I like your comment, but it seems the author acknowledged this as a caveat to the algorithm.
>Many home routers try to preserve the source port in external mappings. This is a property called “equal delta mapping” – it won’t work on all routers but for our algorithm we’re sacrificing coverage for simplicity.
So to what percentage is this coverage sacrificed exactly? No idea. Not as useful if the percentage is high, as you are implying.
It’s the same assumption is required for any hole punching handshake (including STUN).
> This is a property called “equal delta mapping”
FWIW I’ve worked in computer networking for 20 years and have never heard it called this. This blog is the only source that comes up when I search for that exact term. I wonder where the author got it from.
> It’s the same assumption is required for any hole punching handshake (including STUN).
This is incorrect.
Hole punching requires being able to predict external port. That's it. If the port remains the same, it certainly simplifies things, but ports going up (or down) by 1 (or 2, or 5) with each new mapping is quite common, trivial to detect and to punch through.
I wonder how many new technical terms are going to be created by LLMs - not to say that this post was N
necessarily written by an LLM (but, who knows!)
It comes from academic papers on categorizing NAT behaviors which (trust me) is hardly the page turning research most people are used to. In these papers they talk about patterns NATs use between successive external port allocations -- which they call the "delta."
The name "equal delta" just means a type of NAT with a delta that tries to preserve the source port. Not to be confused with "preserving" type deltas (that preserve "the same numerical distance" between successive mappings -- e.g. a "preserving delta" type with a value of +1 means each successive NAT allocation is one more than the previous.)
My internet provider didn't even maintain the ip-address. They have a pool of egress routes and seems to route round-robin. Basically every new connection can be from any address in the pool.
I had to call them to make it stop since it tripped the VPN solution at work, that interpreted it as a MIM attack. They disabled it no questions asked as soon as I called, so I guess it mostly works for most people, but not all.
But on that note, isn't it basically time now for IPv6 so we can stop shit like this and go to directly addressable devices like everyone did in the early 90s.
Can't both sides just keep trying different ports until they get lucky? There's not that many of them, and even if it takes several minutes to get a match, that's better than nothing at all.
>Many home routers try to preserve the source port in external mappings. This is a property called “equal delta mapping” – it won’t work on all routers but for our algorithm we’re sacrificing coverage for simplicity.
So to what percentage is this coverage sacrificed exactly? No idea. Not as useful if the percentage is high, as you are implying.