HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 07:47:48 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Wed, 19 Apr 2000 10:59:00 GMT ETag: "323950-391a7-38fd9174" Accept-Ranges: bytes Content-Length: 233895 Connection: close Content-Type: text/plain Network Working Group R. R. Stewart INTERNET-DRAFT Q. Xie Motorola K. Morneault C. Sharp Cisco H. J. Schwarzbauer Siemens T. Taylor Nortel Networks I. Rytina Ericsson M. Kalla Telcordia L. Zhang UCLA V. Paxson ACIRI expires in six months April 19,2000 Stream Control Transmission Protocol Status of This Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Stewart, et al [Page 1] Internet Draft Stream Control Transmission Protocol April 2000 Abstract This document describes the Stream Control Transmission Protocol (SCTP). SCTP is designed to transport PSTN signaling messages over IP networks, but is capable of broader applications. SCTP is a reliable datagram transfer protocol operating on top of an unreliable routed packet network such as IP. It offers the following services to its users: -- acknowledged error-free non-duplicated transfer of user data, -- data segmentation to conform to discovered path MTU size, -- sequenced delivery of user messages within multiple streams, with an option for order-of-arrival delivery of individual user messages, -- optional multiplexing of user messages into SCTP datagrams, and -- network-level fault tolerance through supporting of multi-homing at either or both ends of an association. The design of SCTP includes appropriate congestion avoidance behavior and resistance to flooding and masquerade attacks. Stewart, et al [Page 2] Internet Draft Stream Control Transmission Protocol April 2000 TABLE OF CONTENTS 1. Introduction..................................................5 1.1 Motivation..................................................5 1.2 Architectural View of SCTP..................................5 1.3 Functional View of SCTP.....................................6 1.3.1 Association Startup and Takedown........................7 1.3.2 Sequenced Delivery within Streams.......................7 1.3.3 User Data Segmentation..................................8 1.3.4 Acknowledgment and Congestion Avoidance.................8 1.3.5 Chunk Multiplex.........................................8 1.3.6 Message Validation......................................8 1.3.7 Path Management.........................................9 1.4 Recapitulation of Key Terms.................................9 1.5 Abbreviations...............................................11 2. Conventions....................................................11 3. SCTP Datagram Format..........................................12 3.1 SCTP Common Header Field Descriptions.......................12 3.2 Chunk Field Descriptions....................................13 3.2.1 Optional/Variable-length Parameter Format...............14 3.2.2 Vendor-Specific Extension Parameter Format..............15 3.3 SCTP Chunk Definitions......................................17 3.3.1 Initiation (INIT).......................................17 3.3.1.1 Optional or Variable Length Parameters..............19 3.3.2 Initiation Acknowledgment (INIT ACK)....................20 3.3.2.1 Optional or Variable Length Parameters..............21 3.3.3 Selective Acknowledgment (SACK).........................22 3.3.4 Heartbeat Request (HEARTBEAT)...........................25 3.3.5 Heartbeat Acknowledgment (HEARTBEAT ACK)................26 3.3.6 Abort Association (ABORT)...............................26 3.3.7 Shutdown Association (SHUTDOWN).........................27 3.3.8 Shutdown Acknowledgment (SHUTDOWN ACK)..................28 3.3.9 Operation Error (ERROR).................................28 3.3.10 State Cookie (COOKIE)..................................30 3.3.11 Cookie Acknowledgment (COOKIE ACK).....................31 3.3.12 Payload Data (DATA)....................................31 3.4 Vendor-Specific Chunk Extensions............................33 4. SCTP Association State Diagram.................................34 5. Association Initialization.....................................36 5.1 Normal Establishment of an Association......................37 5.1.1 Handle Stream Parameters................................39 5.1.2 Handle Address Parameters...............................39 5.1.3 Generating State Cookie.................................39 5.1.4 Cookie Processing.......................................40 5.1.5 Cookie Authentication...................................40 5.1.6 An Example of Normal Association Establishment..........41 5.2 Handle Duplicate INIT, INIT ACK, COOKIE, and COOKIE ACK.....42 5.2.1 Handle Duplicate INIT in COOKIE-WAIT or COOKIE-SENT States...................................43 5.2.2 Handle Duplicate INIT in Other States...................43 5.2.3 Handle Duplicate INIT ACK...............................43 5.2.4 Handle Duplicate COOKIE.................................43 5.2.5 Handle Duplicate COOKIE-ACK.............................45 5.2.6 Handle Stale COOKIE Error...............................45 5.3 Other Initialization Issues.................................45 Stewart, et al [Page 3] Internet Draft Stream Control Transmission Protocol April 2000 5.3.1 Selection of Tag Value..................................45 6. User Data Transfer.............................................46 6.1 Transmission of DATA Chunks.................................47 6.2 Acknowledgment of Reception of DATA Chunks..................48 6.2.1 Tracking Peer's Receive Buffer Space....................49 6.3 Management Retransmission Timer.............................50 6.3.1 RTO Calculation.........................................50 6.3.2 Retransmission Timer Rules..............................51 6.3.3 Handle T3-rxt Expiration................................52 6.4 Multi-homed SCTP Endpoints..................................53 6.4.1 Failover from Inactive Destination Address..............54 6.5 Stream Identifier and Stream Sequence Number................54 6.6 Ordered and Un-ordered Delivery.............................54 6.7 Report Gaps in Received DATA TSNs...........................55 6.8 Adler-32 Checksum Calculation...............................56 6.9 Segmentation................................................57 6.10 Bundling and Multiplexing..................................58 7. Congestion Control ..........................................58 7.1 SCTP Differences from TCP Congestion Control................59 7.2 SCTP Slow-Start and Congestion Avoidance....................59 7.2.1 Slow-Start..............................................60 7.2.2 Congestion Avoidance....................................61 7.2.3 Congestion Control......................................61 7.2.4 Fast Retransmit on Gap Reports..........................62 7.3 Path MTU Discovery..........................................63 8. Fault Management..............................................64 8.1 Endpoint Failure Detection..................................64 8.2 Path Failure Detection......................................64 8.3 Path Heartbeat..............................................65 8.4 Handle "Out of the blue" Packets............................66 8.5 Verification Tag............................................67 8.5.1 Exceptions in Verification Tag Rules....................67 9. Termination of Association.....................................68 9.1 Close of an Association.....................................68 9.2 Shutdown of an Association..................................68 10. Interface with Upper Layer....................................69 10.1 ULP-to-SCTP................................................70 10.2 SCTP-to-ULP................................................78 11. Security Considerations.......................................82 11.1 Security Objectives........................................82 11.2 SCTP Responses To Potential Threats........................82 11.2.1 Countering Insider Attacks.............................82 11.2.2 Protecting against Data Corruption in the Network......83 11.2.3 Protecting Confidentiality.............................83 11.2.4 Protecting against Blind Denial of Service Attacks.....83 11.2.4.1 Flooding...........................................84 11.2.4.2 Masquerade.........................................84 11.2.4.3 Improper Monopolization of Services................85 11.3 Protection against Fraud and Repudiation...................85 12. Recommended Transmission Control Block (TCB) Parameters.......86 12.1 Parameters necessary for the SCTP instance.................86 12.2 Parameters necessary per association (i.e. the TCB)........87 12.3 Per Transport Address Data.................................88 12.4 General Parameters Needed..................................89 13. IANA Consideration............................................89 13.1 IETF-defined Chunk Extension...............................89 13.2 IETF-defined Chunk Parameter Extension.....................90 13.3 IETF-defined Additional Error Causes.......................91 13.4 Payload Protocol Identifiers...............................92 Stewart, et al [Page 4] Internet Draft Stream Control Transmission Protocol April 2000 14. Suggested SCTP Protocol Parameter Values......................92 15. Acknowledgments...............................................92 16. Authors' Addresses............................................93 17. References....................................................94 Appendix A .......................................................95 1. Introduction This section explains the reasoning behind the development of the Stream Control Transmission Protocol (SCTP), the services it offers, and the basic concepts needed to understand the detailed description of the protocol. 1.1 Motivation TCP [8] has performed immense service as the primary means of reliable data transfer in IP networks. However, an increasing number of recent applications have found TCP too limiting, and have incorporated their own reliable data transfer protocol on top of UDP [9]. The limitations which users have wished to bypass include the following: -- TCP provides both reliable data transfer and strict order- of-transmission delivery of data. Some applications need reliable transfer without sequence maintenance, while others would be satisfied with partial ordering of the data. In both of these cases the head-of-line blocking offered by TCP causes unnecessary delay. -- The stream-oriented nature of TCP is often an inconvenience. Applications must add their own record marking to delineate their messages, and must make explicit use of the push facility to ensure that a complete message is transferred in a reasonable time. -- The limited scope of TCP sockets complicates the task of providing highly-available data transfer capability using multi-homed hosts. -- TCP is relatively vulnerable to denial of service attacks, such as SYN attacks. Transport of PSTN signaling across the IP network is an application for which all of these limitations of TCP are relevant. While this application directly motivated the development of SCTP, other applications may find SCTP a good match to their requirements. 1.2 Architectural View of SCTP SCTP is viewed as a layer between the SCTP user application ("SCTP user" for short) and an unreliable routed packet network service such as IP. The basic service offered by SCTP is the reliable transfer of user messages between peer SCTP users. It performs this service Stewart, et al [Page 5] Internet Draft Stream Control Transmission Protocol April 2000 within the context of an association between two SCTP nodes. Chapter 9 of this document sketches the API which should exist at the boundary between the SCTP and the SCTP user layers. SCTP is connection-oriented in nature, but the SCTP association is a broader concept than the TCP connection. SCTP provides the means for each SCTP endpoint (Section 1.4) to provide the other during association startup with a list of transport addresses (e.g. multiple IP addresses in combination with an SCTP port) through which that endpoint can be reached and from which it will originate messages. The association spans transfers over all of the possible source/destination combinations which may be generated from the two endpoint lists. _____________ _____________ | SCTP User | | SCTP User | | Application | | Application | |-------------| |-------------| | SCTP | | SCTP | | Transport | | Transport | | Service | | Service | |-------------| |-------------| | |One or more ---- One or more| | | IP Network |IP address \/ IP address| IP Network | | Service |appearances /\ appearances| Service | |_____________| ---- |_____________| SCTP Node A |<-------- Network transport ------->| SCTP Node B Figure 1: An SCTP Association 1.3 Functional View of SCTP The SCTP transport service can be decomposed into a number of functions. These are depicted in Figure 2 and explained in the remainder of this section. SCTP User Application ..----------------------------------------------------- .. _____________ ____________________ | | | Sequenced delivery | | Association | | within streams | | | |____________________| | startup | ..| | ____________________________ | and | | User Data Segmentation | | | |____________________________| | takedown | Stewart, et al [Page 6] Internet Draft Stream Control Transmission Protocol April 2000 ..| | ____________________________ | | | Acknowledgment | | | | and | | | | Congestion Avoidance | ..| | |____________________________| | | | | ____________________________ | | | Chunk Multiplex | | | |____________________________| | | | | ________________________________ | | | Message Validation | | | |________________________________| | | | | ________________________________ | | | Path Management | |______________ |________________________________| Figure 2: Functional View of the SCTP Transport Service 1.3.1 Association Startup and Takedown An association is initiated by a request from the SCTP user (see the description of the ASSOCIATE primitive in Chapter 9). A cookie mechanism, taken from that devised by Karn and Simpson in RFC 2522 [6], is employed during the initialization to provide protection against security attacks. The cookie mechanism uses a four-way handshaking, but the last two legs of which are allowed to carry user data for fast setup. The startup sequence is described in chapter 4 of this document. SCTP provides for graceful takedown of an active association on request from the SCTP user. See the description of the TERMINATE primitive in chapter 10. SCTP also allows ungraceful takedown, either on request from the user (ABORT primitive) or as a result of an error condition detected within the SCTP layer. Chapter 8 describes both the graceful and the ungraceful takedown procedures. 1.3.2 Sequenced Delivery within Streams The term "stream" is used in SCTP to refer to a sequence of user messages. This is in contrast to its usage in TCP, where it refers to a sequence of bytes. The SCTP user can specify at association startup time the number of streams to be supported by the association. This number is negotiated with the remote end (see section 5.1.1). User messages are associated with stream numbers (SEND, RECEIVE primitives, Chapter 9). Internally, SCTP assigns a stream sequence number to each message passed to it by Stewart, et al [Page 7] Internet Draft Stream Control Transmission Protocol April 2000 the SCTP user. On the receiving side, SCTP ensures that messages are delivered to the SCTP user in sequence within a given stream. However, while one stream may be blocked waiting for the next in-sequence user message, delivery from other streams may proceed. SCTP provides a mechanism for bypassing the sequenced delivery service. User messages sent using this mechanism are delivered to the SCTP user as soon as they are received. 1.3.3 User Data Segmentation SCTP can segment user messages to ensure that the SCTP datagram passed to the lower layer conforms to the path MTU. Segments are reassembled into complete messages before being passed to the SCTP user. 1.3.4 Acknowledgment and Congestion Avoidance SCTP assigns a Transmission Sequence Number (TSN) to each user data segment or unsegmented message. The TSN is independent of any stream sequence number assigned at the stream level. The receiving end acknowledges all TSNs received, even if there are gaps in the sequence. In this way, reliable delivery is kept functionally separate from sequenced delivery. The Acknowledgment and Congestion Avoidance function is responsible for message retransmission when timely acknowledgment has not been received. Message retransmission is conditioned by congestion avoidance procedures similar to those used for TCP. See Chapters 5 and 6 for a detailed description of the protocol procedures associated with this function. 1.3.5 Chunk Multiplex As described in Chapter 2, the SCTP datagram as delivered to the lower layer consists of a common header followed by one or more chunks. Each chunk may contain either user data or SCTP control information. The SCTP user has the option to request "bundling", or multiplexing of more than one user messages into a single SCTP datagram. The chunk multiplex function of SCTP is responsible for assembly of the complete SCTP datagram and its disassembly at the receiving end. 1.3.6 Message Validation A mandatory verification tag and an Adler-32 checksum [2] fields are included in the SCTP common header. The verification tag value is chosen by each end of the association during association startup. Messages received without the verification tag value expected by the receiver are discarded, as a protection against blind masquerade attacks and against stale datagrams from a previous association. Stewart, et al [Page 8] Internet Draft Stream Control Transmission Protocol April 2000 The Adler-32 checksum should be set by the sender of each SCTP datagram, to provide additional protection against data corruption in the network beyond that provided by lower layers (e.g. the IP checksum). 1.3.7 Path Management The sending SCTP user is able to manipulate the set of transport addresses used as destinations for SCTP datagrams, through the primitives described in Chapter 10. The SCTP path management function chooses the destination transport address for each outgoing SCTP datagram based on the SCTP user's instructions and the currently perceived reachability status of the eligible destination set. The path management function monitors reachability through heartbeat messages when other message traffic is inadequate to provide this information, and advises the SCTP user when reachability of any far- end transport address changes. The path management function is also responsible for reporting the eligible set of local transport addresses to the far end during association startup, and for reporting the transport addresses returned from the far end to the SCTP user. At association start-up, a primary destination transport address is defined for each SCTP endpoint, and is used for normal sending of SCTP datagrams. On the receiving end, the path management is responsible for verifying the existence of a valid SCTP association to which the inbound SCTP datagram belongs before passing it for further processing. 1.4 Recapitulation of Key Terms The language used to describe SCTP has been introduced in the previous sections. This section provides a consolidated list of the key terms and their definitions. o SCTP user application (SCTP user): The logical higher-layer application entity which uses the services of SCTP, also called the Upper-layer Protocol (ULP). o User message: the unit of data delivery across the interface between SCTP and its user. o SCTP datagram: the unit of data delivery across the interface between SCTP and the unreliable packet network (e.g. IP) which it is using. An SCTP datagram includes the common SCTP header, possible SCTP control chunks, and user data encapsulated within SCTP DATA chunks. o Transport address: an address which serves as a source or destination for the unreliable packet transport service used by SCTP. In IP networks, a transport address is defined by the combination of an IP address and an SCTP port number. Stewart, et al [Page 9] Internet Draft Stream Control Transmission Protocol April 2000 Note, only one SCTP port may be defined for each endpoint, but each endpoint may have multiple IP addresses. o SCTP endpoint: the logical sender/receiver of SCTP datagrams. On a multi-homed host, an SCTP endpoint is represented to its peers as a combination of a set of eligible destination transport addresses to which SCTP datagrams can be sent and a set of eligible source transport addresses from which SCTP datagrams can be received. Note, a source or destination transport address can only be included in one unique SCTP endpoint, i.e., it is NOT allowed to have the same SCTP source or destination transport address appear in more than one SCTP endpoint. o SCTP association: a protocol relationship between SCTP endpoints, comprising the two SCTP endpoints and protocol state information including verification tags and the currently active set of Transmission Sequence Numbers (TSNs), etc. o Chunk: a unit of information within an SCTP datagram, consisting of a chunk header and chunk-specific content. o Transmission Sequence Number (TSN): a 32-bit sequence number used internally by SCTP. One TSN is attached to each chunk containing user data to permit the receiving SCTP endpoint to acknowledge its receipt and detect duplicate deliveries. o Stream: a uni-directional logical channel established from one to another associated SCTP endpoints, within which all user messages are delivered in sequence except for those submitted to the un-ordered delivery service. Note: The relationship between stream numbers in opposite directions is strictly a matter of how the applications use them. It is the responsibility of the SCTP user to create and manage these correlations if they are so desired. o Stream Sequence Number: a 16-bit sequence number used internally by SCTP to assure sequenced delivery of the user messages within a given stream. One stream sequence number is attached to each user message. o Path: the route taken by the SCTP datagrams sent by one SCTP endpoint to a specific destination transport address of its peer SCTP endpoint. Note, sending to different destination transport addresses does not necessarily guarantee getting separate paths. o Bundling: an optional multiplexing operation, whereby more than one user messages may be carried in the same SCTP datagram. Each user message occupies its own DATA chunk. o Outstanding TSN (at an SCTP endpoint): a TSN (and the associated DATA chunk) which have been sent by the endpoint but for which it has not yet received an acknowledgment. Stewart, et al [Page 10] Internet Draft Stream Control Transmission Protocol April 2000 o Unacknowledged TSN (at an SCTP endpoint): a TSN (and the associated DATA chunk) which have been received by the endpoint but for which an acknowledgment has not yet been sent. o Receiver Window (rwnd): The most recently calculated receiver window, in number of octets. This gives an indication of the space available in the receiver's inbound buffer. o Congestion Window (cwnd): An SCTP variable that limits the data, in number of octets, a sender can send into the network before receiving an acknowledgment on a particular destination Transport address. o Slow Start Threshold (ssthresh): An SCTP variable. This is the threshold which the endpoint will use to determine whether to perform slow start or congestion avoidance on a particular destination transport address. Ssthresh is in number of octets. o Transmission Control Block (TCB): an internal data structure created by an SCTP endpoint for each of its existing SCTP associations to other SCTP endpoints. TCB contains all the status and operational information for the endpoint to maintain and manage the corresponding association. o Network Byte Order: Most significant byte first, a.k.a Big Endian. 1.5. Abbreviations ICV - Integrity Check Value [4] RTO - Retransmission Time-out RTT - Round-trip Time RTTVAR - Round-trip Time Variation SCTP - Stream Control Transmission Protocol SRTT - Smoothed RTT TCB - Transmission Control Block TLV - Type-Length-Value Coding Format TSN - Transmission Sequence Number ULP - Upper-layer Protocol 2. Conventions The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in RFC 2119 [18]. Stewart, et al [Page 11] Internet Draft Stream Control Transmission Protocol April 2000 3. SCTP Datagram Format An SCTP datagram is composed of a common header and chunks. A chunk contains either control information or user data. The SCTP datagram format is shown below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Common Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Chunk #1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Chunk #n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Multiple chunks can be multiplexed into one SCTP datagram up to the MTU size, except for the INIT, INIT ACK, and SHUTDOWN ACK chunks. These chunks MUST NOT be multiplexed with any other chunk in a datagram. See Section 6.10 for more details on chunk multiplexing. If an user data message doesn't fit into one SCTP datagram it can be segmented into multiple chunks using the procedure defined in Section 6.9. All integer fields in an SCTP datagram MUST be transmitted in the network byte order, unless otherwise stated. 3.1 SCTP Common Header Field Descriptions SCTP Common Header Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port Number | Destination Port Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Verification Tag | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Adler-32 Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Port Number: 16 bit u_int This is the SCTP sender's port number. It can be used by the receiver, in combination with the source IP address, to identify the association to which this datagram belongs. Destination Port Number: 16 bit u_int This is the SCTP port number to which this datagram is destined. The receiving host will use this port number to de-multiplex the SCTP datagram to the correct receiving endpoint/application. Stewart, et al [Page 12] Internet Draft Stream Control Transmission Protocol April 2000 Verification Tag: 32 bit u_int The receiver of this datagram uses the Verification Tag to validate the sender of this SCTP datagram. On transmit, the value of this Verification Tag MUST be set to the value of the Initiate Tag received from the peer endpoint during the association initialization. For datagrams carrying the INIT chunk, the transmitter MUST set the Verification Tag to all 0's. If the receiver receives a datagram with an all-zeros Verification Tag field, it checks the Chunk ID immediately following the common header. If the Chunk Type is neither INIT nor SHUTDOWN ACK or ABORT, the receiver MUST drop the datagram. For datagrams carrying the SHUTDOWN ACK chunk, the transmitter SHOULD set the Verification Tag to the Initiate Tag received from the peer endpoint during the association initialization, if known. Otherwise, the Verification Tag MUST be set to all 0's. Note: Special rules apply to the ABORT message see Section 8.5. Adler-32 Checksum: 32 bit u_int This field MUST contain an Adler-32 checksum of this SCTP datagram. Its calculation is discussed in Section 6.8. 3.2 Chunk Field Descriptions The figure below illustrates the field format for the chunks to be transmitted in the SCTP datagram. Each chunk is formatted with a Chunk ID field, a chunk-specific Flag field, a Length field, and a Value field. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Chunk ID | Chunk Flags | Chunk Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Chunk Value / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Chunk ID: 8 bits, u_int This field identifies the type of information contained in the Chunk Value field. It takes a value from 0x00 to 0xFF. The value of 0xFE is reserved for vendor-specific extensions. The value of 0xFF is reserved for future use as an extension field. Procedures for extending this field by vendors are defined in Section 3.4. The values of Chunk ID are defined as follows: Stewart, et al [Page 13] Internet Draft Stream Control Transmission Protocol April 2000 ID Value Chunk Type ----- ---------- 00000000 - Payload Data (DATA) 00000001 - Initiation (INIT) 00000010 - Initiation Acknowledgment (INIT ACK) 00000011 - Selective Acknowledgment (SACK) 00000100 - Heartbeat Request (HEARTBEAT) 00000101 - Heartbeat Acknowledgment (HEARTBEAT ACK) 00000110 - Abort (ABORT) 00000111 - Shutdown (SHUTDOWN) 00001000 - Shutdown Acknowledgment (SHUTDOWN ACK) 00001001 - Operation Error (ERROR) 00001010 - State Cookie (COOKIE) 00001011 - Cookie Acknowledgment (COOKIE ACK) 00001100 - Reserved for Explicit Congestion Notification Echo (ECNE) 00001101 - Reserved for Congestion Window Reduced (CWR) 00001110 to 11111101 - reserved by IETF 11111110 - Vendor-specific Chunk Extensions 11111111 - IETF-defined Chunk Extensions Note: The ECNE and CWR chunk types are reserved for future use of Explicit Congestion Notification (ECN). Chunk Flags: 8 bits The usage of these bits depends on the chunk type as given by the Chunk ID. Unless otherwise specified, they are set to zero on transmit and are ignored on receipt. Chunk Length: 16 bits (u_int) This value represents the size of the chunk in octets including the Chunk ID, Flags, Length, and Value fields. Therefore, if the Value field is zero-length, the Length field will be set to 0x0004. The Length field does not count any padding. Chunk Value: variable length The Chunk Value field contains the actual information to be transferred in the chunk. The usage and format of this field is dependent on the Chunk ID. The Chunk Value field MUST be aligned on 32-bit boundaries. If the length of the chunk does not align on 32-bit boundaries, it is padded at the end with all zero octets. SCTP defined chunks are described in detail in Section 3.3. The guideline for vendor-specific chunk extensions is discussed in Section 3.4. And the guidelines for IETF-defined chunk extensions can be found in Section 13.1 of this document. 3.2.1 Optional/Variable-length Parameter Format The optional and variable-length parameters contained in a chunk are defined in a Type-Length-Value format as shown below. Stewart, et al [Page 14] Internet Draft Stream Control Transmission Protocol April 2000 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Parameter Type | Parameter Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Parameter Value / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Parameter Type: 16 bit u_int The Type field is a 16 bit identifier of the type of parameter. It takes a value of 0x0000 to 0xFFFF. The value of 0xFFFE is reserved for vendor-specific extensions if the specific chunk allows such extensions. The value of 0xFFFF is reserved for IETF-defined extensions. Values other than those defined in specific SCTP chunk description are reserved for use by IETF. Parameter Length: 16 bit u_int The Length field contains the size of the parameter in octets, including the Type, Length, and Value fields. Thus, a parameter with a zero-length Value field would have a Length field of 0x0004. The Length does not include any padding octets. Parameter Value: variable-length. The Value is dependent on the value of the Type field. The value field MUST be aligned on 32-bit boundaries. If the value field is not aligned on 32-bit boundaries it is padded at the end with all zero octets. The value field must be an integer number of octets. The actual SCTP parameters are defined in the specific SCTP chunk sections. The guidelines for vendor-specific parameter extensions are discussed in Section 3.2.2. And the rules for IETF-defined parameter extensions are defined in Section 13.2. 3.2.2 Vendor-Specific Extension Parameter Format This is to allow vendors to support their own extended parameters not defined by the IETF. It MUST not affect the operation of SCTP. Endpoints not equipped to interpret the vendor-specific information sent by a remote endpoint MUST ignore it (although it may be reported). Endpoints that do not receive desired vendor-specific information SHOULD make an attempt to operate without it, although they may do so (and report they are doing so) in a degraded mode. A summary of the Vendor-specific extension format is shown below. The fields are transmitted from left to right. Stewart, et al [Page 15] Internet Draft Stream Control Transmission Protocol April 2000 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Parameter Type = 0xFFFE | Parameter Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor-Id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Parameter Value / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 16 bit u_int 0xFFFE for all Vendor-Specific parameters. Length: 16 bit u_int Indicate the size of the parameter in octets, including the Type, Length, Vendor-Id, and Value fields. Vendor-Id: 32 bit u_int The high-order octet is 0 and the low-order 3 octets are the SMI Network Management Private Enterprise Code of the Vendor in network byte order, as defined in the Assigned Numbers (RFC 1700). Value: variable length The Value field is one or more octets. The actual format of the information is site or application specific, and a robust implementation SHOULD support the field as undistinguished octets. The codification of the range of allowed usage of this field is outside the scope of this specification. It SHOULD be encoded as a sequence of vendor type / vendor length / value fields, as follows. The parameter field is dependent on the vendor's definition of that attribute. An example encoding of the Vendor-Specific attribute using this method follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Parameter Type = 0xFFFE | Parameter Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor-Id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VS-Type | VS-Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / VS-Value / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Stewart, et al [Page 16] Internet Draft Stream Control Transmission Protocol April 2000 VS-Type: 16 bit u_int This field identifies the parameter included in the VS-Value field. It is assigned by the vendor. VS-Length: 16 bit u_int This field is the length of the vendor-specific parameter and Includes the VS-Type, VS-Length and VS-Value (if included) fields. VS-Value: Variable Length This field contains the parameter identified by the VS-Type field. It's meaning is identified by the vendor. 3.3 SCTP Chunk Definitions This section defines the format of the different SCTP chunk types. 3.3.1 Initiation (INIT) (00000001) This chunk is used to initiate a SCTP association between two endpoints. The format of the INIT message is shown below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 0 1| Chunk Flags | Chunk Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Initiate Tag | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertised Receiver Window Credit (a_rwnd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Number of Outbound Streams | Number of Inbound Streams | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Initial TSN | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Optional/Variable-Length Parameters / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The INIT chunk contains the following parameters. Unless otherwise noted, each parameter MUST only be included once in the INIT chunk. Fixed Parameters Status ---------------------------------------------- Initiate Tag Mandatory Advertised Receiver Window Credit Mandatory Number of Outbound Streams Mandatory Number of Inbound Streams Mandatory Initial TSN Mandatory Stewart, et al [Page 17] Internet Draft Stream Control Transmission Protocol April 2000 Variable Parameters Status Type Value ------------------------------------------------------------- IPv4 Address (Note 1) Optional 0x0005 IPv6 Address (Note 1) Optional 0x0006 Cookie Preservative Optional 0x0009 Reserved for ECN Capable (Note 2) Optional 0x000a Host Name Address (Note 3) Optional 0x000b Supported Address Types (Note 4) Optional 0x000c Note 1: The INIT chunks may contain multiple addresses that may be IPv4 and/or IPv6 in any combination. Note 2: The ECN capable field is reserved for future use of Explicit Congestion Notification. Note 3: The INIT chunks may contain AT MOST one Host Name address parameter. Moreover, the sender of the INIT SHALL not combine any other address types with the Host Name address in the INIT while the receiver of INIT MUST ignore any other address types if the Host Name address parameter is present in the received INIT chunk. Note 4: This parameter, when present, specifies all the address types the sending endpoint can support. The absence of this parameter indicates that the sending endpoint can support any address types. Chunk Flags field in INIT is reserved, and all bits in it should be set to 0 by the sender and ignored by the receiver. The sequence of parameters within an INIT may be processed in any order. Initiate Tag: 32 bit u_int The receiver of the INIT (the responding end) records the value of the Initiate Tag parameter. This value MUST be placed into the Verification Tag field of every SCTP datagram that the responding end transmits within this association. The valid range for Initiate Tag is from 0x1 to 0xffffffff. See Section 5.3.1 for more on the selection of the tag value. If the value of the Initiate Tag in a received INIT chunk is found to be 0x0, the receiver MUST treat it as an error and silently discard the datagram. Advertised Receiver Window Credit (a_rwnd): 32 bit u_int This value represents the dedicated buffer space, in number of octets, the sender of the INIT has placed in association with this window. During the life of the association this buffer space SHOULD not be lessened (i.e. dedicated buffers taken away from this association). Number of Outbound Streams (OS): 16 bit u_int Defines the number of outbound streams the sender of this INIT chunk wishes to create in this association. The value of 0 MUST NOT be used. Number of Inbound Streams (MIS) : 16 bit u_int Defines the MAXIMUM number of streams the sender of this INIT chunk allows the peer end to create in this association. The value 0 MUST NOT be used. Initial TSN (I-TSN) : 32 bit u_int Defines the initial TSN that the sender will use. The valid range is from 0x0 to 0xffffffff. This field MAY be set to the value of the Initiate Tag field. Stewart, et al [Page 18] Internet Draft Stream Control Transmission Protocol April 2000 Vendor-specific parameters are allowed in INIT. However, they MUST be appended to the end of the above INIT chunks. The format of the vendor-specific parameters MUST follow the Type-Length-value format as defined in Section 3.2.2. In case an endpoint does not support the vendor-specific chunks received, it MUST ignore them. 3.3.1.1 Optional/Variable Length Parameters in INIT The following parameters follow the Type-Length-Value format as defined in Section 3.2.1. The IP address fields MUST come after the fixed-length fields defined in the previous Section. Any extensions SHOULD come after the IP address fields. IPv4 Address Parameter 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1|0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv4 Address: 32 bit Contains an IPv4 address of the sending endpoint. It is binary encoded. IPv6 Address Parameter 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0|0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | IPv6 Address | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv6 Address: 128 bit Contains an IPv6 address of the sending endpoint. It is binary encoded. Combining with the Source Port Number in the SCTP common header, the value passed in an IPv4 or IPv6 Address parameter indicates a transport address the sender of the INIT will support for the association being initiated. That is, during the lifetime of this association, this IP address may appear in the source address field Stewart, et al [Page 19] Internet Draft Stream Control Transmission Protocol April 2000 of a datagram sent from the sender of the INIT, and may be used as a destination address of a datagram sent from the receiver of the INIT. More than one IP Address parameter can be included in an INIT chunk when the INIT sender is multi-homed. Moreover, a multi-homed endpoint may have access to different types of network, thus more than one address type may be present in one INIT chunk, i.e., IPv4 and IPv6 transport addresses are allowed in the same INIT message. If the INIT contains at least one IP Address parameter, then only the transport address(es) provided within the INIT may be used as destinations by the responding end. If the INIT does not contain any IP Address parameters, the responding end MUST use the source address associated with the received SCTP datagram as its sole destination address for the association. Cookie Preservative The sender of the INIT shall use this parameter to suggest to the receiver of the INIT for a longer life-span of the State Cookie. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1|0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Suggested Cookie Life-span Increment (msec.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Suggested Cookie Life-span Increment: 32bit u_int This parameter indicates to the receiver how much increment the sender wishes the receiver to add to its default cookie life-span. This optional parameter should be added to the INIT message by the sender when it re-attempts establishing an association with a peer to which its previous attempt of establishing the association failed due to a Stale COOKIE error. Note, the receiver MAY choose to ignore the suggested cookie life-span increase for its own security reasons. Host Name Address The sender of INIT uses this parameter to pass its Host Name (in place of its IP addresses) to its peer. The peer is responsible for resolving the name. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Host Name / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Host Name: variable length Defined as a zero terminated ASCII string with a variable length. The syntax of the host name is out of scope of SCTP. Supported Address Types The sender of INIT uses this parameter to list all the address types it can support. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Type #1 | Address Type #2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ...... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address Type: 16 bit u_int This is filled with the type value of the corresponding address TLV (e.g., IPv4 = 0x0005, IPv6 = 0x0006). 3.3.2 Initiation Acknowledgment (INIT ACK) (00000010): The INIT ACK chunk is used to acknowledge the initiation of an SCTP association. The parameter part of INIT ACK is formatted similarly to the INIT chunk. It uses two extra variable parameters: The State Cookie and the Unrecognized Parameter: The format of the INIT ACK message is shown below: Stewart, et al [Page 20] Internet Draft Stream Control Transmission Protocol April 2000 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 1 0| Chunk Flags | Chunk Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Initiate Tag | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertised Receiver Window Credit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Number of Outbound Streams | Number of Inbound Streams | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Initial TSN | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Optional/Variable-Length Parameters / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The INIT ACK contains the following parameters. Unless otherwise noted, each parameter MUST only be included once in the INIT ACK chunk. Fixed Parameters Status ---------------------------------------------- Initiate Tag Mandatory Advertised Receiver Window Credit Mandatory Number of Outbound Streams Mandatory Number of Inbound Streams Mandatory Initial TSN Mandatory Variable Parameters Status Type Value ------------------------------------------------------------- State Cookie Mandatory 0x0007 IPv4 Address (Note 1) Optional 0x0005 IPv6 Address (Note 1) Optional 0x0006 Unrecognized Parameters Optional 0x0008 Reserved for ECN Capable (Note 2) Optional 0x000a Host Name Address (Note 3) Optional 0x000b Note 1: The INIT ACK chunks may contain any number of IP address parameters that may be IPv4 and/or IPv6 in any combination. Note 2: The ECN capable field is reserved for future use of Explicit Congestion Notification. Note 3: The INIT ACK chunks may contain AT MOST one Host Name address parameter. Moreover, the sender of the INIT ACK SHALL not combine any other address types with the Host Name address in the INIT ACK while the receiver of the INIT ACK MUST ignore any other address types if the Host Name address parameter is present. Same as with INIT, in combination with the Source Port carried in the SCTP common header, each IP Address parameter in the INIT ACK indicates to the receiver of the INIT ACK a valid transport address supported by the sender of the INIT ACK for the lifetime of the association being initiated. If the INIT ACK contains at least one IP Address parameter, then only the transport address(es) explicitly indicated in the INIT ACK may be used as the destination(s) by the receiver of the INIT ACK. However, if the INIT ACK contains no IP Address parameter, the receiver of the INIT ACK MUST take the source IP address associated with this INIT ACK as its sole destination address for this association. Stewart, et al [Page 21] Internet Draft Stream Control Transmission Protocol April 2000 The State Cookie and Unrecognized Parameters use the Type-Length- Value format as defined in Section 3.2.1 and are described below. The other fields are defined the same as their counterparts in the INIT message. 3.3.2.1 Optional or Variable Length Parameters State Cookie: variable size, depending on Size of Cookie This field MUST contain all the necessary state and parameter information required for the sender of this INIT ACK to create the association, along with an Integrity Check Value (ICV). See Section 5.1.3 for details on Cookie definition. The Cookie MUST be padded with '0' to the next 32-bit word boundary. The internal format of the Cookie is implementation-specific. Unrecognized Parameters: Variable Size. This parameter is returned to the originator of the INIT message if the receiver does not recognize one or more Optional TLV parameters in the INIT chunk. This parameter field will contain the unrecognized parameters copied from the INIT message complete with TLV. Vendor-Specific parameters are allowed in INIT ACK. However, they MUST be defined using the format described in Section 3.2.2, and be appended to the end of the above INIT ACK chunk. In case the receiver of the INIT ACK does not support the vendor-specific parameters received, it MUST ignore those fields. 3.3.3 Selective Acknowledgment (SACK) (00000011): This chunk is sent to the remote endpoint to acknowledge received DATA chunks and to inform the remote endpoint of gaps in the received subsequences of DATA chunks as represented by their TSNs. The SACK MUST contain the Cumulative TSN ACK and Advertised Receiver Window Credit (a_rwnd) parameters. By definition, the value of the Cumulative TSN ACK parameter is the last TSN received at the time the Selective ACK is sent, before a break in the sequence of received TSNs occurs; the next TSN value following this one has not yet been received at the reporting end. This parameter therefore acknowledges receipt of all TSNs up to and including the value given. The handling of the a_rwnd by the receiver of the SACK is discussed in detail in Section 6.2.1. The Selective ACK also contains zero or more fragment reports. Each fragment report acknowledges a subsequence of TSNs received following a break in the sequence of received TSNs. By definition, all TSNs acknowledged by fragment reports are higher than the value of the Cumulative TSN ACK. Stewart, et al [Page 22] Internet Draft Stream Control Transmission Protocol April 2000 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 1 1|Chunk Flags | Chunk Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cumulative TSN ACK | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertised Receiver Window Credit (a_rwnd) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Number of Fragments = N | Number of Duplicate TSNs = X | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Fragment #1 Start | Fragment #1 End | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / \ ... \ / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Fragment #N Start | Fragment #N End | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Duplicate TSN 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / \ ... \ / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Duplicate TSN X | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Chunk Flags: Set to all zeros on transmit and ignored on receipt. Cumulative TSN ACK: 32 bit u_int This parameter contains the TSN of the last DATA chunk received in sequence before a gap. Advertised Receiver Window Credit (a_rwnd): 32 bit u_int This field indicates the updated receive buffer space in octets of the sender of this SACK, see Section 6.2.1 for details. Number of Fragments: 16 bit u_int Indicates the number of TSN fragments included in this Selective ACK. Number of Duplicate TSNs: 16 bit This field contains the number of duplicate TSNs the endpoint has received. Each duplicate TSN is listed following the fragment list. Fragments: These fields contain the ack fragments. They are repeated for each fragment up to the number of fragments defined in the Number of Fragments field. All DATA chunks with TSNs between the (Cumulative TSN ACK + Fragment Start) and (Cumulative TSN ACK + Fragment End) of each fragment are assumed to have been received correctly. Stewart, et al [Page 23] Internet Draft Stream Control Transmission Protocol April 2000 Fragment Start: 16 bit u_int Indicates the Start offset TSN for this fragment. To calculate the actual TSN number the Cumulative TSN ACK is added to this offset number to yield the TSN. This calculated TSN identifies the first TSN in this fragment that has been received. Fragment End: 16 bit u_int Indicates the End offset TSN for this fragment. To calculate the actual TSN number the Cumulative TSN ACK is added to this offset number to yield the TSN. This calculated TSN identifies the TSN of the last DATA chunk received in this fragment. Duplicate TSN: 32 bit u_int Indicates a TSN that was received in duplicate. For example, assume the receiver has the following datagrams newly arrived at the time when it decides to send a Selective ACK, ---------- | TSN=17 | ---------- | | <- still missing ---------- | TSN=15 | ---------- | TSN=14 | ---------- | | <- still missing ---------- | TSN=12 | ---------- | TSN=11 | ---------- | TSN=10 | ---------- then, the parameter part of the Selective ACK MUST be constructed as follows (assuming the new a_rwnd is set to 0x1234 by the sender): +---------------+--------------+ | Cumulative TSN ACK = 12 | ----------------+--------------- | a_rwnd = 0x1234 | ----------------+--------------- | num of frag=2 | num of dup=0 | ----------------+--------------- |frag #1 strt=2 |frag #1 end=3 | ----------------+--------------- |frag #2 strt=5 |frag #2 end=5 | -------------------------------- Stewart, et al [Page 24] Internet Draft Stream Control Transmission Protocol April 2000 3.3.4 Heartbeat Request (HEARTBEAT) (00000100): An endpoint should send this chunk to its peer endpoint of the current association to probe the reachability of a particular destination transport address defined in the present association. The parameter field contains the Heartbeat Information which is a variable length opaque data structure understood only by the sender. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 1 0 0| Chunk Flags | Heartbeat Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Heartbeat Information (Variable-Length) / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Chunk Flags: Set to zero on transmit and ignored on receipt. Heartbeat Length: Set to the size of the chunk in octets, including the chunk header and the Heartbeat Information field. Heartbeat Information: defined as a variable-length parameter using the format described in Section 3.2.1, i.e.: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Heartbeat Info Type=1 | HB Info Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Sender-specific Heartbeat Info / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Sender-specific Heartbeat Info field should normally include information about the sender's current time when this HEARTBEAT message is sent and the destination transport address to which this HEARTBEAT is sent (see Section 8.3). Stewart, et al [Page 25] Internet Draft Stream Control Transmission Protocol April 2000 3.3.5 Heartbeat Acknowledgment (HEARTBEAT ACK) (00000101): An endpoint should send this chunk to its peer endpoint as a response to a Heartbeat Request (see Section 8.3). The parameter field contains a variable length opaque data structure. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 1 0 1| Chunk Flags | Heartbeat Ack Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Heartbeat Information (Variable-Length) / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Chunk Flags: Set to zero on transmit and ignored on receipt. Heartbeat Ack Length: Set to the size of the chunk in octets, including the chunk header and the Heartbeat Information field. Heartbeat Information: The values of this field SHALL be copied from the Heartbeat Information field found in the Heartbeat Request to which this Heartbeat Acknowledgment is responding. 3.3.6 Abort Association (ABORT) (00000110): The ABORT chunk is sent to the peer of an association to terminate the association. The ABORT chunk may contain cause parameters to inform the receiver the reason of the abort. DATA chunks MUST not be bundled with ABORT. Control chunks MAY be bundled with an ABORT but they MUST be placed before the ABORT in the SCTP datagram, or they will be ignored by the receiver. If an endpoint receives an ABORT with a format error or for an association that doesn't exist, it MUST silently discard it. Moreover, under any circumstances, an endpoint that receives an ABORT MUST never respond to that ABORT by sending an ABORT of its own. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 1 1 0| Chunk Flags | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / zero or more Error Causes / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Stewart, et al [Page 26] Internet Draft Stream Control Transmission Protocol April 2000 Chunk Flags: Set to zero on transmit and ignored on receipt. Length: Set to the size of the chunk in octets, including the chunk header and all the Error Cause fields present. See Section 3.3.9 for Error Cause definitions. Note: Special rules apply to the Verification Tag field of SCTP datagrams which carry an ABORT, see Section 8.5.1 for details. 3.3.7 SHUTDOWN (00000111): An endpoint in an association MUST use this chunk to initiate a graceful termination of the association with its peer. This chunk has the following format. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 1 1 1|Chunk Flags |0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cumulative TSN ACK | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Chunk Flags: Set to zero on transmit and ignored on receipt. Cumulative TSN ACK: 32 bit u_int This parameter contains the TSN of the last chunk received in sequence before any gaps. Stewart, et al [Page 27] Internet Draft Stream Control Transmission Protocol April 2000 3.3.8 Shutdown Acknowledgment (SHUTDOWN ACK) (00001000): This chunk MUST be used to acknowledge the receipt of the SHUTDOWN chunk at the completion of the shutdown process, see Section 9.2 for details. The SHUTDOWN ACK chunk has no parameters. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 1 0 0 0|Chunk Flags |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Chunk Flags: Set to zero on transmit and ignored on receipt. Note: if the endpoint that receives the SHUTDOWN message does not have a TCB or tag for the sender of the SHUTDOWN, the receiver MUST still respond. In such cases, the receiver MUST send back a stand-alone SHUTDOWN ACK chunk in an SCTP datagram with the Verification Tag field of the common header filled with all '0's. 3.3.9 Operation Error (ERROR) (00001001): This chunk is sent to the other endpoint in the association to notify certain error conditions. It contains one or more error causes. It has the following parameters: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 1 0 0 1| Chunk Flags | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / one or more Error Causes / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Chunk Flags: Set to zero on transmit and ignored on receipt. Length: Set to the size of the chunk in octets, including the chunk header and all the Error Cause fields present. Error causes are defined as variable-length parameters using the format described in 3.2.1, i.e.: Stewart, et al [Page 28] Internet Draft Stream Control Transmission Protocol April 2000 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cause Code | Cause Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Cause-specific Information / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Cause Code: 16 bit u_int Defines the type of error conditions being reported. Cause Length: 16 bit u_int Set to the size of the parameter in octets, including the Cause Code, Cause Length, and Cause-Specific Information fields Cause-specific Information: variable length This field carries the details of the error condition. Currently SCTP defines the following error causes: Cause of error --------------- Invalid Stream Identifier: indicating receiving a DATA sent to a nonexistent stream. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cause Code=1 | Cause Length=8 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Stream Identifier | (Reserved) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Cause of error --------------- Missing Mandatory Parameter: indicating that mandatory one or more TLV parameters are missing in a received INIT or INIT ACK. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cause Code=2 | Cause Length=8+N*2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Number of missing params=N | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Missing Param Type #1 | Missing Param Type #2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Missing Param Type #N-1 | Missing Param Type #N | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Each missing mandatory parameter type should be specified. Stewart, et al [Page 29] Internet Draft Stream Control Transmission Protocol April 2000 Cause of error -------------- Stale Cookie Error: indicating the receiving of a valid cookie which is however expired. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cause Code=3 | Cause Length=8 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Measure of Staleness (usec.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The sender of this error cause MAY choose to report how long past expiration the cookie is, by putting in the Measure of Staleness field the difference, in microseconds, between the current time and the time the cookie expired. If the sender does not wish to provide this information it should set Measure of staleness to 0. Cause of error --------------- Out of Resource: indicating that the sender is out of resource. This is usually sent in combination with or within an ABORT. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cause Code=4 | Cause Length=4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Cause of error --------------- Unresolvable Address: indicating that the sender is not able to resolve the specified address parameter (e.g., type of address is not supported by the sender). This is sent within an ABORT. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cause Code=5 | Cause Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / The Unresolvable Address / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The parameter field contains the complete TLV of the unresolvable address. Cause of error --------------- Unrecognized Parameters: This error cause is returned to the originator of the INIT ACK message if the receiver does not recognize one or more Optional TLV parameters in the INIT ACK chunk. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cause Code=8 | Cause Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / The Unrecognized Parameters / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The error field will contain the unrecognized parameters copied from the INIT ACK message complete with TLV. This error is normally bundled with the Cookie chunk when responding to the INIT ACK, when the sender of the Cookie wishes to report unrecognized parameters. Guidelines for IETF-defined Error Cause extensions are discussed in Section 13.3 of this document. 3.3.10 State Cookie (COOKIE) (00001010): This chunk is used only during the initialization of an association. It is sent by the initiator of an association to its peer to complete the initialization process. This chunk MUST precede any chunk sent within the association, but MAY be bundled with one or more DATA chunks in the same datagram. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 1 0 1 0|Chunk Flags | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cookie | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Chunk Flags: 8 bit Set to zero on transmit and ignored on receipt. Length: 16 bit u_int Set to the size of the chunk in octets, including the 4 octets of the chunk header and the size of the Cookie. Stewart, et al [Page 30] Internet Draft Stream Control Transmission Protocol April 2000 Cookie: variable size This field must contain the exact cookie received in the State Cookie parameter from a previous INIT ACK. 3.3.11 Cookie Acknowledgment (COOKIE ACK) (00001011): This chunk is used only during the initialization of an association. It is used to acknowledge the receipt of a COOKIE chunk. This chunk MUST precede any chunk sent within the association, but MAY be bundled with one or more DATA chunks in the same SCTP datagram. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 1 0 1 1|Chunk Flags |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Chunk Flags: Set to zero on transmit and ignored on receipt. 3.3.12 Payload Data (DATA) (00000000): The following format MUST be used for the DATA chunk: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0 0 0 0 0| Reserved|U|B|E| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TSN | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Stream Identifier S | Stream Sequence Number n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Protocol Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / User Data (seq n of Stream S) / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Reserved: 5 bits should be set to all '0's and ignored by the receiver. U bit: 1 bit The (U)nordered bit, if set, indicates that this is an unordered data chunk, and there is NO Stream Sequence Number assigned to this DATA chunk. Therefore, the receiver MUST ignore the Stream Sequence Number field. Stewart, et al [Page 31] Internet Draft Stream Control Transmission Protocol April 2000 After re-assembly (if necessary), unordered data chunks MUST be dispatched to the upper layer by the receiver without any attempt of re-ordering. Note, if an unordered user message is segmented, each segment of the message MUST have its U bit set to 1. B bit: 1 bit The (B)eginning segment bit, if set, indicates the first segment of a user message. E bit: 1 bit The (E)nding segment bit, if set, indicates the last segment of a user message. A non-segmented user message shall have both the B and E bits set to 1. Setting both B and E bits to 0 indicates a middle segment of a multi-segment user message, as summarized in the following table: B E Description ============================================================ | 1 0 | First piece of a segmented user message | +----------------------------------------------------------+ | 0 0 | Middle piece of a segmented user message | +----------------------------------------------------------+ | 0 1 | Last piece of a segmented user message | +----------------------------------------------------------+ | 1 1 | Un-segmented Message | ============================================================ Length: 16 bits (16 bit u_int) This field indicates the length of the DATA chunk in octets. It includes the Type field, the Reserved field, the U and B/E bits, the Length field, TSN, the Stream Identifier, the Stream Sequence Number, and the User Data fields. It does not include any padding. TSN : 32 bits (32 bit u_int) This value represents the TSN for this DATA chunk. The valid range of TSN is from 0x0 to 0xffffffff. Stream Identifier S: 16 bit u_int Identifies the stream to which the following user data belongs. Stream Sequence Number n: 16 bit u_int This value presents the stream sequence number of the following user data within the stream S. Valid range is 0x0 to 0xFFFF. Note, when a user message is segmented by SCTP for transport, the same stream sequence number MUST be carried in each of the segments of the message. Stewart, et al [Page 32] Internet Draft Stream Control Transmission Protocol April 2000 Payload Protocol Identifier: 32 bits (32 bit u_int) This value represents an application (or upper layer) specified protocol identifier. This value is passed to SCTP by its upper layer and sent to its peer. This identifier is not used by SCTP but may be used by certain network entities as well as the peer application to identify the type of information being carried in this DATA chunk. The value 0x0 indicates no application identifier is specified by the upper layer for this payload data. User Data: variable length This is the payload user data. The implementation MUST pad the end of the data to a 32 bit boundary with 0 octets. Any padding MUST NOT be included in the length field. 3.4 Vendor-Specific Chunk Extensions This Chunk type is available to allow vendors to support their own extended data formats not defined by the IETF. It MUST not affect the operation of SCTP. In particular, when adding a Vendor Specific chunk type, the vendor defined chunks MUST obey the congestion avoidance rules defined in this document if they carry user data. User data is defined as any data transported over the association that is delivered to the upper layer of the receiver. Endpoints not equipped to interpret the vendor-specific chunk sent by a remote endpoint MUST ignore it. Endpoints that do not receive desired vendor specific information SHOULD make an attempt to operate without it, although they may do so (and report they are doing so) in a degraded mode. A summary of the Vendor-Specific Chunk format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Flags | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor-Id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Value / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 8 bit u_int 0xFE for all Vendor-Specific chunks. Stewart, et al [Page 33] Internet Draft Stream Control Transmission Protocol April 2000 Flags: 8 bit u_int Vendor specific flags. Length: 16 bit u_int Size of this Vendor-Specific chunks in octets, including the Type, Flags, Length, Vendor-Id, and Value fields. Vendor-Id: 32 bit u_int The high-order octet is 0 and the low-order 3 octets are the SMI Network Management Private Enterprise Code of the Vendor in network byte order, as defined in the Assigned Numbers (RFC 1700). Value: Variable length The Value field is one or more octets. The actual format of the information is site or application specific, and a robust implementation SHOULD support the field as undistinguished octets. The codification of the range of allowed usage of this field is outside the scope of this specification. 4. SCTP Association State Diagram During the lifetime of an SCTP association, the SCTP endpoints progress from one state to another in response to various events. The events that may potentially advance an endpoint's state include: o SCTP user primitive calls, e.g., [ASSOCIATE], [TERMINATE], [ABORT], o reception of INIT, COOKIE, ABORT, SHUTDOWN, etc. control chunks, or o some timeout events. The state diagram in the figures below illustrates state changes, together with the causing events and resulting actions. Note that some of the error conditions are not shown in the state diagram. Full description of all special cases should be found in the text. Note, chunk names are given in all capital letters, while parameter names have the first letter capitalized, e.g., COOKIE chunk type vs. Cookie parameter. Stewart, et al [Page 34] Internet Draft Stream Control Transmission Protocol April 2000 ----- -------- (frm any state) / \ / rcv ABORT [ABORT] rcv INIT | | | ---------- or ---------- --------------- | v v delete TCB snd ABORT generate Cookie \ +---------+ delete TCB snd INIT.ACK ---| CLOSED | +---------+ / \ [ASSOCIATE] / \ --------------- | | create TCB | | snd INIT | | strt init timer rcv valid COOKIE | v (1) ---------------- | +------------+ create TCB | | COOKIE_WAIT| (2) snd COOKIE.ACK | +------------+ | | | | rcv INIT.ACK | | ----------------- | | snd COOKIE | | stop init timer | | strt cookie timer | v | +------------+ | | COOKIE_SENT| (3) | +------------+ | | | | rcv COOKIE.ACK | | ----------------- | | stop cookie timer v v +---------------+ | ESTABLISHED | +---------------+ (from the ESTABLISHED state only) | | /--------+--------\ [TERMINATE] / \ ----------------- | | check outstanding | | data chunks | | v | +---------+ | |SHUTDOWN | | rcv SHUTDOWN |PENDING | | ---------------- +---------+ | x | | No more outstanding | | ------------------- | | snd SHUTDOWN | | strt shutdown timer | | v v Stewart, et al [Page 35] Internet Draft Stream Control Transmission Protocol April 2000 +---------+ +-----------+ (4) |SHUTDOWN | | SHUTDOWN | (5) |SENT | | RECEIVED | +---------+ +-----------+ | | rcv SHUTDOWN.ACK | | x ------------------- | |----------------- stop shutdown timer | | retransmit missing DATA delete TCB | | send SHUTDOWN.ACK | | delete TCB | | \ +---------+ / \-->| CLOSED |<--/ +---------+ Note: (1) If the received COOKIE is invalid (i.e., failed to pass the authentication check), the receiver MUST silently discard the datagram. Or, if the received COOKIE is expired (see Section 5.1.5), the receiver SHALL send back an ERROR chunk. In either case, the receiver stays in the CLOSED state. (2) If the init timer expires, the endpoint SHALL retransmit INIT and re-start the init timer without changing state. This SHALL be repeated up to 'Max.Init.Retransmits' times. After that, the endpoint SHALL abort the initialization process and report the error to SCTP user. (3) If the T1-cookie timer expires, the endpoint SHALL retransmit COOKIE and re-start the T1-cookie timer without changing state. This SHALL be repeated up to 'Max.Init.Retransmits' times. After that, the endpoint SHALL abort the initialization process and report the error to SCTP user. (4) In SHUTDOWN-SENT state the endpoint SHALL acknowledge any received DATA chunks without delay (5) In SHUTDOWN-RECEIVED state, the endpoint MUST NOT accept any new send request from its SCTP user. 5. Association Initialization Before the first data transmission can take place from one SCTP endpoint ("A") to another SCTP endpoint ("Z"), the two endpoints must complete an initialization process in order to set up an SCTP association between them. The SCTP user at an endpoint should use the ASSOCIATE primitive to initialize an SCTP association to another SCTP endpoint. Stewart, et al [Page 36] Internet Draft Stream Control Transmission Protocol April 2000 IMPLEMENTATION NOTE: From an SCTP-user's point of view, an association may be implicitly opened, without an ASSOCIATE primitive (see 10.1 B) being invoked, by the initiating endpoint's sending of the first user data to the destination endpoint. The initiating SCTP will assume default values for all mandatory and optional parameters for the INIT/INIT ACK. Once the association is established, unidirectional streams will be open for data transfer on both ends (see Section 5.1.1). 5.1 Normal Establishment of an Association The initialization process consists of the following steps (assuming that SCTP endpoint "A" tries to set up an association with SCTP endpoint "Z" and "Z" accepts the new association): A) "A" shall first send an INIT message to "Z". In the INIT, "A" must provide its security tag "Tag_A" in the Initiate Tag field. Tag_A SHOULD be a random number in the range of 0x1 to 0xffffffff (see 5.3.1 for Tag value selection). After sending the INIT, "A" starts the T1-init timer and enters the COOKIE-WAIT state. B) "Z" shall respond immediately with an INIT ACK message. In the message, besides filling in other parameters, "Z" must set the Verification Tag field to Tag_A, and also provide its own security tag "Tag_Z" in the Initiate Tag field. Moreover, "Z" MUST generate and send along with the INIT ACK an State Cookie. See Section 5.1.3 for State Cookie generation. Note: after sending out INIT ACK with the cookie, "Z" MUST not allocate any resources, nor keep any states for the new association. Otherwise, "Z" will be vulnerable to resource attacks. C) Upon reception of the INIT ACK from "Z", "A" shall stop the T1-init timer and leave COOKIE-WAIT state. "A" shall then send the cookie received in the INIT ACK message in a cookie chunk, start the T1-cookie timer, and enter the COOKIE-SENT state. Note, the cookie chunk can be bundled with any pending outbound DATA chunks, but it MUST be the first chunk in the datagram AND until the COOKIE ACK is returned the sender MUST NOT send any other datagrams to the peer. D) Upon reception of the COOKIE chunk, Endpoint "Z" will reply with a COOKIE ACK chunk after building a TCB and marking itself to the ESTABLISHED state. A COOKIE ACK chunk may be combined with any pending DATA chunks (and/or SACK chunks), but the COOKIE ACK chunk MUST be the first chunk in the datagram. IMPLEMENTATION NOTE: an implementation may choose to send the Communication Up notification to the SCTP user upon reception of a valid COOKIE. Stewart, et al [Page 37] Internet Draft Stream Control Transmission Protocol April 2000 E) Upon reception of the COOKIE ACK, endpoint "A" will move from the COOKIE-SENT state to the ESTABLISHED state, stopping the T1-cookie timer, and it may also notify its ULP about the successful establishment of the associate with a Communication Up notification (see Section 10). Note: A DATA chunk MUST NOT be carried in the INIT or INIT ACK message. Note: T1-init timer and T1-cookie timer shall follow the same rules given in Section 6.3. Note: if an endpoint receives an INIT, INIT ACK, or COOKIE chunk but decides not to establish the new association due to missing mandatory parameters in the received INIT or INIT ACK, invalid parameter values, or, lack of local resources, it SHALL respond with an ABORT chunk. It SHOULD also specify the cause of abort, such as the type of the missing mandatory parameters, etc., by either including cause parameters or bundling with the ABORT one or more Operational ERROR chunks. The Verification Tag field in the common header of the outbound abort datagram MUST be set to equal the Initiate Tag value of the peer. Note: After the reception of the first data chunk in an association the receiver MUST immediately respond with a SACK to acknowledge the data chunk, subsequent acknowledgments should be done as described in section 6.2. Note: When an SCTP endpoint sends an INIT or INIT ACK it SHOULD include all of its transport addresses in the parameter section. This is because it may NOT be possible to control the "sending" address that a receiver of an SCTP datagram sees. A receiver thus MUST know every address that may be a source address for a peer SCTP endpoint, this assures that the inbound SCTP datagram can be matched to the proper association. Note: At the time when the TCB is created, either end MUST set its internal cumulative TSN acknowledgment point to its peer's Initial TSN minus one. IMPLEMENTATION Note: The IP address and SCTP port(s) are generally used as the key to find the TCB within an SCTP instance. 5.1.1 Handle Stream Parameters In the INIT and INIT ACK messages, the sender of the message shall indicate the number of outbound streams (OS) it wishes to have in the association, as well as the maximal inbound streams (MIS) it will accept from the other endpoint. After receiving these stream configuration information from the other side, each endpoint shall perform the following check: if the peer's MIS is less than the endpoint's OS, meaning that the peer is incapable of supporting all the outbound streams the endpoint wants to configure, the endpoint MUST either settle with MIS outbound streams, or abort the association and report to its upper layer the resources shortage at its peer. Stewart, et al [Page 38] Internet Draft Stream Control Transmission Protocol April 2000 After the association is initialized, the valid outbound stream identifier range for either endpoint shall be 0 to min(local OS, remote MIS)-1. 5.1.2 Handle Address Parameters During the association initialization, an endpoint shall use the following rules to discover and collect the destination transport address(es) of its peer. A) If there are no address parameters present in the received INIT or INIT ACK message, the receiver shall take the source IP address from which the message arrives and record it, in combination with the SCTP source port number, as the only destination transport address for this peer. B) If there is a Host Name parameter present in the received INIT or INIT ACK message, the receiver shall resolve that host name to a list of IP address(es) and derive the transport address(es) of this peer by combining the resolved IP address(es) with the SCTP source port. Note: the receiver MUST ignore any other IP address parameters if they are also present in the received INIT or INIT ACK message. Note: when the receiver of an INIT resolves the host name may have potential security implications to SCTP. If the receiver of an INIT resolves the host name upon the reception of the message, and the mechanism the receiver uses to resolve the host name involves potential long delay (e.g. DNS query), the receiver may open itself up to resource attacks for the period of time while it is waiting for the name resolution results before it can build the cookie and release local resource. Therefore, in cases where the name translation involves potential long delay, the receiver of the INIT SHOULD postpone the name resolution till the reception of the COOKIE message from the peer. In such a case, the receiver of the INIT SHOULD build the cookie using the received Host Name (instead of destination transport addresses) and send the INIT ACK to the source IP address from where the INIT is received. The receiver of an INIT ACK shall always immediately attempt to resolve the name upon the reception of the message. The receiver of the INIT or INIT ACK MUST NOT send user data (piggy-backed or stand-alone) to its peer until the host name is successfully resolved. If the name resolution is not successful, the endpoint SHALL immediately send an ABORT with Unresolvable Address error to its peer. The ABORT shall be sent to the source IP address from where the last peer message was received. C) If there are only IPv4/IPv6 addresses present in the received INIT or INIT ACK message, the receiver shall derive and record all the transport address(es) from the received message. The transport address(es) are derived by the combination of SCTP source port (from the common header) and the IP address parameter(s) carried in the INIT or INIT ACK message. The receiver should use only these transport addresses as destination transport addresses when sending subsequent datagrams to its peer. After all transport addresses are derived from the INIT or INIT ACK message using above rules, the endpoint shall select one of the transport addresses as the initial primary destination transport address. Note: the sender of INIT may include a 'Supported Address Types' parameter in the INIT to indicate what types of address are acceptable. When this parameter is present, the receiver of INIT (initiatee) SHALL either use one of the address types indicated in the 'Supported Address Types' parameter when responding to the INIT, or abort the association with an Unresolvable Address error if it is unwilling or incapable of using any of the address types indicated by its peer. IMPLEMENTATION NOTE: In the case that the receiver of an INIT ACK fails to resolve the address parameter due to an unsupported type, it can abort the initiation process and then attempt a re-initiation by using a 'Supported Address Types' parameter in the new INIT to indicate what types of address it prefers. 5.1.3 Generating State Cookie When sending an INIT ACK as a response to an INIT message, the sender of INIT ACK should create an State Cookie and send it as part of the INIT ACK. Inside this State Cookie, the sender should include a ICV security signature or MAC (message Authentication code) [4], a time stamp on when the cookie is created, and the lifespan of the cookie, along with all the information necessary for it to establish the association. The following steps SHOULD be taken to generate the cookie: 1) create an association TCB using information from both the received INIT and the outgoing INIT ACK messages, 2) in the TCB, set the creation time to the current time of day, and the lifespan to the protocol parameter 'Valid.Cookie.Life', 3) Generate a MAC signature using the TCB and a Private Key (see [4] for details on generating the MAC), and Stewart, et al [Page 39] Internet Draft Stream Control Transmission Protocol April 2000 4) generate the State Cookie by combining the TCB and the resultant ICV signature. After sending the INIT ACK with the cookie, the sender SHOULD delete the TCB and any other local resource related to the new association, so as to prevent resource attacks. The ICV and hashing method used to generate the MAC is strictly a private matter for the receiver of the INIT message. The use of a MAC is mandatory to prevent denial of service attacks. The Private Key MUST be random per RFC1750 [1]; it SHOULD be changed reasonably frequently, and the timestamp in the cookie MAY be used to determine which key should be used to verify the MAC. 5.1.4 Cookie Processing When an endpoint receives an INIT ACK chunk with a State Cookie parameter, it MUST immediately send a COOKIE chunk to its peer with the received cookie. The sender MAY also add any pending DATA chunks to the message. The sender shall also start the T1-cookie timer after sending out the COOKIE chunk. If the timer expires, the sender shall retransmit the COOKIE chunk and restart the T1-cookie timer. This is repeated until either a COOKIE ACK is received or 'Max.Init.Retransmits' is reached causing the endpoint to be marked unreachable (and thus the association enters the CLOSED state). 5.1.5 Cookie Authentication When an endpoint receives a COOKIE chunk from another endpoint with which it has no association, it shall take the following actions: 1) compute a MAC signature using the TCB data carried in the cookie and the Private Key (note the timestamp in the cookie MAY be used to determine which Private Key to use) reference [4] SHOULD be used has a guideline for generating the MAC, 2) authenticate the cookie as one that it previously generated by comparing the computed MAC signature against the one carried in the cookie. If this comparison fails, the datagram, including the COOKIE and the attached user data, should be silently discarded, 3) compare the creation time stamp in the cookie to the current local time, if the elapsed time is longer than the lifespan carried in the cookie, then the datagram, including the COOKIE and the attached user data, SHOULD be discarded and the endpoint MUST transmit a stale cookie operational error to the sending endpoint, 4) if the cookie is valid, create an association to the sender of the COOKIE message with the information in the TCB data carried in the COOKIE, and enter the ESTABLISHED state, 5) immediately acknowledge any DATA chunk in the datagram with a SACK (subsequent datagram acknowledgment should follow the rules defined in Section 6.2), and, Stewart, et al [Page 40] Internet Draft Stream Control Transmission Protocol April 2000 6) send a COOKIE ACK chunk to the sender acknowledging reception of the cookie. The COOKIE ACK MAY be piggy-backed with any outbound DATA chunk or SACK chunk. Note that if a COOKIE is received from an endpoint with which the receiver of the COOKIE has an existing association, the procedures in section 5.2 should be followed. 5.1.6 An Example of Normal Association Establishment In the following example, "A" initiates the association and then sends a user message to "Z", then "Z" sends two user messages to "A" later (assuming no bundling or segmentation occurs): Endpoint A Endpoint Z {app sets association with Z} (build TCB) INIT [INIT Tag=Tag_A & other info] --------\ (Start T1-init timer) \ (Enter COOKIE-WAIT state) \---> (compose temp TCB and Cookie_Z) /--- INIT ACK [Veri Tag=Tag_A, / INIT Tag=Tag_Z, (Cancel T1-init timer) <------/ Cookie_Z, & other info] (destroy temp TCB) COOKIE [Cookie_Z] -----------\ (Start T1-init timer) \ (Enter COOKIE-SENT state) \---> (build TCB enter ESTABLISHED state) /---- COOKIE-ACK / (Cancel T1-init timer, <-----/ Enter established state) ... {app sends 1st user data; strm 0} DATA [TSN=initial TSN_A Strm=0,Seq=1 & user data]--\ (Start T3-rxt timer) \ \-> /----- SACK [TSN ACK=init TSN_A,Frag=0] (Cancel T3-rxt timer) <------/ ... Stewart, et al [Page 41] Internet Draft Stream Control Transmission Protocol April 2000 ... {app sends 2 datagrams;strm 0} /---- DATA / [TSN=init TSN_Z <--/ Strm=0,Seq=1 & user data 1] SACK [TSN ACK=init TSN_Z, /---- DATA Frag=0] --------\ / [TSN=init TSN_Z +1, \/ Strm=0,Seq=2 & user data 2] <------/\ \ \------> Note that If T1-init timer expires at "A" after the INIT or COOKIE chunks are sent, the same INIT or cookie chunk with the same Initiate Tag (i.e., Tag_A) or cookie shall be retransmitted and the timer restarted. This shall be repeated Max.Init.Retransmits times before "A" considers "Z" unreachable and reports the failure to its upper layer (and thus the association enters the CLOSED state). When retransmitting the INIT, the endpoint SHALL following the rules defined in 6.3 to determine the proper timer value. 5.2 Handle Duplicate INIT, INIT ACK, COOKIE, and COOKIE ACK During the life time of an association (in one of the possible states), an endpoint may receive from its peer endpoint one of the setup chunks (INIT, INIT ACK, COOKIE, and COOKIE ACK). The receiver shall treat such a setup chuck as a duplicate and process it as described in this section. The following scenarios can cause duplicated chunks: A) The peer has crashed without being detected, and re-started itself and sent out a new INIT Chunk trying to restore the association, B) Both sides are trying to initialize the association at about the same time, C) The chunk is from a staled datagram that was used to establish the present association or a past association which is no longer in existence, D) The chunk is a false message generated by an attacker, or E) The peer never received the COOKIE ACK and is retransmitting its COOKIE. In case A), the endpoint shall reset the present association and set a new association with its peer. Case B) is unique and is discussed in Section 5.2.1. However, in cases C), D) and E), the endpoint must retain the present association. The rules in the following sections shall be applied in order to identify and correctly handle these cases. Stewart, et al [Page 42] Internet Draft Stream Control Transmission Protocol April 2000 5.2.1 Handle Duplicate INIT in COOKIE-WAIT or COOKIE-SENT State This usually indicates an initialization collision, i.e., both endpoints are attempting at about the same time to establish an association with the other endpoint. In such a case, each of the two side shall respond to the other side with an INIT ACK, with the Verification Tag field of the common header set to the tag value received from the INIT message, and the Initiate Tag field set to its own tag value (the same tag used in the INIT message sent out by itself). Each responder shall also generate a cookie with the INIT ACK. After that, no other actions shall be taken by either side, i.e., the endpoint shall not change its state, and the T1-init timer shall be left running. The normal procedures for handling cookies will resolve the duplicate INITs to a single association. 5.2.2 Handle Duplicate INIT in Other States Upon reception of the duplicated INIT, the receiver shall generate an INIT ACK with an State Cookie. In the outbound INIT ACK, the endpoint shall set the Verification Tag field in the common header to the peer's new tag value (from the duplicated INIT message), and the Initiate Tag field to its own tag value (unchanged from the existing association). The included State Cookie shall be generated using the current time and a temporary TCB constructed with the information provided in the duplicated INIT message (see Section 5.1.3). This temporary TCB MUST be destroyed after the outbound INIT ACK is built. After sending out the INIT ACK, the endpoint shall take no further actions, i.e., the existing association, including its current state, and the corresponding TCB MUST not be changed. 5.2.3 Handle Duplicate INIT ACK If an INIT ACK is received by an endpoint in any state other than the COOKIE-WAIT state, the endpoint should discard the INIT ACK message. A duplicate INIT ACK usually indicates the processing of an old INIT or duplicated INIT message. 5.2.4 Handle Duplicate Cookie When a duplicated COOKIE chunk is received in any state for an existing association the following rules shall be applied: 1) compute a MAC signature using the TCB data carried in the cookie along with the receiver's private security key, Stewart, et al [Page 43] Internet Draft Stream Control Transmission Protocol April 2000 2) authenticate the cookie by comparing the computed MAC signature against the one carried in the cookie. If this comparison fails, the datagram, including the COOKIE and the attached user data, should be silently discarded (this is case C or D above). 3) compare the timestamp in the cookie to the current time, if the cookie is older than the lifespan carried in the cookie, the datagram, including the COOKIE and the attached user data, should be discarded and the endpoint MUST transmit a stale cookie error to the sending endpoint only if the Verification tags of the cookie's TCB does NOT match the current tag values in the association (this is case C or D above). If both Verification tags do match consider the cookie valid (this is case E). 4) If the cookie proves to be valid, unpack the TCB into a temporary TCB. 5) If the Verification Tags in the Temporary TCB matches the Verification Tags in the existing TCB, the cookie is a duplicate cookie. A cookie ack should be sent to the peer endpoint but NO update should be made to the existing TCB. 6) If the the local Verification Tag in the temporary TCB does not match the local Verification Tag in the existing TCB, then the cookie is an old stale cookie and does not correspond to the existing association (case C above). The datagram should be silently discarded. 7) If the peer's Verification Tag in the temporary TCB does not match the peer's Verification Tag in the existing TCB, then a restart of the peer has occurred (case A above). In such a case, the endpoint should report the restart to its ULP and respond the peer with a COOKIE ACK message. It shall also update the Verification Tag, initial TSN, and the destination address list of the existing TCB with the information from the temporary TCB. After that the temporary TCB can be discarded. Furthermore, all the congestion control parameters (e.g., cwnd, ssthresh) related to this peer shall be reset to their initial values (see Section 6.2.1). IMPLEMENTATION NOTE: It is an implementation decision on how to handle any pending datagrams. The implementation may elect to either A) send all messages back to its upper layer with the restart report, or B) automatically re-queue any datagrams pending by marking all of them as never-sent and assigning new TSN's at the time of their initial transmissions based upon the updated starting TSN (as defined in section 5). Note: The "peer's Verification Tag" is the tag received in the INIT or INIT ACK chunk. Stewart, et al [Page 44] Internet Draft Stream Control Transmission Protocol April 2000 5.2.5 Handle Duplicate COOKIE-ACK. At any state other than COOKIE-SENT, an endpoint may receive a duplicated COOKIE ACK chunk. If so, the chunk should be silently discarded. 5.2.6 Handle Stale COOKIE Error A stale cookie error indicates one of a number of possible events: A) that the association failed to completely setup before the cookie issued by the sender was processed. B) an old cookie was processed after setup completed. C) an old cookie is received from someone that the receiver is not interested in having an association with and the ABORT message was lost. When processing a stale cookie an endpoint should first examine if an association is in the process of being setup, i.e. the association is in the COOKIE-SENT state. In all cases if the association is NOT in the COOKIE-SENT state, the stale cookie message should be silently discarded. If the association is in the COOKIE-SENT state, the endpoint may elect one of the following three alternatives. 1) Send a new INIT message to the endpoint, to generate a new cookie and re-attempt the setup procedure. 2) Discard the TCB and report to the upper layer the inability of setting-up the association. 3) Send a new INIT message to the endpoint, adding a cookie preservative parameter requesting an extension on the life time of the cookie. When calculating the time extension, an implementation SHOULD use the RTT information measured based on the previous COOKIE / Stale COOKIE message exchange, and should add no more than 1 second beyond the measured RTT, due to a long cookie life time makes the endpoint more subject to a replay attack. 5.3 Other Initialization Issues 5.3.1 Selection of Tag Value Initiate Tag values should be selected from the range of 0x1 to 0xffffffff. It is very important that the Tag value be randomized to help protect against "man in the middle" and "sequence number" attacks. It is suggested that RFC 1750 [1] be used for the Tag randomization. Stewart, et al [Page 45] Internet Draft Stream Control Transmission Protocol April 2000 Moreover, the tag value used by either endpoint in a given association MUST never be changed during the lifetime of the association. However, a new tag value MUST be used each time the endpoint tears-down and then re-establishes the association to the same peer. 6. User Data Transfer For transmission efficiency, SCTP defines mechanisms for bundling of small user messages and segmentation of large user messages. The following diagram depicts the flow of user messages through SCTP. +--------------------------+ | User Messages | +--------------------------+ SCTP user ^ | ==================|==|======================================= | v (1) +------------------+ +--------------------+ | SCTP DATA Chunks | |SCTP Control Chunks | +------------------+ +--------------------+ ^ | ^ | | v (2) | v (2) +--------------------------+ | SCTP datagrams | +--------------------------+ SCTP ^ | ===========================|==|=========================== | v Unreliable Packet Transfer Service (e.g., IP) Note: (1) When converting user messages into Data chunks, SCTP sender will segment user messages larger than the current path MTU into multiple data chunks. The segmented message will normally be reassembled from data chunks before delivery to the user by the SCTP receiver (see Section 6.9 for details). (2) Multiple data and control chunks may be multiplexed by the sender into a single SCTP datagram for transmission, as long as the final size of the datagram does not exceed the current path MTU. The receiver will de-multiplex the datagram back into the original chunks. The segmentation and bundling mechanisms, as detailed in Sections 6.9 and 6.10, are optional to implement by the data sender, but they MUST be implemented by the data receiver, i.e., an SCTP receiver MUST be prepared to receive and process bundled or segmented data. Stewart, et al [Page 46] Internet Draft Stream Control Transmission Protocol April 2000 6.1 Transmission of DATA Chunks The following general rules SHALL be applied by the sender for transmission and/or retransmission of outbound DATA chunks: A) At any given time, the sender MUST NOT transmit new data onto any destination transport address if its peer's rwnd indicates that the peer has no buffer space (i.e. rwnd is 0, see Section 6.2.1). However, regardless of the value of rwnd (including if it is 0), the sender can always have ONE data packet in flight to the receiver if allowed by cwnd (see rule B below). This rule allows the sender to probe for a change in rwnd that the sender missed due to the update having been lost in transmission from the receiver to the sender. B) At any given time, the sender MUST NOT transmit new data onto a given transport address if it has cwnd or more octets of data outstanding on that transport address. C) When the time comes for the sender to transmit, before sending new DATA chunks, the sender MUST first transmit any outstanding DATA chunks which are marked for retransmission (limited by the current cwnd). D) Then, the sender can send out as many new DATA chunks as Rule A and Rule B above allow. Note: multiple DATA chunks committed for transmission MAY be bundled in a single packet, unless bundling is explicitly disallowed by ULP of the data sender. Furthermore, DATA chunks being retransmitted MAY be bundled with new DATA chunks, as long as the resulting packet size does not exceed the path MTU. Note: before a sender transmits a data packet, if any received DATA chunks have not been acknowledged (e.g., due to delayed ack), the sender should create a SACK and bundle it with the outbound DATA chunk, as long as the size of the final SCTP datagram does not exceed the current MTU. See Section 6.2. IMPLEMENTATION Note: when the window is full (i.e., transmission is disallowed by Rule A and/or Rule B), the sender MAY still accept send requests from its upper layer, but SHALL transmit no more DATA chunks until some or all of the outstanding DATA chunks are acknowledged and transmission is allowed by Rule A and Rule B again. Whenever a transmission or retransmission is made to any address, if the T3-rxt timer of that address is not currently running, the sender MUST start that timer. However, if the timer of that address is already running, the sender SHALL restart the timer ONLY IF the earliest (i.e., lowest TSN) outstanding DATA chunk sent to that address is being retransmitted. Stewart, et al [Page 47] Internet Draft Stream Control Transmission Protocol April 2000 When starting or restarting the T3-rxt timer, the timer value must be adjusted according to the timer rules defined in Sections 6.3.2, and 6.3.3. Note: The sender SHOULD not use a TSN that is more than 2**31 - 1 above the beginning TSN of the current send window. 6.2 Acknowledgment on Reception of DATA Chunks The SCTP receiver MUST always acknowledge the SCTP sender about the reception of each DATA chunk. The guidelines on delayed acknowledgment algorithm specified in Section 4.2 of RFC 2581 [3] SHOULD be followed. Specifically, an acknowledgment SHOULD be generated for at least every second datagram received, and SHOULD be generated within 200 ms of the arrival of any unacknowledged datagram. IMPLEMENTATION NOTE: the maximal delay for generating an acknowledgment may be configured by the SCTP user, either statically or dynamically, in order to meet the specific timing requirement of the signaling protocol being carried. Acknowledgments MUST be sent in SACK control chunks. A SACK chunk can acknowledge the reception of multiple DATA chunks. See Section 3.3.3 for SACK chunk format. In particular, the SCTP receiver MUST fill in the Cumulative TSN ACK field to indicate the latest cumulative TSN number it has received, and any received segments beyond the Cumulative TSN SHALL also be reported. Upon reception of the SACK, the data sender MUST adjust its total outstanding data count and the outstanding data count on those destination addresses for which one or more data chunks is acknowledged by the SACK. Note: When a datagram arrives with duplicate DATA chunk(s) and no new DATA chunk(s), the receiver MUST immediately send a SACK with no delay. Normally this will occur when the original SACK was lost, and the peers RTO has expired. The duplicate TSN number(s) SHOULD be reported in the SACK as duplicate. When a receiver prepares a SACK, any duplicate DATA chunks received SHOULD be reported in the SACK. When a SACK is received the receiver MAY use the Duplicate TSN information to determine if SACK loss is occurring. Further use of this data is for future study. Note: If a SACK is received that indicates a previously out of order chunk has been discarded by the receiver (due to a buffer space shortage), the sender should mark the chunk as having a first strike for retransmit against the chunk and start a timer on the last transmitted destination address (if one is not already running on that destination address). The sender SHOULD not retransmit the chunk until the fast retransmit algorithm indicates it should. This will allow the receiver time to clear up the receive buffer problem that caused it to discard the chunk. The following example illustrates the use of delayed acknowledgments: Endpoint A Endpoint Z {App sends 3 messages; strm 0} DATA [TSN=7,Strm=0,Seq=3] ------------> (ack delayed) (Start T3-rxt timer) Stewart, et al [Page 48] Internet Draft Stream Control Transmission Protocol April 2000 DATA [TSN=8,Strm=0,Seq=4] ------------> (send ack) /------- SACK [TSN ACK=8,Frag=0] (cancel T3-rxt timer) <-----/ ... ... DATA [TSN=9,Strm=0,Seq=5] ------------> (ack delayed) (Start T3-rxt timer) ... {App sends 1 message; strm 1} (bundle SACK with DATA) /----- SACK [TSN Ack=9,Frag=0] \ / DATA [TSN=6,Strm=1,Seq=2] (cancel T3-rxt timer) <------/ (Start T3-rxt timer) (ack delayed) ... (send ack) SACK [TSN ACK=6,Frag=0] -------------> (cancel T3-rxt timer) Note: If a receiver receives a DATA chunk with 0 length (no user data part) it MUST follow the normal procedures for handling TSN and stream sequence number. However, it MAY choose not to deliver the NULL data to the upper layer. 6.2.1 Tracking Peer's Receive Buffer Space Whenever a SACK arrives, a new updated a_rwnd arrives with it. This value represents the amount of buffer space the sender of the SACK, at the time of transmitting the SACK, has left of its total receive buffer space (as specified in the INIT/INIT-ACK). After processing the SACK, the receiver of the SACK SHOULD use the following rules to re-calculate the rwnd, using the received a_rwnd value. A) At the establishment of the association, the endpoint initializes the rwnd to the Advertised Receiver Window Credit (a_rwnd) the peer specified in the INIT or INIT ACK. B) Any time a DATA chunk is transmitted to a peer, the endpoint subtracts the data size of the chunk from the rwnd of that peer. C) Any time a SACK arrives, the endpoint performs the following: If all outstanding TSNs are acknowledged by the SACK, adopt the a_rwnd value in the SACK as the new rwnd. Otherwise, take the value of the current rwnd, and add to it the data size of any newly acknowledged TSNs that has its BE bits set to 11, OR that moved the cumulative TSN point forward. Then, set the rwnd to the lesser of the calculated value and the a_rwnd carried in the SACK. D) Any time the T3-rxt timer expires on any address, causing all outstanding chunks sent to that address to be marked for retransmission, add all of the data sizes of those chunks to the rwnd. Stewart, et al [Page 49] Internet Draft Stream Control Transmission Protocol April 2000 E) Any time a DATA chunk is marked for retransmission via the fast retransmit algorithm (section 6.2.4), add the DATA chunks size to the rwnd. 6.3 Management of R