BILATERAL FIREWALL TRAVERSAL METHOD FOR ADVANCED DOMAIN NAME SYSTEM

摘要

The present invention provides an Advanced Domain Name System for implementing method of data transfer between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) in transport layer for IP protocols in application layer of the Communications Protocol, and also provides bilateral firewall traversal method between a PC and a server for traversing NAT (Network Address Translator) firewall.

主权项

1. A bilateral firewall traversal method for advanced domain name system, comprising:
a PC; a server; an ADNS server is installed between the PC and the server; a first NAT firewall is installed between the PC and the ADNS server; a second NAT firewall is installed between the ADNS server and the server; a first ADNS module is installed between the PC and the first NAT firewall; a second ADNS module is installed between the second NAT firewall and the server; channels among the first ADNS module, the first NAT firewall, the ADNS server, the second NAT firewall and the second ADNS module are UDP channels; a channel between the PC and the first ADNS module and a channel between the second ADNS module and the server are TCP channels or UDP channels; said method comprising steps of:
a. the PC first sends a Setup message to the first ADNS module to express beginning of traversing the first NAT firewall;b. thereafter the first ADNS module sends a plurality of Register message to the ADNS server through the first NAT firewall to detect a communication port allocating rule of the first NAT firewall;c. the server provides n communication service ports, and sends a SetServicePort message to the second ADNS module to express a service can be provided; and then the server sends a Setup message to the second ADNS module to express beginning of traversing the second NAT firewall;d. thereafter the second ADNS module sends a plurality of Register message to the ADNS server through the second NAT firewall to detect a communication port allocating rule of the second NAT firewall;e. the PC sends a Getlnfo message to the first ADNS module to express an intention to get an IP address of a domain name of the server; the first ADNS module and the second ADNS module first have to acquire a communication port and a communication port allocating rule each other;f. both the first ADNS module and the second ADNS module sends a Sampling message to acquire the communication port and inform the opposite side the communication port and the communication port allocating rule;g. both the first ADNS module and the second ADNS module send a Peer OK message to the opposite side to express achieving the first NAT-firewall and the second NAT firewall traversing;h. the first ADNS module sends a Get message to the second ADNS module to get n communication service ports of the server, then the first ADNS module will also open n communication service ports correspondingly;i. the first ADNS module sends a Give Local IP message to the PC to pretend that the IP address of the domain name of the server is a local IP address;j. the PC conducts a three-way-handshaking with the first ADNS module, then the first ADNS module sends a Notify connect message to the second ADNS module to enable the second ADNS module and the server to perform a three-way-handshaking;k. the PC sends an IP GET packet to the first ADNS module for being hold by the first ADNS module;l. after the second ADNS module and the server finish the three-way-handshaking, the second ADNS module sends a Notify FINE message to the first ADNS module to express that everything is ready for accepting packets;m. therefore the first ADNS module sends the IP GET packet to the second ADNS module, and then the second ADNS module sends the IP GET packet to the server;n. the server returns an IP 200 OK packet to the second ADNS module, and then the second ADNS module sends the IP 200 OK packet to the first ADNS module;o. the first ADNS module sends the IP 200 OK packet to the PC to express that the IP packet is delivered; wherein the step k and the step n have to conduct a conversion as stated below: data transferred from TCP channel (such as IP GET packet, IP 200 OK packet) are sent to a first numbering header for assigning an identifying number header to the data, and then sent to a UDT Library, the UDT Library will add a UDT-dedicated header to the data transferred from TCP channel, and let the data transfer through UDP channel by a reliable mechanism of UDT; data transferred from UDP channel are sent to a second numbering header for assigning an identifying number header to the data, and then sent to UDP channel directly; wherein the step m and the step o have to conduct a conversion as stated below: data transferred from UDP channel (such as IP GET packet, IP 200 OK packet) are determined if it is a UDT packet, If the data has a UDT header, then it is a UDT packet, so the packet is sent to the UDT Library to delete the UDT header, and sent to the first numbering header to delete the identifying number header, then sent through a corresponding TCP channel according to the identifying number; if the data has no UDT header, then it is a UDP packet, so the packet is sent to the second numbering header to delete the identifying number header, and then sent to a corresponding UDP channel according to the identifying number.