idnits 2.17.1 draft-ietf-sigtran-sctp-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 31 longer pages, the longest (page 10) being 571 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 89 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 4 instances of too long lines in the document, the longest one being 3 characters in excess of 72. ** There is 1 instance of lines with control characters in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 423: '...dler-32 checksum MUST be set by the se...' RFC 2119 keyword, line 575: '...ks. These chunks MUST NOT be multiplex...' RFC 2119 keyword, line 582: '...an SCTP datagram MUST be transmitted i...' RFC 2119 keyword, line 615: '...Verification Tag MUST be set to the va...' RFC 2119 keyword, line 619: '...IT chunk, the transmitter MUST set the...' (185 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: This is to allow vendors to support their own extended parameters not defined by the IETF. It MUST not affect the operation of SCTP. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: This value represents the dedicated buffer space, in number of octets, the sender of the INIT has placed in association with this window. During the life of the association this buffer space SHOULD not be lessened (i.e. dedicated buffers taken away from this association). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: This Chunk type is available to allow vendors to support their own extended data formats not defined by the IETF. It MUST not affect the operation of SCTP. In particular, when adding a Vendor Specific chunk type, the vendor defined chunks MUST obey the congestion avoidance rules defined in this document if they carry user data. User data is defined as any data transported over the association that is delivered to the upper layer of the receiver. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: Note: after sending out INIT ACK with the cookie, "Z" MUST not allocate any resources, nor keep any states for the new association. Otherwise, "Z" will be vulnerable to resource attacks. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: After sending out the INIT ACK, the endpoint shall take no further actions, i.e., the existing association, including its current state, and the corresponding TCB MUST not be changed. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'ASSOCIATE' on line 1733 -- Looks like a reference, but probably isn't: 'TERMINATE' on line 1765 -- Looks like a reference, but probably isn't: 'ABORT' on line 1727 == Unused Reference: '7' is defined on line 4443, but no explicit reference was found in the text == Unused Reference: '10' is defined on line 4451, but no explicit reference was found in the text == Unused Reference: '12' is defined on line 4457, but no explicit reference was found in the text == Unused Reference: '14' is defined on line 4463, but no explicit reference was found in the text ** Obsolete normative reference: RFC 1750 (ref. '1') (Obsoleted by RFC 4086) ** Downref: Normative reference to an Informational RFC: RFC 1950 (ref. '2') ** Obsolete normative reference: RFC 2581 (ref. '3') (Obsoleted by RFC 5681) ** Downref: Normative reference to an Informational RFC: RFC 1321 (ref. '4') -- Possible downref: Non-RFC (?) normative reference: ref. '5' ** Downref: Normative reference to an Experimental RFC: RFC 2522 (ref. '6') ** Obsolete normative reference: RFC 793 (ref. '8') (Obsoleted by RFC 9293) ** Obsolete normative reference: RFC 1700 (ref. '10') (Obsoleted by RFC 3232) ** Obsolete normative reference: RFC 1981 (ref. '12') (Obsoleted by RFC 8201) ** Downref: Normative reference to an Informational RFC: RFC 2196 (ref. '13') ** Obsolete normative reference: RFC 2401 (ref. '14') (Obsoleted by RFC 4301) -- Possible downref: Non-RFC (?) normative reference: ref. '15' Summary: 17 errors (**), 0 flaws (~~), 12 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group R. R. Stewart 2 INTERNET-DRAFT Q. Xie 3 Motorola 4 K. Morneault 5 C. Sharp 6 Cisco 7 H. J. Schwarzbauer 8 Siemens 9 T. Taylor 10 Nortel Networks 11 I. Rytina 12 Ericsson 13 M. Kalla 14 Telcordia 15 L. Zhang 16 UCLA 17 V. Paxson 18 ACIRI 20 expires in six months January 17,2000 22 Simple Control Transmission Protocol 23 25 Status of This Memo 27 This document is an Internet-Draft and is in full conformance with all 28 provisions of Section 10 of RFC 2026. Internet-Drafts are working 29 documents of the Internet Engineering Task Force (IETF), its areas, 30 and its working groups. Note that other groups may also distribute 31 working documents as Internet-Drafts. 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/ietf/1id-abstracts.txt 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html. 39 Stewart, et al [Page 1] 40 Abstract 42 This document describes the Simple Control Transmission Protocol 43 (SCTP). SCTP is designed to transport PSTN signalling messages over 44 IP networks, but is capable of broader applications. 46 SCTP is a reliable datagram transfer protocol operating on top of an 47 unreliable routed packet network such as IP. It offers the following 48 services to its users: 50 -- acknowledged error-free non-duplicated transfer of user data, 51 -- data segmentation to conform to discovered path MTU size, 52 -- sequenced delivery of user messages within multiple streams, 53 with an option for order-of-arrival delivery of individual 54 user messages, 55 -- optional multiplexing of user messages into SCTP datagrams, and 56 -- network-level fault tolerance through supporting of multi-homing 57 at either or both ends of an association. 59 The design of SCTP includes appropriate congestion avoidance behaviour 60 and resistance to flooding and masquerade attacks. 62 Stewart, et al [Page 2] 63 TABLE OF CONTENTS 65 1. Introduction.................................................. 5 66 1.1 Motivation.................................................. 5 67 1.2 Architectural View of SCTP.................................. 6 68 1.3 Functional View of SCTP..................................... 6 69 1.3.1 Association Startup and Takedown........................ 7 70 1.3.2 Sequenced Delivery within Streams....................... 8 71 1.3.3 User Data Segmentation.................................. 8 72 1.3.4 Acknowledgement and Congestion Avoidance................ 8 73 1.3.5 Chunk Multiplex......................................... 9 74 1.3.6 Path Management......................................... 9 75 1.3.7 Message Validation...................................... 9 76 1.4 Recapitulation of Key Terms.................................10 77 1.5 Abbreviations...............................................12 78 2. SCTP Datagram Format..........................................12 79 2.1 SCTP Common Header Field Descriptions.......................13 80 2.2 Chunk Field Descriptions....................................14 81 2.2.1 Optional/Variable-length Parameter Format...............16 82 2.2.2 Vendor-Specific Extension Parameter Format..............16 83 2.3 SCTP Chunk Definitions......................................18 84 2.3.1 Initiation (INIT).......................................18 85 2.3.1.1 Optional or Variable Length Parameters..............20 86 2.3.2 Initiation Acknowledgement (INIT ACK)...................23 87 2.3.2.1 Optional or Variable Length Parameters..............24 88 2.3.3 Selective Acknowledgement (SACK)........................25 89 2.3.4 Heartbeat Request (HEARTBEAT)...........................27 90 2.3.5 Heartbeat Acknowledgment (HEARTBEAT ACK)................28 91 2.3.6 Abort Association (ABORT)...............................29 92 2.3.7 Shutdown Association (SHUTDOWN).........................30 93 2.3.8 Shutdown Acknowledgment (SHUTDOWN ACK)..................30 94 2.3.9 Operation Error (ERROR).................................31 95 2.3.10 Encryption Cookie (COOKIE).............................33 96 2.3.11 Cookie Acknowledgment (COOKIE ACK).....................33 97 2.3.12 Payload Data (DATA)....................................34 98 2.4 Vendor-Specific Chunk Extensions............................35 99 3. SCTP Association State Diagram.................................37 100 4. Association Initialization.....................................39 101 4.1 Normal Establishment of an Association......................39 102 4.1.1 Handle Stream Parameters................................41 103 4.1.2 Handle Address Parameters...............................41 104 4.1.3 Generating Encryption Cookie............................41 105 4.1.4 Cookie Processing.......................................42 106 4.1.5 Cookie Authentication...................................42 107 4.1.6 An Example of Normal Association Establishment..........43 108 4.2 Handle Duplicate INIT, INIT ACK, COOKIE, and COOKIE ACK.....44 109 4.2.1 Handle Duplicate INIT in COOKIE-WAIT 110 or COOKIE-SENT States...................................45 111 4.2.2 Handle Duplicate INIT in Other States...................45 112 4.2.3 Handle Duplicate INIT ACK...............................46 113 4.2.4 Handle Duplicate COOKIE.................................46 114 4.2.5 Handle Duplicate COOKIE-ACK.............................47 116 Stewart, et al [Page 3] 117 4.2.6 Handle Stale COOKIE Error...............................47 118 4.3 Other Initialization Issues.................................48 119 4.3.1 Selection of Tag Value..................................48 120 5. User Data Transfer.............................................48 121 5.1 Transmission of DATA Chunks.................................49 122 5.2 Acknowledgment of Reception of DATA Chunks..................51 123 5.2.1 Tracking Peer's Receive Buffer Space....................52 124 5.3 Management Retransmission Timer.............................52 125 5.3.1 RTO Calculation.........................................52 126 5.3.2 Retransmission Timer Rules..............................53 127 5.3.3 Handle T3-rxt Expiration................................54 128 5.4 Multi-homed SCTP Endpoints..................................55 129 5.4.1 Failover from Inactive Destination Address..............56 130 5.5 Stream Identifier and Sequence Number.......................56 131 5.6 Ordered and Un-ordered Delivery.............................56 132 5.7 Report Gaps in Received DATA TSNs...........................57 133 5.8 Adler-32 Checksum Calculation...............................58 134 5.9 Segmentation................................................59 135 5.10 Bundling and Multiplexing..................................60 136 6. Congestion Control ..........................................60 137 6.1 SCTP Differences from TCP Congestion Control................61 138 6.2 SCTP Slow-Start and Congestion Avoidance....................62 139 6.2.1 Slow-Start..............................................62 140 6.2.2 Congestion Avoidance....................................63 141 6.2.3 Congestion Control......................................63 142 6.2.4 Fast Retransmit on Gap Reports..........................64 143 6.3 Path MTU Discovery..........................................64 144 7. Fault Management..............................................65 145 7.1 Endpoint Failure Detection..................................65 146 7.2 Path Failure Detection......................................66 147 7.3 Path Heartbeat..............................................66 148 7.4 Handle "Out of the blue" Packets............................67 149 7.5 Verification Tag............................................67 150 7.5.1 Exceptions in Verification Tag Rules....................67 151 8. Termination of Association.....................................68 152 8.1 Close of an Association.....................................68 153 8.2 Shutdown of an Association..................................68 154 9. Interface with Upper Layer.....................................69 155 9.1 ULP-to-SCTP.................................................70 156 9.2 SCTP-to-ULP.................................................77 157 10. Security Considerations.......................................80 158 10.1 Security Objectives........................................80 159 10.2 SCTP Responses To Potential Threats........................80 160 10.2.1 Countering Insider Attacks.............................80 161 10.2.2 Protecting against Data Corruption in the Network......80 162 10.2.3 Protecting Confidentiality.............................81 163 10.2.4 Protecting against Blind Denial of Service Attacks.....81 164 10.2.4.1 Flooding...........................................81 165 10.2.4.2 Masquerade.........................................82 166 10.2.4.3 Improper Monopolization of Services................83 167 10.3 Protection against Fraud and Repudiation...................83 168 11. IANA Consideration............................................84 169 11.1 IETF-defined Chunk Extension...............................84 171 Stewart, et al [Page 4] 172 11.2 IETF-defined Chunk Parameter Extension.....................85 173 11.3 IETF-defined Additional Error Causes.......................85 174 11.4 Payload Protocol Identifiers...............................86 175 12. Suggested SCTP Protocol Parameter Values......................86 176 13. Acknowledgments...............................................87 177 14. Authors' Addresses............................................87 178 15. References....................................................88 180 1. Introduction 182 This section explains the reasoning behind the development of the 183 Simple Control Transmission Protocol (SCTP), the services it offers, 184 and the basic concepts needed to understand the detailed description 185 of the protocol. 187 1.1 Motivation 189 TCP [8] has performed immense service as the primary means of reliable 190 data transfer in IP networks. However, an increasing number of recent 191 applications have found TCP too limiting, and have incorporated their 192 own reliable data transfer protocol on top of UDP [9]. The limitations 193 which users have wished to bypass relate both to the intrinsic nature 194 of TCP and to its typical implementation. 196 Intrinsic limitations: 198 -- TCP provides both reliable data transfer and strict order- 199 of-transmission delivery of data. Some applications need reliable 200 transfer without sequence maintenance, while others would be 201 satisfied with partial ordering of the data. In both of these 202 cases the head-of-line blocking offered by TCP causes 203 unnecessary delay. 205 -- The stream-oriented nature of TCP is often an inconvenience. 206 Applications must add their own record marking to delineate 207 their messages, and must make explicit use of the push facility 208 to ensure that a complete message is transferred in a 209 reasonable time. 211 -- The limited scope of TCP sockets complicates the task of 212 providing highly-available data transfer capability using 213 multi-homed hosts. 215 Limitations due to implementation: 217 -- TCP is generally implemented at the operating system level. 218 Kernel limitations may constrain the maximum allowable number 220 Stewart, et al [Page 5] 221 of simultaneous TCP connections to a number far below that 222 required for certain applications. 224 -- TCP implementations do not generally allow the application 225 to control the timers which determine how quickly a connection 226 failure is discovered. Some applications are more critically 227 dependent than others on timely initiation of recovery from 228 such failures. 230 Transport of PSTN signalling across the IP network is an application 231 for which all of these limitations of TCP are relevant. While this 232 application directly motivated the development of SCTP, other 233 applications may find SCTP a good match to their requirements. 235 1.2 Architectural View of SCTP 237 SCTP is viewed as a layer between the SCTP user application ("SCTP 238 user" for short) and an unreliable routed packet network service such 239 as IP. The basic service offered by SCTP is the reliable transfer of 240 user messages between peer SCTP users. It performs this service 241 within the context of an association between two SCTP nodes. Chapter 9 242 of this document sketches the API which should exist at the boundary 243 between the SCTP and the SCTP user layers. 245 SCTP is connection-oriented in nature, but the SCTP association is a 246 broader concept than the TCP connection. SCTP provides the means for 247 each SCTP endpoint (Section 1.4) to provide the other during 248 association startup with a list of transport addresses (e.g. multiple 249 IP addresses in combination with an SCTP port) through which that 250 endpoint can be reached and from which it will originate messages. 251 The association spans transfers over all of the possible 252 source/destination combinations which may be generated from the two 253 endpoint lists. 255 _____________ _____________ 256 | SCTP User | | SCTP User | 257 | Application | | Application | 258 |-------------| |-------------| 259 | SCTP | | SCTP | 260 | Transport | | Transport | 261 | Service | | Service | 262 |-------------| |-------------| 263 | |One or more ---- One or more| | 264 | IP Network |IP address \/ IP address| IP Network | 265 | Service |appearances /\ appearances| Service | 266 |_____________| ---- |_____________| 268 SCTP Node A |<-------- Network transport ------->| SCTP Node B 270 Figure 1: An SCTP Association 272 Stewart, et al [Page 6] 273 1.3 Functional View of SCTP 275 The SCTP transport service can be decomposed into a number of 276 functions. These are depicted in Figure 2 and explained in the 277 remainder of this section. 279 SCTP User Application 281 ..----------------------------------------------------- 282 .. _____________ ____________________ 283 | | | Sequenced delivery | 284 | Association | | within streams | 285 | | |____________________| 286 | startup | 287 ..| | ____________________________ 288 | and | | User Data Segmentation | 289 | | |____________________________| 290 | takedown | 291 ..| | ____________________________ 292 | | | Acknowledgement | 293 | | | and | 294 | | | Congestion Avoidance | 295 ..| | |____________________________| 296 | | 297 | | ____________________________ 298 | | | Chunk Multiplex | 299 | | |____________________________| 300 | | 301 | | ________________________________ 302 | | | Path Management | 303 | | |________________________________| 304 | | 305 | | ________________________________ 306 | | | Message Validation | 307 |______________ |________________________________| 309 Figure 2: Functional View of the SCTP Transport Service 311 1.3.1 Association Startup and Takedown 313 An association is initiated by a request from the SCTP user (see the 314 description of the ASSOCIATE primitive in Chapter 9). 316 A cookie mechanism, taken from that devised by Karn and Simpson in RFC 317 2522 [6], is employed during the initialization to provide protection 318 against security attacks. The cookie mechanism uses a four-way 319 handshaking, but the last two legs of which are allowed to carry user 321 Stewart, et al [Page 7] 322 data for fast setup. The startup sequence is described in chapter 4 of 323 this document. 325 SCTP provides for graceful takedown of an active association on 326 request from the SCTP user. See the description of the TERMINATE 327 primitive in chapter 9. SCTP also allows ungraceful takedown, either 328 on request from the user (ABORT primitive) or as a result of an error 329 condition detected within the SCTP layer. Chapter 8 describes both the 330 graceful and the ungraceful takedown procedures. 332 1.3.2 Sequenced Delivery within Streams 334 The term "stream" is used in SCTP to refer to a sequence of user 335 messages. This is in contrast to its usage in TCP, where it refers to 336 a sequence of bytes. 338 The SCTP user can specify at association startup time the number of 339 streams to be supported by the association. This number is negotiated 340 with the remote end (see section 4.1.1). User messages are associated 341 with stream numbers (SEND, RECEIVE primitives, Chapter 9). Internally, 342 SCTP assigns a stream sequence number to each message passed to it by 343 the SCTP user. On the receiving side, SCTP ensures that messages are 344 delivered to the SCTP user in sequence within a given stream. However, 345 while one stream may be blocked waiting for the next in-sequence user 346 message, delivery from other streams may proceed. 348 SCTP provides a mechanism for bypassing the sequenced delivery 349 service. User messages sent using this mechanism are delivered to the 350 SCTP user as soon as they are received. 352 1.3.3 User Data Segmentation 354 SCTP can segment user messages to ensure that the SCTP datagram 355 passed to the lower layer conforms to the path MTU. Segments are 356 reassembled into complete messages before being passed to the SCTP 357 user. 359 1.3.4 Acknowledgement and Congestion Avoidance 361 SCTP assigns a Transmission Sequence Number (TSN) to each user data 362 segment or unsegmented message. The TSN is independent of any 363 sequence number assigned at the stream level. The receiving end 364 acknowledges all TSNs received, even if there are gaps in the 365 sequence. In this way, reliable delivery is kept functionally separate 366 from sequenced delivery. 368 The Acknowledgement and Congestion Avoidance function is responsible 369 for message retransmission when timely acknowledgement has not been 371 Stewart, et al [Page 8] 372 received. Message retransmission is conditioned by congestion 373 avoidance procedures similar to those used for TCP. See Chapters 5 374 and 6 for a detailed description of the protocol procedures associated 375 with this function. 377 1.3.5 Chunk Multiplex 379 As described in Chapter 2, the SCTP datagram as delivered to the lower 380 layer consists of a common header followed by one or more chunks. Each 381 chunk may contain either user data or SCTP control information. The 382 SCTP user has the option to request "bundling", or multiplexing of 383 more than one user messages into a single SCTP datagram. The chunk 384 multiplex function of SCTP is responsible for assembly of the complete 385 SCTP datagram and its disassembly at the receiving end. 387 1.3.6 Path Management 389 The sending SCTP user is able to manipulate the set of transport 390 addresses used as destinations for SCTP datagrams, through the 391 primitives described in Chapter 9. The SCTP path management function 392 chooses the destination transport address for each outgoing SCTP 393 datagram based on the SCTP user's instructions and the currently 394 perceived reachability status of the eligible destination set. 396 The path management function monitors reachability through heartbeat 397 messages when other message traffic is inadequate to provide this 398 information, and advises the SCTP user when reachability of any far- 399 end transport address changes. The path management function is also 400 responsible for reporting the eligible set of local transport 401 addresses to the far end during association startup, and for reporting 402 the transport addresses returned from the far end to the SCTP user. 404 At association start-up, a primary destination transport address is 405 defined for each SCTP endpoint, and is used for normal sending of SCTP 406 datagrams. 408 On the receiving end, the path management is responsible for verifying 409 the existence of a valid SCTP association to which the inbound SCTP 410 datagram belongs before passing it for further processing. 412 1.3.7 Message Validation 414 A mandatory verification tag and an Adler-32 checksum [2] fields are 415 included in the SCTP common header. The verification tag value is 416 chosen by each end of the association during association startup. 417 Messages received without the verification tag value expected by the 419 Stewart, et al [Page 9] 420 receiver are discarded, as a protection against blind masquerade 421 attacks and against stale datagrams from a previous association. 423 The Adler-32 checksum MUST be set by the sender of each SCTP datagram, 424 to provide additional protection against data corruption in the 425 network beyond that provided by lower layers (e.g. the IP checksum). 427 1.4 Recapitulation of Key Terms 429 The language used to describe SCTP has been introduced in the previous 430 sections. This section provides a consolidated list of the key terms 431 and their definitions. 433 o SCTP user application (SCTP user): The logical higher-layer 434 application entity which uses the services of SCTP, also called 435 the Upper-layer Protocol (ULP). 437 o User message: the unit of data delivery across the interface 438 between SCTP and its user. 440 o SCTP datagram: the unit of data delivery across the interface 441 between SCTP and the unreliable packet network (e.g. IP) which 442 it is using. An SCTP datagram includes the common SCTP header, 443 possible SCTP control chunks, and user data encapsulated within 444 SCTP DATA chunks. 446 o Transport address: an address which serves as a source or 447 destination for the unreliable packet transport service used by 448 SCTP. In IP networks, a transport address is defined by the 449 combination of an IP address and an SCTP port number. 451 Note, only one SCTP port may be defined for each endpoint, 452 but each endpoint may have multiple IP addresses. 454 o SCTP endpoint: the logical sender/receiver of SCTP datagrams. On a 455 multi-homed host, an SCTP endpoint is represented to its peers as a 456 combination of a set of eligible destination transport addresses to 457 which SCTP datagrams can be sent and a set of eligible source 458 transport addresses from which SCTP datagrams can be received. 460 Note, a source or destination transport address can only be 461 included in one unique SCTP endpoint, i.e., it is NOT allowed to 462 have the same SCTP source or destination transport address appear 463 in more than one SCTP endpoint. 465 o SCTP association: a protocol relationship between SCTP endpoints, 466 comprising the two SCTP endpoints and protocol state information 467 including verification tags and the currently active set of 468 Transmission Sequence Numbers (TSNs), etc. 470 o Chunk: a unit of information within an SCTP datagram, consisting of 471 a chunk header and chunk-specific content. 473 o Transmission Sequence Number (TSN): a 32-bit sequence number used 474 internally by SCTP. One TSN is attached to each chunk containing 475 user data to permit the receiving SCTP endpoint to acknowledge its 476 receipt and detect duplicate deliveries. 478 o Stream: a uni-directional logical channel established from one to 479 another associated SCTP endpoints, within which all user messages 480 are delivered in sequence except for those submitted to the 481 un-ordered delivery service. 483 Note: The relationship between stream numbers in opposite 484 directions is strictly a matter of how the applications use 485 them. It is the responsiblity of the SCTP user to create and 486 manage these correlations if they are so desired. 488 o Stream Sequence Number: a 16-bit sequence number used internally by 489 SCTP to assure sequenced delivery of the user messages within a 490 given stream. One stream sequence number is attached to each user 491 message. 493 o Path: the route taken by the SCTP datagrams sent by one SCTP 494 endpoint to a specific destination transport address of its peer 495 SCTP endpoint. Note, sending to different destination transport 496 addresses does not necessarily guarantee getting separate paths. 498 o Bundling: an optional multiplexing operation, whereby more than one 499 user messages may be carried in the same SCTP datagram. Each user 500 message occupies its own DATA chunk. 502 o Outstanding TSN (at an SCTP endpoint): a TSN (and the associated DATA 503 chunk) which have been sent by the endpoint but for which it has not 504 yet received an acknowledgement. 506 o Unacknowledged TSN (at an SCTP endpoint): a TSN (and the associated DATA 507 chunk) which have been received by the endpoint but for which an 508 acknowledgement has not yet been sent. 510 o Receiver Window (rwnd): The most recently calculated receiver 511 window, in number of octets. This gives an indication of the space 512 available in the receiver's inbound buffer. 514 o Congestion Window (cwnd): An SCTP variable that limits the data, in 515 number of octets, a sender can send into the network before 516 receiving an acknowledgment on a particular destination Transport 517 address. 519 o Slow Start Threshold (ssthresh): An SCTP variable. This is the 520 threshold which the endpoint will use to determine whether to 521 perform slow start or congestion avoidance on a particular destination 522 transport address. Ssthresh is in number of octets. 524 o Transmission Control Block (TCB): an internal data structure 525 created by an SCTP endpoint for each of its existing SCTP 526 associations to other SCTP endpoints. TCB contains all the status 527 and operational information for the endpoint to maintain and manage 528 the corresponding association. 530 o Network Byte Order: Most significant byte first, a.k.a Big Endian. 532 1.5. Abbreviations 534 MD5 - MD5 Message-Digest Algorithm [4] 536 RTO - Retransmission Time-out 538 RTT - Round-trip Time 540 RTTVAR - Round-trip Time Variation 542 SCTP - Simple Control Transmission Protocol 544 SRTT - Smoothed RTT 546 TCB - Transmission Control Block 548 TLV - Type-Length-Value Coding Format 550 TSN - Transmission Sequence Number 552 ULP - Upper-layer Protocol 554 2. SCTP Datagram Format 556 An SCTP datagram is composed of a common header and chunks. A chunk 557 contains either control information or user data. 559 The SCTP datagram format is shown below: 561 0 1 2 3 562 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 563 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 564 | Common Header | 565 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 566 | Chunk #1 | 567 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 568 | ... | 569 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 570 | Chunk #n | 571 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 573 Multiple chunks can be multiplexed into one SCTP datagram up to 574 the MTU size, except for the INIT, INIT ACK, and SHUTDOWN ACK 575 chunks. These chunks MUST NOT be multiplexed with any other chunk in a 576 datagram. See Section 5.10 for more details on chunk multiplexing. 578 If an user data message doesn't fit into one SCTP datagram it can be 579 segmented into multiple chunks using the procedure defined in 580 Section 5.9. 582 All integer fields in an SCTP datagram MUST be transmitted in the 583 network byte order, unless otherwise stated. 585 2.1 SCTP Common Header Field Descriptions 587 SCTP Common Header Format 589 0 1 2 3 590 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 591 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 592 | Source Port Number | Destination Port Number | 593 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 594 | Verification Tag | 595 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 596 | Adler-32 Checksum | 597 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 599 Source Port Number: 16 bit u_int 601 This is the SCTP sender's port number. It can be used by the 602 receiver, in combination with the source IP address, to identify the 603 association to which this datagram belongs. 605 Desination Port Number: 16 bit u_int 607 This is the SCTP port number to which this datagram is destined. The 608 receiving endpoint will use this port number to de-multiplex the 609 SCTP datagram to the correct receiving association/application. 611 Verification Tag: 32 bit u_int 613 The receiver of this datagram uses the Verification Tag to validate 614 the sender of this SCTP datagram. On transmit, the value of this 615 Verification Tag MUST be set to the value of the Initiate Tag 616 received from the peer endpoint during the association 617 initialization. 619 For datagrams carrying the INIT chunk, the transmitter MUST set the 620 Verification Tag to all 0's. If the receiver receives a datagram 621 with an all-zeros Verification Tag field, it checks the Chunk ID 622 immediately following the common header. If the Chunk Type is 623 neither INIT nor SHUTDOWN ACK, the receiver MUST drop the datagram. 625 For datagrams carrying the SHUTDOWN ACK chunk, the transmitter 626 SHOULD set the Verification Tag to the Initiate Tag received from 627 the peer endpoint during the association initialization, if known. 628 Otherwise, the Verification Tag MUST be set to all 0's. 630 Adler-32 Checksum: 32 bit u_int 632 This field MUST contain an Adler-32 checksum of this SCTP 633 datagram. Its calculation is discussed in Section 5.8. 635 2.2 Chunk Field Descriptions 637 The figure below illustrates the field format for the chunks to be 638 transmitted in the SCTP datagram. Each chunk is formatted with a Chunk 639 ID field, a chunk-specific Flag field, a Length field, and a Value 640 field. 642 0 1 2 3 643 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 644 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 645 | Chunk ID | Chunk Flags | Chunk Length | 646 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 647 \ \ 648 / Chunk Value / 649 \ \ 650 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 652 Chunk ID: 8 bits, u_int 654 This field identifies the type of information contained in the Chunk 655 Value field. It takes a value from 0x00 to 0xFF. The value of 0xFE 656 is reserved for vendor-specific extensions. The value of 0xFF is 657 reserved for future use as an extension field. Procedures for 658 extending this field by vendors are defined in Section 2.4. 660 The values of Chunk ID are defined as follows: 662 ID Value Chunk Type 663 ----- ---------- 664 00000000 - Payload Data (DATA) 665 00000001 - Initiation (INIT) 666 00000010 - Initiation Acknowledgment (INIT ACK) 667 00000011 - Selective Acknowledgment (SACK) 668 00000100 - Heartbeat Request (HEARTBEAT) 669 00000101 - Heartbeat Acknowledgment (HEARTBEAT ACK) 670 00000110 - Abort (ABORT) 671 00000111 - Shutdown (SHUTDOWN) 672 00001000 - Shutdown Acknowledgment (SHUTDOWN ACK) 673 00001001 - Operation Error (ERROR) 674 00001010 - Encryption Cookie (COOKIE) 675 00001011 - Cookie Acknowledgement (COOKIE ACK) 676 00001100 to 11111101 - reserved by IETF 677 11111110 - Vendor-specific Chunk Extensions 678 11111111 - IETF-defined Chunk Extensions 680 Chunk Flags: 8 bits 682 The usage of these bits depends on the chunk type as given by the 683 Chunk ID. Unless otherwise specified, they are set to zero on 684 transmit and are ignored on receipt. 686 Chunk Length: 16 bits (u_int) 688 This value represents the size of the chunk in octets including the 689 Chunk ID, Flags, Length, and Value fields. Therefore, if the Value 690 field is zero-length, the Length field will be set to 0x0004. The 691 Length field does not count any padding. 693 Chunk Value: variable length 695 The Chunk Value field contains the actual information to be 696 transferred in the chunk. The usage and format of this field is 697 dependent on the Chunk ID. The Chunk Value field MUST be aligned on 698 32-bit boundaries. If the length of the chunk does not align on 699 32-bit boundaries, it is padded at the end with all zero octets. 701 SCTP defined chunks are described in detail in Section 2.3. The 702 guideline for vendor-specific chunk extensions is discussed in Section 703 2.4. And the guidelines for IETF-defined chunk extensions can be found 704 in Section 11.1 of this document. 706 2.2.1 Optional/Variable-length Parameter Format 708 The optional and variable-length parameters contained in a chunk 709 are defined in a Type-Length-Value format as shown below. 711 0 1 2 3 712 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 713 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 714 | Parameter Type | Parameter Length | 715 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 716 \ \ 717 / Parameter Value / 718 \ \ 719 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 721 Parameter Type: 16 bit u_int 723 The Type field is a 16 bit identifier of the type of parameter. It 724 takes a value of 0x0000 to 0xFFFF. 726 The value of 0xFFFE is reserved for vendor-specific extensions if 727 the specific chunk allows such extensions. The value of 0xFFFF is 728 reserved for IETF-defined extensions. Values other than those 729 defined in specific SCTP chunk description are reserved for use by 730 IETF. 732 Parameter Length: 16 bit u_int 734 The Length field contains the size of the parameter in octets, 735 including the Type, Length, and Value fields. Thus, a parameter 736 with a zero-length Value field would have a Length field of 737 0x0004. The Length does not include any padding octets. 739 Parameter Value: variable-length. 741 The Value is dependent on the value of the Type field. The value 742 field MUST be aligned on 32-bit boundaries. If the value field is 743 not aligned on 32-bit boundaries it is padded at the end with all 744 zero octets. The value field must be an integer number of octets. 746 The actual SCTP parameters are defined in the specific SCTP chunk 747 section. The guidelines for vendor-specific parameter extensions are 748 discussed in Section 2.2.2. And the rules for IETF-defined parameter 749 extensions are defined in Section 11.2. 751 2.2.2 Vendor-Specific Extension Parameter Format 753 This is to allow vendors to support their own extended parameters not 754 defined by the IETF. It MUST not affect the operation of SCTP. 756 Endpoints not equipped to interpret the vendor-specific information 757 sent by a remote endpoint MUST ignore it (although it may be 758 reported). Endpoints that do not receive desired vendor-specific 759 information SHOULD make an attempt to operate without it, although 760 they may do so (and report they are doing so) in a degraded mode. 762 A summary of the Vendor-specific extension format is shown below. The 763 fields are transmitted from left to right. 765 0 1 2 3 766 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 767 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 768 | Parameter Type = 0xFFFE | Parameter Length | 769 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 770 | Vendor-Id | 771 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 772 \ \ 773 / Parameter Value / 774 \ \ 775 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 777 Type: 16 bit u_int 779 0xFFFE for all Vendor-Specific parameters. 781 Length: 16 bit u_int 783 Indicate the size of the parameter in octets, including the 784 Type, Length, Vendor-Id, and Value fields. 786 Vendor-Id: 32 bit u_int 788 The high-order octet is 0 and the low-order 3 octets are the 789 SMI Network Management Private Enterprise Code of the Vendor 790 in network byte order, as defined in the Assigned Numbers (RFC 791 1700). 793 Value: variable length 795 The Value field is one or more octets. The actual format of the 796 information is site or application specific, and a robust 797 implementation SHOULD support the field as undistinguished 798 octets. 800 The codification of the range of allowed usage of this field is 801 outside the scope of this specification. 803 It SHOULD be encoded as a sequence of vendor type / vendor length 804 / value fields, as follows. The parameter field is 805 dependent on the vendor's definition of that attribute. An 806 example encoding of the Vendor-Specific attribute using this 807 method follows: 809 0 1 2 3 810 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 811 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 812 | Parameter Type = 0xFFFE | Parameter Length | 813 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 814 | Vendor-Id | 815 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 816 | VS-Type | VS-Length | 817 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 818 / VS-Value / 819 \ \ 820 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 822 VS-Type: 16 bit u_int 824 This field identifies the parameter included in the VS-Value field. 825 It is assigned by the vendor. 827 VS-Length: 16 bit u_int 829 This field is the length of the vendor-specific parameter and 830 Includes the VS-Type, VS-Length and VS-Value (if included) fields. 832 VS-Value: Variable Length 834 This field contains the parameter identified by the VS-Type field. 835 It's meaning is identified by the vendor. 837 2.3 SCTP Chunk Definitions 839 This section defines the format of the different SCTP chunk types. 841 2.3.1 Initiation (INIT) (00000001) 843 This chunk is used to initiate a SCTP association between two 844 endpoints. The format of the INIT message is shown below: 846 0 1 2 3 847 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 848 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 849 |0 0 0 0 0 0 0 1| Chunk Flags | Chunk Length | 850 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 851 | Initiate Tag | 852 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 853 | Advertised Receiver Window Credit (a_rwnd) | 854 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 855 | Number of Outbound Streams | Number of Inbound Streams | 856 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 857 | Initial TSN | 858 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 859 \ \ 860 / Optional/Variable-Length Parameters / 861 \ \ 862 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 864 The INIT chunk contains the following parameters. Unless otherwise 865 noted, each parameter MUST only be included once in the INIT chunk. 867 Fixed Parameters Status 868 ---------------------------------------------- 869 Initiate Tag Mandatory 870 Receiver Window Credit Mandatory 871 Number of Outbound Streams Mandatory 872 Number of Inbound Streams Mandatory 873 Initial TSN Mandatory 875 Variable Parameters Status Type Value 876 ------------------------------------------------------------- 877 IPv4 Address (Note 1) Optional 0x0005 878 IPv6 Address (Note 1) Optional 0x0006 879 Cookie Preservative Optional 0x0009 881 Note 1: The INIT chunks may contain multiple addresses that may be 882 IPv4 and/or IPv6 in any combination. 884 Chunk Flags field in INIT is reserved, and all bits in it should be 885 set to 0 by the sender and ignored by the receiver. The sequence of 886 parameters within an INIT may be processed in any order. 888 Initiate Tag: 32 bit u_int 890 The receiver of the INIT (the responding end) records the value of 891 the Initiate Tag parameter. This value MUST be placed into the 892 Verification Tag field of every SCTP datagram that the responding 893 end transmits within this association. 895 The valid range for Initiate Tag is from 0x1 to 0xffffffff. See 896 Section 4.3.1 for more on the selection of the tag value. 898 If the value of the Initiate Tag in a received INIT chunk is found 899 to be 0x0, the receiver MUST treat it as an error and silently 900 discard the datagram. 902 Advertised Receiver Window Credit (a_rwnd): 32 bit u_int 904 This value represents the dedicated buffer space, in number of 905 octets, the sender of the INIT has placed in association with this 906 window. During the life of the association this buffer space SHOULD 907 not be lessened (i.e. dedicated buffers taken away from this 908 association). 910 Number of Outbound Streams (OS): 16 bit u_int 912 Defines the number of outbound streams the sender of this INIT chunk 913 wishes to create in this association. The value of 0 MUST NOT be 914 used. 916 Number of Inbound Streams (MIS) : 16 bit u_int 918 Defines the maximum number of streams the sender of this INIT chunk 919 allows the peer end to create in this association. The value 0 MUST 920 NOT be used. 922 Initial TSN (I-TSN) : 32 bit u_int 924 Defines the initial TSN that the sender will use. The valid range is 925 from 0x0 to 0xffffffff. This field MAY be set to the value of the 926 Initiate Tag field. 928 Vendor-specific parameters are allowed in INIT. However, they MUST be 929 appended to the end of the above INIT chunks. The format of the 930 vendor-specific parameters MUST follow the Type-Length-value format as 931 defined in Section 2.2.2. In case an endpoint does not support the 932 vendor-specific chunks received, it MUST ignore them. 934 2.3.1.1 Optional/Variable Length Parameters in INIT 936 The following parameters follow the Type-Length-Value format as 937 defined in Section 2.2.1. The IP address fields MUST come after 938 the fixed-length fields defined in the previous Section. 940 Any extensions MUST come after the IP address fields. 942 IPv4 Address Parameter 944 0 1 2 3 945 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 946 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 947 |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1|0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0| 948 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 949 | IPv4 Address | 950 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 952 IPv4 Address: 32 bit 954 Contains an IPv4 address of the sending endpoint. It is binary 955 encoded. 957 IPv6 Address: 959 0 1 2 3 960 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 961 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 962 |0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0|0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0| 963 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 964 | | 965 | IPv6 Address | 966 | | 967 | | 968 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 970 IPv6 Address: 128 bit 972 Contains an IPv6 address of the sending endpoint. It is binary 973 encoded. 975 Combining with the Source Port Number in the SCTP common header, the 976 value passed in an IPv4 or IPv6 Address parameter indicates a 977 transport address the sender of the INIT will support for the 978 association being initiated. That is, during the lifetime of this 979 association, this IP address may appear in the source address field 980 of a datagram sent from the sender of the INIT, and may be used as a 981 destination address of a datagram sent from the receiver of the 982 INIT. 984 More than one IP Address parameters can be included in an INIT 985 chunk when the INIT sender is multi-homed. Moreover, a multi-homed 986 endpoint may have access to different types of network, thus more 987 than one address type may be present in one INIT chunk, i.e., IPv4 988 and IPv6 transport addresses are allowed in the same INIT message. 990 If the INIT contains a least one IP Address parameter, then only the 991 transport address(es) provided within the INIT may be used as 992 destinations by the responding end. If the INIT does not contain any 993 IP Address parameters, the responding end MUST use the source 994 address associated with the received SCTP datagram as its sole 995 destination address for the association. 997 Cookie Preservative 999 The sender of the INIT shall use this parameter to suggest to the 1000 receiver of the INIT for a longer life-span of the Encryption Cookie. 1002 0 1 2 3 1003 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1004 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1005 |0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1|0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0| 1006 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1007 | Suggested Cookie Life-span Increment (msec.) | 1008 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1010 Suggested Cookie Life-span Increment: 32bit u_int 1012 This parameter indicates to the receiver how much increment the 1013 sender wishes the reciever to add to its default cookie life-span. 1015 This optional parameter should be added to the INIT message by the 1016 sender when it re-attempts establishing an association with a peer 1017 to which its first attempt of establishing the association failed 1018 due to a Stale COOKIE error. Note, the receiver MAY choose to ignore 1019 the suggested cookie life-span increase for its own security 1020 reasons. 1022 2.3.2 Initiation Acknowledgement (INIT ACK) (00000010): 1024 The INIT ACK chunk is used to acknowledge the initiation of an SCTP 1025 association. 1027 The parameter part of INIT ACK is formatted similarly to the INIT 1028 chunk. It uses two extra variable parameters: The Encryption Cookie 1029 and the Unrecognized Parameter: 1031 The format of the INIT ACK message is shown below: 1033 0 1 2 3 1034 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1035 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1036 |0 0 0 0 0 0 1 0| Chunk Flags | Chunk Length | 1037 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1038 | Initiate Tag | 1039 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1040 | Receiver Window Credit | 1041 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1042 | Number of Outbound Streams | Number of Inbound Streams | 1043 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1044 | Initial TSN | 1045 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1046 \ \ 1047 / Optional/Variable-Length Parameters / 1048 \ \ 1049 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1051 The INIT ACK contains the following parameters. Unless otherwise 1052 noted, each parameter MUST only be included once in the INIT ACK chunk. 1054 Fixed Parameters Status 1055 ---------------------------------------------- 1056 Initiate Tag Mandatory 1057 Receiver Window Credit Mandatory 1058 Number of Outbound Streams Mandatory 1059 Number of Inbound Streams Mandatory 1060 Initial TSN Mandatory 1061 Variable Parameters Status Type Value 1062 ------------------------------------------------------------- 1063 Encryption Cookie Mandatory 0x0007 1064 IPv4 Address (Note 1) Optional 0x0005 1065 IPv6 Address (Note 1) Optional 0x0006 1066 Unrecognized Parameters Optional 0x0008 1068 Note 1: The INIT ACK chunks may contain any number of IP address 1069 parameters that may be IPv4 and/or IPv6 in any combination. 1071 Same as with INIT, in combination with the Source Port carried in the 1072 SCTP common header, each IP Address parameter in the INIT ACK indicates 1073 to the receiver of the INIT ACK a valid transport address supported by 1074 the sender of the INIT ACK for the lifetime of the association being 1075 initiated. 1077 If the INIT ACK contains at least one IP Address parameter, then only 1078 the transport address(es) explicitly indicated in the INIT ACK may be 1079 used as the destination(s) by the receiver of the INIT ACK. However, 1080 if the INIT ACK contains no IP Address parameter, the receiver of the 1081 INIT ACK MUST take the source IP address associated with this INIT ACK 1082 as its sole destination address for this association. 1084 The Encryption Cookie and Unrecognized Parameters use the Type-Length- 1085 Value format as defined in Section 2.2.1 and are described below. The 1086 other fields are defined the same as their counterparts in the INIT 1087 message. 1089 2.3.2.1 Optional or Variable Length Parameters 1091 Encryption Cookie: variable size, depending on Size of Cookie 1093 This field MUST contain all the necessary state and parameter 1094 information required for the sender of this INIT ACK to create the 1095 association, along with an MD5 digital signature (128-bit). See 1096 Section 4.1.3 for details on Cookie definition. The Cookie MUST be 1097 padded with '0' to the next 32-bit word boundary. The internal 1098 format of the Cookie is implementation-specific. 1100 Unrecognized Parameters: Variable Size. 1102 This parameter is returned to the originator of the INIT message if 1103 the receiver does not recognize one or more Optional TLV parameters 1104 in the INIT chunk. This parameter field will contain the 1105 unrecognized parameters copied from the INIT message complete 1106 with TLV. 1108 Vendor-Specific parameters are allowed in INIT ACK. However, they 1109 MUST be defined using the format described in Section 2.2.2, and be 1110 appended to the end of the above INIT ACK chunks. In case the receiver 1111 of the INIT ACK does not support the vendor-specific parameters 1112 received, it MUST ignore those fields. 1114 2.3.3 Selective Acknowledgement (SACK) (00000011): 1116 This chunk is sent to the remote endpoint to acknowledge received DATA 1117 chunks and to inform the remote endpoint of gaps in the received 1118 subsequences of DATA chunks as represented by their TSNs. 1120 The SACK MUST contain the Cumulative TSN ACK and Advertised Receiver 1121 Window Credit (a_rwnd) parameters. By definition, the value of the 1122 Cumulative TSN ACK parameter is the last TSN received at the time the 1123 Selective ACK is sent, before a break in the sequence of received TSNs 1124 occurs; the next TSN value following this one has not yet been 1125 received at the reporting end. This parameter therefore acknowledges 1126 receipt of all TSNs up to and including the value given. 1128 The handling of the a_rwnd by the receiver of the SACK is diccussed in 1129 detail in Section 5.2.1. 1131 The Selective ACK also contains zero or more fragment reports. Each 1132 fragment report acknowledges a subsequence of TSNs received following 1133 a break in the sequence of received TSNs. By definition, all TSNs 1134 acknowledged by fragment reports are higher than the value of the 1135 Cumulative TSN ACK. 1137 0 1 2 3 1138 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1140 |0 0 0 0 0 0 1 1|Chunk Flags | Chunk Length | 1141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1142 | Cumulative TSN ACK | 1143 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1144 | Advertised Receiver Window Credit (a_rwnd) | 1145 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1146 | Number of Fragments = N | (Reserved) | 1147 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1148 | Fragment #1 Start | Fragment #1 End | 1149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1150 / / 1151 \ ... \ 1152 / / 1153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1154 | Fragment #N Start | Fragment #N End | 1155 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1157 Chunk Flags: 1159 Set to all zeros on transmit and ignored on receipt. 1161 Cumulative TSN ACK: 32 bit u_int 1163 This parameter contains the TSN of the last DATA chunk received in 1164 sequence before a gap. 1166 Advertised Receiver Window Credit (a_rwnd): 32 bit u_int 1167 This field indicates the updated receive buffer space in octets of 1168 the sender of this SACK, see Section 5.11 for details. 1170 Number of Fragments: 16 bit u_int 1172 Indicates the number of TSN fragments included in this Selective 1173 ACK. 1175 Reserved: 16 bit 1177 Must be set to all 0 by the sender and ignored by the receiver. 1179 Fragments: 1181 These fields contain the ack fragments. They are repeated for each 1182 fragment up to the number of fragments defined in the Number of 1183 Fragments field. All DATA chunks with TSNs between the (Cumulative 1184 TSN ACK + Fragment Start) and (Cumulative TSN ACK + Fragment End) of 1185 each fragment are assumed to have been received correctly. 1187 Fragment Start: 16 bit u_int 1189 Indicates the Start offset TSN for this fragment. To calculate the 1190 actual TSN number the Cumulative TSN ACK is added to this 1191 offset number to yield the TSN. This calculated TSN identifies 1192 the first TSN in this fragment that has been received. 1194 Fragment End: 16 bit u_int 1196 Indicates the End offset TSN for this fragment. To calculate the 1197 actual TSN number the Cumulative TSN ACK is added to this 1198 offset number to yield the TSN. This calculated TSN identifies 1199 the TSN of the last DATA chunk received in this fragment. 1201 For example, assume the receiver has the following datagrams newly 1202 arrived at the time when it decides to send a Selective ACK, 1203 ---------- 1204 | TSN=17 | 1205 ---------- 1206 | | <- still missing 1207 ---------- 1208 | TSN=15 | 1209 ---------- 1210 | TSN=14 | 1211 ---------- 1212 | | <- still missing 1213 ---------- 1214 | TSN=12 | 1215 ---------- 1216 | TSN=11 | 1217 ---------- 1218 | TSN=10 | 1219 ---------- 1221 then, the parameter part of the Selective ACK MUST be constructed as 1222 follows (assuming the new a_rwnd is set to 0x1234 by the sender): 1224 +---------------+--------------+ 1225 | Cumulative TSN ACK = 12 | 1226 ----------------+--------------- 1227 | a_rwnd = 0x1234 | 1228 ----------------+--------------- 1229 | num of frag=2 | (rev = 0) | 1230 ----------------+--------------- 1231 |frag #1 strt=2 |frag #1 end=3 | 1232 ----------------+--------------- 1233 |frag #2 strt=5 |frag #2 end=5 | 1234 -------------------------------- 1236 2.3.4 Heartbeat Request (HEARTBEAT) (00000100): 1238 An endpoint should send this chunk to its peer endpoint of the current 1239 association to probe the reachability of a particular destination 1240 transport address defined in the present association. 1242 The parameter field contains the Heartbeat Information which is a 1243 variable length opeque data structure understood only by the sender. 1245 0 1 2 3 1246 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1248 |0 0 0 0 0 1 0 0| Chunk Flags | Heartbeat Length | 1249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1250 \ \ 1251 / Heartbeat Information (Variable-Length) / 1252 \ \ 1253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1255 Chunk Flags: 1257 Set to zero on transmit and ignored on receipt. 1259 Heartbeat Length: 1261 Set to the size of the chunk in octets, including the chunk header 1262 and the Heartbeat Information field. 1264 Heartbeat Information: 1266 defined as a variable-length parameter using the format described in 1267 Section 2.2.1, i.e.: 1269 0 1 2 3 1270 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1271 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1272 | Heartbeat Info Type=1 | HB Info Length | 1273 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1274 / Sender-specific Heartbeat Info / 1275 \ \ 1276 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1278 The Sender-specific Heartbeat Info field should normally include 1279 information about the sender's current time when this HEARTBEAT 1280 message is sent and the destination transport address to which this 1281 HEARTBEAT is sent (see Section 7.3). 1283 2.3.5 Heartbeat Acknowledgment (HEARTBEAT ACK) (00000101): 1285 An endpoint should send this chunk to its peer endpoint as a response 1286 to a Heartbeat Request (see Section 7.3). 1288 The parameter field contains a variable length opeque data structure. 1290 0 1 2 3 1291 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1292 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1293 |0 0 0 0 0 1 0 1| Chunk Flags | Heartbeat Ack Length | 1294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1295 \ \ 1296 / Heartbeat Information (Variable-Length) / 1297 \ \ 1298 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1300 Chunk Flags: 1302 Set to zero on transmit and ignored on receipt. 1304 Heartbeat Ack Length: 1306 Set to the size of the chunk in octets, including the chunk header 1307 and the Heartbeat Information field. 1309 Heartbeat Information: 1311 The values of this field SHALL be copied from the Heartbeat 1312 Information field found in the Heartbeat Request to which this 1313 Heartbeat Acknowledgement is responding. 1315 2.3.6 Abort Association (ABORT) (00000110): 1317 The ABORT chunk is sent to the peer of an association to terminate the 1318 association. The ABORT chunk has no parameters. The sender of ABORT 1319 may bundle one or more ERROR chunks to indicate the reason of abort. 1320 However, if ERROR chunks are bundled with an ABORT, they MUST be 1321 placed before the ABORT chunk in the outbound datagram. 1323 If an endpoint receives an ABORT with a format error or for an 1324 association that doesn't exist, it MUST silently discard it. 1326 0 1 2 3 1327 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1328 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1329 |0 0 0 0 0 1 1 0|Chunk Flags |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0| 1330 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1332 Chunk Flags: 1334 Set to zero on transmit and ignored on receipt. 1336 Some special rules apply to the Verification Tag field of SCTP 1337 datagrams which carry an ABORT, see Section 7.5 for details. 1339 2.3.7 SHUTDOWN (00000111): 1341 An endpoint in an association MUST use this chunk to initiate a 1342 graceful termination of the association with its peer. This chunk has 1343 the following format. 1345 0 1 2 3 1346 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1347 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1348 |0 0 0 0 0 1 1 1|Chunk Flags |0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0| 1349 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1350 | Cumulative TSN ACK | 1351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1353 Chunk Flags: 1355 Set to zero on transmit and ignored on receipt. 1357 Cumulative TSN ACK: 32 bit u_int 1359 This parameter contains the TSN of the last chunk received in 1360 sequence before any gaps. 1362 2.3.8 Shutdown Acknowledgment (SHUTDOWN ACK) (00001000): 1364 This chunk MUST be used to acknowledge the receipt of the SHUTDOWN 1365 chunk at the completion of the shutdown process, see Section 8.2 for 1366 details. 1368 The SHUTDOWN ACK chunk has no parameters. 1370 0 1 2 3 1371 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1372 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1373 |0 0 0 0 1 0 0 0|Chunk Flags |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0| 1374 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1376 Chunk Flags: 1378 Set to zero on transmit and ignored on receipt. 1380 Note: if the endpoint that receives the SHUTDOWN message does not have 1381 a TCB or tag for the sender of the SHUTDOWN, the receiver SHALL still 1382 respond. In such cases, the receiver SHALL send back a stand-alone 1383 SHUTDOWN ACK chunk in an SCTP datagram with the Verification Tag field 1384 of the common header filled with all '0's. 1386 2.3.9 Operation Error (ERROR) (00001001): 1388 This chunk is sent to the other endpoint in the association to notify 1389 certain error conditions. It contains one or more error causes. It has 1390 the following parameters: 1392 0 1 2 3 1393 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1394 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1395 |0 0 0 0 1 0 0 1| Chunk Flags | Length | 1396 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1397 \ \ 1398 / one or more Error Causes / 1399 \ \ 1400 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1402 Chunk Flags: 1404 Set to zero on transmit and ignored on receipt. 1406 Length: 1408 Set to the size of the chunk in octets, including the chunk header 1409 and all the Error Cause fields present. 1411 Error causes are defined as variable-length parameters using the 1412 format described in 2.2.1, i.e.: 1414 0 1 2 3 1415 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1416 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1417 | Cause Code | Cause Length | 1418 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1419 / Cause-specific Information / 1420 \ \ 1421 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1423 Cause Code: 16 bit u_int 1425 Defines the type of error conditions being reported. 1427 Cause Length: 16 bit u_int 1429 Set to the size of the parameter in octets, including the Cause Code, 1430 Cause Length, and Cause-Specific Information fields 1432 Cause-specific Information: variable length 1434 This field carries the details of the error condition. 1436 Currently SCTP defines the following error causes: 1438 Cause of error 1439 --------------- 1440 Invalid Stream Identifier: indicating receiving a DATA sent to a 1441 nonexistent stream. 1443 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1444 | Cause Code=1 | Cause Length=8 | 1445 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1446 | Stream Identifier | (Reserved) | 1447 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1449 Cause of error 1450 --------------- 1451 Missing Mandatory Parameter: indicating that mandatory one or more 1452 TLV parameters are missing in a received INIT or INIT ACK. 1454 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1455 | Cause Code=2 | Cause Length=8+N*2 | 1456 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1457 | Number of missing params=N | 1458 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1459 | Missing Param Type #1 | Missing Param Type #2 | 1460 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1461 | Missing Param Type #N-1 | Missing Param Type #N | 1462 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1464 Each missing mandatory parameter type should be specified. 1466 Cause of error 1467 -------------- 1468 Stale Cookie Error: indicating the receiving of a valid cookie 1469 which is however expired. 1471 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1472 | Cause Code=3 | Cause Length=8 | 1473 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1474 | Measure of Staleness (usec.) | 1475 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1477 The sender of this error cause MAY choose to report how long past 1478 expiration the cookie is, by putting in the Measure of Staleness 1479 field the difference, in microseconds, between the current time and 1480 the time the cookie expired. If the sender does not wish to provide 1481 this information it should set Measure of staleness to 0. 1483 Cause of error 1484 --------------- 1485 Out of Resource: indicating that the sender is out of resource. This 1486 is usually sent in combination with an ABORT. 1488 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1489 | Cause Code=4 | Cause Length=4 | 1490 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1492 Guidelines for IETF-defined Error Cause extensions are discussed in 1493 Section 11.3 of this document. 1495 2.3.10 Encryption Cookie (COOKIE) (00001010): 1497 This chunk is used only during the initialization of an association. 1498 It is sent by the initiator of an association to its peer to complete 1499 the initialization process. This chunk MUST precede any DATA chunk 1500 sent within the association, but MAY be bundled with one or more DATA 1501 chunks in the same datagram. 1503 0 1 2 3 1504 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1505 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1506 |0 0 0 0 1 0 1 0|Chunk Flags | Length | 1507 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1508 | Cookie | 1509 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1511 Chunk Flags: 8 bit 1513 Set to zero on transmit and ignored on receipt. 1515 Length: 16 bit u_int 1517 Set to the size of the chunk in octets, including the 4 octets of 1518 the chunk header and the size of the Cookie. 1520 Cookie: variable size 1522 This field must contain the exact cookie received in a previous INIT 1523 ACK. 1525 2.3.11 Cookie Acknowledgment (COOKIE ACK) (00001011): 1527 This chunk is used only during the initialization of an association. 1528 It is used to acknowledge the receipt of a COOKIE chunk. This chunk 1529 MUST precede any DATA chunk sent within the association, but MAY be 1530 bundled with one or more DATA chunks in the same SCTP datagram. 1532 0 1 2 3 1533 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1534 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1535 |0 0 0 0 1 0 1 1|Chunk Flags |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0| 1536 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1538 Chunk Flags: 1540 Set to zero on transmit and ignored on receipt. 1542 2.3.12 Payload Data (DATA) (00000000): 1544 The following format MUST be used for the DATA chunk: 1546 0 1 2 3 1547 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1548 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1549 |0 0 0 0 0 0 0 0| Reserved|U|B|E| Length | 1550 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1551 | TSN | 1552 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1553 | Stream Identifier S | Stream Sequence Number n | 1554 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1555 | Payload Protocol Identifier | 1556 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1557 \ \ 1558 / User Data (seq n of Stream S) / 1559 \ \ 1560 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1562 Reserved: 5 bits 1563 should be set to all '0's and ignored by the receiver. 1565 U bit: 1 bit 1566 The (U)nordered bit, if set, indicates that this is an unordered 1567 data chunk, and there is NO Stream Sequence Number assigned to this 1568 DATA chunk. Therefore, the receiver MUST ignore the Stream Sequence 1569 Number field. 1571 After reassembly (if necessary), unordered data chunks MUST be 1572 dispatched to the upper layer by the receiver without any attempt of 1573 re-ordering. 1575 Note, if an unordered user message is segmented, each segment of the 1576 message MUST have its U bit set to 1. 1578 B bit: 1 bit 1580 The (B)eginning segment bit, if set, indicates the first segment of 1581 a user message. 1583 E bit: 1 bit 1584 The (E)nding segment bit, if set, indicates the last segment of a 1585 user message. 1587 A non-segmented user message shall have both the B and E bits set 1588 to 1. Setting both B and E bits to 0 indicates a middle segment of a 1589 multi-segment user message, as summarized in the following table: 1591 B E Description 1592 ============================================================ 1593 | 1 0 | First piece of a segmented user message | 1594 +----------------------------------------------------------+ 1595 | 0 0 | Middle piece of a segmented user message | 1596 +----------------------------------------------------------+ 1597 | 0 1 | Last piece of a segmented user message | 1598 +----------------------------------------------------------+ 1599 | 1 1 | Un-segmented Message | 1600 ============================================================ 1602 Length: 16 bits (16 bit u_int) 1604 This field indicates the length of the DATA chunk in octets. It 1605 includes the Type field, the Reserved field, the U and B/E bits, the 1606 Length field, TSN, the Stream Identifier, the Stream Sequence 1607 Number, and the User Data fields. It does not include any padding. 1609 TSN : 32 bits (32 bit u_int) 1611 This value represents the TSN for this DATA chunk. The valid range 1612 of TSN is from 0x0 to 0xffffffff. 1614 Stream Identifier S: 16 bit u_int 1616 Identifies the stream to which the following user data belongs. 1618 Sequence Number n: 16 bit u_int 1620 This value presents the sequence number of the following user 1621 data within the stream S. Valid range is 0x0 to 0xFFFF. 1623 Note, when a user message is segmented by SCTP for transport, the 1624 same sequence number MUST be carried in each of the segments of 1625 the message. 1627 Payload Protocol Identifier: 32 bits (32 bit u_int) 1629 This value represents an application (or upper layer) specified 1630 protocol identifier. This value is passed to SCTP by its upper layer 1631 and sent to its peer. This identifier is not used by SCTP but may be 1632 used by certain network entities as well as the peer application to 1633 identify the type of information being carried in this DATA chunk. 1635 The value 0x0 indicates no application identifier is specified by 1636 the upper layer for this payload data. 1638 User Data: variable length 1640 This is the payload user data. The implementation MUST pad the end 1641 of the data to a 32 bit boundary with 0 octets. Any padding should 1642 NOT be included in the length field. 1644 2.4 Vendor-Specific Chunk Extensions 1646 This Chunk type is available to allow vendors to support their own 1647 extended data formats not defined by the IETF. It MUST not affect the 1648 operation of SCTP. In particular, when adding a Vendor Specific chunk 1649 type, the vendor defined chunks MUST obey the congestion avoidance 1650 rules defined in this document if they carry user data. User data is 1651 defined as any data transported over the association that is delivered 1652 to the upper layer of the receiver. 1654 Endpoints not equipped to interpret the vendor-specific chunk sent by 1655 a remote endpoint MUST ignore it. Endpoints that do not receive 1656 desired vendor specific information SHOULD make an attempt to operate 1657 without it, although they may do so (and report they are doing so) in 1658 a degraded mode. 1660 A summary of the Vendor-Specific Chunk format is shown below. The 1661 fields are transmitted from left to right. 1663 0 1 2 3 1664 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1665 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1666 | Type | Flags | Length | 1667 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1668 | Vendor-Id | 1669 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1670 \ \ 1671 / Value / 1672 \ \ 1673 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1675 Type: 8 bit u_int 1677 0xFE for all Vendor-Specific chunks. 1679 Flags: 8 bit u_int 1681 Vendor specific flags. 1683 Length: 16 bit u_int 1685 Size of this Vendor-Specific chunks in octets, including the Type, 1686 Flags, Length, Vendor-Id, and Value fields. 1688 Vendor-Id: 32 bit u_int 1690 The high-order octet is 0 and the low-order 3 octets are the SMI 1691 Network Management Private Enterprise Code of the Vendor in 1692 network byte order, as defined in the Assigned Numbers (RFC 1700). 1694 Value: Variable length 1696 The Value field is one or more octets. The actual format of the 1697 information is site or application specific, and a robust 1698 implementation SHOULD support the field as undistinguished 1699 octets. 1701 The codification of the range of allowed usage of this field is 1702 outside the scope of this specification. 1704 3. SCTP Association State Diagram 1706 During the lifetime of an SCTP association, the SCTP endpoints 1707 progress from one state to another in response to various events. The 1708 events that may potentially advance an endpoint's state include: 1710 o SCTP user primitive calls, e.g., [ASSOCIATE], [TERMINATE], [ABORT], 1712 o reception of INIT, COOKIE, ABORT, SHUTDOWN, etc. control 1713 chunks, or 1715 o some timeout events. 1717 The state diagram in the figures below illustrates state changes, 1718 together with the causing events and resulting actions. Note that some 1719 of the error conditions are not shown in the state diagram. Full 1720 description of all special cases should be found in the text. 1722 Note, chunk names are given in all capital letters, while parameter 1723 names have the first letter capitalized, e.g., COOKIE chunk type vs. 1724 Cookie parameter. 1726 ----- -------- (frm any state) 1727 / \ / rcv ABORT [ABORT] 1728 rcv INIT | | | ---------- or ---------- 1729 --------------- | v v delete TCB snd ABORT 1730 generate Cookie \ +---------+ delete TCB 1731 snd INIT.ACK ---| CLOSED | 1732 +---------+ 1733 / \ [ASSOCIATE] 1734 / \ --------------- 1735 | | create TCB 1736 | | snd INIT 1737 | | strt init timer 1738 rcv valid COOKIE | v 1739 (1) ---------------- | +------------+ 1740 create TCB | | COOKIE_WAIT| (2) 1741 snd COOKIE.ACK | +------------+ 1742 | | 1743 | | rcv INIT.ACK 1744 | | ----------------- 1745 | | snd COOKIE 1746 | | stop init timer 1747 | | strt cookie timer 1748 | v 1749 | +------------+ 1750 | | COOKIE_SENT| (3) 1751 | +------------+ 1752 | | 1753 | | rcv COOKIE.ACK 1754 | | ----------------- 1755 | | stop cookie timer 1756 v v 1757 +---------------+ 1758 | ESTABLISHED | 1759 +---------------+ 1761 (from any state except CLOSED) 1762 | 1763 | 1764 /--------+--------\ 1765 [TERMINATE] / \ 1766 ----------------- | | 1767 check outstanding | | 1768 data chunks | | 1769 v | 1770 +---------+ | 1771 |SHUTDOWN | | rcv SHUTDOWN 1772 |PENDING | | ---------------- 1773 +---------+ | x 1774 | | 1775 No more outstanding | | 1776 ------------------- | | 1777 snd SHUTDOWN | | 1778 strt shutdown timer | | 1779 v v 1780 +---------+ +-----------+ 1781 (4) |SHUTDOWN | | SHUTDOWN | (5) 1782 |SENT | | RECEIVED | 1783 +---------+ +-----------+ 1784 | | 1785 rcv SHUTDOWN.ACK | | x 1786 ------------------- | |----------------- 1787 stop shutdown timer | | retransmit missing DATA 1788 delete TCB | | send SHUTDOWN.ACK 1789 | | delete TCB 1790 | | 1791 \ +---------+ / 1792 \-->| CLOSED |<--/ 1793 +---------+ 1795 Note: 1797 (1) If the received COOKIE is invalid (i.e., failed to pass the 1798 authentication check), the receiver MUST silently discard the 1799 datagram. Or, if the received COOKIE is expired (see Section 1800 4.1.5), the receiver SHALL send back an ERROR chunk. In either 1801 case, the receiver stays in the CLOSED state. 1803 (2) If the init timer expires, the endpoint SHALL retransmit INIT 1804 and re-start the init timer without changing state. This SHALL be 1805 repeated up to 'Max.Init.Retransmits' times. After that, the 1806 endpoint SHALL abort the initialization process and report the 1807 error to SCTP user. 1809 (3) If the cookie timer expires, the endpoint SHALL retransmit 1810 COOKIE and re-start the cookie timer without changing 1811 state. This SHALL be repeated up to 'Max.Init.Retransmits' 1812 times. After that, the endpoint SHALL abort the initialization 1813 process and report the error to SCTP user. 1815 (4) In SHUTDOWN-SENT state the endpoint SHALL acknowledge any received 1816 DATA chunks without delay 1818 (5) In SHUTDOWN-RECEIVED state, the endpoint MUST NOT accept any new 1819 send request from its SCTP user. 1821 4. Association Initialization 1823 Before the first data transmission can take place from one SCTP 1824 endpoint ("A") to another SCTP endpoint ("Z"), the two endpoints must 1825 complete an initialization process in order to set up an SCTP 1826 association between them. 1828 The SCTP user at an endpoint SHOULD use the ASSOCIATE primitive to 1829 initialize an SCTP association to another SCTP endpoint. 1831 IMPLEMENTATION NOTE: From an SCTP-user's point of view, an 1832 association may be implicitly opened, without an ASSOCIATE primitive 1833 (see 9.1 B) being invoked, by the initiating endpoint's sending of 1834 the first user data to the destination endpoint. The initiating SCTP 1835 will assume default values for all mandatory and optional parameters 1836 for the INIT/INIT ACK. 1838 Once the association is established, unidirectional streams will be 1839 open for data transfer on both ends (see Section 4.1.1). 1841 4.1 Normal Establishment of an Association 1843 The initialization process consists of the following steps (assuming 1844 that SCTP endpoint "A" tries to set up an association with SCTP 1845 endpoint "Z" and "Z" accepts the new association): 1847 A) "A" shall first send an INIT message to "Z". In the INIT, "A" must 1848 provide its security tag "Tag_A" in the Initiate Tag field. Tag_A 1849 SHOULD be a random number in the range of 0x1 to 0xffffffff (see 1850 4.3.1 for Tag value selection). After sending the INIT, "A" starts 1851 the T1-init timer and enters the COOKIE-WAIT state. 1853 B) "Z" shall respond immediately with an INIT ACK message. In the 1854 message, besides filling in other parameters, "Z" must set the 1855 Verification Tag field to Tag_A, and also provide its own security 1856 tag "Tag_Z" in the Initiate Tag field. 1858 Moreover, "Z" MUST generate and send along with the INIT ACK an 1859 Encryption Cookie. See Section 4.1.3 for Encryption Cookie 1860 generation. 1862 Note: after sending out INIT ACK with the cookie, "Z" MUST not 1863 allocate any resources, nor keep any states for the new 1864 association. Otherwise, "Z" will be vulnerable to resource attacks. 1866 C) Upon reception of the INIT ACK from "Z", "A" shall stop the T1-init 1867 timer and leave COOKIE-WAIT state. "A" shall then send the cookie 1868 received in the INIT ACK message in a cookie chunk, restart the 1869 T1-init timer, and enter the COOKIE-SENT state. 1871 Note, the cookie chunk can be bundled with any pending outbound 1872 DATA chunks, but it MUST be the first chunk in the datagram. 1874 D) Upon reception of the COOKIE chunk, Endpoint "Z" will reply with 1875 a COOKIE ACK chunk after building a TCB and marking itself to 1876 the ESTABLISHED state. A COOKIE ACK chunk may be combined with 1877 any pending DATA chunks (and/or SACK chunks), but the COOKIE ACK 1878 chunk must be the first chunk in the datagram. 1880 IMPLEMENTATION NOTE: an implementation may choose to send the 1881 Communication Up notification to the SCTP user upon reception 1882 of a valid COOKIE. 1884 E) Upon reception of the COOKIE ACK, endpoint "A" will move from the 1885 COOKIE-SENT state to the ESTABLISHED state, stopping the T1-init 1886 timer, and it may also notify its ULP about the successful 1887 establishment of the associate with a Communication Up notification 1888 (see Section 9). 1890 Note: DATA chunk MUST NOT be carried in the INIT or INIT ACK message. 1892 Note: T1-init timer shall follow the same rules given in Section 5.3. 1894 Note: if an endpoint receives an INIT, INIT ACK, or COOKIE chunk but 1895 decides not to establish the new association due to missing mandatory 1896 parameters in the received INIT or INIT ACK, invalid parameter values, 1897 or, lack of local resources, it SHALL respond with an ABORT chunk. It 1898 SHOULD also bundle with the ABORT one or more Operational ERROR chunks 1899 to specify the cause of abort, such as the type(s) of the missing 1900 mandatory parameters, etc. The Verification Tag field in the common 1901 header of the outbound abort datagram MUST be set to equal the 1902 Initiate Tag value of the peer. 1904 Note: After the reception of the first data chunk in an association 1905 the receiver MUST immediately respond with a SACK to acknowledge 1906 the data chunk, subsequent acknowledgements should be done as 1907 described in section 5.2. 1909 Note: When an SCTP endpoint sends an INIT or INIT ACK it SHOULD 1910 include all of its transport addresses in the parameter section. This 1911 is because it may NOT be possible to control the "sending" address 1912 that a receiver of an SCTP datagram sees. A receiver thus MUST know 1913 every address that may be a source address for a peer SCTP endpoint, 1914 this assures that the inbound SCTP datagram can be matched to the 1915 proper association. 1917 Note: At the time when the TCB is created, either end MUST set its 1918 internal cumulative TSN acknowledgment point to its peer's Initial TSN 1919 minus one. 1921 4.1.1 Handle Stream Parameters 1923 In the INIT and INIT ACK messages, the sender of the message shall 1924 indicate the number of outbound streams (OS) it wishes to have in the 1925 association, as well as the maximal inbound streams (MIS) it will 1926 accept from the other endpoint. 1928 After receiving these stream configuration information from the other 1929 side, each endpoint shall perform the following check: if the peer's 1930 MIS is less than the endpoint's OS, meaning that the peer is incapable 1931 of supporting all the outbound streams the endpoint wants to 1932 configure, the endpoint MUST either settle with MIS outbound streams, 1933 or abort the association and report to its upper layer the resources 1934 shortage at its peer. 1936 After the association is initialized, the valid outbound stream 1937 identifier range for either endpoint shall be 0 to 1938 min(local OS, remote MIS)-1. 1940 4.1.2 Handle Address Parameters 1942 During the association initialization, an endpoint shall use the 1943 following rules to discover and collect the destination transport 1944 address(es) to its peer. 1946 On reception of an INIT or INIT ACK message, the receiver shall record 1947 any transport addresses specified as parameters in the INIT or INIT 1948 ACK message, and use only these addresses as destination transport 1949 addresses when sending subsequent datagrams to its peer. If no 1950 destination transport addresses are specified in the INIT or INIT ACK 1951 message, then the source address from which the message arrived should 1952 be considered as the only destination transport address to use. 1954 An initial primary destination transport address shall be selected 1955 for either endpoint, using the following rules: 1957 For the initiator: any valid transport address obtained from the 1958 INIT ACK message. If no transport address is specified in the INIT 1959 ACK message, use the source transport address from which the INIT 1960 ACK message arrived. 1962 For the responder: any valid transport address obtained from the 1963 INIT message. If no transport address is specified in the INIT 1964 message, use the source transport address from which the INIT 1965 message arrived. 1967 4.1.3 Generating Encryption Cookie 1969 When sending an INIT ACK as a response to an INIT message, the sender 1970 of INIT ACK should create an Encryption Cookie and send it as part of 1971 the INIT ACK. Inside this Encryption Cookie, the sender should include 1972 a security signature, a time stamp on when the cookie is created, and 1973 the lifespan of the cookie, along with all the information necessary 1974 for it to establish the association. 1976 The following steps SHOULD be taken to generate the cookie: 1978 1) create an association TCB using information from both the received 1979 INIT and the outgoing INIT ACK messages, 1981 2) in the TCB, set the creation time to the current time of day, and 1982 the lifespan to the protocol parameter 'Valid.Cookie.Life', 1984 3) attach a private security key to the TCB and generate a 128-bit MD5 1985 signature from the key/TCB combination (see [4] for details on 1986 MD5), and 1988 4) generate the Encryption Cookie by combining the TCB and the 1989 resultant MD5 signature. 1991 After sending the INIT ACK with the cookie, the sender SHOULD delete 1992 the TCB and any other local resource related to the new association, 1993 so as to prevent resource attacks. 1995 The private key should be a cryptographic quality random number with 1996 a sufficient length. Discussion in RFC 1750 [1] can be helpful in 1997 selection of the key. 1999 4.1.4 Cookie Processing 2001 When an endpoint receives an INIT ACK chunk in response to its INIT 2002 chunk, and the INIT ACK contains an Encryption Cookie parameter, it 2003 MUST immediately send a COOKIE chunk to its peer with the received 2004 cookie. The sender MAY also add any pending DATA chunks to the 2005 message. 2007 The sender shall also start the T1-init timer after sending out 2008 the COOKIE chunk. If the timer expires, the sender shall retransmit 2009 the COOKIE chunk and restart the T1-init timer. This is repeated until 2010 either a COOKIE ACK is received or the endpoint is marked 2011 unreachable (and thus the association enters the CLOSED state). 2013 4.1.5 Cookie Authentication 2015 When an endpoint receives a COOKIE chunk from another endpoint with 2016 which it has no association, it shall take the following actions: 2018 1) compute an MD5 signature using the TCB data carried in the cookie 2019 along with the receiver's private security key, 2021 2) authenticate the cookie as one that it previously generated by 2022 comparing the computed MD5 signature against the one carried in the 2023 cookie. If this comparison fails, the datagram, including the 2024 COOKIE and the attached user data, should be silently discarded, 2026 3) compare the creation time stamp in the cookie to the current local 2027 time, if the elapsed time is longer than the lifespan carried in 2028 the cookie, then the datagram, including the COOKIE and the 2029 attached user data, SHOULD be discarded and the endpoint MUST 2030 transmit a stale cookie operational error to the sending endpoint, 2032 4) if the cookie is valid, create an association to the sender of the 2033 COOKIE message with the information in the TCB data carried in the 2034 COOKIE, and enter the ESTABLISHED state, 2036 5) acknowledge any DATA chunk in the datagram following the rules 2037 defined in Section 5.2, and, 2039 6) send a COOKIE ACK chunk to the sender acknowledging reception of 2040 the cookie. The COOKIE ACK MAY be piggybacked with any outbound 2041 DATA chunk or SACK chunk. 2043 Note that if a COOKIE is received from an endpoint with which the 2044 receiver of the COOKIE has an existing association, the procedures in 2045 section 4.2 should be followed. 2047 4.1.6 An Example of Normal Association Establishment 2049 In the following example, "A" initiates the association and then sends 2050 a user message to "Z", then "Z" sends two user messages to "A" later 2051 (assuming no bundling or segmentation occurs): 2053 Endpoint A Endpoint Z 2055 {app sets association with Z} 2056 (build TCB) 2057 INIT [INIT Tag=Tag_A 2058 & other info] --------\ 2059 (Start T1-init timer) \ 2060 (Enter COOKIE-WAIT state) \---> (compose temp TCB and Cookie_Z) 2062 /--- INIT ACK [Veri Tag=Tag_A, 2063 / INIT Tag=Tag_Z, 2064 (Cancel T1-init timer) <------/ Cookie_Z, & other info] 2065 (destroy temp TCB) 2066 COOKIE [Cookie_Z] -----------\ 2067 (Start T1-init timer) \ 2068 (Enter COOKIE-SENT state) \---> (build TCB enter ESTABLISHED state) 2069 /---- COOKIE-ACK 2070 / 2071 (Cancel T1-init timer, <-----/ 2072 Enter established state) 2073 ... 2074 {app sends 1st user data; strm 0} 2075 DATA [TSN=initial TSN_A 2076 Strm=0,Seq=1 & user data]--\ 2077 (Start T3-rxt timer) \ 2078 \-> 2080 /----- SACK [TSN ACK=init TSN_A,Frag=0] 2081 (Cancel T3-rxt timer) <------/ 2082 ... 2083 ... 2084 {app sends 2 datagrams;strm 0} 2085 /---- DATA 2086 / [TSN=init TSN_Z 2087 <--/ Strm=0,Seq=1 & user data 1] 2088 SACK [TSN ACK=init TSN_Z, /---- DATA 2089 Frag=0] --------\ / [TSN=init TSN_Z +1, 2090 \/ Strm=0,Seq=2 & user data 2] 2091 <------/\ 2092 \ 2093 \------> 2095 Note that If T1-init timer expires at "A" after the INIT or COOKIE 2096 chunks are sent, the same INIT or cookie chunk with the same Initiate 2097 Tag (i.e., Tag_A) or cookie shall be retransmitted and the timer 2098 restarted. This shall be repeated Max.Init.Retransmits times before "A" 2099 considers "Z" unreachable and reports the failure to its upper layer 2100 (and thus the association enters the CLOSED state). When 2101 retransmitting the INIT, the endpoint SHALL following the rules 2102 defined in 5.3 to determine the proper timer value. 2104 4.2 Handle Duplicate INIT, INIT ACK, COOKIE, and COOKIE ACK 2106 At any time during the life of an association (in one of the possible 2107 states) between an endpoint and its peer, one of the setup chunks 2108 may be received from the peer, the receiver shall process such 2109 a duplicate setup chunk as described in this section. 2111 The following scenarios can cause duplicated chunks: 2113 A) The peer has crashed without being detected, and re-started itself 2114 and sent out a new INIT Chunk trying to restore the association, 2116 B) Both sides are trying to initialize the association at about the 2117 same time, 2119 C) The chunk is from a staled datagram that was used to establish 2120 the present association or a past association which is no longer in 2121 existence, or 2123 D) The chunk is a false message generated by an attacker. 2125 In case A), the endpoint shall reset the present association and set a 2126 new association with its peer. Case B) is unique and is discussed in 2127 Section 4.2.1. However, in cases C) and D), the endpoint must retain 2128 the present association. 2130 The rules in the following sections shall be applied in order to 2131 identify and correctly handle these cases. 2133 4.2.1 Handle Duplicate INIT in COOKIE-WAIT or COOKIE-SENT State 2135 This usually indicates an initialization collision, i.e., both 2136 endpoints are attempting at about the same time to establish an 2137 association with the other endpoint. 2139 In such a case, each of the two side shall respond to the other side 2140 with an INIT ACK, with the Verification Tag field of the common header 2141 set to the tag value received from the INIT message, and the Initiate 2142 Tag field set to its own tag value (the same tag used in the INIT 2143 message sent out by itself). Each responder shall also generate a 2144 cookie with the INIT ACK. 2146 After that, no other actions shall be taken by either side, i.e., the 2147 endpoint shall not change its state, and the T1-init timer shall be 2148 let running. The normal procedures for handling cookies will 2149 resolve the duplicate INITs to a single association. 2151 4.2.2 Handle Duplicate INIT in Other States 2153 Upon reception of the duplicated INIT, the receiver shall generate an 2154 INIT ACK with an Encryption Cookie. 2156 In the outbound INIT ACK, the endpoint shall set the Verification Tag 2157 field in the common header to the peer's new tag value (from the 2158 duplicated INIT message), and the Initiate Tag field to its own tag 2159 value (unchanged from the existing association). The included 2160 Encryption Cookie shall be generated using the current time and a 2161 temporary TCB constructed with the information provided in the 2162 duplicated INIT message (see Section 4.1.3). This temporary TCB MUST 2163 be destroyed after the outbound INIT ACK is built. 2165 After sending out the INIT ACK, the endpoint shall take no further 2166 actions, i.e., the existing association, including its current state, 2167 and the corresponding TCB MUST not be changed. 2169 4.2.3 Handle Duplicate INIT ACK 2171 If an INIT ACK is received by an endpoint in any state 2172 other than the COOKIE-WAIT state, the endpoint should discard 2173 the INIT ACK message. A duplicate INIT ACK usually indicates the 2174 processing of an old INIT or duplicated INIT message. 2176 4.2.4 Handle Duplicate Cookie 2178 When a duplicated COOKIE chunk is received in any state for an 2179 existing association the following rules shall be applied: 2181 1) compute an MD5 signature using the TCB data carried in the cookie 2182 along with the receiver's private security key, 2184 2) authenticate the cookie by comparing the computed MD5 signature 2185 against the one carried in the cookie. If this comparison fails, 2186 the datagram, including the COOKIE and the attached user data, 2187 should be silently discarded (this is case C or D above). 2189 3) compare the timestamp in the cookie to the current time, if 2190 the cookie is older than the lifespan carried in the cookie, 2191 the datagram, including the COOKIE and the attached user data, 2192 should be discarded and the endpoint MUST transmit a stale cookie 2193 error to the sending endpoint only if the Verification tags of the 2194 cookie's TCB does NOT match the current tag values in the association 2195 (this is case C or D above). 2197 4) If the cookie proves to be valid, unpack the TCB into a 2198 temporary TCB. 2200 5) If the Verification Tags in the Temporary TCB matches the 2201 Verification Tags in the existing TCB, the cookie is a 2202 duplicate cookie. A cookie ack should be sent to the peer 2203 endpoint but NO update should be made to the existing 2204 TCB. 2206 6) If the the local Verification Tag in the temporary TCB 2207 does not match the local Verification Tag in the existing 2208 TCB, then the cookie is a old stale cookie and does 2209 not correspond to the existing association (case C above). 2210 The datagram should be silently discarded. 2212 7) If the Peers Verification Tag in the temporary TCB does not 2213 match the Peer's Verification Tag in the existing TCB 2214 then a restart of the peer has occurred (case A above). 2215 In such a case, the endpoint should report the restart to its ULP 2216 and respond the peer with a COOKIE ACK message. It shall also 2217 update the Verification Tag, initial TSN, and the destination 2218 address list of the existing TCB with the information from the 2219 temporary TCB. After that the temporary TCB can be discarded. 2221 Furthermore, all the congestion control parameters (e.g., cwnd, 2222 ssthresh) related to this peer shall be reset to their initial 2223 values (see Section 6.2.1). 2225 IMPLEMENTATION NOTE: It is an implementation decision on how 2226 to handle any pending datagrams. The implementation may elect 2227 to either A) send all messages back to its upper layer with the 2228 restart report, or B) automatically re-queue any datagrams 2229 pending by marking all of them as never-sent and assigning 2230 new TSN's at the time of their initial transmissions based upon 2231 the updated starting TSN (as defined in section 5.5). 2233 4.2.5 Handle Duplicate COOKIE-ACK. 2235 At any state other than COOKIE-SENT, an endpoint may receive a 2236 duplicated COOKIE ACK chunk. If so, the chunk should be silently 2237 discarded. 2239 4.2.6 Handle Stale COOKIE Error 2241 A stale cookie error indicates one of a number of possible events: 2243 A) that the association failed to completely setup before the 2244 cookie issued by the sender was processed. 2246 B) an old cookie was processed after setup completed. 2248 C) an old cookie is received from someone that the receiver is 2249 not interested in having a association with and the ABORT 2250 message was lost. 2252 When processing a stale cookie an endpoint should first examine 2253 if an association is in the process of being setup, i.e. the 2254 association is in the COOKIE-SENT state. In all cases if 2255 the association is NOT in the COOKIE-SENT state, the stale 2256 cookie message should be silently discarded. 2258 If the association is in the COOKIE-SENT state, the endpoint may elect 2259 one of the following three alternatives. 2261 1) Send a new INIT message to the endpoint, to generate a new cookie 2262 and re-attempt the setup procedure. 2264 2) Discard the TCB and report to the upper layer the inability of 2265 setting-up the association. 2267 3) Send a new INIT message to the endpoint, adding a cookie 2268 preservative parameter requesting an extentsion on the life time of 2269 the cookie. When calculating the time extension, an implementation 2270 SHOULD use the RTT information measured based on the previous 2271 COOKIE / Stale COOKIE message exchange, and should add no more 2272 than 1 second beyond the measured RTT, due to a long cookie life 2273 time makes the endpoint more subject to a replay attack. 2275 4.3 Other Initialization Issues 2277 4.3.1 Selection of Tag Value 2279 Initiate Tag values should be selected from the range of 0x1 to 2280 0xffffffff. It is very important that the Tag value be randomized to 2281 help protect against "man in the middle" and "sequence number" attacks. 2282 It is suggested that RFC 1750 [1] be used for the Tag randomization. 2284 Moreover, the tag value used by either endpoint in a given association 2285 MUST never be changed during the lifetime of the association. However, 2286 a new tag value MUST be used each time the endpoint tears-down and 2287 then re-establishes the association to the same peer. 2289 5. User Data Transfer 2291 For transmission efficiency, SCTP defines mechanisms for bundling of 2292 small user messages and segmentation of large user messages. 2294 The following diagram depicts the flow of user messages through SCTP. 2296 +--------------------------+ 2297 | User Messages | 2298 +--------------------------+ 2299 SCTP user ^ | 2300 ==================|==|======================================= 2301 | v (1) 2302 +------------------+ +--------------------+ 2303 | SCTP DATA Chunks | |SCTP Control Chunks | 2304 +------------------+ +--------------------+ 2305 ^ | ^ | 2306 | v (2) | v (2) 2307 +--------------------------+ 2308 | SCTP datagrams | 2309 +--------------------------+ 2310 SCTP ^ | 2311 ===========================|==|=========================== 2312 | v 2313 Unreliable Packet Transfer Service (e.g., IP) 2315 Note: 2316 (1) When converting user messages into Data chunks, SCTP sender 2317 will segment user messages larger than the current path MTU 2318 into multiple data chunks. The segmented message will normally 2319 be reassembled from data chunks before delivery to the user by 2320 the SCTP receiver (see Section 5.9 for details). 2322 (2) Multiple data and control chunks may be multiplexed by the 2323 sender into a single SCTP datagram for transmission, as long as 2324 the final size of the datagram does not exceed the current path 2325 MTU. The receiver will de-multiplex the datagram back into 2326 the original chunks. 2328 The segmentation and bundling mechanisms, as detailed in Sections 5.9 2329 and 5.10, are optional to implement by the data sender, but they MUST 2330 be implemented by the data receiver, i.e., an SCTP receiver MUST be 2331 prepared to receive and process bundled or segmented data. 2333 5.1 Transmission of DATA Chunks 2335 The following general rules SHALL be applied by the sender for 2336 transmission and/or retransmission of outbound DATA chunks: 2338 A) At any given time, the sender MUST NOT transmit new data onto any 2339 destination transport address if it has rwnd or more octets of data 2340 outstanding. The outstanding data size is defined as the total size 2341 of ALL data chunks outstanding. 2343 However, regardless of the value of rwnd (including if it is 0), 2344 the sender can always have ONE data packet in flight to the 2345 receiver. This rule allows the sender to probe for a change in rwnd 2346 that the sender missed due to the update having been lost in 2347 transmission from the receiver to the sender. 2349 B) At any given time, the sender MUST NOT transmit new data onto a 2350 given transport address if it has cwnd or more octets of data 2351 outstanding on that transport address. 2353 C) When the time comes for the sender to transmit, before sending 2354 new DATA chunks, the sender MUST first transmit any outstanding 2355 DATA chunks which are marked for retransmission (limited by the 2356 current cwnd). 2358 D) Then, the sender can send out as many new DATA chunks as Rule A and 2359 Rule B above allow. 2361 Note: multiple DATA chunks committed for transmission MAY be 2362 bundled in a single packet, unless bundling is explicitly disallowed 2363 by ULP of the data sender. Furthermore, DATA chunks being 2364 retransmitted MAY be bundled with new DATA chunks, as long as the 2365 resulting packet size does not exceed the path MTU. 2367 Note: before a sender transmits a data packet, if any received DATA 2368 chunks have not been acknowledged (e.g., due to delayed ack), the 2369 sender should create a SACK and bundle it with the outbound DATA 2370 chunk, as long as the size of the final SCTP datagram does not exceed 2371 the current MTU. See Section 5.2. 2373 IMPLEMENTATION Note: when the window is full (i.e., transmission is 2374 disallowed by Rule A and/or Rule B), the sender MAY still accept 2375 send requests from its upper layer, but SHALL transmit no more DATA 2376 chunks until some or all of the outstanding DATA chunks are 2377 acknowledged and transmission is allowed by Rule A and Rule B 2378 again. 2380 Whenever a transmission or retransmission is made, if T3-rxt timer is 2381 not currently running, the sender MUST start the timer. However, if 2382 the timer is already running, the sender SHALL restart the timer ONLY 2383 IF the earliest (i.e., lowest TSN) outstanding DATA chunk is being 2384 retransmitted. 2386 When starting or restarting the T3-rxt timer, the timer value must be 2387 adjusted according to the timer rules defined in Sections 5.3.2, 2388 and 5.3.3. 2390 5.2 Acknowledgment on Reception of DATA Chunks 2392 The SCTP receiver MUST always acknowledge the SCTP sender about the 2393 reception of each DATA chunk. 2395 The guidelines on delayed acknowledgment algorithm specified in 2396 Section 4.2 of RFC 2581 [3] SHOULD be followed. Specifically, an 2397 acknowledgement SHOULD be generated for at least every second datagram 2398 received, and SHOULD be generated within 200 ms of the arrival of any 2399 unacknowledged datagram. 2401 IMPLEMENTATION NOTE: the maximal delay for generating an 2402 acknowledgement may be configured by the SCTP user, either 2403 statically or dynamically, in order to meet the specific 2404 timing requirement of the signaling protocol being carried. 2406 Acknowledgments MUST be sent in SACK control chunks. A SACK chunk can 2407 acknowledge the reception of multiple DATA chunks. See Section 2.3.3 2408 for SACK chunk format. In particular, the SCTP receiver MUST fill in 2409 the Cumulative TSN ACK field to indicate the latest cumulative TSN 2410 number it has received, and any received segments beyond the 2411 Cumulative TSN SHALL also be reported. 2413 Upon reception of the SACK, the data sender MUST adjust its total 2414 outstanding data count and the outstanding data count on those 2415 destination addresses for which one or more data chunks is 2416 acknowledged by the SACK. 2418 The following example illustrates the use of delayed acknowledgments: 2420 Endpoint A Endpoint Z 2422 {App sends 3 messages; strm 0} 2423 DATA [TSN=7,Strm=0,Seq=3] ------------> (ack delayed) 2424 (Start T3-rxt timer) 2426 DATA [TSN=8,Strm=0,Seq=4] ------------> (send ack) 2427 /------- SACK [TSN ACK=8,Frag=0] 2428 (cancel T3-rxt timer) <-----/ 2429 ... 2430 ... 2432 DATA [TSN=9,Strm=0,Seq=5] ------------> (ack delayed) 2433 (Start T3-rxt timer) 2434 ... 2435 {App sends 1 message; strm 1} 2436 (bundle SACK with DATA) 2437 /----- SACK [TSN Ack=9,Frag=0] \ 2438 / DATA [TSN=6,Strm=1,Seq=2] 2439 (cancel T3-rxt timer) <------/ (Start T3-rxt timer) 2440 (ack delayed) 2441 ... 2442 (send ack) 2443 SACK [TSN ACK=6,Frag=0] -------------> (cancel T3-rxt timer) 2445 5.2.1 Tracking Peer's Receive Buffer Space 2447 Whenever a SACK arrives, a new updated a_rwnd arrives with it. This 2448 value represents the amount of buffer space the sender of the SACK, at 2449 the time of transmitting the SACK, has left of its total receive 2450 buffer space (as specified in the INIT/INIT-ACK). After processing the 2451 SACK, the receiver of the SACK must use the following rules to 2452 re-calculate the congestion control rwnd, using the received a_rwnd 2453 value. 2455 A) At the establishment of the association, the endpoint initializes 2456 the congestion control rwnd to the Advertised Receiver Window 2457 Credit (a_rwnd) the peer specified in the INIT or INIT ACK. 2459 B) Any time a new DATA chunk is transmitted to a peer, the endpoint 2460 subtracts the data size of the chunk from the rwnd of that peer. 2462 D) Any time a SACK arrives, the endpoint performs the following: 2464 If all outstanding TSNs are acknowledged by the SACK, adopt 2465 the a_rwnd value in the SACK as the new rwnd. 2467 Otherwise, take the value of the current rwnd, and add to it the 2468 data size of any newly acknowledged TSNs that has its BE bits set 2469 to 11, OR that moved the cumulative TSN point forward. Then, set 2470 the congestion control rwnd to the lesser of the calculated value 2471 and the a_rwnd carried in the SACK. 2473 E) Any time the T3-rxt timer expires causing all outstanding chunks to 2474 be marked for retransmission, add all of the data sizes of those 2475 chunks to the rwnd. 2477 5.3 Management of Retransmission Timer 2479 SCTP uses a retransmission timer T3-rxt to ensure data delivery in the 2480 absence of any feedback from the remote data receiver. The duration of 2481 this timer is referred to as RTO (retransmission timeout). 2483 When the receiver endpoint is multi-homed, the data sender endpoint 2484 will calculate a separate RTO for each different destination transport 2485 addresses of the receiver endpoint. 2487 The computation and management of RTO in SCTP follows closely with how 2488 TCP manages its retransmission timer. To compute the current RTO, an 2489 SCTP sender maintains two state variables per destination transport 2490 address: SRTT (smoothed round-trip time) and RTTVAR (round-trip time 2491 variation). 2493 5.3.1 RTO Calculation 2495 The rules governing the computation of SRTT, RTTVAR, and RTO are 2496 as follows: 2498 C1) Until an RTT measurement has been made for a packet sent 2499 to the given destination transport address, set RTO to the 2500 protocol parameter 'RTO.Initial'. 2502 C2) When the first RTT measurement R is made, set SRTT <- R, 2503 RTTVAR <- R/2, and RTO <- SRTT + 4 * RTTVAR. 2505 C3) When a new RTT measurement R' is made, set 2507 RTTVAR <- (1 - RTO.Beta) * RTTVAR + RTO.Beta * |SRTT - R'| 2508 SRTT <- (1 - RTO.Alpha) * SRTT + RTO.Alpha * R' 2510 Note, the value of SRTT used in the update to RTTVAR is its value 2511 *before* updating SRTT itself using the second assignment. 2513 After the computation, update RTO <- SRTT + 4 * RTTVAR. 2515 C4) When data is in flight and when allowed by rule C5 below, a new 2516 RTT measurement MUST be made each round trip. Furthermore, 2517 it is RECOMMENDED that new RTT measurements should be made no 2518 more than once per round-trip for a given destination transport 2519 address. There are two reasons for this recommendation: first, 2520 it appears that measuring more frequently often does not in 2521 practice yield any significant benefit [5]; second, if 2522 measurements are made more often, then the values of RTO.Alpha and 2523 RTO.Beta in rule C3 above should be adjusted so that SRTT and 2524 RTTVAR still adjust to changes at roughly the same rate (in terms 2525 of how many round trips it takes them to reflect new value) as 2526 they would if making only one measurement per round-trip and 2527 using RTO.Alpha and RTO.Beta as given in rule C3. However, the 2528 exact nature of these adjustments remains a research issue. 2530 C5) Karn's algorithm: RTT measurements MUST NOT be made using 2531 packets that were retransmitted (and thus for which it is 2532 ambiguous whether the reply was for the first instance of the 2533 packet or a later instance). 2535 C6) Whenever RTO is computed, if it is less than RTO.Min seconds 2536 then it is rounded up to RTO.Min seconds. The reason for this 2537 rule is that RTOs that do not have a high minimum value are 2538 susceptible to unnecessary timeouts [5]. 2540 C7) A maximum value may be placed on RTO provided it is at least 2541 60 seconds. 2543 There is no requirement for the clock granularity G used for computing 2544 RTT measurements and the different state variables, other than 2546 G1) Whenever RTTVAR is computed, if RTTVAR = 0, then adjust 2547 RTTVAR <- G. 2549 Experience [5] has shown that finer clock granularities (<= 100 msec) 2550 perform somewhat better than more coarse granularities. 2552 5.3.2 Retransmission Timer Rules 2554 The rules for managing the retransmission timer are as follows: 2556 R1) Every time a packet containing data is sent (including a 2557 retransmission), if the T3-rxt timer is not running, start it 2558 running so that it will expire after RTO seconds. The RTO 2559 used here is that obtained after any doubling due to 2560 previous T3-rxt timer expirations on the coresponding destination 2561 address as discussed in rule E2 below. 2563 R2) Whenever all outstanding data has been acknowledged, turn off the 2564 T3-rxt timer. 2566 R3) Whenever a SACK is received that acknowledges new data chunks 2567 including the one with the earliest outstanding TSN (i.e., moving 2568 the cumulative ACK point forward), restart T3-rxt timer with the 2569 current RTO. 2571 The following example shows the use of various timer rules (assuming 2572 the receiver uses delayed acks). 2574 Endpoint A Endpoint Z 2575 {App begins to send} 2576 Data [TSN=7,Strm=0,Seq=3] ------------> (ack delayed) 2577 (Start T3-rxt timer) 2578 {App sends 1 message; strm 1} 2579 (bundle ack with data) 2580 DATA [TSN=8,Strm=0,Seq=4] ----\ /-- SACK [TSN ACK=7,Frag=0] \ 2581 \ / DATA [TSN=6,Strm=1,Seq=2] 2582 \ / (Start T3-rxt timer) 2583 \ 2584 / \ 2585 (Re-start T3-rxt timer) <------/ \--> (ack delayed) 2586 (ack delayed) 2587 ... 2588 {send ack} 2589 SACK [TSN ACK=6,Frag=0] --------------> (Cancel T3-rxt timer) 2590 .. 2591 (send ack) 2592 (Cancel T3-rxt timer) <-------------- SACK [TSN ACK=8,Frag=0] 2594 5.3.3 Handle T3-rxt Expiration 2596 Whenever the retransmission timer T3-rxt expires on a destination 2597 address, do the following: 2599 E1) On the destination address where the timer expires, adjust its 2600 ssthresh with rules defined in Section 6.2.3 and set the 2601 cwnd <- MTU. 2603 E2) On the destination address where the timer expires, set 2604 RTO <- RTO * 2 ("back off the timer"). The maximum value discussed 2605 in rule C7 above may be used to provide an upper bound to this 2606 doubling operation. 2608 E3) Determine how many of the earliest (i.e., lowest TSN) outstanding 2609 Data chunks will fit into a single packet, subject to the MTU 2610 constraint for the path corresponding to the destination transport 2611 address where the retransmission is being sent to (this may be 2612 different from the address where the timer expires [see Section 2613 5.4]). Call this value K. Bundle and retransmit those K data 2614 chunks in a single packet to the address. Note, the sender is 2615 allowed not to bundle, but only retransmit the earliest chunk in 2616 the outbound packet. 2618 E4) Start the retransmission timer T3-rxt on the destination address 2619 to where the retransmission is sent, if rule R1 above indicates to 2620 do so. Note, the RTO to be used for starting T3-rxt should be the 2621 one of the destination address to where the retransmission is 2622 sent, which, when the receiver is multi-homed, may be different 2623 from the destination address where the timer expired (see Section 2624 5.4 below). 2626 Note that after retransmitting, once a new RTT measurement is obtained 2627 (which can happen only when new data has been sent and acknowledged, 2628 per rule C5, or for a measurement made from a Heartbeat [see Section 2629 7.3]), the computation in rule C3 is performed, including the 2630 computation of RTO, which may result in "collapsing" RTO back down 2631 after it has been subject to doubling (rule E2). 2633 The final rule for managing the retransmission timer concerns failover 2634 (see Section 5.4.1): 2636 F1) Whenever SCTP switches from the current destination transport 2637 address to a different one, the current retransmission timer is 2638 left running. As soon as SCTP transmits a packet containing data 2639 to the new transport address, restart the timer, using the RTO 2640 value for the path to the new address, if rule R1 indicates to 2641 do so. 2643 5.4 Multi-homed SCTP Endpoints 2645 An SCTP endpoint is considered multi-homed if there are more than one 2646 transport addresses that can be used as a destination address to reach 2647 that endpoint. 2649 Moreover, at the sender side, one of the multiple destination 2650 addresses of the multi-homed receiver endpoint shall be selected as 2651 the primary destination transport address by the UPL (see Sections 2652 4.1.2 and 9.1 for details). 2654 When the SCTP sender is transmitting to the multi-homed receiver, by 2655 default the transmission SHOULD always take place on the primary 2656 transport address, unless the SCTP user explicitly specifies the 2657 destination transport address to use. 2659 The acknowledgement SHOULD be transmitted to the same destination 2660 transport address from which the DATA or control chunk being 2661 acknowledged were received. 2663 However, when acknowledging multiple DATA chunks in a single SACK, the 2664 SACK message may be transmitted to one of the destination transport 2665 addresses from which the DATA or control chunks being acknowledged 2666 were received. 2668 Furthermore, when the receiver is multi-homed, the SCTP data sender 2669 SHOULD try to retransmit a chunk to an active destination transport 2670 address that is different from the last destination address where the 2671 data chunk was sent to. 2673 Note, retransmissions do not affect the total outstanding data 2674 count. However, if the data chunk is retransmitted onto a different 2675 destination address, both the outstanding data counts on the new 2676 destination address and the old destination address where the data 2677 chunk was last sent to shall be adjusted accordingly. 2679 5.4.1 Failover from Inactive Destination Address 2681 Some of the destination transport addresses of a multi-homed SCTP data 2682 receiver may become inactive due to either the occurrance of certain 2683 error conditions (see Section 7.2) or adjustments from SCTP user. 2685 When there is outbound data to send and the primary destination 2686 transport address becomes inactive (e.g., due to failures), or where 2687 the SCTP user explicitly requests to send data to an inactive 2688 destination transport address, before reporting an error to its ULP, 2689 the SCTP sender should try to send the data to an alternate active 2690 destination transport address if one exists. 2692 5.5 Stream Identifier and Sequence Number 2694 Every DATA chunk MUST carry a valid stream identifier. If a DATA chunk 2695 with an invalid stream identifier is received, the receiver shall, 2696 after acknowledging the reception of the DATA chunk following the normal 2697 procedure, respond immediately with an ERROR message with cause set to 2698 Invalid Stream Identifier (see Section 2.3.9) and discard the DATA 2699 chunk. 2701 The stream sequence number in all the streams shall start from 0x0 2702 when the association is established. Also, when the stream sequence 2703 number reaches the value 0xffff the next sequence number shall be set 2704 to 0x0. 2706 5.6 Ordered and Un-ordered Delivery 2708 By default the SCTP receiver shall ensure the DATA chunks within any 2709 given stream be delivered to the upper layer according to the order of 2710 their stream sequence number. If there are DATA chunks arriving out of 2711 order of their stream sequence number, the receiver MUST hold the 2712 received DATA chunks from delivery until they are re-ordered. 2714 However, an SCTP sender can indicate that no ordered delivery is 2715 required on a particular DATA chunk within the stream by setting the U 2716 flag of the DATA chunk to 1. 2718 In this case, the receiver must bypass the ordering mechanism and 2719 immediately delivery the data to the upper layer (after re-assembly if 2720 the user data is segmented by the sender). 2722 This provides an effective way of transmitting "out-of-band" data in a 2723 given stream. Also, a stream can be used as an "unordered" stream by 2724 simply setting the U flag to 1 in all outbound DATA chunks sent 2725 through that stream. 2727 IMPLEMENTATION NOTE: when sending an unordered DATA chunk, an 2728 implementation may choose to place the DATA chunk in an outbound 2729 datagram that is at the head of the outbound transmission queue if 2730 possible. 2732 Note that the 'Sequence Number' field in an un-ordered data chunk has 2733 no significance; the sender can fill it with arbitrary value, but the 2734 receiver MUST ignore the field. 2736 5.7 Report Gaps in Received DATA TSNs 2738 Upon the reception of a new DATA chunk, an SCTP receiver shall examine 2739 the continuity of the TSNs received. If the receiver detects that gaps 2740 exist in the received DATA chunk sequence, an SACK with fragment 2741 reports shall be sent back immediately. 2743 Based on the segment reports from the SACK, the data sender can 2744 calculate the missing DATA chunks and make decisions on whether to 2745 retransmit them (see Section 5.3 for details). 2747 Multiple gaps can be reported in one single SACK (see Section 2.3.3). 2749 Note that when the data sender is multi-homed, the SCTP receiver 2750 SHOULD always try to send the SACK to the same network from where the 2751 last DATA chunk was received. 2753 Upon the reception of the SACK, the data sender SHALL remove all DATA 2754 chunks which have been acknowledged by the SACK. The data sender MUST 2755 also treat all the DATA chunks which fall into the gaps between the 2756 fragments reported by the SACK as "missing". The number of "missing" 2757 reports for each outstanding DATA chunk MUST be recorded by the data 2758 sender in order to make retransmission decision, see Section 6.2.4 for 2759 details. 2761 The following example shows the use of SACK to report a gap. 2763 Endpoint A Endpoint Z 2764 {App sends 3 messages; strm 0} 2765 DATA [TSN=6,Strm=0,Seq=2] ---------------> (ack delayed) 2766 (Start T3-rxt timer) 2768 DATA [TSN=7,Strm=0,Seq=3] --------> X (lost) 2770 DATA [TSN=8,Strm=0,Seq=4] ---------------> (gap detected, 2771 immediately send ack) 2772 /----- SACK [TSN ACK=6,Frag=1, 2773 / Strt=2,End=2] 2774 <-----/ 2775 (remove 6 and 8 from out-queue, 2776 and strike 7 as "1" missing report) 2778 Note: in order to keep the size of the outbound SCTP datagram not to 2779 exceed the current path MTU, the maximal number of fragments that can 2780 be reported within a single SACK chunk is limited. When a single SACK 2781 can not cover all the fragments needed to be reported due to the MTU 2782 limitation, the endpoint SHALL send only one SACK, reporting the 2783 fragments from the lowest to highest TSNs, within the size limit set 2784 by the MTU, and leave the remaining highested TSN fragment numbers 2785 unacknowledged. 2787 5.8 Adler-32 Checksum Calculation 2789 When sending an SCTP datagram, the sender MUST strengthen the data 2790 integrity of the transmission by including the Adler-32 checksum 2791 value calculated on the datagram, as described below. 2793 After the datagram is constructed (containing the SCTP common header 2794 and one or more control or DATA chunks), the sender shall: 2796 1) fill in the proper Verification Tag in the SCTP common header and 2797 intialize the Adler-32 checksum filed to 0's. 2799 2) calculate the Adler-32 checksum of the whole datagram, including the 2800 SCTP common header and all the chunks. Refer to Sections 8.2 and 9 2801 in [2] for details of the Adler-32 algorithm. And, 2803 3) put the resultant value into the Adler-32 checksum field in the 2804 common header, and leave the rest of the bits unchanged. 2806 When an SCTP datagram is received, the receiver MUST first check the 2807 Adler-32 checksum: 2809 1) store the received Adler-32 checksum value aside, 2811 2) replace the 32 bits of the Adler-32 checksum field in the received 2812 SCTP datagram with all '0's and calculate an Adler-32 checksum 2813 value of the whole received datagram. And, 2815 3) verify that the calculated Adler-32 checksum is the same as the 2816 received Adler-32 checksum, If not, the receiver MUST treat the 2817 datagram as an invalid SCTP datagram. 2819 The default procedure of handling invalid SCTP datagrams is to 2820 silently discard them. 2822 5.9 Segmentation 2824 Segmentation MUST be performed by the data sender if the user message 2825 to be sent has a large size that causes the outbound SCTP datagram 2826 size exceeding the current MTU. 2828 Note, if the data receiver is multi-homed, the sender shall choose a 2829 size no larger than the latest MTU of the current primary destination 2830 address. 2832 When determining when to segment, the SCTP implementation MUST take 2833 into account the SCTP datagram header as well as the DATA chunk 2834 header. The implementation MAY also take account of the space required 2835 for a SACK chunk. 2837 IMPLEMENTATION NOTE: if segmentation is not support by the sender, 2838 an error should be reported to the sender's SCTP user if the data to be 2839 sent has a size exceeding the current MTU. In such cases the Send 2840 primitive discussed in Section 9.1 would need to return an error 2841 to the upper layer. 2843 Segmentation takes the following steps: 2845 1) the data sender SHALL break the large user message into a series of 2846 DATA chunks, such that each of the chunks can be fit into an IP 2847 datagram smaller than or equal to the current MTU, 2849 2) the data sender MUST then assign, in sequence, a separate TSN to 2850 each of the DATA chunks in the series, 2852 3) the data sender MUST also set the B/E bits of the first DATA chunk 2853 in the series to '10', the B/E bits of the last DATA chunk in the 2854 series to '01', and the B/E bits of all other DATA chunks in the 2855 series to '00'. 2857 The data receiver MUST recognize the segmented DATA chunks, by 2858 examining the B/E bits in each of the received DATA chunks, and queue 2859 the segmented DATA chunks for re-assembly. Then, it shall pass the 2860 re-assembled user message to the specific stream for possible 2861 re-ordering and final dispatching. 2863 Note, if the data receiver runs out of buffer space while still 2864 waiting for more segments to complete the re-assembly of the message, 2865 it should dispatch part of its inbound message through a partial 2866 delivery API (see Section 9), freeing some of its receive buffer space 2867 so that the rest of the message may be received. 2869 5.10 Bundling and Multiplexing 2871 An SCTP sender achieves data bundling by simply including multiple 2872 DATA chunks in one outbound SCTP datagram. Note that the total size of 2873 the resultant IP datagram, including the SCTP datagram and IP headers, 2874 MUST be less or equal to the current MTU. 2876 Note, if the data receiver is multi-homed, the sender shall choose a 2877 size no larger than the latest MTU of the current primary destination 2878 address. 2880 When multiplexing control chunks with DATA chunks, control chunks have 2881 the priority and MUST be placed first in the outbound SCTP datagram 2882 and be transmitted first. The transmitter MUST transmit DATA chunks 2883 within a SCTP datagram in increasing order of TSN. 2885 Partial chunks MUST NOT be placed in a SCTP datagram. 2887 The receiver MUST process the chunks in order in the datagram. The 2888 receiver uses the chunk length field to determine the end of a chunk 2889 and beginning of the next chunk taking account of the fact that all 2890 chunks end on a thirty-two-bit word boundary. If the receiver detects 2891 a partial chunk, it MUST drop the chunk. 2893 6. Congestion control 2895 Congestion control is one of the basic functions in the SCTP protocol. 2896 For some applications, it may be likely that adequate resources will 2897 be allocated to SCTP traffic to assure prompt delivery of 2898 time-critical SCTP data - thus it would appear to be unlikely, during 2899 normal operations, that SCTP transmissions encounter severe congestion 2900 condition. However SCTP must prepare itself for adverse operational 2901 conditions, which can develop upon partial network failures or 2902 unexpected traffic surge. In such situations SCTP must follow correct 2903 congestion control steps to recover from congestion quickly in order 2904 to get data delivered as soon as possible. In the absence of network 2905 congestion, these preventive congestion control algorithms should show 2906 no impact on the protocol performance. 2908 IMPLEMENTATION NOTE: as far as its specific performance requirements 2909 are met, an implementation is always allowed to adopt a more 2910 conservative congestion control algorithm than the one defined 2911 below. 2913 The congestion control algorithms used by SCTP are based on RFC 2581 2914 [3], "TCP Congestion Control". This section describes how the 2915 algorithms defined in RFC 2581 are adopted for use in SCTP. We first 2916 list differences in protocol designs between TCP and SCTP, and then 2917 describe SCTP's congestion control scheme. The description will use 2918 the same terminology as in TCP congestion control whenever 2919 appropriate. 2921 6.1 SCTP Differences from TCP Congestion control 2923 One difference between SCTP and TCP is that Selective Acknowledgment 2924 function (SACK) is designed into SCTP, rather than an enhancement that 2925 is added to the protocol later as is the case for TCP. SCTP SACK 2926 carries different semantic meanings from that of TCP SACK. TCP 2927 considers the information carried in the SACK as advisory information 2928 only. In SCTP, any DATA chunk that has been acknowledged by SACK, 2929 including DATA that arrived at the receiving end out of order, are 2930 considered having been delivered to the destination application, and 2931 the sender is free to discard the local copy. Consequently, the value 2932 of cwnd controls the amount of outstanding data, rather than the upper 2933 bound between the highest acknowledged sequence number and the latest 2934 DATA chunk that can be sent within the congestion window, as is the 2935 case in TCP. SCTP SACK leads to different implementations of 2936 fast-retransmit and fast-recovery from that of TCP. 2938 The biggest difference between SCTP and TCP, however, is multi-homing. 2939 SCTP is designed to establish robust communication associations 2940 between two end points each of which may be reachable by more than one 2941 transport address. Potentially different addresses may lead to 2942 distinguished data paths between the two points, thus ideally one may 2943 need a separate set of congestion control parameters for each of the 2944 paths. The treatment here of congestion control for multihomed 2945 receivers is new with SCTP and may require refinement in the 2946 future. The current algorithms make the following assumptions: 2948 o The sender always uses the same destination address until being 2949 instructed by the upper layer otherwise. 2951 o The sender keeps a separate congestion control parameter set for each 2952 of the destination addresses. The parameters should decay if the 2953 address is not used for a long enough time period. 2955 o For each of the destination addresses, do slow-start upon the first 2956 transmission to that address. 2958 6.2 SCTP Slow-Start and Congestion Avoidance 2960 The slow start and congestion avoidance algorithms MUST be used by a 2961 SCTP sender to control the amount of outstanding data being injected 2962 into the network. The congestion control in SCTP is employed in regard 2963 to the association, not to an individual stream. In some situations it 2964 may be beneficial for an SCTP sender to be more conservative than the 2965 algorithms allow, however an SCTP sender MUST NOT be more aggressive 2966 than the following algorithms allow. 2968 Like TCP, an SCTP sender uses the following three control variables to 2969 regulate its transmission rate. 2971 o Receiver advertised window size (rwnd, in octets), which is set by 2972 the receiver based on its available buffer space for incoming packets. 2974 o Congestion control window (cwnd, in octets), which is adjusted by 2975 the sender based on observed network conditions. 2977 o Slow-start threshold (ssthresh, in octets), which is used by the 2978 sender to distinguish slow start and congestion avoidance phases. 2980 SCTP also requires one additional control variable, partial_bytes_acked, 2981 which is used during congestion avoidance phase to facilitate cwnd 2982 adjustment. 2984 6.2.1 Slow-Start 2986 Beginning data transmission into a network with unknown conditions 2987 requires SCTP to probe the network to determine the available capacity. 2988 The slow start algorithm is used for this purpose at the beginning of a 2989 transfer, or after repairing loss detected by the retransmission timer. 2991 o The initial cwnd before data transmission or after a sufficiently 2992 long idle period MUST be <= 2*MTU. 2994 o The initial cwnd after a retransmission timeout MUST be no more 2995 than 1*MTU. 2997 o The initial value of ssthresh MAY be arbitrarily high (for example, 2998 some implementations use the size of the receiver advertised window). 3000 o Whenever cwnd is greater than zero, the sender is allowed to have cwnd 3001 octets of data outstanding on that transport address. 3003 o When cwnd is less than or equal to ssthresh an SCTP sender MUST use 3004 the slow start algorithm to increase cwnd (assuming the current 3005 congestion window is being fully utilized). If the incoming SACK 3006 advances the cumulative TSN, cwnd MUST be increased by at most the 3007 lesser of 1) the total size of the previously outstanding DATA 3008 chunk(s) covered by this advancement of the cumulative TSN, and 2) 3009 the current MTU. This prevents against the ACK-Splitting attack 3010 outlined in [15]. 3012 NOTE: because an SCTP data sender's cwnd is not tied to its 3013 cumulative TSN point, as duplicate SACKs come in, even though they 3014 may not advance the cumulative TSN point an SCTP sender can still 3015 use them to clock out new data. That is, the data newly 3016 acknowledged by the SACK diminishes the amount of data now in 3017 flight to less than cwnd; and so the current, unchanged value of 3018 cwnd now allows new data to be sent. On the other hand, the 3019 increase of cwnd must be tied to the cumulative TSN advancement as 3020 specified above. Otherwise the duplicate SACKs will not only clock 3021 out new data, but also will adversely clock out *more* new data 3022 than what has just left the network, during a time of possible 3023 congestion. 3025 o When the sender does not transmit data on a given transport address, 3026 the cwnd of the transport address should be adjusted to 3027 max(cwnd / 2, 2*MTU) per RTO. 3029 6.2.2 Congestion Avoidance 3031 When cwnd is greater than ssthresh, cwnd should be incremented 3032 by 1*MTU per RTT if the sender has cwnd or more octets of data 3033 outstanding on the corresponding transport address. 3035 In practice an implementation can achieve this goal in the 3036 following way: 3038 o partial_bytes_acked is initialized to 0. 3040 o Whenever cwnd is greater than ssthresh, upon each SACK arrival, 3041 increase partial_bytes_acked by the total number of octets of all 3042 new chunks acknowledged in that SACK. 3044 o When partial_bytes_acked is equal or greater than cwnd and before 3045 the arrival of the SACK the sender has cwnd or more octets of data 3046 outstanding, increase cwnd by MTU, and reset partial_bytes_acked to 3047 (partial_bytes_acked - cwnd). 3049 o Same as in the slow start, when the sender does not transmit data on 3050 a given transport address, the cwnd of the transport address should 3051 be adjusted to max(cwnd / 2, 2*MTU) per RTO. 3053 6.2.3 Congestion Control 3055 Upon detection of packet losses from SACK, the sender should do the 3056 following: 3058 ssthresh = max(cwnd/2, 2*MTU) 3059 cwnd = ssthresh 3061 Basically, a packet loss causes cwnd to be cut in half. 3063 When the T3-rxt timer expires, SCTP should perform slow start by: 3065 ssthresh = max(cwnd/2, 2*MTU) 3066 cwnd = 1*MTU 3068 and assuring that no more than one data packet will be in flight until 3069 the sender receives acknowledgment for successful delivery. 3071 6.2.4 Fast Retransmit on Gap Reports 3073 In the absence of data losses, a SCTP receiver performs delayed 3074 acknowledgment. However, whenever a receiver notices a hole in the 3075 arriving TSN sequence, it should start sending a SACK back every time 3076 a packet arrives carrying data. 3078 At the sender end, whenever the sender receives a SACK that indicate 3079 some TSN(s) missing, it SHOULD wait for 3 further miss indications 3080 (via subsequent SACKs) on the same TSN(s) before taking action. 3082 When the TSN(s) is reported as missing in consecutive SACKs for the 3083 4th time, the sender shall: 3085 1) Mark the missing DATA chunk(s) for retransmission, 3087 2) Adjust the ssthresh and cwnd of the destination address(es) where 3088 the missing data chunks were last sent, according to the formula 3089 described in Section 6.2.3. 3091 3) Determine how many of the earliest (i.e., lowest TSN) missing Data 3092 chunks will fit into a single packet, subject to constraint of the 3093 path MTU of the destination transport address to which the packet 3094 is being sent. Call this value K. Retransmit those K data chunks in 3095 a single packet. 3097 4) Restart T3-rxt timer ONLY IF the last SACK advanced the cumulative 3098 TSN point, or we are retransmitting the first outstanding Data 3099 chunk. 3101 Note, before the above adjustments, if the received SACK also 3102 acknowledges new data chunks and advances the cumulative TSN point, 3103 the cwnd adjustment rules defined in Sections 6.2.1 and 6.2.2 must 3104 be applied first. 3106 A straightforward implementation of the above requires that the sender 3107 keeps a counter for each TSN hole first reported by a SACK; the 3108 counter keeps track of whether 3 subsequent SACKs have reported the 3109 same hole. 3111 Because cwnd in SCTP indirectly bounds the number of outstanding 3112 TSN's, the effect of TCP fast-recovery is achieved automatically with 3113 no adjustment to the congestion control window size. 3115 6.3 Path MTU Discovery 3117 RFC 1191 [11] discusses "Path MTU Discovery", whereby a sender 3118 maintains an estimate of the maximum transmission unit (MTU) along a 3119 given Internet path and refrains from sending datagrams along that 3120 path which exceed the MTU, other than occasional attempts to probe for 3121 a change in the path MTU. RFC 1191 is thorough in its discussion of 3122 the MTU discovery mechanism and strategies for determining the current 3123 end-to-end MTU setting as well as detecting changes in this value. 3124 RFC 1981 discusses applying the same mechanisms for IPv6. 3126 An SCTP sender SHOULD apply these techniques, and SHOULD do so on a 3127 per-destination-address basis. 3129 There are 4 ways in which SCTP differs from the description in RFC 1191 3130 of applying MTU discovery to TCP: 3132 1) SCTP associations can span multiple set of addresses. 3133 Per the above comment, an SCTP sender MUST maintain separate 3134 MTU estimates for each destination address of its peer. 3136 2) Elsewhere in this document, when the term "MTU" is discussed, 3137 it refers to the MTU associated with the destination address 3138 corresponding to the context of the discussion. 3140 3) Unlike TCP, SCTP does not have a notion of "Maximum Segment 3141 Size". Accordingly, the MTU for each destination address 3142 SHOULD be initialized to a value no larger than the link MTU 3143 for the local interface to which datagrams for that remote 3144 destination address will be routed. 3146 4) Since data transmission in SCTP is naturally structured in 3147 terms of TSNs rather than bytes (as is the case for TCP), the 3148 discussion in section 6.5 of RFC 1191 applies: when retransmitting 3149 a datagram to a remote address for which the datagram appears 3150 too large for the path MTU to that address, the datagram SHOULD 3151 be retransmitted without the DF bit set, allowing it to possibly 3152 be fragmented. Transmissions of new datagrams MUST have DF set. 3154 Other than these differences, the discussion of TCP's use of MTU 3155 discovery in RFCs 1191 and 1981 applies to SCTP, too, on a 3156 per-destination-address basis. 3158 7. Fault Management 3160 7.1 Endpoint Failure Detection 3162 The data sender shall keep a counter on the total number of 3163 consecutive retransmissions to its peer (including retransmissions to 3164 ALL the destination transport addresses of the peer if it is 3165 multi-homed). 3167 If the value of this counter exceeds the limit indicated in the 3168 protocol parameter 'Association.Max.Retrans', the data sender shall 3169 consider the peer endpoint unreachable and shall stop transmitting any 3170 more data to it (and thus the association enters the CLOSED state). In 3171 addition, the data sender shall report the failure to the upper layer, 3172 and optionally report back all outstanding user data remaining in its 3173 outbound queue. The association is automatically terminated when the 3174 peer endpoint becomes unreachable. 3176 The counter shall be reset each time a datagram sent to that 3177 destination address is acknowledged by the peer endpoint. 3179 7.2 Path Failure Detection 3181 When the remote endpoint is multi-homed, the data sender should keep a 3182 'retrans.count' counter for each of the destination transport 3183 addresses of the remote endpoint. 3185 Each time the data sender retransmits an outstanding datagram, the 3186 'retrans.count' counter of the destination address, to which the 3187 datagram was previously sent, will be incremented. When the value in 3188 'retrans.count' exceeds the protocol parameter 'Path.Max.Retrans' of 3189 that destination address, the data sender should mark the destination 3190 transport address as inactive, and a notification SHOULD be 3191 sent to the upper layer. 3193 When an outstanding TSN is acknowledged, the data sender shall clear 3194 the 'retrans.count' counter of the destination transport address to 3195 which the datagram was last sent. Note, when the data receiver is 3196 multi-homed and the last sent was a retransmission to an alternate 3197 address of the receiver, there exists an ambiguity as to whether or 3198 not the acknowledgment should be credited to the address of the last 3199 sent. However, this ambiguity does not seem to bear any significant 3200 consequence to SCTP behavior. If this ambiguity is undesirable, the 3201 data sender may choose not to clear the 'retrans.count' counter if the 3202 last sent was a retransmission. 3204 Note, when configuring the SCTP endpoint, the user should avoid 3205 having the value of 'Association.Max.Retrans' larger than the 3206 summation of the 'Path.Max.Retrans' of all the destination addresses 3207 for the remote endpoint. Otherwise, all the destination addresses may 3208 become inactive while the endpoint still considers the peer endpoint 3209 reachable. When this condition occurs, how the SCTP chooses to function 3210 is implemenation specific. 3212 Note, when the primary destination address is marked inactive (due to 3213 excessive retransmissions, for instance), the sender MAY automatically 3214 transmit new datagrams to an alternate destination address if one 3215 exists and is active. This is, howerver, an implementation option. 3217 7.3 Path Heartbeat 3219 By default, an SCTP endpoint shall monitor the reachability of the 3220 idle destination transport address(es) of its peer by sending 3221 HEARTBEAT messages periodically to the destination transport 3222 address(es). 3224 A destination transport address is considered "idle" if no new chunk 3225 which can be used for updating path RTT (usually including first 3226 transmission DATA, INIT, COOKIE, etc.) and no heartbeat has been sent 3227 to it within the current heartbeat period of that address. This 3228 applies to both active and inactive destination addresses. 3230 The upper layer can optionally initiate the following functions: 3232 A) disable heart beat on a specific destination transport address of a 3233 given association, 3234 B) re-enable heart beat on a specific destination transport address of 3235 a given association, and, 3236 C) request an on-demand heartbeat on a specific destination transport 3237 address of a given association. 3239 The endpoint should increment the respective 'retrans.count' counter 3240 of the destination transport address each time a HEARTBEAT is sent to 3241 that address. 3243 When the value of this counter reaches the protocol parameter 3244 'Path.Max.Retrans', the endpoint should mark the corresponding 3245 destination address as inactive if it is not so marked, and may also 3246 optionally report to the upper layer the change of reachability of 3247 this destination address. After this, the endpoint should continue 3248 heartbeat on this destination address but should stop increasing the 3249 counter. 3251 The sender of the HEARTBEAT message should include in the Heartbeat 3252 Information field of the message the current time when the message is 3253 sent out and the information on the destination address to which the 3254 message is sent. 3256 The receiver of the HEARTBEAT should immediately respond with a 3257 HEARTBEAT ACK that contains the Heartbeat Information field copied out 3258 from the received HEARTBEAT message. 3260 Upon the receipt of the HEARTBEAT ACK, the sender of the HEARTBEAT 3261 should clear the 'retrans.count' counter of the destination transport 3262 address to which the HEARTBEAT was sent, and mark the destination 3263 transport address as active if it is not so marked. The endpoint may 3264 optionally report to the upper layer when an inactive destination 3265 address is marked as active due to the reception of the latest 3266 HEARTBEAT ACK. 3268 The receiver of the HEARTBEAT ACK should also perform an RTT 3269 measurement for that destination transport address using the time 3270 value carried in the HEARTBEAT ACK message. 3272 On an idle destination address that is allowed to heartbeat, HEARTBEAT 3273 messages is RECOMMENDED to be sent once per RTO of that destination 3274 address, with jittering of +/- 50%, and exponential back-off if the 3275 previous HEARTBEAT is unanswered. 3277 A primitive is provided for the SCTP user to change the heart 3278 beat interval and turn on or off the heart beat on a given destination 3279 address. Note, the heartbeat interval set by the SCTP user on any of 3280 the idle destination addresses SHOULD be no smaller than the RTO of 3281 that distination address. Separate timers may be used to control the 3282 heartbeat transmission for different idle destination addresses. 3284 7.4 Handle "Out of the blue" Packets 3286 An SCTP datagram is called an "out of the blue" (OOTB) datagram if it 3287 is correctly formed, i.e., passed the receiver's Adler-32 check (see 3288 Section 5.8), but the receiver is not able to identify the association 3289 to which this datagram belongs. 3291 The receiver of an OOTB datagram MUST do the following: 3293 1) check if the OOTB datagram contains an ABORT chunk. If so, the 3294 receiver MUST silently discarded the OOTB datagram and take no 3295 futher action. Otherwise, 3297 2) the receiver should respond the sender of the OOTB datagram with an 3298 ABORT. When sending the ABORT, the receiver of the OOTB datagram 3299 MUST fill in the Verification Tag field of the outbound datagram 3300 with the value found in the Verification Tag field of the OOTB 3301 datagram. After sending this ABORT, the receiver of the OOTB 3302 datagram shall discard the OOTB datagram and take no further 3303 action. 3305 7.5 Verification Tag 3307 The Verification Tag rules defined in this section apply when sending 3308 or receiving SCTP datagrams which do NOT contain an INIT, SHUTDOWN 3309 ACK, or ABORT chunk. The rules for sending and receiving SCTP 3310 datagrams containing one of these chunk types are discussed separately 3311 in Section 7.5.1. 3313 When sending an SCTP datagram, the sender MUST fill in the 3314 Verification Tag field of the outbound datagram with the tag value of 3315 the peer endpoint to which this SCTP datagram is destinated. 3317 When receiving an SCTP datagram, the receiver MUST ensure that the 3318 value in the Verification Tag field of the received SCTP datagram 3319 matches its own Tag. If the received tag value does not match the 3320 receiver's own tag value, the receiver shall silently discard the 3321 datagram and shall not process it any further. 3323 7.5.1 Exceptions in Verification Tag Rules 3325 A) Rules for datagram carrying INIT: 3327 - The sender MUST set the Verification Tag of the datagram to 0. 3328 - The receiver, when noticing an incoming SCTP datagram with the 3329 Verification Tag set to 0, should continue to process the datagram 3330 only if an INIT chunk is present. Otherwise, the receiver MUST 3331 silently discard the datagram and take no further action. 3333 B) Rules for datagram carrying ABORT: 3335 - The sender shall always fill in the Verification Tag field of the 3336 outbound datagram with the destination endpoint's tag value if it 3337 is known. 3338 - If the ABORT is sent in response to an OOTB datagram, the sender 3339 MUST follow the procedure described in Section 7.4. 3340 - The receiver MUST accept the datagram IF the Verification Tag 3341 matches either its own tag, OR the tag of one of its existing 3342 peers. Otherwise, the receiver MUST silently discard the datagram 3343 and take no further action. 3345 C) Rules for datagram carrying SHUTDOWN ACK: 3347 - When sending a SHUTDOWN ACK, the sender is allowed to either use 3348 the destination endpoint's tag or set the Verification Tag field 3349 of the outbound datagram to 0. 3350 - The receiver of a SHUTDOWN ACK shall accept the datagram IF the 3351 Verification Tag field of the datagram matches its own tag OR is 3352 set to 0. Otherwise, the receiver MUST silently discard the 3353 datagram and take no further action. 3355 8. Termination of Association 3357 All existing associations should be terminated when an endpoint exits 3358 from service. An association can be terminated by either close or 3359 shutdown. 3361 8.1 Close of an Association 3363 When an endpoint decides to close down an existing association, it 3364 shall send an ABORT message to its peer endpoint. The sender MUST fill 3365 in the peer's Verification Tag in the outbound datagram and MUST NOT 3366 bundle any other chunk with the ABORT. 3368 No acknowledgment is required for an ABORT message. In any 3369 circumstances, an endpoint MUST NOT respond to any received datagram 3370 that contains an ABORT with its own ABORT (also see Section 7.4). 3372 The receiver shall apply the special Verification Tag check rules 3373 described in Section 7.5.1 when handling the datagram carrying an 3374 ABORT. 3376 After checking the Verification Tag, the peer shall remove the 3377 association from its record, and shall report the termination to its 3378 upper layer. 3380 8.2 Shutdown of an Association 3382 Using the TERMINATE primitive (see Section 9.1), the upper layer of an 3383 endpoint in an association can gracefully shutdown the association. 3384 This will guarantee that all outstanding datagrams from the peer of 3385 the shutdown initiator be delivered before the association 3386 terminates. 3388 Upon receipt of the TERMINATE primitive from its upper layer, the 3389 initiator endpoint enters SHUTDOWN-PENDING state and remains there 3390 until all outstanding TSNs have been acknowledged by the far end. It 3391 accepts no new data from its upper layer, but retransmits data to the 3392 far end if necessary to fill gaps. 3394 Once all outstanding TSNs have been acknowledged, the initiator 3395 endpoint shall send a SHUTDOWN message to the peer of the association, 3396 and shall include the last cumulative TSN it has received from the 3397 peer in the 'Cumulative TSN ACK' field. It shall then start the 3398 T2-shutdown timer and enter the Shutdown-sent state. If the timer 3399 expires, the initiator must re-send the SHUTDOWN with the updated last 3400 TSN received from its peer. 3402 The same rules in 5.3 SHALL be followed to determine the proper timer 3403 value for T2-shutdown. The sender of the SHUTDOWN message may also 3404 optionally include a SACK to indicate any gaps by bundling both the 3405 SACK and SHUTDOWN message together. 3407 Note the sender of a shutdown should limit the number of 3408 retransmissions of the shutdown message to the protocol parameter 3409 'Association.Max.Retrans'. If this threshold is exceeded the endpoint 3410 should destroy the TCB and may report the endpoint unreachable to the 3411 upper layer (and thus the association enters the CLOSED state). 3413 Upon the reception of the SHUTDOWN, the peer shall enter the 3414 Shutdown-received state, and shall verify, by checking the TSN ACK 3415 field of the message, that all its outstanding datagrams have been 3416 received by the initiator. 3418 If there are still outstanding datagrams left, the peer shall mark 3419 them for retransmission and start the retransmit procedure as defined 3420 in Section 5.3. 3422 While in Shutdown-sent state, the initiator shall immediately respond 3423 to each inbound SCTP datagram containing user data from the peer with 3424 a SACK and restart the T2-shutdown timer. 3426 If there is no more outstanding datagrams, the peer shall send a 3427 SHUTDOWN ACK and then remove all record of the association. 3429 Upon the receipt of the SHUTDOWN ACK, the initiator shall stop the 3430 T2-shutdown timer and remove all record of the association. 3432 Note: that it should be the responsibility of the initiator to assure 3433 that all the outstanding datagrams on its side have been resolved 3434 before it initiates the shutdown procedure. 3436 Note: an endpoint shall reject any new data request from its upper 3437 layer if it is in Shutdown-sent or Shutdown-received state until 3438 completion of the sequence. 3440 Note: if an endpoint is in Shutdown-sent state and receives an INIT 3441 message from its peer, it should discard the INIT message and 3442 retransmit the shutdown message. The sender of the INIT should respond 3443 with a stand-alone SHUTDOWN ACK in an SCTP datagram with the 3444 Verification Tag field of its common header set to 0, and let the 3445 normal T1-init timer cause the INIT message to be retransmitted and 3446 thus restart the association. 3448 Note: if an endpoint is in Shutdown-sent state and receives a 3449 SHUTDOWN message from its peer, the endpoint shall respond 3450 immediately with a SHUTDOWN ACK and shall stop the T2-shutdown timer 3451 and remove all record of the association. 3453 9. Interface with Upper Layer 3455 The Upper Layer Protocols (ULP) shall request for services by passing 3456 primitives to SCTP and shall receive notifications from SCTP for 3457 various events. 3459 The primitives and notifications described in this section should be 3460 used as a guideline for implementing SCTP. The following functional 3461 description of ULP interface primitives is, at best, fictional. We 3462 must warn readers that different SCTP implementations may have 3463 different ULP interfaces. However, all SCTPs must provide a certain 3464 minimum set of services to guarantee that all SCTP implementations can 3465 support the same protocol hierarchy. This section specifies the 3466 functional interfaces required of all SCTP implementations. 3468 9.1 ULP-to-SCTP 3470 The following sections functionally characterize a ULP/SCTP interface. 3471 The notation used is similar to most procedure or function calls in 3472 high level languages. 3474 The ULP primitives described below specify the basic functions the 3475 SCTP must perform to support inter-process communication. Individual 3476 implementations must define their own exact format, and may provide 3477 combinations or subsets of the basic functions in single calls. 3479 A) Initialize 3481 Format: INITIALIZE ([local port], [local eligible address ]) 3482 -> local SCTP instance name 3484 This primitive allows SCTP to initialize its internal data structures 3485 and allocate necessary resources for setting up its operation 3486 environment. Note that once SCTP is initialized, ULP can communicate 3487 directly with other endpoints without re-invoking this primitive. 3489 A local SCTP instance name will be returned to the ULP by the SCTP. 3491 Mandatory attributes: 3493 None. 3495 Optional attributes: 3497 The following types of attributes may be passed along with the 3498 primitive: 3500 o local port - SCTP port number, if ULP wants it to be specified; 3502 o local eliglible address - A single address that the local SCTP 3503 endpoint should bind. By default all transport interface cards 3504 should be used by the local endpoint. 3506 IMPLEMENTAION NOTE: if this optional attribute is supported by an 3507 implementation, it will be the responsibility of the implementation 3508 to enforce that the IP source address field of any SCTP datagrams 3509 sent out by this endpoint MUST contain the IP addresses 3510 indicated in the local eligible address. 3512 B) Associate 3514 Format: ASSOCIATE(local SCTP instance name, destination transport 3515 addr, outbound stream count [,destination eligible transport addr 3516 list]) 3517 -> association id [,destination transport addr list] [,outbound stream 3518 count] 3520 This primitive allows the upper layer to initiate an association to a 3521 specific peer endpoint. 3523 The peer endpoint shall be specified by one of the transport addresses 3524 which defines the endpoint (see section 1.1). If the local SCTP 3525 instance has not been initialized, the ASSOCIATE is considered an 3526 error. 3528 The set of transport addresses specified in the "destination eligible 3529 transport addr list" shall be used as valid destinations by the 3530 initiating endpoint when sending to the peer endpoint. If this 3531 parameter is not specified, the initiating endpoint will consider ALL 3532 of the transport addresses returned by the INIT ACK message from the 3533 peer endpoint as valid ones. Note, when specified, the "destination 3534 eligible transport addr list" MUST be the same as, or a sub-set of, 3535 the transport addresses returned in the INIT ACK message from the peer 3536 endpoint. Otherwise, it shall be considered as a configuration error. 3538 An association id, which is a local handle to the SCTP association, 3539 will be returned on successful establishment of the association. If 3540 SCTP is not able to open an SCTP association with the peer endpoint, 3541 an error is returned. 3543 Other association parameters may be returned, including the complete 3544 destination transport addresses of the peer as well as the outbound 3545 stream count of the local endpoint. One of the transport address from 3546 the returned destination addresses (or the "destination eligible 3547 transport addr list" if provided) will be selected by the local 3548 endpoint as default primary destination address for sending SCTP 3549 datagrams to this peer. The returned "destination transport addr 3550 list" can be used by the ULP to change the default primary destination 3551 address or to force sending a datagram to a specific transport address. 3553 IMPLEMENTION NOTE: If ASSOCIATE primitive is implemented as a 3554 blocking function call, the ASSOCIATE primitive can return 3555 association parameters in addition to the association id upon 3556 successful establishment. If ASSOCIATE primitive is implemented as a 3557 non-blocking call, only the association id shall be returned and 3558 association parameters shall be passed using the COMMUNICATION UP 3559 notification. 3561 Mandatory attributes: 3563 o local SCTP instance name - obtained from the INITIALIZE operation. 3565 o destination transport addr - specified as one of the transport 3566 addresses of the peer endpoint with which the association is to be 3567 established. 3569 o outbound stream count - the number of outbound streams the ULP 3570 would like to open towards this peer endpoint. 3572 Optional attributes: 3574 o destination eligible transport addr list - a list of transport 3575 addresses that the local endpoint is allowed to use for sending 3576 datagrams to this peer. By default, all transport addresses 3577 indicated by the peer in its INIT ACK message can be used. 3579 C) Terminate 3581 Format: TERMINATE(association id) 3582 -> result 3584 Gracefully terminates an association. Any locally queued user data 3585 will be delivered to the peer. The association will be terminated only 3586 after the peer acknowledges all the messages sent. A success code 3587 will be returned on successful termination of the association. If 3588 attempting to terminate the association results in a failure, an error 3589 code shall be returned. 3591 Mandatory attributes: 3593 o association id - local handle to the SCTP association 3595 Optional attributes: 3597 None. 3599 D) Abort 3601 Format: ABORT(association id) 3602 -> result 3604 Ungracefully terminates an association. Any locally queued user data 3605 will be discarded and an ABORT message is sent to the peer. A success 3606 code will be returned on successful abortion of the association. If 3607 attempting to abort the association results in a failure, an error 3608 code shall be returned. 3610 Mandatory attributes: 3612 o association id - local handle to the SCTP association 3614 Optional attributes: 3616 None. 3618 E) Send 3620 Format: SEND(association id, buffer address, byte count [,context] 3621 [,stream id] [,life time] [,destination transport address] [,un-order 3622 flag] [,no-bundle flag]) 3623 -> result 3625 This is the main method to send user data via SCTP. 3627 Mandatory attributes: 3629 o association id - local handle to the SCTP association 3631 o buffer address - the location where the user message to be 3632 transmitted is stored; 3634 o byte count - The size of the user data in number of octets; 3636 Optional attributes: 3638 o context - optional information that will be carried in the 3639 sending failure notification to the ULP if the transportation of 3640 this datagram fails. 3642 o stream id - to indicate which stream to send the data on. If not 3643 specified, stream 0 will be used. 3645 o life time - specifies the life time of the user data. The user data 3646 will not be sent by SCTP after the life time expires. This 3647 parameter can be used to avoid efforts to transmit stale 3648 user messages. SCTP notifies the ULP, if the data cannot be 3649 initiated to transport (i.e. sent to the destination via SCTP's 3650 send primitive) within the life time variable. However, the 3651 user data will be transmitted if a TSN has been assigned to the 3652 user data before the life time expired. 3654 o destination transport address - specified as one of the destination 3655 transport addresses of the peer endpoint to which this message 3656 should be sent. Whenever possible, SCTP should use this destination 3657 transport address for sending the datagram, instead of the current 3658 primary destination transport address. 3660 o un-order flag - this flag, if present, indicates that the user 3661 would like the data delivered in an un-ordered fashion to the peer. 3663 o no-bundle flag - instructs SCTP not to bundle the user data with 3664 other outbound DATA chunks. Note: SCTP may still bundle even when 3665 this flag is present, when faced with network congestion. 3667 F) Set Primary 3669 Format: SETPRIMARY(association id, destination transport address) 3670 -> result 3672 Instructs the local SCTP to use the specified destination transport 3673 address as primary destination address for sending datagrams. 3675 The result of attempting this operation shall be returned. If the 3676 specified destination transport address is not present in the 3677 "destination transport address list" returned earlier in an associate 3678 command or communication up notification, an error shall be returned. 3680 Mandatory attributes: 3682 o association id - local handle to the SCTP association 3684 o destination transport address - specified as one of the transport 3685 addresses of the peer endpoint, which should be used as primary 3686 address for sending datagrams. This overrides the current primary 3687 address information maintained by the local SCTP endpoint. 3689 G) Receive 3691 Format: RECEIVE(association id, buffer address, buffer size 3692 [,stream id]) 3693 -> byte count [,transport address] [,stream id] [,sequence number] 3694 [,partial flag] [, delivery number] 3696 This primitive shall read the first user message in the SCTP in-queue 3697 to ULP, if there is one available, into the specified buffer. The size 3698 of the message read, in octets, will be returned. It may, depending on 3699 the specific implementation, also return other information such as the 3700 sender's address, the stream id on which it is received, whether there 3701 are more messages available for retrieval, etc. For ordered messages, 3702 their sequence number may also be returned. 3704 Depending upon the implementation, if this primitive is invoked when 3705 no message is available the implementation should return an indication 3706 of this condition or should block the invoking process until data does 3707 become available. 3709 Mandatory attributes: 3711 o association id - local handle to the SCTP association 3713 o buffer address - the memory location indicated by the ULP to store 3714 the received message. 3716 o buffer size - the maximum size of data to be received, in octets. 3718 Optional attributes: 3720 o stream id - to indicate which stream to receive the data on. 3722 o sequence number - the stream sequence number assigned by the 3723 sending SCTP peer. 3725 o partial flag - if this returned flag is set to 1, then this 3726 message is a partial delivery of the whole message. When 3727 this flag is set, the stream id and sequence number MUST 3728 accompany this receive. When this flag is set to 0, it indicates 3729 that no more deliveries will be received for this sequence number. 3731 H) Status 3733 Format: STATUS(association id) 3734 -> status data 3736 This primitive should return a data block containing the following 3737 information: 3738 association connection state, 3739 destination transport address list, 3740 destination transport address reachability state, 3741 current receiver window size, 3742 current congestion window sizes, 3743 number of DATA chunks awaiting acknowledgement, 3744 number of DATA chunks pending receipt, 3745 primary destination transport address, 3746 SRTT on primary destination address, 3747 RTO on primary destination address, 3748 SRTT and RTO on other destination addresses, etc. 3750 Mandatory attributes: 3752 o association id - local handle to the SCTP association 3754 Optional attributes: 3756 None. 3758 I) Change Heartbeat 3760 Format: CHANGEHEARTBEAT(association id, destination transport address, 3761 new state [,interval]) 3762 -> result 3764 Instructs the local endpoint to enable or disable heart beat on the 3765 specified destination transport address. 3767 The result of attempting this operation shall be returned. 3769 Note, even when enabled, heart beat will not take place if the 3770 destination transport address is not idle. 3772 Mandatory attributes: 3774 o association id - local handle to the SCTP association 3776 o destination transport address - specified as one of the transport 3777 addresses of the peer endpoint. 3779 o new state - the new state of heart beat for this destination 3780 transport address (either enabled or disabled). 3782 Optional attributes: 3784 o interval - if present, indicates the frequence of the heart beat if 3785 this is to enable heart beat on a destination transport 3786 address. Default interval is the RTO of the destination address. 3788 J) Request HeartBeat 3790 Format: REQUESTHEARTBEAT(association id, destination transport 3791 address) 3792 -> result 3794 Instructs the local endpoint to perform a HeartBeat on the specified 3795 destination transport address of the given association. The returned 3796 result should indicate whether the transmission of the HEARTBEAT 3797 message to the destination address is successful. 3799 Mandatory attributes: 3801 o association id - local handle to the SCTP association 3803 o destination transport address - the transport address of the 3804 association on which a heartbeat should be issued. 3806 K) Get SRTT Report 3808 Format: GETSRTTREPORT(association id, destination transport address) 3809 -> srtt result 3811 Instructs the local SCTP to report the current SRTT measurement on the 3812 specified destination transport address of the given association. The 3813 returned result can be an intager containing the most recent SRTT in 3814 milliseconds. 3816 Mandatory attributes: 3818 o association id - local handle to the SCTP association 3819 o destination transport address - the transport address of the 3820 association on which the SRTT measurement is to be reported. 3822 L) Set Failure Threshould 3824 Format: SETFAILURETHRESHOLD(association id, destination transport 3825 address, failure threshold) 3826 -> result 3828 This primitive allows the local SCTP to customize the reachability 3829 failure detection threshold 'Path.Max.Retrans' for the specified 3830 destination address. 3832 Mandatory attributes: 3834 o association id - local handle to the SCTP association 3836 o destination transport address - the transport address of the 3837 association on which the failure detection threshold is to be set. 3839 o failure threshold - the new value of 'Path.Max.Retrans' for the 3840 destination address. 3842 M) Set Protocol Parameters 3844 Format: SETPROTOCOLPARAMETERS(association id, [,destination transport 3845 address,] protocol parameter list) 3846 -> result 3848 This primitive allows the local SCTP to customize the protocol 3849 parameters. 3851 Mandatory attributes: 3853 o association id - local handle to the SCTP association 3855 o protocol parameter list - The specific names and values of the 3856 protocol parameters (e.g., RTO.Initial, Association.Max.Retrans 3857 [see Section 12]) that the SCTP user wishes to customize. 3859 Optional attributes: 3861 o destination transport address - some of the protocol parameters may 3862 be set on a per destination transport address basis. 3864 9.2 SCTP-to-ULP 3866 It is assumed that the operating system or application environment 3867 provides a means for the SCTP to asynchronously signal the ULP 3868 process. When SCTP does signal an ULP process, certain information is 3869 passed to the ULP. 3871 A) DATA ARRIVE notification 3873 SCTP shall invoke this notification on the ULP when a user message is 3874 successfully received and ready for retrieval. 3876 The following may be optionally be passed with the notification: 3878 o association id - local handle to the SCTP association 3880 o stream id - to indicate which stream the data is received on. 3882 B) SEND FAILURE notification 3884 If a message can not be delivered SCTP shall invoke this notification 3885 on the ULP. 3887 The following may be optionally be passed with the notification: 3889 o association id - local handle to the SCTP association 3891 o data - the location ULP can find the un-delivered message. 3893 o cause code - indicating the reason of the failure, e.g., size too 3894 large, message life-time expiration, etc. 3896 o context - optional information associated with this message (see 3897 D in section 9.1). 3899 C) NETWORK STATUS CHANGE notification 3901 When a destination transport address is marked down (e.g., when SCTP 3902 detects a failure), or marked up (e.g., when SCTP detects a recovery), 3903 SCTP shall invoke this notification on the ULP. 3905 The following shall be passed with the notification: 3907 o association id - local handle to the SCTP association 3909 o destination transport address - This indicates the destination 3910 transport address of the peer endpoint affected by the change; 3912 o new-status - This indicates the new status. 3914 D) COMMUNICATION UP notification 3916 This notification is used when SCTP becomes ready to send or receive 3917 user messages, or when a lost communication to an endpoint is 3918 restored. 3920 IMPLEMENTATION NOTE: If ASSOCIATE primitive is implemented as a 3921 blocking function call, the association parameters are returned as a 3922 result of the ASSOCIATE primitive itself. In that case, 3923 COMMUNICATION UP notification is optional at the association 3924 initiator's side. 3926 The following shall be passed with the notification: 3928 o association id - local handle to the SCTP association 3930 o status - This indicates what type of event that has occurred 3932 o destination transport address list - the complete set of transport 3933 addresses of the peer 3935 o outbound stream count - the maximum number of streams allowed to be 3936 used in this association by the ULP 3938 E) COMMUNICATION LOST notification 3940 When SCTP loses communication to an endpoint completely or detects 3941 that the endpoint has performed an abort or graceful shutdown 3942 operation, it shall invoke this notification on the ULP. 3944 The following shall be passed with the notification: 3946 o association id - local handle to the SCTP association 3948 o status - This indicates what type of event that has occurred; 3950 The following may be optionally passed with the notification: 3952 o unsent-messages - The number and location of un-sent messages 3953 still in hold by SCTP; 3955 o unacknowledged-messages - The number and location of messages 3956 that were attempted to be transported to the destination, but were 3957 not acknowledged when the loss of communication was detected. 3959 o last-acked - the sequence number last acked by that peer endpoint; 3961 o last-sent - the sequence number last sent to that peer endpoint; 3963 o received-but-not-delivered - messages that were received by SCTP 3964 but not yet delivered to the ULP. 3966 Note: the un-send data report may not be accurate for those user 3967 messages which are segmented by SCTP during transmission. 3969 F) COMMUNICATION ERROR notification 3971 When SCTP receives an ERROR chunk from its peer and decides to notify 3972 its ULP, it can invoke this notification on the ULP. 3974 The following can be passed with the notification: 3976 o association id - local handle to the SCTP association 3978 o error info - this indicates the type of error and optionally some 3979 additional information received through the ERROR chunk. 3981 10. Security Considerations 3983 10.1 Security Objectives 3985 As a common transport protocol designed to reliably carry time- 3986 sensitive user messages, such as billing or signalling messages for 3987 telephony services, between two networked endpoints, SCTP has the 3988 following security objectives. 3989 - availability of reliable and timely data transport services 3990 - integrity of the user-to-user information carried by SCTP 3992 10.2 SCTP Responses To Potential Threats 3994 It is clear that SCTP may potentially be used in a wide variety of 3995 risk situations. It is important for operator(s) of the systems 3996 concerned to analyze their particular situations and decide on the 3997 appropriate counter-measures. 3999 Where the SCTP system serves a group of users, it is probably 4000 operating as part of a professionally managed corporate or service 4001 provider network. It is reasonable to expect that this management 4002 includes an appropriate security policy framework. [RFC 2196, "Site 4003 Security Handbook", B. Fraser Ed., September 1997] should be 4004 consulted for guidance. 4006 The case is more difficult where the SCTP system is operated by a 4007 private user. The service provider with whom that user has a 4008 contractual arrangement SHOULD provide help to ensure that the 4009 user's site is secure, ranging from advice on configuration through 4010 downloaded scripts and security software. 4012 10.2.1 Countering Insider Attacks 4014 The principles of the Site Security Handbook [13] should be applied 4015 to minimize the risk of theft of information or sabotage by 4016 insiders. These include publication of security policies, control 4017 of access at the physical, software, and network levels, and 4018 separation of services. 4020 10.2.2 Protecting against Data Corruption in the Network 4022 Where the risk of undetected errors in datagrams delivered by the 4023 lower layer transport services is considered to be too great, 4024 additional checksum protection may be required. The question is 4025 whether this is appropriately provided as an SCTP service because it 4026 is needed by most potential users of SCTP, or whether instead it 4027 should be provided by the SCTP user application. (The SCTP protocol 4028 overhead, as opposed to the signalling payload, is protected 4029 adequately by the Adler-32 checksum and measures taken in SCTP to prevent 4030 replay attacks and masquerade.) In any event, the checksum must be 4031 specifically designed to ensure that it detects the errors left 4032 behind by the Adler-32 checksum. 4034 10.2.3 Protecting Confidentiality 4036 In most cases, the risk of breach of confidentiality applies to the 4037 signalling data payload, not to the SCTP or lower-layer protocol 4038 overheads. If that is true, encryption of the SCTP user data only 4039 may be considered. As with the supplementary checksum service, user 4040 data encryption may be performed by the SCTP user application. 4042 Particularly for mobile users, the requirement for confidentiality 4043 may include the masking of IP addresses and ports. In this case 4044 IPSEC ESP should be used instead of application-level encryption. 4045 Similarly, where other reasons prompt the use of the IPSEC ESP 4046 service, application-level encryption is unnecessary. It will be up 4047 to the SCTP system operators to configure the application 4048 appropriately. 4050 Regardless of which level performs the encryption, the IPSEC ISAKMP 4051 service should be used for key management. 4053 Operators should consult [RFC 2401, "Security Architecture for the 4054 Internet Protocol", S. Kent, R. Atkinson, November 1998] for 4055 information on the configuration of IPSEC services between hosts 4056 with and without intervening firewalls. 4058 10.2.4 Protecting against Blind Denial of Service Attacks 4060 A blind attack is one where the attacker is unable to intercept or 4061 otherwise see the content of data flows passing to and from the 4062 target SCTP node where it is not a party to the association. Blind 4063 denial of service attacks may take the form of flooding, masquerade, 4064 or improper monopolization of services. 4066 10.2.4.1 Flooding 4068 The objective of flooding is to cause loss of service and incorrect 4069 behaviour at target systems through resource exhaustion, interference 4070 with legitimate transactions, and exploitation of buffer-related 4071 software bugs. Flooding may be directed either at the SCTP node or at 4072 resources in the intervening IP Access Links or the Internetwork. 4074 Where the latter entities are the target, flooding will manifest 4075 itself as loss of network services, including potentially the breach 4076 of any firewalls in place. 4078 In general, protection against flooding begins at the equipment 4079 design level, where it includes measures such as: 4080 - avoiding commitment of limited resources before determining that 4081 the request for service is legitimate 4082 - giving priority to completion of processing in progress over the 4083 acceptance of new work 4084 - identification and removal of duplicate or stale queued requests 4085 for service. 4087 Network equipment should be capable of generating an alarm and log 4088 if a suspicious increase in traffic occurs. The log should provide 4089 information such as the identity of the incoming link and source 4090 address(es) used which will help the network or SCTP system operator 4091 to take protective measures. Procedures should be in place for the 4092 operator to act on such alarms if a clear pattern of abuse emerges. 4094 The design of SCTP is resistant to flooding attacks, particularly in 4095 its use of a four-way start-up handshake, its use of a cookie to 4096 defer commitment of resources at the responding SCTP node until the 4097 handshake is completed, and its use of a verification tag to prevent 4098 insertion of extraneous messages into the flow of an established 4099 association. 4101 10.2.4.2 Masquerade 4103 Masquerade can be used to deny service in several ways: 4104 - by tying up resources at the target SCTP node to which the 4105 impersonated node has limited access. For example, the target node 4106 may by policy permit a maximum of one SCTP association with the 4107 impersonated SCTP node. The masquerading attacker may attempt to 4108 establish an association purporting to come from the impersonated 4109 node so that the latter cannot do so when it requires it. 4110 - by deliberately allowing the impersonation to be detected, 4111 thereby provoking counter-measures which cause the impersonated node 4112 to be locked out of the target SCTP node. 4113 - by interfering with an established association by inserting 4114 extraneous content such as a SHUTDOWN request. 4116 SCTP prevents masquerade through IP spoofing by use of the four-way 4117 startup handshake. Because the initial exchange is memoryless, no 4118 lockout mechanism is triggered by masquerade attacks. SCTP protects 4119 against insertion of extraneous messages into the flow of an 4120 established association by use of the verification tag. 4122 Logging of received INIT requests and abnormalities such as 4123 unexpected INIT ACKs might be considered as a way to detect patterns 4124 of hostile activity. However, the potential usefulness of such 4125 logging must be weighed against the increased SCTP startup 4126 processing it implies, rendering the SCTP node more vulnerable to 4127 flooding attacks. Logging is pointless without the establishment of 4128 operating procedures to review and analyze the logs on a routine 4129 basis. 4131 10.2.4.3 Improper Monopolization of Services 4133 Attacks under this heading are performed openly and legitimately by 4134 the attacker. They are directed against fellow users of the target 4135 SCTP node or of the shared resources between the attacker and the 4136 target node. Possible attacks include the opening of a large number 4137 of associations between the attacker's node and the target, or 4138 transfer of large volumes of information within a legitimately- 4139 established association. 4141 Such attacks take advantage of policy deficiencies at the target 4142 SCTP node. Defense begins with a contractual prohibition of 4143 behaviour directed to denial of service to others. Policy limits 4144 should be placed on the number of associations per adjoining SCTP 4145 node. SCTP user applications should be capable of detecting large 4146 volumes of illegitimate or "no-op" messages within a given 4147 association and either logging or terminating the association as a 4148 result, based on local policy. 4150 10.3 Protection against Fraud and Repudiation 4152 The objective of fraud is to obtain services without authorization 4153 and specifically without paying for them. In order to achieve this 4154 objective, the attacker must induce the SCTP user application at the 4155 target SCTP node to provide the desired service while accepting 4156 invalid billing data or failing to collect it. Repudiation is a 4157 related problem, since it may occur as a deliberate act of fraud or 4158 simply because the repudiating party kept inadequate records of 4159 service received. 4161 Potential fraudulent attacks include interception and misuse of 4162 authorizing information such as credit card numbers, blind 4163 masquerade and replay, and man-in-the middle attacks which modify 4164 the messages passing through a target SCTP association in real time. 4166 The interception attack is countered by the confidentiality measures 4167 discussed in section 10.2.3 above. 4169 Section 10.2.4.2 describes how SCTP is resistant to blind masquerade 4170 attacks, as a result of the four-way startup handshake and the 4171 validation tag. The validation tag and TSN together are protections 4172 against blind replay attacks, where the replay is into an existing 4173 association. 4175 However, SCTP does not protect against man-in-the-middle attacks 4176 where the attacker is able to intercept and alter the messages sent 4177 and received in an association. Where a significant possibility of 4178 such attacks is seen to exist, or where possible repudiation is an 4179 issue, the use of the IPSEC AH service is recommended to ensure both 4180 the integrity and the authenticity of the messages passed. 4182 SCTP also provides no protection against attacks originating at or 4183 beyond the SCTP node and taking place within the context of an 4184 existing association. Prevention of such attacks should be covered 4185 by appropriate security policies at the host site, as discussed in 4186 section 10.2.1. 4188 11. IANA Consideration 4190 This protocol will require port reservation like TCP for the use of 4191 "well known" servers within the Internet. It is suggested that all 4192 current TCP ports should be automatically reserved in the SCTP port 4193 address space. New requests should follow IANA's current mechanisms 4194 for TCP. 4196 This protocol may also be extended through IANA in three ways: 4197 -- through definition of additional chunk types, 4198 -- through definition of additional parameter types, or 4199 -- through definition of additional cause codes within Operation 4200 Error chunks 4202 In the case where a particular ULP using SCTP desires to have its own 4203 ports, the ULP should be responsible for registering with IANA for 4204 getting its ports assigned. 4206 11.1 IETF-defined Chunk Extension 4208 The appropriate use of specific chunk types is an integral part of the 4209 SCTP protocol. In consequence, the intention is that new IETF-defined 4210 chunk types MUST be supported by standards-track RFC documentation. 4211 As a transitional step, a new chunk type MAY be introduced in an 4212 Experimental RFC. Chunk type codes MUST remain permanently associated 4213 with the original documentation on the basis of which they were 4214 allocated. Thus if the RFC supporting a given chunk type is 4215 deprecated in favour of a new document, the corresponding chunk type 4216 code value is also deprecated and a new code value is allocated in 4217 association with the replacement document. 4219 The documentation for a new chunk code type must include the following 4220 information: 4221 (a) a long and short name for the new chunk type; 4222 (b) a detailed description of the structure of the chunk, which MUST 4223 conform to the basic structure defined in section 2.2; 4224 (c) a detailed definition and description of intended use of each field 4225 within the chunk, including the chunk flags if any; 4226 (d) a detailed procedural description of the use of the new chunk type 4227 within the operation of the protocol. 4229 If the primary numbering space reserved for IETF use (0x00 to 0xFD) is 4230 exhausted, new codes shall subsequently be allocated in the extension 4231 range 0x0000 through 0xFFFF. Chunks allocated in this range MUST 4232 conform to the following structure: 4234 First word (32 bits): 4235 as shown in section 2.2, with chunk type code equal to 0xFF. 4237 Second word: 4238 first octet MUST be all 1's (0xFF). Next octet MUST be all 0's 4239 (0x00). Final two octets contain the allocated extension code value. 4241 0 1 2 3 4242 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 4243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4244 |1 1 1 1 1 1 1 1|Chunk Flags | Chunk Length | 4245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4246 |1 1 1 1 1 1 1 1|0 0 0 0 0 0 0 0| Extension Type Code | 4247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4248 \ \ 4249 / Value / 4250 \ \ 4251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4253 11.2 IETF-defined Chunk Parameter Extension 4255 The allocation of a new chunk parameter type code from the IETF 4256 numbering space MUST be supported by RFC documentation. As with chunk 4257 type codes, parameter type codes are uniquely associated with their 4258 supporting document and MUST be replaced if new documentation is 4259 provided. This documentation may be Informational, Experimental, or 4260 standards-track at the discretion of the IESG. It MUST contain the 4261 following information: 4262 (a) Name of the parameter type. 4263 (b) Detailed description of the structure of the parameter field. This 4264 structure MUST conform to the general type-length-value format 4265 described in section 2.2.1. 4266 (c) Detailed definition of each component of the parameter value. 4267 (d) Detailed description of the intended use of this parameter type, 4268 and an indication of whether and under what circumstances 4269 multiple instances of this parameter type may be found within the 4270 same chunk. 4272 Additional parameter type codes may be allocated initially from the 4273 range 0x0000 through 0xFFFD. If this space is exhausted, extension 4274 codes shall be allocated in the range 0x0000 through 0xFFFF. Where an 4275 extension code has been allocated, the format of the parameter must 4276 conform to the following structure: 4278 First word (32 bits): 4279 contains the parameter type code 0xFFFF and parameter length as 4280 described in section 2.2.1. 4282 Second word: 4283 first octet MUST be all 1's (0xFF). Next octet MUST be all 0's 4284 (0x00). Final two octets contain the allocated extension code 4285 value. 4287 The Value portion of the parameter, if any, follows the second word. 4289 0 1 2 3 4290 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 4291 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4292 |1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1| Length | 4293 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4294 |1 1 1 1 1 1 1 1|0 0 0 0 0 0 0 0| Extension Type Code | 4295 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4296 \ \ 4297 / Value / 4298 \ \ 4299 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4301 11.3 IETF-defined Additional Error Causes 4303 Additional cause codes may be allocated in the range 0x0004 to 0xFFFF 4304 upon receipt of any permanently-available public documentation 4305 containing the following information: 4306 (a) Name of the error condition. 4307 (b) Detailed description of the conditions under which an SCTP 4308 endpoint should issue an Operation Error with this cause code. 4309 (c) Expected action by the SCTP endpoint which receives an Operation 4310 Error chunk containing this cause code. 4311 (d) Detailed description of the structure and content of data fields 4312 which accompany this cause code. 4314 The initial word (32 bits) of a cause code parameter MUST conform to 4315 the format shown in section 2.3.9, i.e.: 4316 -- first two octets contain the cause code value 4317 -- last two octets contain length of the cause parameter. 4319 11.4 Payload Protocol Identifiers 4321 Except for value 0x00000000 which is reserved by SCTP to indicate the 4322 absence of a payload protocol identifier in a DATA chunk, SCTP will 4323 not be responsible for standardizing or verifying any payload protocol 4324 identifiers; SCTP simply receives the identifier from the upper layer 4325 and carries it with the corresponding payload data. 4327 The upper layer, i.e, the SCTP user, SHOULD standardize any specific 4328 protocol identifier with IANA if it is so desired. The use of any 4329 specific payload protocol identifier is out of the scope of SCTP. 4331 12. Suggested SCTP Protocol Parameter Values 4333 The following protocol parameters are RECOMMENDED: 4335 RTO.Initial - 3 seconds 4336 RTO.Min - 1 second 4337 RTO.Alpha - 1/8 4338 RTO.Beta - 1/4 4339 Valid.Cookie.Life - 5 seconds 4340 Association.Max.Retrans - 10 attempts 4341 Path.Max.Retrans - 5 attempts (per destination address) 4342 Max.Init.Retransmits - 8 attempts 4344 'retrans.count' - counter (per destination address) 4345 'receiver.buffer' - variable (per peer endpoint) 4347 IMPLEMENTATION NOTE: The SCTP implementation SHOULD allow ULP to 4348 customize some of these protocol parameters (see Section 9). 4350 13. Acknowledgments 4352 The authors wish to thank Mark Allman, Richard Band, Scott Bradner, 4353 Ram Dantu, R. Ezhirpavai, Sally Floyd, Matt Holdrege, Henry Houh, 4354 Christian Huetima, Gary Lehecka, Lyndon Ong, Kelvin Porter, Heinz 4355 Prantner, Jarno Rajahalme, A. Sankar, Greg Sidebottom, Brian Wyld, and 4356 many others for their invaluable comments. 4358 14. Authors' Addresses 4360 Randall R. Stewart Tel: +1-847-632-7438 4361 Motorola, Inc. EMail: rstewar1@email.mot.com 4362 1501 W. Shure Drive, #2315 4363 Arlington Heights, IL 60004 4364 USA 4366 Qiaobing Xie Tel: +1-847-632-3028 4367 Motorola, Inc. EMail: qxie1@email.mot.com 4368 1501 W. Shure Drive, #2309 4369 Arlington Heights, IL 60004 4370 USA 4372 Ken Morneault Tel: +1-703-484-3323 4373 Cisco Systems Inc. EMail: kmorneau@cisco.com 4374 13615 Dulles Technology Drive 4375 Herndon, VA. 20171 4376 USA 4378 Chip Sharp Tel: +1-919-472-3121 4379 Cisco Systems Inc. EMail:chsharp@cisco.com 4380 7025 Kit Creek Road 4381 Research Triangle Park, NC 27709 4382 USA 4383 Hanns Juergen Schwarzbauer Tel: +49-89-722-24236 4384 SIEMENS AG 4385 Hofmannstr. 51 4386 81359 Munich 4387 Germany 4388 EMail: HannsJuergen.Schwarzbauer@icn.siemens.de 4390 Tom Taylor Tel: +1-613-736-0961 4391 Nortel Networks 4392 1852 Lorraine Ave. 4393 Ottawa, Ontario 4394 Canada K1H 6Z8 4395 EMail:taylor@nortelnetworks.com 4397 Ian Rytina Tel: 4398 Ericsson Australia EMail:ian.rytina@ericsson.com 4399 37/360 Elizabeth Street 4400 Melbourne, Victoria 3000 4401 Australia 4403 Malleswar Kalla Tel: +1-973-829-5212 4404 Telcordia Technologies 4405 MCC 1J211R 4406 445 South Street 4407 Morristown, NJ 07960 4408 USA 4409 EMail: kalla@research.telcordia.com 4411 Lixia Zhang Tel: +1-310-825-2695 4412 UCLA Computer Science Department EMail: lixia@cs.ucla.edu 4413 4531G Boelter Hall 4414 Los Angeles, CA 90095-1596 4415 USA 4417 Vern Paxson Tel: +1-510-642-4274 x 302 4418 ACIRI EMail: vern@aciri.org 4419 1947 Center St., Suite 600, 4420 Berkeley, CA 94704-1198 4421 USA 4423 15. References 4425 [1] Eastlake , D. (ed.), "Randomness Recommendations for Security", 4426 RFC 1750, December 1994. 4428 [2] Deutsch, P., and Gailly, J-L., "ZLIB Compressed Data Format 4429 Specification version 3.3", RFC 1950, May 1996. 4431 [3] Allman, M., Paxson, V., and Stevens, W., "TCP Congestion 4432 Control", RFC 2581, April 1999. 4434 [4] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 4435 August 1999. 4437 [5] Allman, M., and Paxson, V., "On Estimating End-to-End Network 4438 Path Properties", Proc. SIGCOMM'99, 1999. 4440 [6] Karn, P., and Simpson, W., "Photuris: Session-Key Management 4441 Protocol", RFC 2522, March 1999. 4443 [7] Bradner, S., "The Internet Standards Process -- Revision 3", 4444 RFC 2026, October 1996. 4446 [8] Postel, J. (ed.), "Transmission Control Protocol", RFC 793, 4447 September 1981. 4449 [9] Postel, J. (ed.), "User Datagram Protocol", RFC 768, August 1980. 4451 [10] Reynolds, J., and Postel, J. (ed.), "Assigned Numbers", RFC 1700, 4452 October 1994. 4454 [11] Mogul, J., and Deering, S., "Path MTU Discovery", RFC 1191, 4455 November 1990. 4457 [12] McCann, J., Deering, S., and Mogul, J., "Path MTU Discovery for 4458 IP version 6", RFC 1981, August 1996. 4460 [13] Fraser, B. (ed.), "Site Security Handbook", RFC 2196, September 4461 1997. 4463 [14] Kent, S., and Atkinson, R., "Security Architecture for the 4464 Internet Protocol", RFC 2401, November 1998. 4466 [15] Savage, S., Cardwell, N., Wetherall, D., and Anderson, T., 4467 "TCP Congestion Control with a Misbehaving Receiver", ACM 4468 Computer Communication Review, 29(5), October 1999. 4470 This Internet Draft expires in 6 months from January, 2000