Samy kamkar (umphandi wezokhuseleko owaziwayo ngokwenza izixhobo ezahlukeneyo zokuhlasela, ezinje nge-keylogger kwitshaja yefowuni ye-USB) ingenise indlela entsha yokuhlasela ebizwa ngokuba yi "NAT slipstreaming".
Uhlaselo ivumela, xa uvula iphepha kwisikhangeli, ukuseka uqhagamshelo kwiseva yomhlaseli kuyo nayiphi na izibuko le-UDP okanye i-TCP kwinkqubo yomsebenzisi ngasemva kwetoliki yedilesi. Isixhobo sokuhlasela sipapashiwe kwiGitHub.
Indlela ixhomekeke ekukhohliseni indlela yokulandela umkhondo ye-ALG (Izinga leNqanaba leSicelo) kwidilesi yabaguquli okanye i-firewall, esetyenziselwa ukuhlela ukuhanjiswa kwe-NAT yeeprotokholi ezisebenzisa amazibuko amanethiwekhi amaninzi (enye yedatha kunye neyolawulo), njenge-SIP. H323, IRC DCC kunye ne-FTP.
Uhlaselo lusebenza kubasebenzisi abanxibelelana nenethiwekhi usebenzisa iidilesi zangaphakathi kuluhlu lwe-intranet (192.168.xx, 10.xxx) kwaye ivumela nayiphi na idatha ukuba ithunyelwe kulo naliphi na izibuko (akukho zihloko ze-HTTP).
Ukwenza uhlaselo, Kwanele ukuba ixhoba liphumeze ikhowudi yeJavaScript elungiselelwe ngumhlaseliUmzekelo, ngokuvula iphepha kwiwebhusayithi yomhlaseli okanye ujonge intengiso eyingozi kwiwebhusayithi esemthethweni.
Kwinqanaba lokuqala, umhlaseli ufumana ulwazi malunga nedilesi yangaphakathi yomsebenzisi, Oku kungagqitywa yiWebRTC okanye, ukuba iWebRTC ikhubazekile, ngohlaselo olunamandla ngenqanaba lokuphendula xa ucela umfanekiso ofihliweyo (kwimikhosi esele ikho, inzame yokucela umfanekiso ikhawuleza kunaleyo ingekhoyo ngenxa ixesha lokuphuma ngaphambi kokubuyisa impendulo ye-TCP RST).
Kwinqanaba lesibini, ikhowudi yeJavaScript yenziwe kwi-browser yexhoba ivelisa isicelo esikhulu se-HTTP POST (engalinganiyo kwipakethi) kumncedisi womhlaseli usebenzisa inombolo yenethiwekhi engaqhelekanga yokuqalisa ukulungiswa kweeparameter zokuqhekeka kweTCP kunye nobungakanani beMTU kwisitaki seTCP sexhoba.
Ukuphendula, umncedisi womhlaseli ubuyisela ipakethi ye-TCP ngenketho yeMSS (Ubungakanani beyona segment), egqiba ubungakanani bepakethi efunyenweyo. Kwimeko ye-UDP, ukuxhaphaza kuyafana, kodwa kuxhomekeke ekuthumeleni isicelo esikhulu seWebRTC TURN sokususa ukwahlukana kwenqanaba le-IP.
«I-NAT Slipstreaming isebenzisa isikhangeli somsebenzisi ngokudibeneyo neNkqubo yokuSebenza yeNqanaba leSango (ALG) indlela yokulandela umkhondo yonxibelelwano eyakhelwe kwi-NAT, iirouters, kunye nezixhobo zomlilo ngokubopha i-IP yangaphakathi ngokusebenzisa uhlaselo lwexesha okanye iWebRTC, ukufunyanwa kokuqhekeka ye-IP ezenzekelayo kunye ne-MTU, ukupakisha ubungakanani bepakethi ye-TCP, ukusetyenziswa gwenxa kokuqinisekiswa kwe-TURN, ulawulo oluchanekileyo lwemida yeepakethi kunye nokudideka komgaqo-nkqubo ngenxa yokuphathwa gadalala kwesikhangeli, utshilo uKamkar kuhlalutyo.
Ingcinga ephambili yile leyo, ngokwazi ukwahlulwahlulwa kwemida, unako thumela isicelo esikhulu se-HTTP, umgca oya kuthi uwele kwipakethi yesibini. Kwangelo xesha, umgca oya kwipakethi yesibini uyakhethwa ukuze ungabinazihloko ze-HTTP kwaye unqunyulwe kwidatha ehambelana ngokupheleleyo nomgaqo-nkqubo oxhaswe yi-NAT.
Kwinqanaba lesithathu, kusetyenziswa ubuqhetseba apha ngasentla, ikhowudi yeJavaScript ivelisa kwaye ithumele isicelo esikhethwe ngokukodwa se-HTTP (okanye TURN ye-UDP) kwizibuko le-TCP 5060 yomncedisi womhlaseli, oya kuthi, emva kokuqhekeka, ahluleke abe ziipakethi ezimbini: a ipakethi enezihloko ze-HTTP kunye nenxalenye yedatha kunye nepakethi esebenzayo ye-SIP ene-IP yangaphakathi yexhoba.
Inkqubo yokulandela umkhondo wonxibelelwano kwisitaki senethiwekhi Iya kuqwalasela le pakethi njengesiqalo seseshoni ye-SIP kwaye iyakuvumela ukuhanjiswa kwepakethi kuyo nayiphi na izibuko elikhethwe ngumhlaseli, ucinga ukuba le port isetyenziselwa ukuhambisa idatha.
Uhlaselo lunokwenziwa ngaphandle kwesikhangeli esisetyenzisiweyo. Ukusombulula ingxaki, abaphuhlisi beMozilla bacebise ukuvimba amandla okuthumela izicelo ze-HTTP kumazibuko enethiwekhi 5060 kunye 5061 enxulumene nomgaqo we-SIP.
Abaphuhlisi beenjini zeChromium, Blink kunye neWebKit banenjongo yokuphumeza umlinganiso wokhuselo ofanayo.
Umthombo: https://samy.pl