Read-Write UDP connected sockets?

Question

We are trying to get two programs to communicate with each other in a game-like fashion. They maintain a TCP connection with a central server for "control" type information, which that central server ensures both clients receive. The two clients then communicate with a udp server using sendto() and recvfrom() which just sends the information it receives to the other client connected.

Now, the problem is that, if you have a home router or private office network, the udp server sendto() to the other client will be filtered out by the firewall, unless you have a port opened, which is way more than we want our customers to do.

But I don't want to lose the benefits of UDP — I don't care about packet loss and order. I am willing to manage all that myself.

So, can I reliably create a read-write connected UDP socket? I recall trying this in the past, and just having so many problems that I gave up and went to the sendto() - recvfrom() solution, before realising that I'd just screwed myself outside of our private network.

Any suggestions for how to deal with this? Any best practices or things I should pay particular attention to for connected UDP sockets? Is it really even feasible?

(I'm coding this all in pure C).

Answer 1

I believe this is what UPnP was designed for. The reason that TCPs punch through NATs is that it is fairly easy for a layer-3 device to associate inbound packets with an active TCP session previously established through an outbound connection. IIRC, UPnP solves the same problem with a layer over UDP, but it does require support from the router, so it may not work with old or poorly-configured network devices.

I don't know any interesting details for application programmers, but hopefully this points you in the right direction.

Answer 2

Minupnpd http://miniupnp.free.fr/ comes with a library you can use that will do both UPnP and NAT-PmP, which will get you out from a lot of domestic routers. You can also do as the XBox and PS-3 do, which is use Teredo and/or IPv6 if they are enabled on the box; those will sometimes work when neither UPnP nor NAT-PmP will get you anywhere.

And then there's the other approach, which is called ICE, and uses a combination of protocols called STUN and TURN. Libraries here: http://www.pjsip.org/pjnath/docs/html/

If a site's border router won't work with one of those seven solutions (UPnP, NAT-PmP, Teredo, IPv6, ICE, STUN and TURN), it's either totally broken or deliberately locked down.