From d2bfdfa6e79e54ba1d5127a75a56f7ec57415cf9 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 28 Jul 2015 11:57:18 -0700 Subject: Play with NAT-t tweaks some more. --- node/Switch.cpp | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) (limited to 'node') diff --git a/node/Switch.cpp b/node/Switch.cpp index 6f4659d5..247b2d18 100644 --- a/node/Switch.cpp +++ b/node/Switch.cpp @@ -391,24 +391,15 @@ void Switch::rendezvous(const SharedPtr &peer,const InetAddress &atAddr) TRACE("sending NAT-t message to %s(%s)",peer->address().toString().c_str(),atAddr.toString().c_str()); const uint64_t now = RR->node->now(); - /* Attempt direct contact now unless we are IPv4 and our external ports - * appear to be randomized by a NAT device. In that case, we should let - * the other side send a message first. Why? If the other side is also - * randomized and symmetric, we are probably going to fail. But if the - * other side is "port restricted" but otherwise sane, us sending a - * packet first may actually close the remote's outgoing port to us! - * This assists with NAT-t in cases where one side is symmetric and the - * other is full cone but port restricted. */ - if ((atAddr.ss_family != AF_INET)||(!RR->sa->areGlobalIPv4PortsRandomized())) { + if ((atAddr.ss_family == AF_INET)&&(RR->sa->areGlobalIPv4PortsRandomized())) { peer->attemptToContactAt(RR,atAddr,now); } else { TRACE("behind randomizing symmetric NAT -- delaying initial message to %s(%s)",peer->address().toString().c_str(),atAddr.toString().c_str()); } - // After 1s, try again and perhaps try more NAT-t strategies { Mutex::Lock _l(_contactQueue_m); - _contactQueue.push_back(ContactQueueEntry(peer,now + ZT_NAT_T_TACTICAL_ESCALATION_DELAY,atAddr)); + _contactQueue.push_back(ContactQueueEntry(peer,now + (ZT_NAT_T_TACTICAL_ESCALATION_DELAY / 2),atAddr)); } } @@ -473,10 +464,10 @@ unsigned long Switch::doTimerTasks(uint64_t now) continue; } else { if (qi->strategyIteration == 0) { - // First strategy: send packet directly (we already tried this but try again) + // First strategy: send packet directly to destination qi->peer->attemptToContactAt(RR,qi->inaddr,now); } else if (qi->strategyIteration <= 4) { - // Strategies 1-4: try escalating ports + // Strategies 1-4: try escalating ports for symmetric NATs that remap sequentially InetAddress tmpaddr(qi->inaddr); int p = (int)qi->inaddr.port() + qi->strategyIteration; if (p < 0xffff) { -- cgit v1.2.3