sctp(7P) Protocols sctp(7P)
NAME
sctp, SCTP - Stream Control Transmission Protocol
SYNOPSIS
#include <sys/socket.h>
#include <netinet/in.h>
s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP);
s = socket(AF_INET, SOCK_SEQPACKET, IPPROTO_SCTP);
s = socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP);
s = socket(AF_INET6, SOCK_SEQPACKET, IPPROTO_SCTP);
DESCRIPTION
SCTP is a transport protocol layered above the Internet Protocol (IP), or the Internet Protocol Version 6 (IPv6). SCTP provides a reliable,
session oriented, flow-controlled, two-way transmission of data. It is a message- oriented protocol and supports framing of individual mes-
sages boundaries. An SCTP association is created between two endpoints for data transfer which is maintained during the lifetime of the
transfer. An SCTP association is setup between two endpoints using a four-way handshake mechanism with the use of a cookie to guard against
some types of denial of service (DoS) attacks. These endpoints may be represented by multiple IP addresses.
An SCTP message includes a common SCTP header followed by one or more chunks. Included in the common header is a 32-bit field which con-
tains the checksum (computed using CRC-32c polynomial) of the entire SCTP packet.
SCTP transfers data payloads in the form of DATA chunks. Each DATA chunk contains a Transmission Sequence Number (TSN), which governs the
transmission of messages and detection of loss. DATA chunk exchanges follow the Transmission Control Protocol's (TCP) Selective ACK (SACK)
mechanism. The receiver acknowledges data by sending SACK chunks, which not only indicate the cumulative TSN range received, but also non-
cumulative TSNs received, implying gaps in the received TSN sequence. SACKs are sent using the delayed ack method similar to TCP, that is,
one SCTP per every other received packet with an upper bound on the delay (when there are gaps detected the frequence is increased to one
every received packet). Flow and congestion control follow TCP algorithms: Slow Start, Congestion Avoidance, Fast Recovery and Fast
retransmit. But unlike TCP, SCTP does not support half-close connection and "urgent" data.
SCTP is designed to support a number of functions that are critical for telephony signalling transport, including multi-streaming. SCTP
allows data to be partitioned into multiple streams that have the property of independent sequenced delivery so that message loss in any
one stream only affects delivery within that stream. In many applications (particularly telephony signalling), it is only necessary to
maintain sequencing of messages that affect some resource. Other messages may be delivered without having to maintain overall sequence
integrity. A DATA chunk on an SCTP association contains the Stream Id/Stream Sequence Number pair, in addition to the TSN, which is used
for sequenced delivery within a stream.
SCTP uses IP's host level addressing and adds its own per-host collection of port addresses. The endpoints of an SCTP association are iden-
tified by the combination of IP address(es) and an SCTP port number. By providing the ability for an endpoint to have multiple IP
addresses, SCTP supports multi-homing, which makes an SCTP association more resilient in the presence of network failures (assuming the
network is architected to provided redundancy). For a multi-homed SCTP association, a single address is used as the primary address, which
is used as the destination address for normal DATA chunk transfers. Retransmitted DATA chunks are sent over alternate address(es) to
increase the probability of reaching the remote endpoint. Continued failure to send DATA chunks over the the primary address results in
selecting an alternate address as the primary address. Additionally, SCTP monitors the reachability of all alternate addresses by sending
periodic "heartbeats" chunks. An SCTP association supports multi-homing by exchanging the available list of addresses during association
setup (as part of its four-way handshake mechanism). An SCTP endpoint is associated with a local address using the bind(3SOCKET) call. Sub-
sequently, the endpoint can be associated with additional addresses using sctp_bindx(3SOCKET). By using a special value of INADDR_ANY with
IP or the unspecified address (all zeros) with IPv6 in the bind(3SOCKET) or sctp_bindx(3SOCKET) calls, an endpoint can be bound to all
available IP or IPv6 addresses on the system.
SCTP uses a 3-way mechanism to allow graceful shutdown, where each endpoint has confirmation of the DATA chunks received by the remote end-
point prior to completion of the shutdown. An Abort is provided for error cases when an immediate shutdown is needed.
Applications can access SCTP using the socket interface as a SOCK_STREAM (one-to-one style) or SOCK_SEQPACKET (one-to-many style) socket
type.
One-to-one style socket interface supports similar semantics as sockets for connection oriented protocols, such as TCP. Thus, a
passive socket is created by calling the listen(3SOCKET) system call after binding the socket using bind(3SOCKET). Associations to this
passive socket can be received using accept(3SOCKET) system call. Active sockets use the connect(3SOCKET) system call after binding to
initiate an association. If an active socket is not explicitly bound, an implicit binding is performed. If an application wants to
exchange data during the association setup phase, it should not call connect(3SOCKET), but use sendto(3SOCKET)/sendmsg(3SOCKET) to implic-
itly initiate an association. Once an association has been established, read(2) and write(2) system calls can used to exchange data. Addi-
tionally,send(3SOCKET), recv(3SOCKET), sendto(3SOCKET), recvfrom(3SOCKET), sendmsg(3SOCKET) and recvmsg(3SOCKET) can be used.
One-to-many socket interface supports similar semantics as sockets for connection less protocols, such as UDP (however, unlike UDP, it does
not support broadcast or multicast communications). A passive socket is created using the listen(3SOCKET) system call after binding the
socket using bind(3SOCKET). An accept(3SOCKET) call is not needed to receive associations to this passive socket (in fact an
accept(3SOCKET) on a one-to-many socket will fail). Associations are accepted automatically and notifications of new associations are
delivered in recvmsg(3SOCKET) provided notifications are enabled. Active sockets after binding (implicitly or explicitly) need not call
connect(3SOCKET) to establish an association, implicit associations can be created using sendmsg(3SOCKET)/recvmsg(3SOCKET) or
sendto(3SOCKET)/recvfrom(3SOCKET) calls. Such implicit associations cannot be created using send(3SOCKET) and recv(3SOCKET) calls. A one-
to-one style association can be created from a one-to-many association by branching it off using the sctp_peeloff(3SOCKET) call;
send(3SOCKET) and recv(3SOCKET) can be used on such peeled off associations. A close(2) on a one-to-many socket will gracefully shutdown
all the associations represented by that one-to-many socket.
sctp_sendmsg(3SOCKET) andsctp_recvmsg(3SOCKET) can be used to avail of advanced features provided by SCTP.
SCTP provides socket option which are set using setsockopt(3SOCKET) and read using getsockopt(3SOCKET). The option level is the protocol
number for SCTP, available from getprotobyname(3SOCKET). Socket option SCTP_NODELAY is used to turn on/off any Nagle like algorithm (simi-
lar to TCP_NODELAY). Options SO_RCVBUF and SO_SNDBUF are used to set the receive and send buffer respectively. For one-to-many style
socket, SCTP_AUTOCLOSE option can be used to automatically close any association that has been idle for more than the specified number of
seconds. A value of '0' indicates that no associations should be closed automatically. Option SCTP_EVENTS is used to specify various noti-
fications and ancillary data the user wishes to receive. SCTP also provides an option - SCTP_STATUS - to retrieve current status informa-
tion about an SCTP association.
Multihoming
The ability of SCTP to use multiple addresses in an association can create issues with some network utilities. This requires a system
adminstrator to be careful in setting up the system.
For example, the tcpd(1M) allows an administrator to use a simple form of address/hostname access control. While tcpd(1M) can work with
SCTP, the access control part can have some problems. Thetcpd(1M) access control is only based on one of the addresses at association setup
time. Once as association is allowed, no more checking is performed. This means that during the life time of the association, SCTP packets
from different addresses of the peer host can be received in the system. This may not be what the system administrator wants as some of the
peer's addresses are supposed to be blocked.
Another example is the use of IP Filter, ipfilter(1M). IP Filter provides several functionalities, such as IP packet filtering (ipf(1M))
and NAT ipnat(1M)). For packet filtering, one issue is that a filter policy can block packets from some of the addresses of an association
while allowing packets from other addresses to go through. This can degrade SCTP's performance when failure occurs. There is a more serious
issue with IP address rewrite by NAT. At association setup time, SCTP endpoints exchange IP addresses. But IP Filter is not aware of this.
So when NAT is done on a packet, it may change the address to an unacceptable one. Thus the SCTP association setup may succeed but packets
cannot go through afterwards when a different IP address is used for the association.
SEE ALSO
ipfilter(1M), ipf(1M), ipnat(1M), ndd(1M), tcpd(1M), ioctl(2), read(2), write(2), libsctp(3LIB), accept(3SOCKET), bind(3SOCKET), con-
nect(3SOCKET), getprotobyname(3SOCKET), getsockopt(3SOCKET), listen(3SOCKET), recv(3SOCKET), recvfrom(3SOCKET), recvmsg(3SOCKET),
sctp_bindx(3SOCKET), sctp_getladdrs(3SOCKET), sctp_getpaddrs(3SOCKET), sctp_freeaddrs(1M), sctp_freepaddrs(3SOCKET),
sctp_opt_info(3SOCKET), sctp_peeloff(3SOCKET), sctp_recvmsg(3SOCKET), sctp_sendmsg(3SOCKET), send(3SOCKET), sendmsg(3SOCKET),
sendto(3SOCKET), socket(3SOCKET), tcp(7P), udp(7P), inet(7P), inet6(7P), ip(7P), ip6(7P)
R. Stewart, Q. Xie, K. Morneault, C. Sharp, H. Schwarzbauer, T. Taylor, I. Rytina, M. Kalla, L. Zang, V. Paxson, RFC 2960, Stream Control
Transmission Protocol, October 2000
L. Ong, J. Yoakum, RFC 3286, An Introduction to Stream Control Transmission Protocol (SCTP), May 2002
J. Stone, R. Stewart, D. Otis, RFC 3309, Stream Control Transmission Protocol (SCTP) Checksum Change, September 2002.
DIAGNOSTICS
A socket operation may fail if:
EPROTONOSUPPORT If the socket type is other than SOCK_STREAM and SOCK_SEQPACKET
ETIMEDOUT An association was dropped due to excessive retransmissions.
ECONNREFUSED The remote peer refused establishing an association.
ECONNREFUSED
EADDRINUSE A bind() operation was attempted on a socket with a network address/port pair that has already been bound to
another socket.
EINVAL A bind() operation was attempted on a socket with an invalid network address.
EPERM A bind() operation was attempted on a socket with a "reserved" port number and the effective user ID of the process
was not the privileged user.
SunOS 5.10 13 April 2004 sctp(7P)