Quoting foundry27, Hacker News, 2024

TCP hole punching is goofy and unreliable, last I checked. You have to do some arcane ritual of having both peers start a three-way handshake to each others’s public endpoints simultaneously, relying on NATs to accept inbound SYN packets if they match the outgoing SYN. And nobody’s NAT devices implement simultaneous-open the same way, so all your connections just fail.

Naturally this leads to slapping even more arcane fixes on top of that, like NAT port assignment oracles to adversarial interoperate with different port allocation strategies (random, sequential, single, etc.) by analyzing patterns in previous port assignments. Networking sucks.

— foundry27, Hacker News, 2024

8:36pm on November 18, 2024 from Vancouver, Canada.


uid: ce3df87a-4852-4b6f-b181-d09fe0b9b6d5
creator: Silas Jelley
primary: references
secondary: quotes
available: 2024-11-18 20:36:10
created: 2024-11-18 20:36:10
updated: 2024-11-18 20:36:10
slug: 2024/11/18/203610
source: {'creator': 'foundry27', 'published': datetime.date(2024, 11, 16), 'publication': 'Hacker News', 'url': 'https://news.ycombinator.com/item?id=42158423', 'text': 'TCP hole punching is goofy and unreliable, last I checked. You have to do some arcane ritual of having both peers start a three-way handshake to each others’s public endpoints simultaneously, relying on NATs to accept inbound SYN packets if they match the outgoing SYN. And nobody’s NAT devices implement simultaneous-open the same way, so all your connections just fail.\n\nNaturally this leads to slapping even more arcane fixes on top of that, like NAT port assignment oracles to adversarial interoperate with different port allocation strategies (random, sequential, single, etc.) by analyzing patterns in previous port assignments. Networking sucks.', 'wordcount': 99, 'html': 'TCP hole punching is goofy and unreliable, last I checked. You have to do some arcane ritual of having both peers start a three-way handshake to each others’s public endpoints simultaneously, relying on NATs to accept inbound SYN packets if they match the outgoing SYN. And nobody’s NAT devices implement simultaneous-open the same way, so all your connections just fail.
\nNaturally this leads to slapping even more arcane fixes on top of that, like NAT port assignment oracles to adversarial interoperate with different port allocation strategies (random, sequential, single, etc.) by analyzing patterns in previous port assignments. Networking sucks.\n'}
filename: /home/silas/notes/2024/11/18/203610.md
title: foundry27, Hacker News, 2024
interlinks: set()
backlinks: set()
tags: []
wordcount: 0