1. Field of the Invention
The present invention relates to a modified session initiation protocol (SIP) voice over IP (VoIP) communication protocol and, more particularly, to a modified SIP communication method capable of transversing network address translation (NAT) firewall.
2. Description of Related Art
In recent years, the use of network becomes more and more popular. From the earliest dial-up access to today's broadband network, both the upload and download speeds become faster and faster, and more and more services can be provided. In the high bandwidth and mature network environment, the use of voice over internet (VoIP) has gradually become widespread. However, most network users are usually located within a NAT firewall. Today's VoIP protocols cannot apply to network environments with NAT firewall. Within the field of VoIP, the session initiation protocol (SIP) established by the IETF should be the most potential network phone protocol. Although this SIP protocol can transmit SIP instructions or messages via a SIP proxy server, it still cannot solve the problem brought about by firewall and private IP.
Speaking more in detail, NAT firewalls will block packets from the outside. That is, the outside cannot directly transmit data to a user within a firewall. If one wants to use the SIP protocol to build a network phone with a user within a firewall, the user within the firewall cannot receive his request, hence failing the whole process. The process of dialing a SIP network phone can be divided into two stages. The first stage is the transmission of SIP messages of both ends. The second stage is the building of media session of both ends and the transmission of voice packets. Because the data amount involved in the first stage is small, a proxy server can be used for data transmission. But the data amount and the required bandwidth in the second stage are very large. Transmission via a proxy server therefore is not a good method. The best method is to make both ends be able to directly transmit data to each other, which cannot be accomplished with the present SIP protocol. In order to solve this problem, we have to first understand the behaviors of a NAT router.
In common transmission control protocol (TCP) and user datagram protocol (UDP) packets, there are four parameters, respectively being a source IP address, a source port number, a destination IP address and a destination port number. The IP address can be used to discriminate which device sends out or receives this packet, and the port number is used to discriminate different connections on the same device.
FIG. 1 is a diagram showing the variation situation of four parameters during the transmission process of packets between a public network and a private network in the prior art. As shown in FIG. 1, host A and host D are respectively located in two different private networks 12 and 14, whole host B and host C are located in the public network 10. When host A sends out packet #1 to host B, SP1, SA1, DP1 and DA1 carried by the packet #1 represent the source port, the source address, the destination port and the destination address, respectively. After passing a first firewall 16, SP1 and SA1 will be modified to SP1′ and SA1′ by a first NAT router 18. The first NAT router then sends the modified packet #1′ to host B. SA1′ is the public IP address of the first NAT router, and SP1′ is automatically specified by the first NAT router 18 according to the present communication port. After host B receives the packet #1′, it can easily send a packet back to host A located within the first firewall 16 according to the four parameters carried by the packet #1′.
At this time, if host C wants to transmit a packet #2 to host A located within the first firewall 16, the four parameters of the packet #2 only have to satisfy the following conditions for the packet #2 to transverse the first firewall 16 and be transmitted to host A:DA2=SA1′  (1)DP2=SP1′  (2)SA2=DA1  (3)SP2=DP1  (4)where the four parameters DA2, DP2, SA2 and SP2 can be controlled by host C, and DA1 and DP1 can be determined by host A itself, but SA1′ and SP1′ are set by the first firewall 16. If host C and host B are not the same device, Eqs. (2) and (3) won't be satisfied because the IP address DA1 of host B in (3) won't be the same as the IP address SA2 of host C, and the SP1′ in (2) is a parameter of the packet #1 that is only known to host B, and host C has no way to know about it. Of course, host C can guess the value of the SP1′ and set it to DP2, but the probability of guessing right is only 1/65536. In other words, the probability that host C can successfully transmit the packet #2 to host A is (the probability that Eq. (2) is satisfied)×(the probability that Eq. (3) is satisfied)=1/65535×0=0, i.e., impossible.
Moreover, if host D wants to transmit a packet #4 to host A, the four parameters of the packet #4 have to satisfy the following conditions simultaneously for the packet #4 to transverse the first firewall 16 and be transmitted to host A:DA4=SA1′  (5)DP4=SP3′  (6)SA4′=DA3  (7)SP4′=DP3  (8)where the DA3 and DP3 are controlled by host A, and DA4 and DP4 are set by host D, and the IP address SA1′ of the first firewall 16 of the first NAT router 18 and the IP address SA4′ of the second firewall 20 of the second NAT router 21 can be known beforehand. Therefore, Eqs. (5) and (7) can be easily satisfied. Because the packet #3 cannot transverse the second firewall 20, host D cannot know the SP3′ parameter of the packet #3. But Eqs. (6) and (8) can only be satisfied that the first firewall 16 sets the DP3 to the SP4′ value and host D guesses right the SP3′ value. However, the DP3 value cannot be set, and the SP4′ value cannot be known beforehand. Both the probability that the DP3 exactly equals the SP4′ and the probability that host D guesses right the SP3′ value are 1/65536. In other words, the probability that both Eqs. (6) and (8) are satisfied is 1/65536×1/65536=1/4294967296. That is, the probability of successful direct exchange of packets of two users located within two different firewalls 16 and 20 approaches zero.
Therefore, in order to apply to the NAT environment, the present invention proposes a modified traversal method for SIP communication, in which newly defined SIP instructions are added in the SIP communication protocol to build a mechanism that can transverse NAT firewalls. Users of private IP located within different NAT firewalls can thus directly transmit voice packets.