I need to implement a UDP protocol. The PC has to listen at a dedicated UDP port for incoming packets. It also sends packet (answers). The application runs on Windows XP, 7, 8, ....
The Windows firewall blocks incoming packets. This can be circumvent by UDP hole punching. So I have to send something that should not hurt. But I want to disturb as little as possible.
- How can I determine the timeout until the firewall will close the hole?
- Can I detect that the firewall has closed the firewall so that I have to resend to opening packet? Of course I won't receive anything when the firewall is closed but this might have other reasons.
To answer my own question: there is no way to determine the timeout. You need to experiment which timeout the Windows 7 firewall uses for UDP connections. The current experience shows a four second timeout but this may vary.
Some general tips for hole punching:
- Don't disturb any other host in the network. Send a packet with a content that doesn't hurt.
- It is not necessary to send to the host you want to be the sender of your response.
- It is not necessary to send to the UDP port you want to be the sender. Send to any UDP port. There is a discard port (9) that should ignore anything what you send.
- Make sure you packet is really sent. If you try to send to a host that has not been seen in the last time, the IP stack will use the ARP protocol to get the MAC address. If the IP stack doesn't get an ARP response, it can't send and IP packet and no hole is punched. This problem can be circumvent by sending to the network broadcast address.
- Make sure you punch the hole to the wanted network using the right adapters' broadcast address.