addresses are mapped to the same external address regardless the remote (ip, port) pair they are connecting to
|
|
|
|
- **Address-only-dependent (AO)** mapping: internal addresses are mapped to a different external address depending on which remote ip address they are connecting to
|
|
|
|
- **Address-and-port-dependent (AP)** mapping" internal addresses are mapped to a different external address depending on which remote ip and port they are connecting to
|
|
|
|
|
|
|
|
NATs that are either address only dependent or address and port dependent are typically referred to as **symmetric NATs**.
|
|
|
|
|
|
|
|
### NAT Filtering Behaviour
|
|
|
|
|
|
|
|
### NAT Compatibility
|
|
|
|
|
|
|
|
The following chart shows which NATs are compatible with each other. Columns and rows show the NAT type in the form: (mapping, filtering).
|
|
|
|
|
|
|
|
## TURN Servers
|
|
|
|
|
|
|
|
## NAT Matching
|
|
|
|
|
|
|
|
### Determining NAT behaviour
|
|
|
|
|
|
|
|
### Placing proxies into buckets
|
|
|
|
|