CN115022280A - NAT (network Address translation) detection method, client and system - Google Patents

NAT (network Address translation) detection method, client and system Download PDF

Info

Publication number
CN115022280A
CN115022280A CN202210679219.3A CN202210679219A CN115022280A CN 115022280 A CN115022280 A CN 115022280A CN 202210679219 A CN202210679219 A CN 202210679219A CN 115022280 A CN115022280 A CN 115022280A
Authority
CN
China
Prior art keywords
nat
port
stun
address
mapping
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210679219.3A
Other languages
Chinese (zh)
Other versions
CN115022280B (en
Inventor
郝悦集
李贵伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Kaizhi Technology Co ltd
Original Assignee
Hangzhou Kaizhi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Kaizhi Technology Co ltd filed Critical Hangzhou Kaizhi Technology Co ltd
Priority to CN202210679219.3A priority Critical patent/CN115022280B/en
Publication of CN115022280A publication Critical patent/CN115022280A/en
Application granted granted Critical
Publication of CN115022280B publication Critical patent/CN115022280B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2567NAT traversal for reachability, e.g. inquiring the address of a correspondent behind a NAT server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method, a client and a system for NAT detection, wherein the method comprises the following steps: the client initiates mapping behavior detection to the STUN server, and identifies the mapping type of the NAT based on the mapping behavior detection; when the mapping type of the NAT is identified to be the NAT type of the end-point irrelevant mapping based on the mapping behavior detection, initiating filtering behavior detection to the STUN server, and identifying the filtering type of the NAT based on the filtering behavior detection; when the filtering type of the NAT is identified to be the NAT type of address and port related filtering based on the filtering behavior detection, the sequential behavior detection is initiated to the STUN server, and the sequential type of the NAT is identified based on the sequential behavior detection. By the sequential behavior detection, the method and the device can judge whether the mapping port is effective or not by identifying the data receiving and sending sequence type on the NAT mapping port, so that the client can predict whether the P2P data transmission can be established between two hosts in different local area networks under specific conditions or not.

Description

NAT (network Address translation) detection method, client and system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, a client, and a system for NAT detection.
Background
The Network Address Translation (NAT), also called Network masking or IP masking, is a standard formulated by IETF (Internet Engineering Task Force), and the NAT is a Network Address Translation technology, and mainly functions to modify an IP protocol and a TCP/UDP protocol packet when an Internet packet leaves the NAT (router), map (convert or correspond) a port of a TCP/UDP protocol layer to a certain port of the NAT according to some rules, and modify an IP protocol and a TCP/UDP protocol packet, and a private IP Address (private IP) inside an IP layer and a public IP (public IP) in a domain where the router is located. The functionality of NAT is typically integrated into a router, firewall, ISDN router or a separate NAT device.
NAT can simultaneously enable a plurality of computers to be networked simultaneously and hide the intranet IP, so that the network security of the intranet is also improved; NAT checks NAT mapping records of external data, rejects data packets without corresponding records and improves network security; NAT not only can solve the problem of insufficient IP address, but also can effectively avoid attacks from the outside of the network, and hide and protect computers inside the network.
The detection method provided by RFC5780 can detect the mapping behavior and the filtering behavior of the NAT, so that before two clients behind different NATs establish a P2P data transmission channel, the NAT behavior of the client can be detected first, after the corresponding NAT type of the client is obtained, the NAT types of the client are mutually notified to each other through some message forwarding servers, and the client and the server can carry out combined judgment through the NAT type of the client and the NAT type of the opposite party to obtain whether a P2P channel can be established between the two clients.
However, when testing in the NAT environment, there is a special NAT (firewall) behavior at present, and the NAT can shield the mapping port that is not sent and received first, so that a P2P channel cannot be established between two clients, and thus direct communication between the two clients cannot be performed. To be able to establish P2P datcA transmission between two clients located behind different NATs, in addition to the NAT mapping behavior and filtering behavior defined in RFC4787, the datcA transmission and reception order of the mapping ports already established on the NAT (the NAT already allocates the corresponding mapping ports on the NAT to the IP and port of the client) is also relevant when the client has cA certain address and port IP- cA: PORT-a receives the response from a certain address and PORT IP-S towards the STUN server via the STUN protocol: PORT-S sends STUN binding request to obtain client IP address and PORT IP-A: the address of PORT-A on NAT and the PORT mapping IP-O: after PORT-O, if the client does not use IP-A: PORT-A sends data, and there is any IP address and PORT of any mutexternal host mapped to the NAT PORT IP-O: when PORT-O sends datcA, NAT will mask the mapping PORT PORT-O, that is, this PORT can not be used as the previous internal network host address and PORT IP-A: PORT- cA mapping, that is, the intranet client host can no longer send datcA out through the PORT of NAT, the shielding time length varies according to the NAT of different manufacturers, and if the intranet client host then reuses the above address and PORT IP- cA: when PORT-a sends data out, NAT maps to a different PORT, so it becomes important how to accomplish P2P prediction by establishing NAT probing based on the client.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a method, a client and a system for NAT detection, wherein the client adds a sequence behavior detection on the basis of the mapping behavior and the filtering behavior of the NAT, so that the client can identify the correlation between the effectiveness of a mapping port and the data receiving and sending sequence on the port, and the client can predict whether P2P data transmission can be established between two hosts in different local area networks.
In order to solve the above problem, the present invention provides a method for detecting NAT, which comprises the following steps:
the client initiates mapping behavior detection to the STUN server, and identifies the mapping type of the NAT based on the mapping behavior detection;
when the mapping type of the NAT is identified to be the NAT type of the end-point irrelevant mapping based on the mapping behavior detection, initiating filtering behavior detection to the STUN server, and identifying the filtering type of the NAT based on the filtering behavior detection;
when the filtering type of the NAT is identified to be the NAT type of address and port related filtering based on the filtering behavior detection, the sequential behavior detection is initiated to the STUN server, and the sequential type of the NAT is identified based on the sequential behavior detection.
The client initiates mapping behavior detection to the STUN server, and identifies the mapping type of the NAT based on the mapping behavior detection, including:
sending a first STUN binding request to a first service IP address and a first service port of a STUN server by using a fixed IP address and a first client port of a client, and obtaining a masking IP address and a first masking port after NAT mapping from a response of the first STUN binding request returned by the STUN server;
sending a second STUN binding request to a second service IP address and a first service port of the STUN server by using the fixed IP address and the first client port of the client, and obtaining a masking IP address and a second masking port after NAT mapping from a response of the second STUN binding request returned by the STUN server;
and identifying that the NAT mapping type is an end-point-independent mapping NAT type when the first masking port and the second masking port are judged to be the same.
The initiating a filtering behavior detection to the STUN server and identifying the filtering type of the NAT based on the filtering behavior detection includes:
sending a third STUN binding request to a first service IP address and a first service port of the STUN server by using a fixed IP address and a second client port of the client, receiving a response of the third STUN binding request, and obtaining a masking IP address and a third masking port after NAT mapping from the response of the third STUN binding request;
sending a fourth STUN binding request to a first service IP address and a first service PORT of a STUN server by using a fixed IP address and a second client PORT of a client, wherein the fourth STUN binding request sets Change IP and Change PORT attributes of a STUN request message as 1, and is used for requesting the STUN server to reply the fourth STUN binding request by using a second service IP address and a second service PORT of the STUN server;
and receiving a response of the fourth STUN binding request returned by the STUN server, judging the filtering type of the NAT according to the response of the fourth STUN binding request, and identifying that the filtering type of the NAT is the NAT type of address and port related filtering when the client does not receive the response of the fourth STUN binding request and causes receiving overtime.
The initiating a sequential behavior probe to the STUN server and identifying sequential types of NATs based on the sequential behavior probe includes:
sending a fifth STUN binding request to a first service IP address and a second service port of the STUN server by using a fixed IP address and a second client port of the client, and obtaining a masking IP address and a fifth masking port after NAT mapping from a response of the fifth STUN binding request returned by the STUN server;
whether the fifth masking port is the same as the third masking port or not is analyzed, if the fifth masking port is the same as the third masking port, the sequence type of the NAT is the NAT type irrelevant to the receiving and sending sequence, and if the fifth masking port is different from the third masking port, the sequence type of the NAT is the NAT type relevant to the receiving and sending sequence.
Correspondingly, the invention also provides a client, which comprises:
the mapping detection module is used for initiating mapping behavior detection to the STUN server and identifying the mapping type of the NAT based on the mapping behavior detection;
the filtering detection module is used for initiating filtering behavior detection to the STUN server when the mapping type of the NAT is identified to be the NAT type of the end-point-independent mapping based on the mapping behavior detection, and identifying the filtering type of the NAT based on the filtering behavior detection;
and the sequence detection module is used for initiating sequence behavior detection to the STUN server when the filtering type of the NAT is identified to be the NAT type of address and port related filtering based on the filtering behavior detection, and identifying the sequence type of the NAT based on the sequence behavior detection.
The mapping detection module includes:
a first request unit, configured to send a first STUN binding request to a first service IP address and a first service port of the STUN server with a fixed IP address and a first client port of a client;
the first response unit is used for obtaining the masking IP address and the first masking port after NAT mapping from the response of the first STUN binding request returned by the STUN server;
a second request unit, configured to send a second STUN binding request to a second service IP address and a first service port of the STUN server with the fixed IP address and the first client port of the client;
the second response unit is used for obtaining the masking IP address and the second masking port after NAT mapping from the response of the second STUN binding request returned by the STUN server;
and the first identification unit is used for identifying that the NAT mapping type is an end-point-independent mapping NAT type when the first masking port and the second masking port are judged to be the same.
The filtering detection module includes:
a third request unit, configured to send a third STUN binding request to the first service IP address and the first service port of the STUN server with the fixed IP address and the second client port of the client;
a third response unit, configured to receive a response to the third STUN binding request, and obtain a masked IP address and a third masked port after NAT mapping from the response to the third STUN binding request;
a fourth request unit, configured to send a fourth STUN binding request to the first service IP address and the first service PORT of the STUN server by using the fixed IP address and the second client PORT of the client, where the fourth STUN binding request has set Change IP and Change PORT attributes of a STUN request packet to 1, and the fourth STUN binding request is used to request the STUN server to reply to the fourth STUN binding request by using the second service IP address and the second service PORT of the STUN server;
a fourth response unit, configured to receive a response to the fourth STUN binding request returned by the STUN server;
and the second identification unit is used for judging the filtering type of the NAT according to the response of the fourth STUN binding request, and identifying that the filtering type of the NAT is the NAT type of address and port related filtering when the client does not receive the response of the fourth STUN binding request and causes receiving overtime.
The sequence detection module comprises:
a fifth request unit, configured to send a fifth STUN binding request to the first service IP address and the second service port of the STUN server with the fixed IP address and the second client port of the client;
a fifth response unit, configured to receive a response to the fifth STUN binding request returned by the STUN server, and obtain, from the response to the fifth STUN binding request, a masked IP address and a fifth masked port after NAT mapping;
and the third identification unit is used for analyzing whether the fifth masking port is the same as the third masking port, if the fifth masking port is the same as the third masking port, the sequence type of the NAT is the NAT type irrelevant to the receiving and sending sequence, and if the fifth masking port is different from the third masking port, the sequence type of the NAT is the NAT type relevant to the receiving and sending sequence.
Correspondingly, the invention also provides a system for NAT detection, which comprises:
the client is used for initiating mapping behavior detection to the STUN server and identifying the mapping type of the NAT based on the mapping behavior detection; when the mapping type of the NAT is identified to be the NAT type of the end-point irrelevant mapping based on the mapping behavior detection, initiating filtering behavior detection to the STUN server, and identifying the filtering type of the NAT based on the filtering behavior detection; when the filtering type of the NAT is identified to be the NAT type of address and port related filtering based on the filtering behavior detection, initiating sequential behavior detection to the STUN server, and identifying the sequential type of the NAT based on the sequential behavior detection;
NAT equipment, which is used to provide network address translation when the client communicates with the STUN server;
and the STUN server provides server side support of a STUN protocol and is used for assisting the client side to pass through different routers through a UDP (user datagram protocol), and the STUN server is in data communication with the client side through NAT (network address translation) equipment.
The client is used for sending a fifth STUN binding request to the first service IP address and the second service port of the STUN server by using the fixed IP address and the second client port of the client, and obtaining a masking IP address and a fifth masking port after NAT mapping from a response of the fifth STUN binding request returned by the STUN server; whether the fifth masking port is the same as the third masking port or not is analyzed, if the fifth masking port is the same as the third masking port, the sequence type of the NAT is the NAT type irrelevant to the receiving and sending sequence, and if the fifth masking port is different from the third masking port, the sequence type of the NAT is the NAT type relevant to the receiving and sending sequence.
The client in the embodiment of the invention adds a sequence detection behavior on the basis of the mapping behavior and the filtering behavior, so that the client can identify the relationship between the effectiveness of the mapping port and the data receiving and sending sequence on the port, and the client can predict whether the P2P data transmission can be established between two hosts in different local area networks. By the method, the method can be used as a supplement to NAT behavior division in RFC4787, and by the NAT detection mode, two clients located behind different NATs can detect the NAT behaviors before establishing a P2P data transmission channel, so that the NAT types corresponding to each other are known, and whether a P2P channel can be established between the two clients can be predicted by the clients.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic system structure diagram of NAT detection in the embodiment of the present invention;
FIG. 2 is a schematic diagram of a client architecture in an embodiment of the invention;
FIG. 3 is a block diagram of a mapping detection module according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a filtering detection module in an embodiment of the invention;
FIG. 5 is a schematic structural diagram of a sequential detection module in an embodiment of the present invention;
FIG. 6 is a flow chart of a method of NAT detection in an embodiment of the invention;
fig. 7 is a flowchart of a specific method of NAT detection in an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that P2P means that two clients communicate directly without going through a server, or two terminals can establish a communication link directly with the help of a server. Not all two peers can establish a P2P tunnel, for example, two host computers, mobile phones and other terminals located in different regions cannot establish P2P between some terminal entities due to the NAT type difference of the located routers.
The detection method provided by RFC5780 can detect the mapping behavior and the filtering behavior of the NAT, so that before two clients behind different NATs establish a P2P data transmission channel, the NAT behavior of the client can be detected first, after the corresponding NAT type of the client is obtained, the NAT types of the client are mutually notified to each other through some message forwarding servers, and the client and the server can carry out combined judgment through the NAT type of the client and the NAT type of the opposite party to obtain whether a P2P channel can be established between the two clients. There is currently a special NAT (firewall) behavior, i.e., the NAT device will block the mapping port that is not sending and receiving first. Therefore, the embodiment of the invention provides that the port Mapping behavior of the NAT is related to the receiving and sending sequence, the NAT type is defined as the NAT (receiving-sending-Order-Dependent Mapping NAT) related to the receiving and sending sequence and the NAT (receiving-sending-Order-Independent Mapping NAT) unrelated to the receiving and sending sequence, and the detection mode of the NAT type is provided. The masking, i.e., mapping, in the embodiments of the present invention, here, the masking port, i.e., the mapping port, and here, the masking IP address, i.e., the mapping IP address.
Specifically, fig. 1 shows a schematic structural diagram of a system for NAT detection in the embodiment of the present invention, where the system includes:
the client is used for initiating mapping behavior detection to the STUN server and identifying the mapping type of the NAT based on the mapping behavior detection; when the mapping type of the NAT is identified to be the NAT type of the end point irrelevant mapping based on the mapping behavior detection, initiating filtering behavior detection to the STUN server, and identifying the filtering type of the NAT based on the filtering behavior detection; when the filtering type of the NAT is identified to be the NAT type of address and port related filtering based on the filtering behavior detection, initiating sequential behavior detection to the STUN server, and identifying the sequential type of the NAT based on the sequential behavior detection;
NAT equipment, which is used to provide network address translation when the client communicates with the STUN server;
and the STUN server provides server side support of a STUN protocol and is used for assisting the client side to pass through different routers through a UDP (user datagram protocol), and the STUN server is in data communication with the client side through NAT (network address translation) equipment.
The client obtains its mapping address and port on the NAT through the network topology structure shown in fig. 1, the STUN server has two IP addresses and two ports, where the IP addresses are set to be s.s.s.s.s and t.t.t.t, respectively, and the ports are set to be 3478 and 3479, respectively; the client has an IP address of a.a.a.a.a and two ports of 10000 and 20000, respectively.
The client is used for sending a fifth STUN binding request to a first service IP address and a second service port of the STUN server by using a fixed IP address and a second client port of the client, and obtaining a masking IP address and a fifth masking port after NAT mapping from a response of the fifth STUN binding request returned by the STUN server; whether the fifth masking port is the same as the third masking port (namely, equal in value) is analyzed, if the fifth masking port is the same as the third masking port, the sequence type of the NAT is the NAT type irrelevant to the receiving and sending sequence, and if the fifth masking port is different from the third masking port, the sequence type of the NAT is the NAT type relevant to the receiving and sending sequence.
Specifically, fig. 2 shows a schematic structural diagram of a client in the embodiment of the present invention, where the client includes:
the mapping detection module is used for initiating mapping behavior detection to the STUN server and identifying the mapping type of the NAT based on the mapping behavior detection;
the filtering detection module is used for initiating filtering behavior detection to the STUN server when the mapping type of the NAT is identified to be the NAT type of the end-point-independent mapping based on the mapping behavior detection, and identifying the filtering type of the NAT based on the filtering behavior detection;
and the sequence detection module is used for initiating sequence behavior detection to the STUN server when the filtering type of the NAT is identified to be the NAT type of address and port related filtering based on the filtering behavior detection, and identifying the sequence type of the NAT based on the sequence behavior detection.
Specifically, fig. 3 shows a schematic structural diagram of a mapping detection module in an embodiment of the present invention, where the mapping detection module includes:
a first request unit, configured to send a first STUN binding request to a first service IP address and a first service port of the STUN server with a fixed IP address and a first client port of a client;
the first response unit is used for obtaining the masking IP address and the first masking port after NAT mapping from the response of the first STUN binding request returned by the STUN server;
a second request unit, configured to send a second STUN binding request to a second service IP address and a first service port of the STUN server with the fixed IP address and the first client port of the client;
the second response unit is used for obtaining the masking IP address and the second masking port after NAT mapping from the response of the second STUN binding request returned by the STUN server;
the first identification unit is configured to identify that the mapping type of the NAT is an endpoint-independent mapping NAT type when it is determined that the first masking port and the second masking port are the same (i.e., equal in value).
Specifically, fig. 4 shows a schematic structural diagram of a filtering detection module in an embodiment of the present invention, where the filtering detection module includes:
a third request unit, configured to send a third STUN binding request to the first service IP address and the first service port of the STUN server with the fixed IP address and the second client port of the client;
a third response unit, configured to receive a response to the third STUN binding request, and obtain a masked IP address and a third masked port after NAT mapping from the response to the third STUN binding request;
a fourth request unit, configured to send a fourth STUN binding request to the first service IP address and the first service PORT of the STUN server by using the fixed IP address and the second client PORT of the client, where the fourth STUN binding request has set Change IP and Change PORT attributes of a STUN request packet to 1, and the fourth STUN binding request is used to request the STUN server to reply to the fourth STUN binding request by using the second service IP address and the second service PORT of the STUN server;
a fourth response unit, configured to receive a response to the fourth STUN binding request returned by the STUN server;
and the second identification unit is used for judging the filtering type of the NAT according to the response of the fourth STUN binding request, and identifying that the filtering type of the NAT is the NAT type of address and port related filtering when the client does not receive the response of the fourth STUN binding request and causes receiving overtime.
Specifically, fig. 5 shows a schematic structural diagram of a sequential detection module in an embodiment of the present invention, where the sequential detection module includes:
a fifth request unit, configured to send a fifth STUN binding request to the first service IP address and the second service port of the STUN server with the fixed IP address and the second client port of the client;
a fifth response unit, configured to receive a response to the fifth STUN binding request returned by the STUN server, and obtain, from the response to the fifth STUN binding request, a masked IP address and a fifth masked port after NAT mapping;
and the third identification unit is configured to analyze whether the fifth masked port is the same as (i.e., equal in value to) the third masked port, where if the fifth masked port is the same as the third masked port, the sequence type of the NAT is an NAT type unrelated to the transmission/reception sequence, and if the fifth masked port is different from the third masked port, the sequence type of the NAT is an NAT type related to the transmission/reception sequence.
Specifically, fig. 6 shows a flowchart of a method for NAT detection in the embodiment of the present invention, where the method includes the following steps:
s601, the client initiates mapping behavior detection to the STUN server, and identifies the mapping type of the NAT based on the mapping behavior detection;
specifically, the client initiates mapping behavior detection to the STUN server, and identifies the mapping type of the NAT based on the mapping behavior detection, including: sending a first STUN binding request to a first service IP address and a first service port of a STUN server by using a fixed IP address and a first client port of a client, and obtaining a masking IP address and a first masking port after NAT mapping from a response of the first STUN binding request returned by the STUN server; sending a second STUN binding request to a second service IP address and a first service port of the STUN server by using the fixed IP address and the first client port of the client, and obtaining a masking IP address and a second masking port after NAT mapping from a response of the second STUN binding request returned by the STUN server; and when the masking IP address and the first masking port are judged to be the same as the masking IP address and the second masking port, namely the first masking port and the second masking port are equal in numerical value, identifying that the NAT mapping type is an end-point-independent mapping NAT type.
It should be noted that, when the mapping type of the NAT is an endpoint-independent mapping NAT type, the masking IP address is an external network IP address on the NAT device, and the first masking port and the second masking port are the same masking port (i.e., equal in value).
S602, when the mapping type of the NAT is identified to be the NAT type of the end point irrelevant mapping based on the mapping behavior detection, initiating the filtering behavior detection to the STUN server, and identifying the filtering type of the NAT based on the filtering behavior detection;
the initiating a filtering behavior probe to the STUN server, and identifying a filtering type of the NAT based on the filtering behavior probe includes: sending a third STUN binding request to a first service IP address and a first service port of the STUN server by using a fixed IP address and a second client port of the client, receiving a response of the third STUN binding request, and obtaining a masking IP address and a third masking port after NAT mapping from the response of the third STUN binding request; sending a fourth STUN binding request to a first service IP address and a first service PORT of a STUN server by using a fixed IP address and a second client PORT of a client, wherein the fourth STUN binding request sets Change IP and Change PORT attributes of a STUN request message as 1, and is used for requesting the STUN server to reply the fourth STUN binding request by using a second service IP address and a second service PORT of the STUN server; and receiving a response of the fourth STUN binding request returned by the STUN server, judging the filtering type of the NAT according to the response of the fourth STUN binding request, and identifying that the filtering type of the NAT is the NAT type of address and port related filtering when the client does not receive the response of the fourth STUN binding request and causes receiving overtime.
It should be noted that, when the filtering type of the NAT is identified as an address and port related filtering NAT type, the masking IP address is an external network IP address on the NAT device, and the value of the third masking port is determined by the allocation policy of the NAT and has no special meaning.
S603, when the filtering type of the NAT is identified to be the NAT type of address and port related filtering based on the filtering behavior detection, initiating the sequential behavior detection to the STUN server, and identifying the sequential type of the NAT based on the sequential behavior detection.
The initiating a sequential behavior probe to the STUN server and identifying sequential types of NATs based on the sequential behavior probe includes: sending a fifth STUN binding request to a first service IP address and a second service port of the STUN server by using a fixed IP address and a second client port of the client, and obtaining a masking IP address and a fifth masking port after NAT mapping from a response of the fifth STUN binding request returned by the STUN server; whether the fifth masking port is the same as the third masking port (namely, equal in value) is analyzed, if the fifth masking port is the same as the third masking port, the sequence type of the NAT is the NAT type irrelevant to the receiving and sending sequence, and if the fifth masking port is different from the third masking port, the sequence type of the NAT is the NAT type relevant to the receiving and sending sequence.
It should be noted that, when identifying the sequential type of the NAT, the masking IP address here is the external network IP address on the NAT device, and the value of the fifth masking port is determined by the allocation policy of the NAT and has no special meaning.
The sequential behavior detection is adopted, so that the determination of whether the mapping port is valid can be obtained by identifying the data transceiving sequential type on the NAT mapping port, and the client can predict whether the P2P data transmission can be established between two hosts in different local area networks under a specific condition.
Here, the system architecture of NAT detection shown in fig. 1 is described as follows by taking the technical principles of fig. 1 to 6 as an example:
as shown in the flowchart of the method for NAT probing in fig. 7, mapping probing and filtering probing (i.e. 701-704) may be performed according to the probing procedure of RFC5780, and then sequential behavior probing (i.e. 705) is performed, where the IP address and port number numbers are not mandatory and are only arbitrarily specified for the purpose of explanation, and if the specific STUN protocol is referred to the specification requirements in RFC4787 and RFC5780, detailed description thereof is omitted here.
1. Mapping behavior detection is as follows:
701. client A sends STUN binding request to STUN server address and port s.s.s.s.s.s.s.78 with address and port a.a.a.a.a: 10000; the address and port after NAT mapping obtained from the response returned by the STUN server are: m.m.m.m is 10000;
702. client A sends STUN binding request to STUN server address and port t.t.t.t:3478 by address and port a.a.a.a.a: 10000; the addresses and ports mapped by NAT remain: m.m.m.m. 10000.
According to RFC4787 and RFC5780, the NAT type is an Endpoint-Independent Mapping NAT (Endpoint-Independent Mapping NAT), and if the NAT type is not "Endpoint-Independent Mapping NAT", the conditions set by the present invention are not satisfied, and the following filtering behavior probing step is not necessary.
It should be noted that mapping and filtering are two behaviors of NAT, mapping refers to how an IP address and a port number in a local area network correspond to a port on NAT, when a packet sent from the local area network to an external network passes through NAT, NAT replaces a source IP address in the packet with an external network IP address of NAT, replaces a source port number in the packet with a port number mapped by NAT, a mapping rule is determined by different NAT port allocation policies, after the data from the external network reaches NAT, NAT searches a destination port in the packet, and if the destination port is a previously mapped port, NAT replaces a destination IP address and a destination port in the packet (an IP address and a port number of an intranet host receiving the data) and forwards the destination IP address and the destination port in the packet to the intranet host. Filtering refers to whether NAT allows data from outside to pass through NAT and forward to some intranet host.
2. The filtering behavior is detected as follows:
703. the client a sends a binding request to the STUN server address and port s.s.s.s.s.s.s.s.3478 with the address and port a.a.a.a.a.a: 20000, and the client receives the STUN server response, and gets the address and port a.a.a.a.a: 20000 addresses and ports to STUN servers s.s.s.s:3478 NAT mapping address and port when sending data are: m.m.m.m is 20000;
704. the client A sends a binding request to the address and the PORT of the STUN server by using the address and the PORT a.a.a.a.a: 20000, sets the Change IP and the Change PORT attribute of the STUN request message to be 1, sets the Change IP and the Change PORT attribute value in the request message to be 1 so as to request the server to reply the request by using the other address and the PORT (namely, the request is replied by t.t.t.t: 3479), and the reply of the client to the request is judged by the following two methods:
(1) if the client a does not receive the response of the request and causes the reception timeout, the NAT type belongs to "Address and Port-Dependent Filtering NAT", because when the STUN server uses t.t.t.t:3479 when sending data to the mapping address and port (m.m.m.m:20000) of NAT, NAT will discard this data (the strategy of NAT discarding is four-tuple, intranet IP + intranet port + extranet IP + extranet port, i.e. only if some intranet address and port send data to some extranet address and port, the data from the extranet address and port will be received and forwarded);
(2) if the client receives the response of the request, the NAT belongs to an Endpoint-Independent Filtering NAT, and the NAT forwards the data to the corresponding intranet host.
If the Filtering behavior of the NAT is described in (1), that is, the Filtering behavior of the NAT is "Address and Port-Dependent Filtering NAT", the following "sequential behavior probing" step may be continued, otherwise, if the Filtering behavior is described in (2), the conditions set herein are not met, the following "sequential behavior probing" step does not have to be continued.
3. Sequential behavior detection is as follows:
705. client a is connected with address and port a.a.a.a:20000, s.s.s.s.to STUN server: 3479 address and port send a bind request, then:
(a) if the NAT belongs to "Receive-Send-Order-Dependent Mapping NAT", the NAT masks 20000 the Mapping port, and the NAT uses another port as the Mapping for the quadruple at both ends of the transmission and reception, for example, 1111 port is used as the new Mapping in fig. 7, and the STUN response message returned from the STUN server can see that the NAT uses 1111 new port as the Mapping, and 20000 port is temporarily masked by the NAT, and the 1111 port is numerically determined by the NAT's allocation policy.
(b) If the NAT belongs to "Receive-Send-Order-Independent Mapping NAT", the NAT still uses 20000 as the Mapping of the quadruplet at both ends of the receiving and sending, the STUN response message returned from the STUN server can see the STUN binding request, and the NAT still uses 20000 ports as the Mapping.
To this end, the result of step 705 in the above "sequential behavior probing" can be used to determine which of the following NATs the behavior of the NAT belongs to, namely:
NAT (Send-Receive-Order-Dependent Mapping NAT) for receiving and transmitting sequence related Mapping;
NAT (Send-Receive-Order-Independent Mapping NAT) for receiving and sending Order-Independent Mapping.
These two NAT behaviors can be supplemented by RFC4787 specification, and the above "sequential behavior probing" can also be supplemented by RFC5780 probing for NAT behavior.
After P2P penetration is realized among devices in different local area networks, two devices in different local area networks can directly transmit data based on UDP protocol, flow cost and operation cost caused by data forwarding by using a server are avoided, sequential behavior detection based on NAT can predict whether P2P and a method for establishing P2P can be established among NATs, and because the prior RFC related files do not have sequential behavior detection, only mapping detection and filtering detection exist, but the method in RFC can not predict whether P2P can be successfully established among NATs with sequential related mapping. Based on the detection mode of the NAT in the embodiment of the invention, before the two clients behind different NATs establish the P2P data transmission channel, the two clients can detect the NAT behaviors of the clients and further know the NAT types corresponding to each other, so that the clients can predict each other to obtain whether the P2P channel can be established between the two clients.
The present embodiments also provide a computer storage medium having instructions stored therein, which when executed on a computer or a processor, cause the computer or the processor to perform one or more steps of the method according to any one of the above embodiments. Based on the understanding that the constituent modules of the above-mentioned apparatus, if implemented in the form of software functional units and sold or used as independent products, may be stored in the computer-readable storage medium, and based on this understanding, the technical solutions of the present application, in essence, or a part contributing to the prior art, or all or part of the technical solutions, may be embodied in the form of software products, and the computer products are stored in the computer-readable storage medium.
The computer readable storage medium may be an internal storage unit of the device according to the foregoing embodiment, such as a hard disk or a memory. The computer readable storage medium may be an external storage device of the above-described apparatus, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the computer-readable storage medium may include both an internal storage unit and an external storage device of the device. The computer-readable storage medium is used for storing the computer program and other programs and data required by the apparatus. The above-described computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
Those skilled in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing the relevant hardware by a computer program, where the computer program can be stored in a computer-readable storage medium, and when executed, the computer program can include the processes of the embodiments of the methods as described above. And the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The above embodiments of the present invention are described in detail, and the principle and the implementation of the present invention are described herein by using specific embodiments, and the description of the above embodiments is only used to help understanding the method of the present invention and the core idea thereof; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A method of NAT probing, the method comprising the steps of:
the client initiates mapping behavior detection to the STUN server, and identifies the mapping type of the NAT based on the mapping behavior detection;
when the mapping type of the NAT is identified to be the NAT type of the end-point irrelevant mapping based on the mapping behavior detection, initiating filtering behavior detection to the STUN server, and identifying the filtering type of the NAT based on the filtering behavior detection;
when the filtering type of the NAT is identified to be the NAT type of address and port related filtering based on the filtering behavior detection, the sequential behavior detection is initiated to the STUN server, and the sequential type of the NAT is identified based on the sequential behavior detection.
2. The method of NAT probing according to claim 1, wherein the client initiates mapping behavior probing to the STUN server, and identifying the mapping type of the NAT based on the mapping behavior probing comprises:
sending a first STUN binding request to a first service IP address and a first service port of a STUN server by using a fixed IP address and a first client port of a client, and obtaining a masking IP address and a first masking port after NAT mapping from a response of the first STUN binding request returned by the STUN server;
sending a second STUN binding request to a second service IP address and a first service port of the STUN server by using the fixed IP address and the first client port of the client, and obtaining a masking IP address and a second masking port after NAT mapping from a response of the second STUN binding request returned by the STUN server;
and identifying that the NAT mapping type is an end-point-independent mapping NAT type when the first masking port and the second masking port are judged to be the same.
3. The method of NAT probing according to claim 2, wherein the initiating filtering behavior probing to the STUN server and identifying the filtering type of the NAT based on the filtering behavior probing comprises:
sending a third STUN binding request to a first service IP address and a first service port of the STUN server by using a fixed IP address and a second client port of the client, receiving a response of the third STUN binding request, and obtaining a masking IP address and a third masking port after NAT mapping from the response of the third STUN binding request;
sending a fourth STUN binding request to a first service IP address and a first service PORT of a STUN server by using a fixed IP address and a second client PORT of a client, wherein the fourth STUN binding request sets Change IP and Change PORT attributes of a STUN request message as 1, and is used for requesting the STUN server to reply the fourth STUN binding request by using a second service IP address and a second service PORT of the STUN server;
and receiving a response of the fourth STUN binding request returned by the STUN server, judging the filtering type of the NAT according to the response of the fourth STUN binding request, and identifying that the filtering type of the NAT is the NAT type of address and port related filtering when the client does not receive the response of the fourth STUN binding request and causes receiving overtime.
4. The method of NAT probing according to claim 3, wherein the initiating sequential behavior probing to the STUN server and identifying the sequential type of NAT based on the sequential behavior probing comprises:
sending a fifth STUN binding request to a first service IP address and a second service port of the STUN server by using a fixed IP address and a second client port of the client, and obtaining a masking IP address and a fifth masking port after NAT mapping from a response of the fifth STUN binding request returned by the STUN server;
whether the fifth masking port is the same as the third masking port or not is analyzed, if the fifth masking port is the same as the third masking port, the sequence type of the NAT is the NAT type irrelevant to the receiving and sending sequence, and if the fifth masking port is different from the third masking port, the sequence type of the NAT is the NAT type relevant to the receiving and sending sequence.
5. A client, the client comprising:
the mapping detection module is used for initiating mapping behavior detection to the STUN server and identifying the mapping type of the NAT based on the mapping behavior detection;
the filtering detection module is used for initiating filtering behavior detection to the STUN server when the mapping type of the NAT is identified to be the NAT type of the end-point-independent mapping based on the mapping behavior detection, and identifying the filtering type of the NAT based on the filtering behavior detection;
and the sequence detection module is used for initiating sequence behavior detection to the STUN server when the filtering type of the NAT is identified to be the NAT type of address and port related filtering based on the filtering behavior detection, and identifying the sequence type of the NAT based on the sequence behavior detection.
6. The client of claim 5, wherein the mapping probe module comprises:
a first request unit, configured to send a first STUN binding request to a first service IP address and a first service port of the STUN server with a fixed IP address and a first client port of a client;
the first response unit is used for obtaining the masking IP address and the first masking port after NAT mapping from the response of the first STUN binding request returned by the STUN server;
a second request unit, configured to send a second STUN binding request to a second service IP address and a first service port of the STUN server with the fixed IP address and the first client port of the client;
the second response unit is used for obtaining the masking IP address and the second masking port after NAT mapping from the response of the second STUN binding request returned by the STUN server;
and the first identification unit is used for identifying that the NAT mapping type is an end-point-independent mapping NAT type when the first masking port and the second masking port are judged to be the same.
7. The client of claim 6, wherein the filtering probe module comprises:
a third request unit, configured to send a third STUN binding request to the first service IP address and the first service port of the STUN server with the fixed IP address and the second client port of the client;
a third response unit, configured to receive a response to the third STUN binding request, and obtain a masked IP address and a third masked port after NAT mapping from the response to the third STUN binding request;
a fourth request unit, configured to send a fourth STUN binding request to the first service IP address and the first service PORT of the STUN server by using the fixed IP address and the second client PORT of the client, where the fourth STUN binding request has set Change IP and Change PORT attributes of a STUN request packet to 1, and the fourth STUN binding request is used to request the STUN server to reply to the fourth STUN binding request by using the second service IP address and the second service PORT of the STUN server;
a fourth response unit, configured to receive a response to the fourth STUN binding request returned by the STUN server;
and the second identification unit is used for judging the filtering type of the NAT according to the response of the fourth STUN binding request, and identifying that the filtering type of the NAT is the NAT type of address and port related filtering when the client does not receive the response of the fourth STUN binding request and causes receiving overtime.
8. The client of claim 7, wherein the order detection module comprises:
a fifth request unit, configured to send a fifth STUN binding request to the first service IP address and the second service port of the STUN server with the fixed IP address and the second client port of the client;
a fifth response unit, configured to receive a response to the fifth STUN binding request returned by the STUN server, and obtain, from the response to the fifth STUN binding request, a masked IP address and a fifth masked port after NAT mapping;
and the third identification unit is used for analyzing whether the fifth masking port is the same as the third masking port, if the fifth masking port is the same as the third masking port, the sequence type of the NAT is an NAT type irrelevant to the receiving and sending sequence, and if the fifth masking port is different from the third masking port, the sequence type of the NAT is an NAT type relevant to the receiving and sending sequence.
9. A system for NAT probing, the system comprising:
the client is used for initiating mapping behavior detection to the STUN server and identifying the mapping type of the NAT based on the mapping behavior detection; when the mapping type of the NAT is identified to be the NAT type of the end-point irrelevant mapping based on the mapping behavior detection, initiating filtering behavior detection to the STUN server, and identifying the filtering type of the NAT based on the filtering behavior detection; when the filtering type of the NAT is identified to be the NAT type of address and port related filtering based on the filtering behavior detection, initiating sequential behavior detection to the STUN server, and identifying the sequential type of the NAT based on the sequential behavior detection;
NAT equipment, which is used to provide network address translation when the client communicates with the STUN server;
and the STUN server provides server side support of a STUN protocol and is used for assisting the client side to pass through different routers through a UDP (user datagram protocol), and the STUN server is in data communication with the client side through NAT (network address translation) equipment.
10. The system for NAT probing according to claim 9, wherein the client is configured to send a fifth STUN binding request to the first service IP address and the second service port of the STUN server with the fixed IP address and the second client port of the client, and obtain the masked IP address and the fifth masked port after NAT mapping from the response of the fifth STUN binding request returned by the STUN server; whether the fifth masking port is the same as the third masking port or not is analyzed, if the fifth masking port is the same as the third masking port, the sequence type of the NAT is the NAT type irrelevant to the receiving and sending sequence, and if the fifth masking port is different from the third masking port, the sequence type of the NAT is the NAT type relevant to the receiving and sending sequence.
CN202210679219.3A 2022-06-16 2022-06-16 NAT detection method, client and system Active CN115022280B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210679219.3A CN115022280B (en) 2022-06-16 2022-06-16 NAT detection method, client and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210679219.3A CN115022280B (en) 2022-06-16 2022-06-16 NAT detection method, client and system

Publications (2)

Publication Number Publication Date
CN115022280A true CN115022280A (en) 2022-09-06
CN115022280B CN115022280B (en) 2023-07-14

Family

ID=83075447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210679219.3A Active CN115022280B (en) 2022-06-16 2022-06-16 NAT detection method, client and system

Country Status (1)

Country Link
CN (1) CN115022280B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050076108A1 (en) * 2003-10-01 2005-04-07 Santera Systems, Inc. Methods and systems for per-session network address translation (NAT) learning and firewall filtering in media gateway
CN1890945A (en) * 2003-12-11 2007-01-03 泰德通信公司 Communication systems for traversing firewalls and network address translation (NAT) installations
CN101938532A (en) * 2010-09-17 2011-01-05 北京神州泰岳软件股份有限公司 UDP-based method and system for penetrating through NAT equipment
CN101945141A (en) * 2010-09-17 2011-01-12 北京神州泰岳软件股份有限公司 TCP-based method and system for traversing NAT devices
CN102647483A (en) * 2012-03-31 2012-08-22 中兴通讯股份有限公司 Method for obtaining network address translation (NAT) types, peer-to-peer (P2P) endpoint entity and NAT entity
WO2013087756A1 (en) * 2011-12-14 2013-06-20 Koninklijke Kpn N.V. Methods and systems for enabling nat traversal
US20140310397A1 (en) * 2013-04-10 2014-10-16 D-Link Corporation Network system capable of implementing stun with the assistance of two network devices and method thereof
CN107211022A (en) * 2015-01-28 2017-09-26 佳能株式会社 Resource supplying is driven using the improved client of server unit
CN112995358A (en) * 2021-04-21 2021-06-18 中国人民解放军国防科技大学 Large-scale network address translation traffic identification method and device and computer equipment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050076108A1 (en) * 2003-10-01 2005-04-07 Santera Systems, Inc. Methods and systems for per-session network address translation (NAT) learning and firewall filtering in media gateway
CN1890945A (en) * 2003-12-11 2007-01-03 泰德通信公司 Communication systems for traversing firewalls and network address translation (NAT) installations
CN101938532A (en) * 2010-09-17 2011-01-05 北京神州泰岳软件股份有限公司 UDP-based method and system for penetrating through NAT equipment
CN101945141A (en) * 2010-09-17 2011-01-12 北京神州泰岳软件股份有限公司 TCP-based method and system for traversing NAT devices
WO2013087756A1 (en) * 2011-12-14 2013-06-20 Koninklijke Kpn N.V. Methods and systems for enabling nat traversal
CN102647483A (en) * 2012-03-31 2012-08-22 中兴通讯股份有限公司 Method for obtaining network address translation (NAT) types, peer-to-peer (P2P) endpoint entity and NAT entity
US20140310397A1 (en) * 2013-04-10 2014-10-16 D-Link Corporation Network system capable of implementing stun with the assistance of two network devices and method thereof
CN107211022A (en) * 2015-01-28 2017-09-26 佳能株式会社 Resource supplying is driven using the improved client of server unit
CN112995358A (en) * 2021-04-21 2021-06-18 中国人民解放军国防科技大学 Large-scale network address translation traffic identification method and device and computer equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郑浩: "基于STUN 协议的NAT穿越技术的研究与应用", 《硕士电子期刊出版信息》 *

Also Published As

Publication number Publication date
CN115022280B (en) 2023-07-14

Similar Documents

Publication Publication Date Title
US8194566B2 (en) Information processing device, and bubble packet transmission method and program
RU2543304C2 (en) Packet relay method and device
CN112398782A (en) Network asset identification method, device, medium and equipment
JP4829982B2 (en) Detection and control of peer-to-peer communication
US20040205245A1 (en) Data transmission system with a mechanism enabling any application to run transparently over a network address translation device
US8254286B2 (en) Method and system for detection of NAT devices in a network
US20070101414A1 (en) Method for stateful firewall inspection of ice messages
US8867553B2 (en) Performing interactive connectivity checks in a mobility environment
JP2011515945A (en) Method and apparatus for communicating data packets between local networks
CN108881328B (en) Data packet filtering method and device, gateway equipment and storage medium
US20120218999A1 (en) Method and Apparatus for Identifier Correlation
GB2505288A (en) Identifying address translations
US9602333B2 (en) DNS server, gateways and methods for managing an identifier of a port range in the transmission of data
Simpson TCP cookie transactions (TCPCT)
CN115022281B (en) NAT penetration method, client and system
CN110995763B (en) Data processing method and device, electronic equipment and computer storage medium
CN110351159B (en) Cross-intranet network performance testing method and device
CN115022280B (en) NAT detection method, client and system
US20180063255A1 (en) Method and Apparatus for Terminal Application Accessing NAS
US7505418B1 (en) Network loopback using a virtual address
WO2011044810A1 (en) Method, device and system for implementing multiparty communication
CN108337331B (en) Network penetration method, device and system and network connectivity checking method
US20120047271A1 (en) Network address translation device and method of passing data packets through the network address translation device
KR100562390B1 (en) Network Data Flow Identification Method and System Using Host Routing and IP Aliasing Technique
Kuroda et al. STUN-based connection sequence through symmetric NATs for TCP connection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant