Iptables Tutorial 1.2.2

ОглавлениеДобавить в закладки К обложке

SCTP Common and generic headers

Every SCTP packet contains the Common header as seen above. The header contains four different fields and is set for every SCTP packet.

Source port - bit 0-15. This field gives the source port of the packet, which port it was sent from. The same as for TCP and UDP source port.

Destination port - bit 16-31. This is the destination port of the packet, ie., the port that the packet is going to. It is the same as for the TCP and UDP destination port.

Verification Tag - bit 32-63. The verification tag is used to verify that the packet comes from the correct sender. It is always set to the same value as the value received by the other peer in the Initiate Tag during the association initialization, with a few exceptions:

• An SCTP packet containing an INIT chunk must have the Verification tag set to 0.

• A SHUTDOWN COMPLETE chunk with the T-bit set must have the verification tag copied from the verification tag of the SHUTDOWN-ACK chunk.

• Packets containing ABORT chunk may have the verification tag set to the same verification tag as the packet causing the ABORT.

Checksum - bit 64-95. A checksum calculated for the whole SCTP packet based on the Adler-32 algorithm. Read RFC 2960 - Stream Control Transmission Protocol, appendix B for more information about this algorithm.

All SCTP chunks has a special layout that they all adhere to as can be seen above. This isn't an actual header, but rather a formalized way of how they do look.

Type - bit 0-7. This field specifies the chunk type of the packet, for example is it an INIT or SHUTDOWN chunk or what? Each chunk type has a specific number, and is specified in the image below. Here is a complete list of Chunk types:

Table 2-1. SCTP Types

Chunk Number Chunk Name
Payload Data (DATA)
1 Initiation (INIT)
2 Initiation Acknowledgement (INIT ACK)
3 Selective Acknowledgement (SACK)
4 Heartbeat Request (HEARTBEAT)
5 Heartbeat Acknowledgement (HEARTBEAT ACK)
6 Abort (ABORT)
7 Shutdown (SHUTDOWN)
8 Shutdown Acknowledgement (SHUTDOWN ACK)
9 Operation Error (ERROR)
10 State Cookie (COOKIE ECHO)
11 Cookie Acknowledgement (COOKIE ACK)
12 Reserved for Explicit Congestion Notification Echo (ECNE)
13 Reserved for Congestion Window Reduced (CWR)
14 Shutdown Complete (SHUTDOWN COMPLETE)
15-62 Reserved for IETF
63 IETF-defined chunk extensions
64-126 reserved to IETF
127 IETF-defined chunk extensions
128-190 reserved to IETF
191 IETF-defined chunk extensions
192-254 reserved to IETF
255 IETF-defined chunk extensions

Chunk Flags - bit 8-15. The chunk flags are generally not used but are set up for future usage if nothing else. They are chunk specific flags or bits of information that might be needed for the other peer. According to specifications, flags are only used in DATA, ABORT and SHUTDOWN COMPLETE packets at this moment. This may change however.

Important! A lot of times when you read an RFC, you might run into some old proven problems. The RFC 2960 - Stream Control Transmission Protocol document is one example of this, where they specifically specify that the Chunk flags should always be set to 0 and ignored unless used for something. This is written all over the place, and it begs for problems in the future. If you do firewalling or routing, watch out very carefully for this, since specifications for fields like this may change in the future and hence break at your firewall without any legit reason. This happened before with the implementation of ECN in the IP headers for example. See more in the IP headers section of this chapter.


Логин
Пароль
Запомнить меня