river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sim IJskes - QCG <...@qcg.nl>
Subject Re: Firewall traversal
Date Thu, 21 Jul 2011 12:41:04 GMT
On 20-07-11 14:04, Peter Firmstone wrote:
> The Endpoint implementations I'm interested in are the SSLEndpoint's.

The socket in the SslConnection class is connected with a SocketAddress 
(in SslConnection.connectToSocketAddress). So if you have created your 
own Socket with your own SocketFactory, you need to do your translation 
in the Socket.connect(). I think you need to create a SslEndpoint with a 
symbolic address, that does not go through DNS lookup (because this is 
cached). The only space that has enough room is the IPv6 number space. 
This IPv6 number could be from a private net, and you could use the 
subaddress within this net to do a lookup of some kind. But this sounds 
like a terrible hack to me. This could solve the problem that you have 
to know in advance what your external address will be before you start 
to serialize a SslEndpoint from your SslServerEndpoint.

> Because UDP is connectionless, it makes it easier for UDT to traverse
> NAT's, but it's worth noting that UDT uses connections, congestion
> control and retransmissions at the application level, to a NAT, it's
> just UDP.

Once we have solved the 'know your external address before listening' 
problem we can tie any solution to it. (I think!)

And if we allow for TURN based proxies, we should think about the 
connection path for local (on the same intranet) connections.

I still think url/uri based endpoint specification is better though. 
Just because the specification space is bigger.

Gr. Sim

QCG, Software voor het MKB, 071-5890970, http://www.qcg.nl
Quality Consultancy Group b.v., Leiderdorp, Kvk Den Haag: 28088397

View raw message