Protocols sctp(7P)
NAME
sctp, SCTP - Stream Control Transmission Protocol
SYNOPSIS
#include
#include
s = socket(AFINET, SOCKSTREAM, IPROTOSCTP);
s = socket(AFINET, SOCKSEQPACKET, IPROTOSCTP);
s = socket(AFINET6, SOCKSTREAM, IPROTOSCTP);
s = socket(AFINET6, SOCKSEQPACKET, IPROTOSCTP);
DESCRIPTION
SCTP is a transport protocol layered above the Internet Pro-
tocol (IP), or the Internet Protocol Version 6 (IPv6). SCTP
provides a reliable, session oriented, flow-controlled,
two-way transmission of data. It is a message- oriented pro-
tocol and supports framing of individual messages boun-
daries. An SCTP association is created between two endpoints
for data transfer which is maintained during the lifetime of
the transfer. An SCTP association is setup between two end-
points using a four-way handshake mechanism with the use of
a cookie to guard against some types of denial of service
(DoS) attacks. These endpoints may be represented by multi-
ple IP addresses.
An SCTP message includes a common SCTP header followed by
one or more chunks. Included in the common header is a 32-
bit field which contains the checksum (computed using CRC-
32c polynomial) of the entire SCTP packet.
SCTP transfers data payloads in the form of DATA chunks.
Each DATA chunk contains a Transmission Sequence Number
(TSN), which governs the transmission of messages and detec-
tion of loss. DATA chunk exchanges follow the Transmission
Control Protocol's (TCP) Selective ACK (SACK) mechanism. The
receiver acknowledges data by sending SACK chunks, which not
only indicate the cumulative TSN range received, but also
non-cumulative TSNs received, implying gaps in the received
TSN sequence. SACKs are sent using the delayed ack method
SunOS 5.11 Last change: 13 April 2004 1
Protocols sctp(7P)
similar to TCP, that is, one SCTP per every other received
packet with an upper bound on the delay (when there are gaps
detected the frequence is increased to one every received
packet). Flow and congestion control follow TCP algorithms:
Slow Start, Congestion Avoidance, Fast Recovery and Fast
retransmit. But unlike TCP, SCTP does not support half-close
connection and "urgent" data.
SCTP is designed to support a number of functions that are
critical for telephony signalling transport, including
multi-streaming. SCTP allows data to be partitioned into
multiple streams that have the property of independent
sequenced delivery so that message loss in any one stream
only affects delivery within that stream. In many applica-
tions (particularly telephony signalling), it is only neces-
sary to maintain sequencing of messages that affect some
resource. Other messages may be delivered without having to
maintain overall sequence integrity. A DATA chunk on an SCTP
association contains the Stream Id/Stream Sequence Number
pair, in addition to the TSN, which is used for sequenced
delivery within a stream.
SCTP uses IP's host level addressing and adds its own per-
host collection of port addresses. The endpoints of an SCTP
association are identified by the combination of IP
address(es) and an SCTP port number. By providing the abil-
ity for an endpoint to have multiple IP addresses, SCTP sup-
ports multi-homing, which makes an SCTP association more
resilient in the presence of network failures (assuming the
network is architected to provided redundancy). For a
multi-homed SCTP association, a single address is used as
the primary address, which is used as the destination
address for normal DATA chunk transfers. Retransmitted DATA
chunks are sent over alternate address(es) to increase the
probability of reaching the remote endpoint. Continued
failure to send DATA chunks over the the primary address
results in selecting an alternate address as the primary
address. Additionally, SCTP monitors the reachability of all
alternate addresses by sending periodic "heartbeats" chunks.
An SCTP association supports multi-homing by exchanging the
available list of addresses during association setup (as
part of its four-way handshake mechanism). An SCTP endpoint
is associated with a local address using the bind(3SOCKET)
call. Subsequently, the endpoint can be associated with
additional addresses using sctpbindx(3SOCKET). By using a
special value of INADRANY with IP or the unspecified
address (all zeros) with IPv6 in the bind(3SOCKET) or
sctpbindx(3SOCKET) calls, an endpoint can be bound to all
available IP or IPv6 addresses on the system.
SunOS 5.11 Last change: 13 April 2004 2
Protocols sctp(7P)
SCTP uses a 3-way mechanism to allow graceful shutdown,
where each endpoint has confirmation of the DATA chunks
received by the remote endpoint prior to completion of the
shutdown. An Abort is provided for error cases when an
immediate shutdown is needed.
Applications can access SCTP using the socket interface as a
SOCKSTREAM (one-to-one style) or SOCKSEQPACKET (one-to-
many style) socket type.
One-to-one style socket interface supports similar semantics
as sockets for connection oriented protocols, such as TCP.
Thus, a passive socket is created by calling the
listen(3SOCKET) system call after binding the socket using
bind(3SOCKET). Associations to this passive socket can be
received using accept(3SOCKET) system call. Active sockets
use the connect(3SOCKET) system call after binding to ini-
tiate an association. If an active socket is not explicitly
bound, an implicit binding is performed. If an application
wants to exchange data during the association setup phase,
it should not call connect(3SOCKET), but use
sendto(3SOCKET)/sendmsg(3SOCKET) to implicitly initiate an
association. Once an association has been established,
read(2) and write(2) system calls can used to exchange data.
Additionally,send(3SOCKET), recv(3SOCKET), sendto(3SOCKET),
recvfrom(3SOCKET), sendmsg(3SOCKET) and recvmsg(3SOCKET) can
be used.
One-to-many socket interface supports similar semantics as
sockets for connection less protocols, such as UDP (however,
unlike UDP, it does not support broadcast or multicast com-
munications). A passive socket is created using the
listen(3SOCKET) system call after binding the socket using
bind(3SOCKET). An accept(3SOCKET) call is not needed to
receive associations to this passive socket (in fact an
accept(3SOCKET) on a one-to-many socket will fail). Associa-
tions are accepted automatically and notifications of new
associations are delivered in recvmsg(3SOCKET) provided
notifications are enabled. Active sockets after binding
(implicitly or explicitly) need not call connect(3SOCKET) to
establish an association, implicit associations can be
created using sendmsg(3SOCKET)/recvmsg(3SOCKET) or
sendto(3SOCKET)/recvfrom(3SOCKET) calls. Such implicit asso-
ciations cannot be created using send(3SOCKET) and
recv(3SOCKET) calls. On an SCTP socket (one-to-one or one-
to-many), an association may be established using sendmsg().
However, if an association already exists for the destina-
tion address specified in the 'msgname' member of the 'msg'
parameter, sendmsg() must include the association id in
SunOS 5.11 Last change: 13 April 2004 3
Protocols sctp(7P)
'msgiov' member of the 'msg' parameter (using
sctpsndrcvinfo structure) for a one-to-many SCTP socket. If
the association id is not provided, sendmsg() fails with
EADRINUSE. On a one-to-one socket the destination informa-
tion in the 'msg' parameter is ignored for an established
association.
A one-to-one style association can be created from a one-
to-many association by branching it off using the
sctppeeloff(3SOCKET) call; send(3SOCKET) and recv(3SOCKET)
can be used on such peeled off associations. A close(2) on a
one-to-many socket will gracefully shutdown all the associa-
tions represented by that one-to-many socket.
sctpsendmsg(3SOCKET) andsctprecvmsg(3SOCKET) can be used
to avail of advanced features provided by SCTP.
SCTP provides socket option which are set using
setsockopt(3SOCKET) and read using getsockopt(3SOCKET). The
option level is the protocol number for SCTP, available from
getprotobyname(3SOCKET). Socket option SCTPNODELAY is used
to turn on/off any Nagle like algorithm (similar to
TCPNODELAY). Options SORCVBUF and SOSNDBUF are used to
set the receive and send buffer respectively. For one-to-
many style socket, SCTPAUTOCLOSE option can be used to
automatically close any association that has been idle for
more than the specified number of seconds. A value of '0'
indicates that no associations should be closed automati-
cally. Option SCTPEVENTS is used to specify various notifi-
cations and ancillary data the user wishes to receive. SCTP
also provides an option - SCTPSTATUS - to retrieve current
status information about an SCTP association.
MULTIHOMING
The ability of SCTP to use multiple addresses in an associa-
tion can create issues with some network utilities. This
requires a system adminstrator to be careful in setting up
the system.
For example, the tcpd(1M) allows an administrator to use a
simple form of address/hostname access control. While
tcpd(1M) can work with SCTP, the access control part can
have some problems. Thetcpd(1M) access control is only based
on one of the addresses at association setup time. Once as
association is allowed, no more checking is performed. This
means that during the life time of the association, SCTP
packets from different addresses of the peer host can be
received in the system. This may not be what the system
SunOS 5.11 Last change: 13 April 2004 4
Protocols sctp(7P)
administrator wants as some of the peer's addresses are sup-
posed to be blocked.
Another example is the use of IP Filter, ipfilter(1M). IP
Filter provides several functionalities, such as IP packet
filtering (ipf(1M)) and NAT ipnat(1M)). For packet filter-
ing, one issue is that a filter policy can block packets
from some of the addresses of an association while allowing
packets from other addresses to go through. This can degrade
SCTP's performance when failure occurs. There is a more
serious issue with IP address rewrite by NAT. At association
setup time, SCTP endpoints exchange IP addresses. But IP
Filter is not aware of this. So when NAT is done on a
packet, it may change the address to an unacceptable one.
Thus the SCTP association setup may succeed but packets can-
not go through afterwards when a different IP address is
used for the association.
SEE ALSO
ipfilter(1M), ipf(1M), ipnat(1M), ndd(1M), ioctl(2),
read(2), write(2), libsctp(3LIB), accept(3SOCKET),
bind(3SOCKET), connect(3SOCKET), getprotobyname(3SOCKET),
getsockopt(3SOCKET), listen(3SOCKET), recv(3SOCKET),
recvfrom(3SOCKET), recvmsg(3SOCKET), sctpbindx(3SOCKET),
sctpgetladdrs(3SOCKET), sctpgetpaddrs(3SOCKET),
sctpfreepaddrs(3SOCKET), sctpoptinfo(3SOCKET),
sctppeeloff(3SOCKET), sctprecvmsg(3SOCKET),
sctpsendmsg(3SOCKET), send(3SOCKET), sendmsg(3SOCKET),
sendto(3SOCKET), socket(3SOCKET), tcp(7P), udp(7P),
inet(7P), inet6(7P), ip(7P), ip6(7P)
R. Stewart, Q. Xie, K. Morneault, C. Sharp, H. Schwarzbauer,
T. Taylor, I. Rytina, M. Kalla, L. Zang, V. Paxson, RFC
2960, Stream Control Transmission Protocol, October 2000
L. Ong, J. Yoakum, RFC 3286, An Introduction to Stream Con-
trol Transmission Protocol (SCTP), May 2002
J. Stone, R. Stewart, D. Otis, RFC 3309, Stream Control
Transmission Protocol (SCTP) Checksum Change, September
2002.
DIAGNOSTICS
A socket operation may fail if:
EPROTONOSUPORT If the socket type is other than
SOCKSTREAM and SOCKSEQPACKET
SunOS 5.11 Last change: 13 April 2004 5
Protocols sctp(7P)
ETIMEDOUT An association was dropped due to exces-
sive retransmissions.
ECONREFUSED The remote peer refused establishing an
association.
ECONREFUSED
EADRINUSE A bind() operation was attempted on a
socket with a network address/port pair
that has already been bound to another
socket.
EINVAL A bind() operation was attempted on a
socket with an invalid
network address.
EPERM A bind() operation was attempted on a
socket with a "reserved" port number and
the effective user ID of the process was
not the privileged user.
SunOS 5.11 Last change: 13 April 2004 6
|
