SCTP协议跟踪.doc

SCTP协议跟踪本文档的Copyleft归yfydz所有，使用GPL发布，可以自由拷贝、转载，转载时请保持文档的完整性，严禁用于任何商业用途。msn: yfydz_来源：参考文献: RFC2960, 33091. SCTP(Stream Control Transmission Protocol)位于IP层与应用层之间,和TCP/UDP等并列,IP协议号:132，SCTP协议设计中考虑到了TCP协议SYN Flood攻击的问题，并进行相应的改进，目前在Linux2.6内核中已经有了SCTP的实现。2. SCTP数据包包括通用数据头和一个到多个CHUNK,CHUNK可为数据CHUNK和控制CHUNK3. 和TCP/UDP一样,SCTP也使用16位的端口以进行不同的应用4. SCTP通用头 SCTP Common Header Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port Number | Destination Port Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Verification Tag | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 注意: SCTP的checksum是32位的,不象TCP/UDP是16位的,范围包括全部SCTP包,但不包括IP头,因此不会象TCP和UDP那样在IPv4下和IPv6下不同.checksum计算方法在RFC2960中是用alder32算法,但发现有问题,在3309中进行了修改,使用和以太网校验类似的CRC32算法5. CHUNK通用头 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Chunk Type | Chunk Flags | Chunk Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Chunk Value / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ID Value Chunk Type - - 0 - Payload Data (DATA) 1 - Initiation (INIT) 2 - Initiation Acknowledgement (INIT ACK) 3 - Selective Acknowledgement (SACK) 4 - Heartbeat Request (HEARTBEAT) 5 - Heartbeat Acknowledgement (HEARTBEAT ACK) 6 - Abort (ABORT) 7 - Shutdown (SHUTDOWN) 8 - Shutdown Acknowledgement (SHUTDOWN ACK) 9 - Operation Error (ERROR) 10 - State Cookie (COOKIE ECHO) 11 - Cookie Acknowledgement (COOKIE ACK) 12 - Reserved for Explicit Congestion Notification Echo (ECNE) 13 - Reserved for Congestion Window Reduced (CWR) 14 - Shutdown Complete (SHUTDOWN COMPLETE) 15 to 62 - reserved by IETF 63 - IETF-defined Chunk Extensions 64 to 126 - reserved by IETF 127 - IETF-defined Chunk Extensions 128 to 190 - reserved by IETF 191 - IETF-defined Chunk Extensions 192 to 254 - reserved by IETF 255 - IETF-defined Chunk Extensions CHUNK是描述SCTP的数据结构,分控制CHUNK和数据CHUNK,控制CHUNK一般用于连接的建立和断开,数据CHUNK用于描述数据,因此数据CHUNK就类似于TCP包中的TCP标志位,除了INIT,INIT_ACK和SHUTDOWN_COMPLETE三种CHUNK必须单独发送外,其他类型的CHUNK可以捆绑在同一个包中发送以提高效率6. 状态机 - - (frm any state) / / rcv ABORT ABORT rcv INIT | | | - or - - | v v delete TCB snd ABORT generate Cookie +-+ delete TCB snd INIT ACK -| CLOSED | +-+ / ASSOCIATE / - | | create TCB | | snd INIT | | strt init timer rcv valid | | COOKIE ECHO | v (1) - | +-+ create TCB | | COOKIE-WAIT| (2) snd COOKIE ACK | +-+ | | | | rcv INIT ACK | | - | | snd COOKIE ECHO | | stop init timer | | strt cookie timer | v | +-+ | | COOKIE-ECHOED| (3) | +-+ | | | | rcv COOKIE ACK | | - | | stop cookie timer v v +-+ | ESTABLISHED | +-+ (from the ESTABLISHED state only) | | /-+- SHUTDOWN / -| | check outstanding | | DATA chunks | | v | +-+ | |SHUTDOWN-| | rcv SHUTDOWN/check |PENDING | | outstanding DATA +-+ | chunks | |- No more outstanding | | -| | snd SHUTDOWN | | strt shutdown timer | | v v +-+ +-+ (4) |SHUTDOWN-| | SHUTDOWN- | (5,6) |SENT | | RECEIVED | +-+ +-+ | | (A) rcv SHUTDOWN ACK | | -| | stop shutdown timer | cv:SHUTDOWN | send SHUTDOWN COMPLETE| (B) | delete TCB | | | | No more outstanding | |- | | send SHUTDOWN ACK (B)rcv SHUTDOWN | | strt shutdown timer -| | send SHUTDOWN ACK | | start shutdown timer | | move to SHUTDOWN- | | ACK-SENT | | | | v | | +-+ | | SHUTDOWN- | (7) | | ACK-SENT | | +-+- | | (C)rcv SHUTDOWN COMPLETE | |- | | stop shutdown timer | | delete TCB | | | | (D)rcv SHUTDOWN ACK | |- | | stop shutdown timer | | send SHUTDOWN COMPLETE | | delete TCB | | +-+ / -| CLOSED |(状态变为COOKIE_WAIT) (状态变为COOKIE_ECHOED) (状态变为SHUTDOWN_SENT) -接收SHUTDOWN (状态变为SHUTDOWN_RECEIVED) (状态变为CLOSED) -接收SHUTDOWN_COMPLETE (状态转为CLOSED)同时断开,两边同时发SHUTDOWN,则都发SHUTDOWN_ACK,都转为SHUTDOWN_ACK_SENT状态,发送SHUTDOWN_COMPLETE断开连接9. 异常断开 接收或发送了ABORT类型的CHUNK,立即断开10. 控制CHUNK和TCP标志位的类比 CHUNK TCP FLAG- INIT SYN INIT_ACK SYN ACK SACK ACK SHUTDOWN FIN ABORT RST DATA PSH11. 状态跟踪 主要跟踪INIT,INIT