Network Working Group                                     R. R. Stewart
INTERNET-DRAFT                                                   Q. Xie
                                                               Motorola
                                                           K. Morneault
                                                               C. Sharp
                                                                  Cisco
                                                     H. J. Schwarzbauer
                                                                Siemens
                                                              T. Taylor
                                                        Nortel Networks
                                                              I. Rytina
                                                               Ericsson
                                                               M. Kalla
                                                              Telcordia
                                                               L. Zhang
                                                                   UCLA
                                                              V. Paxson
                                                                  ACIRI

expires in six months                                   January 17,2000                                   February 23,2000

                 Simple Control Transmission Protocol
                   <draft-ietf-sigtran-sctp-05.txt>
                   <draft-ietf-sigtran-sctp-06.txt>

Status of This Memo

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC 2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

Stewart, et al                                               [Page  1]

Abstract

This document describes the Simple Control Transmission Protocol
(SCTP). SCTP is designed to transport PSTN signalling signaling messages over
IP networks, but is capable of broader applications.

SCTP is a reliable datagram transfer protocol operating on top of an
unreliable routed packet network such as IP. It offers the following
services to its users:

  -- acknowledged error-free non-duplicated transfer of user data,
  -- data segmentation to conform to discovered path MTU size,
  -- sequenced delivery of user messages within multiple streams,
     with an option for order-of-arrival delivery of individual
     user messages,
  -- optional multiplexing of user messages into SCTP datagrams, and
  -- network-level fault tolerance through supporting of multi-homing
     at either or both ends of an association.

The design of SCTP includes appropriate congestion avoidance behaviour behavior
and resistance to flooding and masquerade attacks.

Stewart, et al                                               [Page  2]
                        TABLE OF CONTENTS

1.  Introduction.................................................. 5  Introduction..................................................5
  1.1 Motivation.................................................. 5 Motivation..................................................5
  1.2 Architectural View of SCTP.................................. 6 SCTP..................................5
  1.3 Functional View of SCTP..................................... 6 SCTP.....................................6
    1.3.1 Association Startup and Takedown........................ 7 Takedown........................7
    1.3.2 Sequenced Delivery within Streams....................... 8 Streams.......................7
    1.3.3 User Data Segmentation.................................. 8 Segmentation..................................8
    1.3.4 Acknowledgement Acknowledgment and Congestion Avoidance................ 8 Avoidance.................8
    1.3.5 Chunk Multiplex......................................... 9 Multiplex.........................................8
    1.3.6 Path Management......................................... 9 Management.........................................8
    1.3.7 Message Validation...................................... 9 Validation......................................9
  1.4 Recapitulation of Key Terms.................................10 Terms.................................9
  1.5 Abbreviations...............................................12 Abbreviations...............................................11
2.  SCTP Datagram Format..........................................12 Format..........................................11
  2.1 SCTP Common Header Field Descriptions.......................13 Descriptions.......................12
  2.2 Chunk Field Descriptions....................................14 Descriptions....................................13
    2.2.1 Optional/Variable-length Parameter Format...............16 Format...............14
    2.2.2 Vendor-Specific Extension Parameter Format..............16 Format..............15
  2.3 SCTP Chunk Definitions......................................18 Definitions......................................17
    2.3.1 Initiation (INIT).......................................18 (INIT).......................................17
      2.3.1.1 Optional or Variable Length Parameters..............20 Parameters..............19
    2.3.2 Initiation Acknowledgement Acknowledgment (INIT ACK)...................23 ACK)....................20
      2.3.2.1 Optional or Variable Length Parameters..............24 Parameters..............21
    2.3.3 Selective Acknowledgement (SACK)........................25 Acknowledgment (SACK).........................22
    2.3.4 Heartbeat Request (HEARTBEAT)...........................27 (HEARTBEAT)...........................25
    2.3.5 Heartbeat Acknowledgment (HEARTBEAT ACK)................28 ACK)................26
    2.3.6 Abort Association (ABORT)...............................29 (ABORT)...............................26
    2.3.7 Shutdown Association (SHUTDOWN).........................30 (SHUTDOWN).........................27
    2.3.8 Shutdown Acknowledgment (SHUTDOWN ACK)..................30 ACK)..................28
    2.3.9 Operation Error (ERROR).................................31 (ERROR).................................28
    2.3.10 Encryption Cookie (COOKIE).............................33 (COOKIE).............................30
    2.3.11 Cookie Acknowledgment (COOKIE ACK).....................33 ACK).....................31
    2.3.12 Payload Data (DATA)....................................34 (DATA)....................................31
  2.4 Vendor-Specific Chunk Extensions............................35 Extensions............................33
3. SCTP Association State Diagram.................................37 Diagram.................................34
4. Association Initialization.....................................39 Initialization.....................................36
  4.1 Normal Establishment of an Association......................39 Association......................37
    4.1.1 Handle Stream Parameters................................41 Parameters................................38
    4.1.2 Handle Address Parameters...............................41 Parameters...............................39
    4.1.3 Generating Encryption Cookie............................41 Cookie............................39
    4.1.4 Cookie Processing.......................................42 Processing.......................................40
    4.1.5 Cookie Authentication...................................42 Authentication...................................40
    4.1.6 An Example of Normal Association Establishment..........43 Establishment..........41
  4.2 Handle Duplicate INIT, INIT ACK, COOKIE, and COOKIE ACK.....44 ACK.....42
    4.2.1 Handle Duplicate INIT in COOKIE-WAIT
          or COOKIE-SENT States...................................45 States...................................43
    4.2.2 Handle Duplicate INIT in Other States...................45 States...................43
    4.2.3 Handle Duplicate INIT ACK...............................46 ACK...............................43
    4.2.4 Handle Duplicate COOKIE.................................46 COOKIE.................................43
    4.2.5 Handle Duplicate COOKIE-ACK.............................47

Stewart, et al                                               [Page  3] COOKIE-ACK.............................45
    4.2.6 Handle Stale COOKIE Error...............................47 Error...............................45
  4.3 Other Initialization Issues.................................48 Issues.................................45
Stewart, et al                                               [Page  3]
    4.3.1 Selection of Tag Value..................................48 Value..................................45
5. User Data Transfer.............................................48 Transfer.............................................46
  5.1 Transmission of DATA Chunks.................................49 Chunks.................................47
  5.2 Acknowledgment of Reception of DATA Chunks..................51 Chunks..................48
    5.2.1 Tracking Peer's Receive Buffer Space....................52 Space....................49
  5.3 Management Retransmission Timer.............................52 Timer.............................49
    5.3.1 RTO Calculation.........................................52 Calculation.........................................50
    5.3.2 Retransmission Timer Rules..............................53 Rules..............................51
    5.3.3 Handle T3-rxt Expiration................................54 Expiration................................52
  5.4 Multi-homed SCTP Endpoints..................................55 Endpoints..................................52
    5.4.1 Failover from Inactive Destination Address..............56 Address..............53
  5.5 Stream Identifier and Stream Sequence Number.......................56 Number................53
  5.6 Ordered and Un-ordered Delivery.............................56 Delivery.............................54
  5.7 Report Gaps in Received DATA TSNs...........................57 TSNs...........................54
  5.8 Adler-32 Checksum Calculation...............................58 Calculation...............................55
  5.9 Segmentation................................................59 Segmentation................................................56
  5.10 Bundling and Multiplexing..................................60 Multiplexing..................................57
6. Congestion Control	..........................................60	..........................................57
  6.1 SCTP Differences from TCP Congestion Control................61 Control................58
  6.2 SCTP Slow-Start and Congestion Avoidance....................62 Avoidance....................59
    6.2.1 Slow-Start..............................................62 Slow-Start..............................................59
    6.2.2 Congestion Avoidance....................................63 Avoidance....................................60
    6.2.3 Congestion Control......................................63 Control......................................61
    6.2.4 Fast Retransmit on Gap Reports..........................64 Reports..........................61
  6.3 Path MTU Discovery..........................................64 Discovery..........................................62
7.  Fault Management..............................................65 Management..............................................63
  7.1 Endpoint Failure Detection..................................65 Detection..................................63
  7.2 Path Failure Detection......................................66 Detection......................................63
  7.3 Path Heartbeat..............................................66 Heartbeat..............................................64
  7.4 Handle "Out of the blue" Packets............................67 Packets............................65
  7.5 Verification Tag............................................67 Tag............................................65
    7.5.1 Exceptions in Verification Tag Rules....................67 Rules....................66
8. Termination of Association.....................................68 Association.....................................66
  8.1 Close of an Association.....................................68 Association.....................................66
  8.2 Shutdown of an Association..................................68 Association..................................67
9. Interface with Upper Layer.....................................69 Layer.....................................68
  9.1 ULP-to-SCTP.................................................70 ULP-to-SCTP.................................................68
  9.2 SCTP-to-ULP.................................................77 SCTP-to-ULP.................................................76
10. Security Considerations.......................................80 Considerations.......................................79
  10.1 Security Objectives........................................80 Objectives........................................79
  10.2 SCTP Responses To Potential Threats........................80 Threats........................79
    10.2.1 Countering Insider Attacks.............................80 Attacks.............................79
    10.2.2 Protecting against Data Corruption in the Network......80 Network......79
    10.2.3 Protecting Confidentiality.............................81 Confidentiality.............................80
    10.2.4 Protecting against Blind Denial of Service Attacks.....81 Attacks.....80
      10.2.4.1 Flooding...........................................81 Flooding...........................................80
      10.2.4.2 Masquerade.........................................82 Masquerade.........................................81
      10.2.4.3 Improper Monopolization of Services................83 Services................81
  10.3 Protection against Fraud and Repudiation...................83 Repudiation...................82
11. Recommended Transmission Control Block (TCB) Parameters.......83
12. IANA Consideration............................................84
  11.1 Consideration............................................86
  12.1 IETF-defined Chunk Extension...............................84

Stewart, et al                                               [Page  4]
  11.2 Extension...............................86
  12.2 IETF-defined Chunk Parameter Extension.....................85
  11.3 Extension.....................87
  12.3 IETF-defined Additional Error Causes.......................85
  11.4 Causes.......................88
  12.4 Payload Protocol Identifiers...............................86
12. Identifiers...............................88
Stewart, et al                                               [Page  4]

13. Suggested SCTP Protocol Parameter Values......................86
13. Acknowledgments...............................................87 Values......................89
14. Authors' Addresses............................................87 Acknowledgments...............................................89
15. References....................................................88 Authors' Addresses............................................89
16. References....................................................90

1. Introduction

This section explains the reasoning behind the development of the
Simple Control Transmission Protocol (SCTP), the services it offers,
and the basic concepts needed to understand the detailed description
of the protocol.

1.1 Motivation

TCP [8] has performed immense service as the primary means of reliable
data transfer in IP networks. However, an increasing number of recent
applications have found TCP too limiting, and have incorporated their
own reliable data transfer protocol on top of UDP [9]. The limitations
which users have wished to bypass relate both to include the intrinsic nature
of TCP and to its typical implementation.

Intrinsic limitations: following:

     -- TCP provides both reliable data transfer and strict order-
     of-transmission delivery of data. Some applications need reliable
     transfer without sequence maintenance, while others would be
     satisfied with partial ordering of the data. In both of these
     cases the head-of-line blocking offered by TCP causes
     unnecessary delay.

     -- The stream-oriented nature of TCP is often an inconvenience.
     Applications must add their own record marking to delineate
     their messages, and must make explicit use of the push facility
     to ensure that a complete message is transferred in a
     reasonable time.

     -- The limited scope of TCP sockets complicates the task of
     providing highly-available data transfer capability using
     multi-homed hosts.

Limitations due to implementation:

     -- TCP is generally implemented at the operating system level.
     Kernel limitations may constrain the maximum allowable number

Stewart, et al                                               [Page  5]
     of simultaneous TCP connections to a number far below that
     required for certain applications.

     -- TCP implementations do not generally allow the application relatively vulnerable to control the timers which determine how quickly a connection
     failure is discovered. Some applications are more critically
     dependent than others on timely initiation denial of recovery from service attacks,
     such failures. as SYN attacks.

Transport of PSTN signalling signaling across the IP network is an application
for which all of these limitations of TCP are relevant. While this
application directly motivated the development of SCTP, other
applications may find SCTP a good match to their requirements.

1.2 Architectural View of SCTP

SCTP is viewed as a layer between the SCTP user application ("SCTP
user" for short) and an unreliable routed packet network service such
as IP. The basic service offered by SCTP is the reliable transfer of
user messages between peer SCTP users. It performs this service

Stewart, et al                                               [Page  5]

within the context of an association between two SCTP nodes. Chapter 9
of this document sketches the API which should exist at the boundary
between the SCTP and the SCTP user layers.

SCTP is connection-oriented in nature, but the SCTP association is a
broader concept than the TCP connection. SCTP provides the means for
each SCTP endpoint (Section 1.4) to provide the other during
association startup with a list of transport addresses (e.g. multiple
IP addresses in combination with an SCTP port) through which that
endpoint can be reached and from which it will originate messages.
The association spans transfers over all of the possible
source/destination combinations which may be generated from the two
endpoint lists.

   _____________                                      _____________
  |  SCTP User  |                                    |  SCTP User  |
  | Application |                                    | Application |
  |-------------|                                    |-------------|
  |    SCTP     |                                    |    SCTP     |
  |  Transport  |                                    |  Transport  |
  |   Service   |                                    |   Service   |
  |-------------|                                    |-------------|
  |             |One or more    ----      One or more|             |
  | IP Network  |IP address      \/        IP address| IP Network  |
  |   Service   |appearances     /\       appearances|   Service   |
  |_____________|               ----                 |_____________|

    SCTP Node A |<-------- Network transport ------->| SCTP Node B

                    Figure 1: An SCTP Association

Stewart, et al                                               [Page  6]

1.3 Functional View of SCTP

The SCTP transport service can be decomposed into a number of
functions. These are depicted in Figure 2 and explained in the
remainder of this section.

                   SCTP User Application

  ..-----------------------------------------------------
  .. _____________                  ____________________
    |             |                | Sequenced delivery |
    | Association |                |   within streams   |
    |             |                |____________________|
    |   startup   |
  ..|             |         ____________________________
    |     and     |        |    User Data Segmentation  |
    |             |        |____________________________|
    |   takedown  |

Stewart, et al                                               [Page  6]
  ..|             |         ____________________________
    |             |        |     Acknowledgement     Acknowledgment        |
    |             |        |          and               |
    |             |        |    Congestion Avoidance    |
  ..|             |        |____________________________|
    |             |
    |             |         ____________________________
    |             |        |       Chunk Multiplex      |
    |             |        |____________________________|
    |             |
    |             |     ________________________________
    |             |    |         Path Management     Message Validataion        |
    |             |    |________________________________|
    |             |
    |             |     ________________________________
    |             |    |     Message Validation     Path Management            |
    |______________    |________________________________|

   Figure 2: Functional View of the SCTP Transport Service

1.3.1 Association Startup and Takedown

An association is initiated by a request from the SCTP user (see the
description of the ASSOCIATE primitive in Chapter 9).

A cookie mechanism, taken from that devised by Karn and Simpson in RFC
2522 [6], is employed during the initialization to provide protection
against security attacks. The cookie mechanism uses a four-way
handshaking, but the last two legs of which are allowed to carry user

Stewart, et al                                               [Page  7]

data for fast setup. The startup sequence is described in chapter 4 of
this document.

SCTP provides for graceful takedown of an active association on
request from the SCTP user. See the description of the TERMINATE
primitive in chapter 9. SCTP also allows ungraceful takedown, either
on request from the user (ABORT primitive) or as a result of an error
condition detected within the SCTP layer. Chapter 8 describes both the
graceful and the ungraceful takedown procedures.

1.3.2 Sequenced Delivery within Streams

The term "stream" is used in SCTP to refer to a sequence of user
messages. This is in contrast to its usage in TCP, where it refers to
a sequence of bytes.

The SCTP user can specify at association startup time the number of
streams to be supported by the association. This number is negotiated
with the remote end (see section 4.1.1). User messages are associated
with stream numbers (SEND, RECEIVE primitives, Chapter 9). Internally,
SCTP assigns a stream sequence number to each message passed to it by

Stewart, et al                                               [Page  7]

the SCTP user. On the receiving side, SCTP ensures that messages are
delivered to the SCTP user in sequence within a given stream. However,
while one stream may be blocked waiting for the next in-sequence user
message, delivery from other streams may proceed.

SCTP provides a mechanism for bypassing the sequenced delivery
service. User messages sent using this mechanism are delivered to the
SCTP user as soon as they are received.

1.3.3 User Data Segmentation

SCTP can segment user messages to ensure that the SCTP datagram
passed to the lower layer conforms to the path MTU. Segments are
reassembled into complete messages before being passed to the SCTP
user.

1.3.4 Acknowledgement Acknowledgment and Congestion Avoidance

SCTP assigns a Transmission Sequence Number (TSN) to each user data
segment or unsegmented message. The TSN is independent of any
stream sequence number assigned at the stream level. The receiving end
acknowledges all TSNs received, even if there are gaps in the
sequence. In this way, reliable delivery is kept functionally separate
from sequenced delivery.

The Acknowledgement Acknowledgment and Congestion Avoidance function is responsible
for message retransmission when timely acknowledgement acknowledgment has not been

Stewart, et al                                               [Page  8]
received. Message retransmission is conditioned by congestion
avoidance procedures similar to those used for TCP. See Chapters 5
and 6 for a detailed description of the protocol procedures associated
with this function.

1.3.5 Chunk Multiplex

As described in Chapter 2, the SCTP datagram as delivered to the lower
layer consists of a common header followed by one or more chunks. Each
chunk may contain either user data or SCTP control information. The
SCTP user has the option to request "bundling", or multiplexing of
more than one user messages into a single SCTP datagram. The chunk
multiplex function of SCTP is responsible for assembly of the complete
SCTP datagram and its disassembly at the receiving end.

1.3.6 Path Management

The sending SCTP user is able to manipulate the set of transport
addresses used as destinations for SCTP datagrams, through the
primitives described in Chapter 9. The SCTP path management function
chooses the destination transport address for each outgoing SCTP
datagram based on the SCTP user's instructions and the currently
perceived reachability status of the eligible destination set.

Stewart, et al                                               [Page  8]

The path management function monitors reachability through heartbeat
messages when other message traffic is inadequate to provide this
information, and advises the SCTP user when reachability of any far-
end transport address changes. The path management function is also
responsible for reporting the eligible set of local transport
addresses to the far end during association startup, and for reporting
the transport addresses returned from the far end to the SCTP user.

At association start-up, a primary destination transport address is
defined for each SCTP endpoint, and is used for normal sending of SCTP
datagrams.

On the receiving end, the path management is responsible for verifying
the existence of a valid SCTP association to which the inbound SCTP
datagram belongs before passing it for further processing.

1.3.7 Message Validation

A mandatory verification tag and an Adler-32 checksum [2] fields are
included in the SCTP common header. The verification tag value is
chosen by each end of the association during association startup.
Messages received without the verification tag value expected by the

Stewart, et al                                               [Page  9]
receiver are discarded, as a protection against blind masquerade
attacks and against stale datagrams from a previous association.

The Adler-32 checksum MUST should be set by the sender of each SCTP datagram,
to provide additional protection against data corruption in the
network beyond that provided by lower layers  (e.g. the IP checksum).

1.4 Recapitulation of Key Terms

The language used to describe SCTP has been introduced in the previous
sections. This section provides a consolidated list of the key terms
and their definitions.

 o SCTP user application (SCTP user): The logical higher-layer
   application entity which uses the services of SCTP, also called
   the Upper-layer Protocol (ULP).

 o User message: the unit of data delivery across the interface
   between SCTP and its user.

 o SCTP datagram: the unit of data delivery across the interface
   between SCTP and the unreliable packet network (e.g. IP) which
   it is using. An SCTP datagram includes the common SCTP header,
   possible SCTP control chunks, and user data encapsulated within
   SCTP DATA chunks.

 o Transport address: an address which serves as a source or
   destination for the unreliable packet transport service used by
   SCTP. In IP networks, a transport address is defined by the
   combination of an IP address and an SCTP port number.

Stewart, et al                                               [Page  9]
   Note, only one SCTP port may be defined for each endpoint,
   but each endpoint may have multiple IP addresses.

 o SCTP endpoint: the logical sender/receiver of SCTP datagrams. On a
   multi-homed host, an SCTP endpoint is represented to its peers as a
   combination of a set of eligible destination transport addresses to
   which SCTP datagrams can be sent and a set of eligible source
   transport addresses from which SCTP datagrams can be received.

   Note, a source or destination transport address can only be
   included in one unique SCTP endpoint, i.e., it is NOT allowed to
   have the same SCTP source or destination transport address appear
   in more than one SCTP endpoint.

 o SCTP association: a protocol relationship between SCTP endpoints,
   comprising the two SCTP endpoints and protocol state information
   including verification tags and the currently active set of
   Transmission Sequence Numbers (TSNs), etc.

 o Chunk: a unit of information within an SCTP datagram, consisting of
   a chunk header and chunk-specific content.

 o Transmission Sequence Number (TSN): a 32-bit sequence number used
   internally by SCTP. One TSN is attached to each chunk containing
   user data to permit the receiving SCTP endpoint to acknowledge its
   receipt and detect duplicate deliveries.

 o Stream: a uni-directional logical channel established from one to
   another associated SCTP endpoints, within which all user messages
   are delivered in sequence except for those submitted to the
   un-ordered delivery service.

   Note: The relationship between stream numbers in opposite
   directions is strictly a matter of how the applications use
   them. It is the responsiblity responsibility of the SCTP user to create and
   manage these correlations if they are so desired.

 o Stream Sequence Number: a 16-bit sequence number used internally by
   SCTP to assure sequenced delivery of the user messages within a
   given stream. One stream sequence number is attached to each user
   message.

 o Path: the route taken by the SCTP datagrams sent by one SCTP
   endpoint to a specific destination transport address of its peer
   SCTP endpoint. Note, sending to different destination transport
   addresses does not necessarily guarantee getting separate paths.

 o Bundling: an optional multiplexing operation, whereby more than one
   user messages may be carried in the same SCTP datagram.  Each user
   message occupies its own DATA chunk.

 o Outstanding TSN (at an SCTP endpoint): a TSN (and the associated DATA
   chunk) which have been sent by the endpoint but for which it has not
   yet received an acknowledgement. acknowledgment.

Stewart, et al                                               [Page  10]
 o Unacknowledged TSN (at an SCTP endpoint): a TSN (and the associated DATA
   chunk) which have been received by the endpoint but for which an
   acknowledgement
   acknowledgment has not yet been sent.

 o Receiver Window (rwnd): The most recently calculated receiver
   window, in number of octets. This gives an indication of the space
   available in the receiver's inbound buffer.

 o Congestion Window (cwnd): An SCTP variable that limits the data, in
   number of octets, a sender can send into the network before
   receiving an acknowledgment on a particular destination Transport
   address.

 o Slow Start Threshold (ssthresh): An SCTP variable. This is the
   threshold which the endpoint will use to determine whether to
   perform slow start or congestion avoidance on a particular destination
   transport address. Ssthresh is in number of octets.

 o Transmission Control Block (TCB): an internal data structure
   created by an SCTP endpoint for each of its existing SCTP
   associations to other SCTP endpoints. TCB contains all the status
   and operational information for the endpoint to maintain and manage
   the corresponding association.

 o Network Byte Order: Most significant byte first, a.k.a Big Endian.

1.5. Abbreviations

MD5    - MD5 Message-Digest Algorithm [4]

RTO    - Retransmission Time-out

RTT    - Round-trip Time

RTTVAR - Round-trip Time Variation

SCTP   - Simple Control Transmission Protocol

SRTT   - Smoothed RTT

TCB    - Transmission Control Block

TLV    - Type-Length-Value Coding Format

TSN    - Transmission Sequence Number

ULP    - Upper-layer Protocol

2.  SCTP Datagram Format

An SCTP datagram is composed of a common header and chunks. A chunk
contains either control information or user data.

Stewart, et al                                               [Page  11]

The SCTP datagram format is shown below:

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                        Common Header                          |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                          Chunk #1                             |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                           ...                                 |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                          Chunk #n                             |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Multiple chunks can be multiplexed into one SCTP datagram up to
the MTU size, except for the INIT, INIT ACK, and SHUTDOWN ACK
chunks. These chunks MUST NOT be multiplexed with any other chunk in a
datagram. See Section 5.10 for more details on chunk multiplexing.

If an user data message doesn't fit into one SCTP datagram it can be
segmented into multiple chunks using the procedure defined in
Section 5.9.

All integer fields in an SCTP datagram MUST be transmitted in the
network byte order, unless otherwise stated.

2.1 SCTP Common Header Field Descriptions

                     SCTP Common Header Format

  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |     Source Port Number        |     Destination Port Number   |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                      Verification Tag                         |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                      Adler-32 Checksum                        |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Source Port Number: 16 bit u_int

  This is the SCTP sender's port number. It can be used by the
  receiver, in combination with the source IP address, to identify the
  association to which this datagram belongs.

Desination

Destination Port Number: 16 bit u_int

  This is the SCTP port number to which this datagram is destined. The
  receiving endpoint host will use this port number to de-multiplex the
  SCTP datagram to the correct receiving association/application. endpoint/application.

Stewart, et al                                               [Page  12]

Verification Tag: 32 bit u_int

  The receiver of this datagram uses the Verification Tag to validate
  the sender of this SCTP datagram. On transmit, the value of this
  Verification Tag MUST be set to the value of the Initiate Tag
  received from the peer endpoint during the association
  initialization.

  For datagrams carrying the INIT chunk, the transmitter MUST set the
  Verification Tag to all 0's.  If the receiver receives a datagram
  with an all-zeros Verification Tag field, it checks the Chunk ID
  immediately following the common header.  If the Chunk Type is
  neither INIT nor SHUTDOWN ACK, the receiver MUST drop the datagram.

  For datagrams carrying the SHUTDOWN ACK chunk, the transmitter

  SHOULD set the Verification Tag to the Initiate Tag received from
  the peer endpoint during the association initialization, if known.
  Otherwise, the Verification Tag MUST be set to all 0's.

Adler-32 Checksum: 32 bit u_int

  This field MUST contain an Adler-32 checksum of this SCTP
  datagram. Its calculation is discussed in Section 5.8.

2.2  Chunk Field Descriptions

The figure below illustrates the field format for the chunks to be
transmitted in the SCTP datagram. Each chunk is formatted with a Chunk
ID field, a chunk-specific Flag field, a Length field, and a Value
field.

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Chunk ID    | Chunk  Flags  |        Chunk Length           |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  \                                                               \
  /                          Chunk Value                          /
  \                                                               \
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Chunk ID: 8 bits, u_int

  This field identifies the type of information contained in the Chunk
  Value field. It takes a value from 0x00 to 0xFF. The value of 0xFE
  is reserved for vendor-specific extensions. The value of 0xFF is
  reserved for future use as an extension field. Procedures for
  extending this field by vendors are defined in Section 2.4.

  The values of Chunk ID are defined as follows:

Stewart, et al                                               [Page  13]
  ID Value    Chunk Type
  -----       ----------
  00000000  - Payload Data (DATA)
  00000001  - Initiation (INIT)
  00000010  - Initiation Acknowledgment (INIT ACK)
  00000011  - Selective Acknowledgment (SACK)
  00000100  - Heartbeat Request (HEARTBEAT)
  00000101  - Heartbeat Acknowledgment (HEARTBEAT ACK)
  00000110  - Abort (ABORT)
  00000111  - Shutdown (SHUTDOWN)
  00001000  - Shutdown Acknowledgment (SHUTDOWN ACK)
  00001001  - Operation Error (ERROR)
  00001010  - Encryption Cookie (COOKIE)
  00001011  - Cookie Acknowledgement Acknowledgment (COOKIE ACK)
  00001100 to 11111101 - reserved by IETF
  11111110  - Vendor-specific Chunk Extensions
  11111111  - IETF-defined Chunk Extensions

Chunk Flags: 8 bits

  The usage of these bits depends on the chunk type as given by the
  Chunk ID. Unless otherwise specified, they are set to zero on
  transmit and are ignored on receipt.

Chunk Length: 16 bits (u_int)

  This value represents the size of the chunk in octets including the
  Chunk ID, Flags, Length, and Value fields.  Therefore, if the Value
  field is zero-length, the Length field will be set to 0x0004.  The
  Length field does not count any padding.

Chunk Value: variable length

  The Chunk Value field contains the actual information to be
  transferred in the chunk. The usage and format of this field is
  dependent on the Chunk ID. The Chunk Value field MUST be aligned on
  32-bit boundaries. If the length of the chunk does not align on
  32-bit boundaries, it is padded at the end with all zero octets.

SCTP defined chunks are described in detail in Section 2.3. The
guideline for vendor-specific chunk extensions is discussed in Section
2.4. And the guidelines for IETF-defined chunk extensions can be found
in Section 11.1 12.1 of this document.

2.2.1  Optional/Variable-length Parameter Format

The optional and variable-length parameters contained in a chunk
are defined in a Type-Length-Value format as shown below.

Stewart, et al                                               [Page  14]
   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |          Parameter Type       |       Parameter Length        |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  \                                                               \
  /                       Parameter Value                         /
  \                                                               \
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Parameter Type:  16 bit u_int

  The Type field is a 16 bit identifier of the type of parameter. It
  takes a value of 0x0000 to 0xFFFF.

  The value of 0xFFFE is reserved for vendor-specific extensions if
  the specific chunk allows such extensions. The value of 0xFFFF is
  reserved for IETF-defined extensions.  Values other than those
  defined in specific SCTP chunk description are reserved for use by
  IETF.

Parameter Length:  16 bit u_int

  The Length field contains the size of the parameter in octets,
  including the Type, Length, and Value fields.  Thus, a parameter
  with a zero-length Value field would have a Length field of
  0x0004. The Length does not include any padding octets.

Parameter Value: variable-length.

  The Value is dependent on the value of the Type field.  The value
  field MUST be aligned on 32-bit boundaries.  If the value field is
  not aligned on 32-bit boundaries it is padded at the end with all
  zero octets.  The value field must be an integer number of octets.

The actual SCTP parameters are defined in the specific SCTP chunk
section. The guidelines for vendor-specific parameter extensions are
discussed in Section 2.2.2. And the rules for IETF-defined parameter
extensions are defined in Section 11.2. 12.2.

2.2.2 Vendor-Specific Extension Parameter Format

This is to allow vendors to support their own extended parameters not
defined by the IETF. It MUST not affect the operation of SCTP.

Endpoints not equipped to interpret the vendor-specific information
sent by a remote endpoint MUST ignore it (although it may be
reported). Endpoints that do not receive desired vendor-specific
information SHOULD make an attempt to operate without it, although
they may do so (and report they are doing so) in a degraded mode.

A summary of the Vendor-specific extension format is shown below. The
fields are transmitted from left to right.

Stewart, et al                                               [Page  15]
   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |    Parameter Type = 0xFFFE    |      Parameter Length         |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                          Vendor-Id                            |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  \                                                               \
  /                        Parameter Value                        /
  \                                                               \
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type: 16 bit u_int

     0xFFFE for all Vendor-Specific parameters.

  Length: 16 bit u_int

     Indicate the size of the parameter in octets, including the
     Type, Length, Vendor-Id, and Value fields.

  Vendor-Id: 32 bit u_int

     The high-order octet is 0 and the low-order 3 octets are the
     SMI Network Management Private Enterprise Code of the Vendor
     in network byte order, as defined in the Assigned Numbers (RFC
     1700).

  Value: variable length

     The Value field is one or more octets.  The actual format of the
     information is site or application specific, and a robust
     implementation SHOULD support the field as undistinguished
     octets.

     The codification of the range of allowed usage of this field is
     outside the scope of this specification.

     It SHOULD be encoded as a sequence of vendor type / vendor length
     / value fields, as follows.  The parameter field is
     dependent on the vendor's definition of that attribute.  An
     example encoding of the Vendor-Specific attribute using this
     method follows:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Parameter Type = 0xFFFE    |      Parameter Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                           Vendor-Id                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          VS-Type              |             VS-Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                          VS-Value                             /
   \                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Stewart, et al                                               [Page  16]
   VS-Type: 16 bit u_int

     This field identifies the parameter included in the VS-Value field.
     It is assigned by the vendor.

   VS-Length: 16 bit u_int

     This field is the length of the vendor-specific parameter and
     Includes the VS-Type, VS-Length and VS-Value (if included) fields.

   VS-Value:  Variable Length

     This field contains the parameter identified by the VS-Type field.
     It's meaning is identified by the vendor.

2.3 SCTP Chunk Definitions

This section defines the format of the different SCTP chunk types.

2.3.1 Initiation (INIT) (00000001)

This chunk is used to initiate a SCTP association between two
endpoints. The format of the INIT message is shown below:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0 0 0 0 0 0 0 1|  Chunk Flags  |      Chunk Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Initiate Tag                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Advertised Receiver Window Credit (a_rwnd)          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Number of Outbound Streams   |  Number of Inbound Streams    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          Initial TSN                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   \                                                               \
   /              Optional/Variable-Length Parameters              /
   \                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The INIT chunk contains the following parameters. Unless otherwise
noted, each parameter MUST only be included once in the INIT chunk.

Fixed Parameters                     Status
----------------------------------------------
Initiate Tag                        Mandatory
Receiver Window Credit              Mandatory
Number of Outbound Streams          Mandatory
Number of Inbound Streams           Mandatory
Initial TSN                         Mandatory

Stewart, et al                                               [Page  17]

Variable Parameters                  Status     Type Value
-------------------------------------------------------------
IPv4 Address (Note 1)               Optional    0x0005
IPv6 Address (Note 1)               Optional    0x0006
Cookie Preservative                 Optional    0x0009

Note 1: The INIT chunks may contain multiple addresses that may be
IPv4 and/or IPv6 in any combination.

Chunk Flags field in INIT is reserved, and all bits in it should be
set to 0 by the sender and ignored by the receiver. The sequence of
parameters within an INIT may be processed in any order.

Initiate Tag: 32 bit u_int

  The receiver of the INIT (the responding end) records the value of
  the Initiate Tag parameter. This value MUST be placed into the
  Verification Tag field of every SCTP datagram that the responding
  end transmits within this association.

  The valid range for Initiate Tag is from 0x1 to 0xffffffff. See
  Section 4.3.1 for more on the selection of the tag value.

  If the value of the Initiate Tag in a received INIT chunk is found
  to be 0x0, the receiver MUST treat it as an error and silently
  discard the datagram.

Advertised Receiver Window Credit (a_rwnd): 32 bit u_int

  This value represents the dedicated buffer space, in number of
  octets, the sender of the INIT has placed in association with this
  window. During the life of the association this buffer space SHOULD
  not be lessened (i.e. dedicated buffers taken away from this
  association).

Number of Outbound Streams (OS):  16 bit u_int

  Defines the number of outbound streams the sender of this INIT chunk
  wishes to create in this association. The value of 0 MUST NOT be
  used.

Number of Inbound Streams (MIS) : 16 bit u_int

  Defines the maximum number of streams the sender of this INIT chunk
  allows the peer end to create in this association. The value 0 MUST
  NOT be used.

Initial TSN (I-TSN) : 32 bit u_int

  Defines the initial TSN that the sender will use. The valid range is
  from 0x0 to 0xffffffff. This field MAY be set to the value of the
  Initiate Tag field.

Stewart, et al                                               [Page  18]

Vendor-specific parameters are allowed in INIT. However, they MUST be
appended to the end of the above INIT chunks. The format of the
vendor-specific parameters MUST follow the Type-Length-value format as
defined in Section 2.2.2. In case an endpoint does not support the
vendor-specific chunks received, it MUST ignore them.

2.3.1.1 Optional/Variable Length Parameters in INIT

The following parameters follow the Type-Length-Value format as
defined in Section 2.2.1. The IP address fields MUST come after
the fixed-length fields defined in the previous Section.

Any extensions MUST come after the IP address fields.

IPv4 Address Parameter

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1|0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        IPv4 Address                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  IPv4 Address: 32 bit

    Contains an IPv4 address of the sending endpoint. It is binary
    encoded.

IPv6 Address:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0|0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                         IPv6 Address                          |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  IPv6 Address: 128 bit

    Contains an IPv6 address of the sending endpoint. It is binary
    encoded.

  Combining with the Source Port Number in the SCTP common header, the
  value passed in an IPv4 or IPv6 Address parameter indicates a
  transport address the sender of the INIT will support for the
  association being initiated. That is, during the lifetime of this
  association, this IP address may appear in the source address field

Stewart, et al                                               [Page  19]
  of a datagram sent from the sender of the INIT, and may be used as a
  destination address of a datagram sent from the receiver of the
  INIT.

  More than one IP Address parameters can be included in an INIT
  chunk when the INIT sender is multi-homed. Moreover, a multi-homed
  endpoint may have access to different types of network, thus more
  than one address type may be present in one INIT chunk, i.e., IPv4
  and IPv6 transport addresses are allowed in the same INIT message.

  If the INIT contains a at least one IP Address parameter, then only the
  transport address(es) provided within the INIT may be used as
  destinations by the responding end. If the INIT does not contain any
  IP Address parameters, the responding end MUST use the source
  address associated with the received SCTP datagram as its sole
  destination address for the association.

Cookie Preservative

  The sender of the INIT shall use this parameter to suggest to the
  receiver of the INIT for a longer life-span of the Encryption Cookie.

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1|0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0|
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |         Suggested Cookie Life-span Increment (msec.)          |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Suggested Cookie Life-span Increment: 32bit u_int

  This parameter indicates to the receiver how much increment the
  sender wishes the reciever receiver to add to its default cookie life-span.

  This optional parameter should be added to the INIT message by the
  sender when it re-attempts establishing an association with a peer
  to which its first previous attempt of establishing the association failed
  due to a Stale COOKIE error. Note, the receiver MAY choose to ignore
  the suggested cookie life-span increase for its own security
  reasons.

2.3.2 Initiation Acknowledgement Acknowledgment (INIT ACK) (00000010):

The INIT ACK chunk is used to acknowledge the initiation of an SCTP
association.

The parameter part of INIT ACK is formatted similarly to the INIT
chunk. It uses two extra variable parameters: The Encryption Cookie
and the Unrecognized Parameter:

The format of the INIT ACK message is shown below:

Stewart, et al                                               [Page  20]
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0 0 0 0 0 0 1 0|  Chunk Flags  |      Chunk Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Initiate Tag                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                   Receiver Window Credit                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Number of Outbound Streams   |  Number of Inbound Streams    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          Initial TSN                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   \                                                               \
   /              Optional/Variable-Length Parameters              /
   \                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The INIT ACK contains the following parameters. Unless otherwise
noted, each parameter MUST only be included once in the INIT ACK chunk.

Fixed Parameters                     Status
----------------------------------------------
Initiate Tag                        Mandatory
Receiver Window Credit              Mandatory
Number of Outbound Streams          Mandatory
Number of Inbound Streams           Mandatory
Initial TSN                         Mandatory

Variable Parameters                  Status     Type Value
-------------------------------------------------------------
Encryption Cookie                   Mandatory   0x0007
IPv4 Address (Note 1)               Optional    0x0005
IPv6 Address (Note 1)               Optional    0x0006
Unrecognized Parameters             Optional    0x0008

Note 1: The INIT ACK chunks may contain any number of IP address
parameters that may be IPv4 and/or IPv6 in any combination.

Same as with INIT, in combination with the Source Port carried in the
SCTP common header, each IP Address parameter in the INIT ACK indicates
to the receiver of the INIT ACK a valid transport address supported by
the sender of the INIT ACK for the lifetime of the association being
initiated.

If the INIT ACK contains at least one IP Address parameter, then only
the transport address(es) explicitly indicated in the INIT ACK may be
used as the destination(s) by the receiver of the INIT ACK. However,
if the INIT ACK contains no IP Address parameter, the receiver of the
INIT ACK MUST take the source IP address associated with this INIT ACK
as its sole destination address for this association.

Stewart, et al                                               [Page  21]

The Encryption Cookie and Unrecognized Parameters use the Type-Length-
Value format as defined in Section 2.2.1 and are described below. The
other fields are defined the same as their counterparts in the INIT
message.

2.3.2.1 Optional or Variable Length Parameters

Encryption Cookie: variable size, depending on Size of Cookie

  This field MUST contain all the necessary state and parameter
  information required for the sender of this INIT ACK to create the
  association, along with an MD5 digital signature (128-bit). See
  Section 4.1.3 for details on Cookie definition. The Cookie MUST be
  padded with '0' to the next 32-bit word boundary. The internal
  format of the Cookie is implementation-specific.

Unrecognized Parameters: Variable Size.

  This parameter is returned to the originator of the INIT message if
  the receiver does not recognize one or more Optional TLV parameters
  in the INIT chunk. This parameter field will contain the
  unrecognized parameters copied from the INIT message complete
  with TLV.

Vendor-Specific parameters are allowed in INIT ACK. However, they
MUST be defined using the format described in Section 2.2.2, and be
appended to the end of the above INIT ACK chunks. chunk. In case the receiver
of the INIT ACK does not support the vendor-specific parameters
received, it MUST ignore those fields.

2.3.3 Selective Acknowledgement Acknowledgment (SACK) (00000011):

This chunk is sent to the remote endpoint to acknowledge received DATA
chunks and to inform the remote endpoint of gaps in the received
subsequences of DATA chunks as represented by their TSNs.

The SACK MUST contain the Cumulative TSN ACK and Advertised Receiver
Window Credit (a_rwnd) parameters. By definition, the value of the
Cumulative TSN ACK parameter is the last TSN received at the time the
Selective ACK is sent, before a break in the sequence of received TSNs
occurs; the next TSN value following this one has not yet been
received at the reporting end.  This parameter therefore acknowledges
receipt of all TSNs up to and including the value given.

The handling of the a_rwnd by the receiver of the SACK is diccussed discussed in
detail in Section 5.2.1.

The Selective ACK also contains zero or more fragment reports. Each
fragment report acknowledges a subsequence of TSNs received following
a break in the sequence of received TSNs.  By definition, all TSNs
acknowledged by fragment reports are higher than the value of the
Cumulative TSN ACK.

     0                   1

Stewart, et al                                               [Page  22]
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0 0 0 0 0 0 1 1|Chunk  Flags   |      Chunk Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      Cumulative TSN ACK                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          Advertised Receiver Window Credit (a_rwnd)           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Number of Fragments = N    |         (Reserved)            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Fragment #1 Start         |   Fragment #1 End             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    /                                                               /
    \                              ...                              \
    /                                                               /
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Fragment #N Start         |   Fragment #N End             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Chunk Flags:

  Set to all zeros on transmit and ignored on receipt.

Cumulative TSN ACK: 32 bit u_int

  This parameter contains the TSN of the last DATA chunk received in
  sequence before a gap.

Advertised Receiver Window Credit (a_rwnd): 32 bit u_int

  This field indicates the updated receive buffer space in octets of
  the sender of this SACK, see Section 5.11 5.2.1 for details.

Number of Fragments: 16 bit u_int

  Indicates the number of TSN fragments included in this Selective
  ACK.

Reserved: 16 bit

  Must be set to all 0 by the sender and ignored by the receiver.

Fragments:

  These fields contain the ack fragments. They are repeated for each
  fragment up to the number of fragments defined in the Number of
  Fragments field. All DATA chunks with TSNs between the (Cumulative
  TSN ACK + Fragment Start) and (Cumulative TSN ACK + Fragment End) of
  each fragment are assumed to have been received correctly.

Stewart, et al                                               [Page  23]

Fragment Start: 16 bit u_int

  Indicates the Start offset TSN for this fragment. To calculate the
  actual TSN number the Cumulative TSN ACK is added to this
  offset number to yield the TSN. This calculated TSN identifies
  the first TSN in this fragment that has been received.

Fragment End:  16 bit u_int

  Indicates the End offset TSN for this fragment. To calculate the
  actual TSN number the Cumulative TSN ACK is added to this
  offset number to yield the TSN. This calculated TSN identifies
  the TSN of the last DATA chunk received in this fragment.

For example, assume the receiver has the following datagrams newly
arrived at the time when it decides to send a Selective ACK,

                 ----------
                 | TSN=17 |
                 ----------
                 |        | <- still missing
                 ----------
                 | TSN=15 |
                 ----------
                 | TSN=14 |
                 ----------
                 |        | <- still missing
                 ----------
                 | TSN=12 |
                 ----------
                 | TSN=11 |
                 ----------
                 | TSN=10 |
                 ----------

then, the parameter part of the Selective ACK MUST be constructed as
follows (assuming the new a_rwnd is set to 0x1234 by the sender):

        +---------------+--------------+
        |   Cumulative TSN ACK = 12    |
        ----------------+---------------
        |        a_rwnd = 0x1234        |
        ----------------+---------------
        | num of frag=2 |   (rev = 0)  |
        ----------------+---------------
        |frag #1 strt=2 |frag #1 end=3 |
        ----------------+---------------
        |frag #2 strt=5 |frag #2 end=5 |
        --------------------------------

Stewart, et al                                               [Page  24]

2.3.4 Heartbeat Request (HEARTBEAT) (00000100):

An endpoint should send this chunk to its peer endpoint of the current
association to probe the reachability of a particular destination
transport address defined in the present association.

The parameter field contains the Heartbeat Information which is a
variable length opeque opaque data structure understood only by the sender.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0 0 0 0 0 1 0 0| Chunk  Flags  |      Heartbeat Length         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                                                               \
    /            Heartbeat Information (Variable-Length)            /
    \                                                               \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Chunk Flags:

  Set to zero on transmit and ignored on receipt.

Heartbeat Length:

  Set to the size of the chunk in octets, including the chunk header
  and the Heartbeat Information field.

Heartbeat Information:

  defined as a variable-length parameter using the format described in
  Section 2.2.1, i.e.:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Heartbeat Info Type=1      |         HB Info Length        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    /                  Sender-specific Heartbeat Info               /
    \                                                               \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  The Sender-specific Heartbeat Info field should normally include
  information about the sender's current time when this HEARTBEAT
  message is sent and the destination transport address to which this
  HEARTBEAT is sent (see Section 7.3).

Stewart, et al                                               [Page  25]

2.3.5 Heartbeat Acknowledgment (HEARTBEAT ACK) (00000101):

An endpoint should send this chunk to its peer endpoint as a response
to a Heartbeat Request (see Section 7.3).

The parameter field contains a variable length opeque opaque data structure.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0 0 0 0 0 1 0 1| Chunk  Flags  |    Heartbeat Ack Length       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                                                               \
    /            Heartbeat Information (Variable-Length)            /
    \                                                               \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Chunk Flags:

  Set to zero on transmit and ignored on receipt.

Heartbeat Ack Length:

  Set to the size of the chunk in octets, including the chunk header
  and the Heartbeat Information field.

Heartbeat Information:

  The values of this field SHALL be copied from the Heartbeat
  Information field found in the Heartbeat Request to which this
  Heartbeat Acknowledgement Acknowledgment is responding.

2.3.6 Abort Association (ABORT) (00000110):

The ABORT chunk is sent to the peer of an association to terminate the
association. The ABORT chunk has no parameters. The sender of ABORT may bundle one or more ERROR chunks contain cause parameters to indicate inform
the receiver the reason of the abort.
However, if ERROR DATA chunks are MUST not be bundled
with ABORT. Control chunks MAY be bundled with an ABORT, ABORT but they MUST
be placed before the ABORT chunk in the outbound datagram. SCTP datagram, or they will be
ignored by the receiver.

If an endpoint receives an ABORT with a format error or for an
association that doesn't exist, it MUST silently discard it.
Moreover, under any circumstances, an endpoint that receives an ABORT
MUST never respond to that ABORT by sending an ABORT of its own.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0 0 0 0 0 1 1 0|Chunk  Flags   |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0| Chunk  Flags  |           Length              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                                                               \
    /                   zero or more Error Causes                   /
    \                                                               \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Stewart, et al                                               [Page  26]

Chunk Flags:

  Set to zero on transmit and ignored on receipt.

Some special

Length:

  Set to the size of the chunk in octets, including the chunk header
  and all the Error Cause fields present.

See Section 2.3.9 for Error Cause definitions.

Note: Special rules apply to the Verification Tag field of SCTP
datagrams which carry an ABORT, see Section 7.5 for details.

2.3.7 SHUTDOWN (00000111):

An endpoint in an association MUST use this chunk to initiate a
graceful termination of the association with its peer.  This chunk has
the following format.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0 0 0 0 0 1 1 1|Chunk  Flags   |0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      Cumulative TSN ACK                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Chunk Flags:

  Set to zero on transmit and ignored on receipt.

Cumulative TSN ACK: 32 bit u_int

  This parameter contains the TSN of the last chunk received in
  sequence before any gaps.

Stewart, et al                                               [Page  27]

2.3.8 Shutdown Acknowledgment (SHUTDOWN ACK) (00001000):

This chunk MUST be used to acknowledge the receipt of the SHUTDOWN
chunk at the completion of the shutdown process, see Section 8.2 for
details.

The SHUTDOWN ACK chunk has no parameters.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0 0 0 0 1 0 0 0|Chunk  Flags   |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Chunk Flags:

  Set to zero on transmit and ignored on receipt.

Note: if the endpoint that receives the SHUTDOWN message does not have
a TCB or tag for the sender of the SHUTDOWN, the receiver SHALL MUST still
respond. In such cases, the receiver SHALL MUST send back a stand-alone
SHUTDOWN ACK chunk in an SCTP datagram with the Verification Tag field
of the common header filled with all '0's.

2.3.9 Operation Error (ERROR) (00001001):

This chunk is sent to the other endpoint in the association to notify
certain error conditions. It contains one or more error causes. It has
the following parameters:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0 0 0 0 1 0 0 1| Chunk  Flags  |           Length              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                                                               \
    /                    one or more Error Causes                   /
    \                                                               \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Chunk Flags:

  Set to zero on transmit and ignored on receipt.

Length:

  Set to the size of the chunk in octets, including the chunk header
  and all the Error Cause fields present.

Error causes are defined as variable-length parameters using the
format described in 2.2.1, i.e.:

Stewart, et al                                               [Page  28]
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Cause Code          |       Cause Length            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    /                    Cause-specific Information                 /
    \                                                               \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Cause Code: 16 bit u_int

  Defines the type of error conditions being reported.

Cause Length: 16 bit u_int

  Set to the size of the parameter in octets, including the Cause Code,
  Cause Length, and Cause-Specific Information fields

Cause-specific Information: variable length

  This field carries the details of the error condition.

Currently SCTP defines the following error causes:

  Cause of error
  ---------------
  Invalid Stream Identifier: indicating receiving a DATA sent to a
  nonexistent stream.

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Cause Code=1              |      Cause Length=8           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |        Stream Identifier      |         (Reserved)            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Cause of error
  ---------------
  Missing Mandatory Parameter: indicating that mandatory one or more
  TLV parameters are missing in a received INIT or INIT ACK.

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Cause Code=2              |      Cause Length=8+N*2       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                   Number of missing params=N                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Missing Param Type #1       |   Missing Param Type #2       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Missing Param Type #N-1     |   Missing Param Type #N       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Each missing mandatory parameter type should be specified.

Stewart, et al                                               [Page  29]
  Cause of error
  --------------
  Stale Cookie Error: indicating the receiving of a valid cookie
  which is however expired.

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Cause Code=3              |       Cause Length=8          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Measure of Staleness (usec.)                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  The sender of this error cause MAY choose to report how long past
  expiration the cookie is, by putting in the Measure of Staleness
  field the difference, in microseconds, between the current time and
  the time the cookie expired. If the sender does not wish to provide
  this information it should set Measure of staleness to 0.

  Cause of error
  ---------------
  Out of Resource: indicating that the sender is out of resource. This
  is usually sent in combination with or within an ABORT.

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Cause Code=4              |      Cause Length=4           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Guidelines for IETF-defined Error Cause extensions are discussed in
Section 11.3 12.3 of this document.

2.3.10 Encryption Cookie (COOKIE) (00001010):

This chunk is used only during the initialization of an association.
It is sent by the initiator of an association to its peer to complete
the initialization process. This chunk MUST precede any DATA chunk
sent within the association, but MAY be bundled with one or more DATA
chunks in the same datagram.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0 0 0 0 1 0 1 0|Chunk  Flags   |         Length                |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Cookie                                    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Chunk Flags: 8 bit

  Set to zero on transmit and ignored on receipt.

Length: 16 bit u_int

  Set to the size of the chunk in octets, including the 4 octets of
  the chunk header and the size of the Cookie.

Stewart, et al                                               [Page  30]

Cookie: variable size

  This field must contain the exact cookie received in a previous INIT
  ACK.

2.3.11 Cookie Acknowledgment (COOKIE ACK) (00001011):

This chunk is used only during the initialization of an association.
It is used to acknowledge the receipt of a COOKIE chunk.  This chunk
MUST precede any DATA chunk sent within the association, but MAY be
bundled with one or more DATA chunks in the same SCTP datagram.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0 0 0 0 1 0 1 1|Chunk  Flags   |0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Chunk Flags:

  Set to zero on transmit and ignored on receipt.

2.3.12 Payload Data (DATA) (00000000):

The following format MUST be used for the DATA chunk:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0 0 0 0 0 0 0 0| Reserved|U|B|E|    Length                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                              TSN                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Stream Identifier S      |   Stream Sequence Number n    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  Payload Protocol Identifier                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   \                                                               \
   /                 User Data (seq n of Stream S)                 /
   \                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Reserved: 5 bits
  should be set to all '0's and ignored by the receiver.

U bit: 1 bit
  The (U)nordered bit, if set, indicates that this is an unordered
  data chunk, and there is NO Stream Sequence Number assigned to this
  DATA chunk. Therefore, the receiver MUST ignore the Stream Sequence
  Number field.

Stewart, et al                                               [Page  31]
  After reassembly re-assembly (if necessary), unordered data chunks MUST be
  dispatched to the upper layer by the receiver without any attempt of
  re-ordering.

  Note, if an unordered user message is segmented, each segment of the
  message MUST have its U bit set to 1.

B bit: 1 bit

  The (B)eginning segment bit, if set, indicates the first segment of
  a user message.

E bit:  1 bit
  The (E)nding segment bit, if set, indicates the last segment of a
  user message.

A non-segmented user message shall have both the B and E bits set
to 1. Setting both B and E bits to 0 indicates a middle segment of a
multi-segment user message, as summarized in the following table:

       B E                  Description
    ============================================================
    |  1 0 | First piece of a segmented user message           |
    +----------------------------------------------------------+
    |  0 0 | Middle piece of a segmented user message          |
    +----------------------------------------------------------+
    |  0 1 | Last piece of a segmented user message            |
    +----------------------------------------------------------+
    |  1 1 | Un-segmented Message                              |
    ============================================================

Length:  16 bits (16 bit u_int)

  This field indicates the length of the DATA chunk in octets.  It
  includes the Type field, the Reserved field, the U and B/E bits, the
  Length field, TSN, the Stream Identifier, the Stream Sequence
  Number, and the User Data fields. It does not include any padding.

TSN : 32 bits (32 bit u_int)

  This value represents the TSN for this DATA chunk. The valid range
  of TSN is from 0x0 to 0xffffffff.

Stream Identifier S: 16 bit u_int

  Identifies the stream to which the following user data belongs.

Stream Sequence Number n: 16 bit u_int

  This value presents the stream sequence number of the following user
  data within the stream S. Valid range is 0x0 to 0xFFFF.

  Note, when a user message is segmented by SCTP for transport, the
  same stream sequence number MUST be carried in each of the segments of
  the message.

Stewart, et al                                               [Page  32]

Payload Protocol Identifier: 32 bits (32 bit u_int)

  This value represents an application (or upper layer) specified
  protocol identifier. This value is passed to SCTP by its upper layer
  and sent to its peer. This identifier is not used by SCTP but may be
  used by certain network entities as well as the peer application to
  identify the type of information being carried in this DATA chunk.

  The value 0x0 indicates no application identifier is specified by
  the upper layer for this payload data.

User Data: variable length

  This is the payload user data. The implementation MUST pad the end
  of the data to a 32 bit boundary with 0 octets. Any padding should MUST
  NOT be included in the length field.

2.4 Vendor-Specific Chunk Extensions

This Chunk type is available to allow vendors to support their own
extended data formats not defined by the IETF. It MUST not affect the
operation of SCTP. In particular, when adding a Vendor Specific chunk
type, the vendor defined chunks MUST obey the congestion avoidance
rules defined in this document if they carry user data. User data is
defined as any data transported over the association that is delivered
to the upper layer of the receiver.

Endpoints not equipped to interpret the vendor-specific chunk sent by
a remote endpoint MUST ignore it. Endpoints that do not receive
desired vendor specific information SHOULD make an attempt to operate
without it, although they may do so (and report they are doing so) in
a degraded mode.

A summary of the Vendor-Specific Chunk format is shown below.  The
fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Type     |    Flags      |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Vendor-Id                                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   \                                                               \
   /                    Value                                      /
   \                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type: 8 bit u_int

      0xFE for all Vendor-Specific chunks.

Stewart, et al                                               [Page  33]
   Flags: 8 bit u_int

      Vendor specific flags.

   Length: 16 bit u_int

      Size of this Vendor-Specific chunks in octets, including the Type,
      Flags, Length, Vendor-Id, and Value fields.

   Vendor-Id: 32 bit u_int

      The high-order octet is 0 and the low-order 3 octets are the SMI
      Network Management Private Enterprise Code of the Vendor in
      network byte order, as defined in the Assigned Numbers (RFC 1700).

   Value: Variable length

      The Value field is one or more octets.  The actual format of the
      information is site or application specific, and a robust
      implementation SHOULD support the field as undistinguished
      octets.

      The codification of the range of allowed usage of this field is
      outside the scope of this specification.

3. SCTP Association State Diagram

During the lifetime of an SCTP association, the SCTP endpoints
progress from one state to another in response to various events. The
events that may potentially advance an endpoint's state include:

  o SCTP user primitive calls, e.g., [ASSOCIATE], [TERMINATE], [ABORT],

  o reception of INIT, COOKIE, ABORT, SHUTDOWN, etc. control
    chunks, or

  o some timeout events.

The state diagram in the figures below illustrates state changes,
together with the causing events and resulting actions. Note that some
of the error conditions are not shown in the state diagram. Full
description of all special cases should be found in the text.

Note, chunk names are given in all capital letters, while parameter
names have the first letter capitalized, e.g., COOKIE chunk type vs.
Cookie parameter.

Stewart, et al                                               [Page  34]
                    -----          -------- (frm any state)
                  /       \      /  rcv ABORT      [ABORT]
 rcv INIT        |         |    |   ----------  or ----------
 --------------- |         v    v   delete TCB     snd ABORT
 generate Cookie  \    +---------+                 delete TCB
 snd INIT.ACK       ---|  CLOSED |
                       +---------+
                        /      \      [ASSOCIATE]
                       /        \     ---------------
                      |          |    create TCB
                      |          |    snd INIT
                      |          |    strt init timer
     rcv valid COOKIE |          v
 (1) ---------------- |      +------------+
     create TCB       |      | COOKIE_WAIT| (2)
     snd COOKIE.ACK   |      +------------+
                      |          |
                      |          |    rcv INIT.ACK
                      |          |    -----------------
                      |          |    snd COOKIE
                      |          |    stop init timer
                      |          |    strt cookie timer
                      |          v
                      |      +------------+
                      |      | COOKIE_SENT| (3)
                      |      +------------+
                      |          |
                      |          |    rcv COOKIE.ACK
                      |          |    -----------------
                      |          |    stop cookie timer
                      v          v
                    +---------------+
                    |  ESTABLISHED  |
                    +---------------+

                   (from any state except CLOSED)
                                 |
                                 |
                        /--------+--------\
    [TERMINATE]        /                   \
    -----------------  |                   |
    check outstanding  |                   |
    data chunks        |                   |
                       v                   |
                  +---------+              |
                  |SHUTDOWN |              | rcv SHUTDOWN
                  |PENDING  |              | ----------------
                  +---------+              |         x
                       |                   |
  No more outstanding  |                   |
  -------------------  |                   |
  snd SHUTDOWN         |                   |
  strt shutdown timer  |                   |
                       v                   v

tewart, et al                                               [Page  35]
                  +---------+        +-----------+
              (4) |SHUTDOWN |        | SHUTDOWN  |  (5)
                  |SENT     |        | RECEIVED  |
                  +---------+        +-----------+
                       |                   |
  rcv SHUTDOWN.ACK     |                   |         x
  -------------------  |                   |-----------------
  stop shutdown timer  |                   | retransmit missing DATA
  delete TCB           |                   | send SHUTDOWN.ACK
                       |                   |    delete TCB
                       |                   |
                       \    +---------+    /
                        \-->| CLOSED  |<--/
                            +---------+

Note:

(1) If the received COOKIE is invalid (i.e., failed to pass the
    authentication check), the receiver MUST silently discard the
    datagram. Or, if the received COOKIE is expired (see Section
    4.1.5), the receiver SHALL send back an ERROR chunk. In either
    case, the receiver stays in the CLOSED state.

(2) If the init timer expires, the endpoint SHALL retransmit INIT
    and re-start the init timer without changing state. This SHALL be
    repeated up to 'Max.Init.Retransmits' times. After that, the
    endpoint SHALL abort the initialization process and report the
    error to SCTP user.

(3) If the cookie timer expires, the endpoint SHALL retransmit
    COOKIE and re-start the cookie timer without changing
    state. This SHALL be repeated up to 'Max.Init.Retransmits'
    times. After that, the endpoint SHALL abort the initialization
    process and report the error to SCTP user.

(4) In SHUTDOWN-SENT state the endpoint SHALL acknowledge any received
    DATA chunks without delay

(5) In SHUTDOWN-RECEIVED state, the endpoint MUST NOT accept any new
    send request from its SCTP user.

4. Association Initialization

Before the first data transmission can take place from one SCTP
endpoint ("A") to another SCTP endpoint ("Z"), the two endpoints must
complete an initialization process in order to set up an SCTP
association between them.

The SCTP user at an endpoint SHOULD should use the ASSOCIATE primitive to
initialize an SCTP association to another SCTP endpoint.

Stewart, et al                                               [Page  36]
  IMPLEMENTATION NOTE: From an SCTP-user's point of view, an
  association may be implicitly opened, without an ASSOCIATE primitive
  (see 9.1 B) being invoked, by the initiating endpoint's sending of
  the first user data to the destination endpoint. The initiating SCTP
  will assume default values for all mandatory and optional parameters
  for the INIT/INIT ACK.

Once the association is established, unidirectional streams will be
open for data transfer on both ends (see Section 4.1.1).

4.1 Normal Establishment of an Association

The initialization process consists of the following steps (assuming
that SCTP endpoint "A" tries to set up an association with SCTP
endpoint "Z" and "Z" accepts the new association):

A) "A" shall first send an INIT message to "Z". In the INIT, "A" must
   provide its security tag "Tag_A" in the Initiate Tag field. Tag_A
   SHOULD be a random number in the range of 0x1 to 0xffffffff (see
   4.3.1 for Tag value selection). After sending the INIT, "A" starts
   the T1-init timer and enters the COOKIE-WAIT state.

B) "Z" shall respond immediately with an INIT ACK message. In the
   message, besides filling in other parameters, "Z" must set the
   Verification Tag field to Tag_A, and also provide its own security
   tag "Tag_Z" in the Initiate Tag field.

   Moreover, "Z" MUST generate and send along with the INIT ACK an
   Encryption Cookie. See Section 4.1.3 for Encryption Cookie
   generation.

   Note: after sending out INIT ACK with the cookie, "Z" MUST not
   allocate any resources, nor keep any states for the new
   association. Otherwise, "Z" will be vulnerable to resource attacks.

C) Upon reception of the INIT ACK from "Z", "A" shall stop the T1-init
   timer and leave COOKIE-WAIT state. "A" shall then send the cookie
   received in the INIT ACK message in a cookie chunk, restart the
   T1-init timer, and enter the COOKIE-SENT state.

   Note, the cookie chunk can be bundled with any pending outbound
   DATA chunks, but it MUST be the first chunk in the datagram.

D) Upon reception of the COOKIE chunk, Endpoint "Z" will reply with
   a COOKIE ACK chunk after building a TCB and marking itself to
   the ESTABLISHED state. A COOKIE ACK chunk may be combined with
   any pending DATA chunks (and/or SACK chunks), but the COOKIE ACK
   chunk must MUST be the first chunk in the datagram.

  IMPLEMENTATION NOTE: an implementation may choose to send the
  Communication Up notification to the SCTP user upon reception
  of a valid COOKIE.

Stewart, et al                                               [Page  37]

E) Upon reception of the COOKIE ACK, endpoint "A" will move from the
   COOKIE-SENT state to the ESTABLISHED state, stopping the T1-init
   timer, and it may also notify its ULP about the successful
   establishment of the associate with a Communication Up notification
   (see Section 9).

Note: A DATA chunk MUST NOT be carried in the INIT or INIT ACK message.

Note: T1-init timer shall follow the same rules given in Section 5.3.

Note: if an endpoint receives an INIT, INIT ACK, or COOKIE chunk but
decides not to establish the new association due to missing mandatory
parameters in the received INIT or INIT ACK, invalid parameter values,
or, lack of local resources, it SHALL respond with an ABORT chunk. It
SHOULD also bundle with the ABORT one or more Operational ERROR chunks
to specify the cause of abort, such as the type(s) type of the
missing mandatory parameters, etc. etc., by either including cause
parameters or bundling with the ABORT one or more Operational ERROR
chunks.  The Verification Tag field in the common header of the
outbound abort datagram MUST be set to equal the Initiate Tag value of
the peer.

Note: After the reception of the first data chunk in an association
the receiver MUST immediately respond with a SACK to acknowledge
the data chunk, subsequent acknowledgements acknowledgments should be done as
described in section 5.2.

Note: When an SCTP endpoint sends an INIT or INIT ACK it SHOULD
include all of its transport addresses in the parameter section. This
is because it may NOT be possible to control the "sending" address
that a receiver of an SCTP datagram sees. A receiver thus MUST know
every address that may be a source address for a peer SCTP endpoint,
this assures that the inbound SCTP datagram can be matched to the
proper association.

Note: At the time when the TCB is created, either end MUST set its
internal cumulative TSN acknowledgment point to its peer's Initial TSN
minus one.

4.1.1 Handle

  IMPLEMENTATION Note: The IP address and SCTP port(s) are generally
  used as the key to find the TCB within an SCTP instance.

4.1.1 Handle Stream Parameters

In the INIT and INIT ACK messages, the sender of the message shall
indicate the number of outbound streams (OS) it wishes to have in the
association, as well as the maximal inbound streams (MIS) it will
accept from the other endpoint.

After receiving these stream configuration information from the other
side, each endpoint shall perform the following check: if the peer's
MIS is less than the endpoint's OS, meaning that the peer is incapable
of supporting all the outbound streams the endpoint wants to
configure, the endpoint MUST either settle with MIS outbound streams,
or abort the association and report to its upper layer the resources
shortage at its peer.

Stewart, et al                                               [Page  38]

After the association is initialized, the valid outbound stream
identifier range for either endpoint shall be 0 to
min(local OS, remote MIS)-1.

4.1.2 Handle Address Parameters

During the association initialization, an endpoint shall use the
following rules to discover and collect the destination transport
address(es) to of its peer.

On reception of an INIT or INIT ACK message, the receiver shall record
any transport addresses specified as parameters addresses. The transport address(es) are derived by the
combination of SCTP source port (from the common header) and the IP
address parameter(s) carried in the INIT or INIT ACK message, and message.  The
receiver should use only these transport addresses as destination
transport addresses when sending subsequent datagrams to its peer. If
no
destination transport addresses IP address parameters are specified in the INIT or INIT ACK
message, then the source IP address from which the message arrived arrives
should be combined with SCTP source port number and be considered as
the only destination transport address to use.

An initial primary destination transport address shall be selected
for either endpoint, using the following rules:

  For the initiator: any valid transport address obtained from the
  INIT ACK message. If no transport address is specified in the INIT
  ACK message, use the source transport address from which the INIT
  ACK message arrived.

  For the responder: any valid transport address obtained from the
  INIT message. If no transport address is specified in the INIT
  message, use the source transport address from which the INIT
  message arrived.

4.1.3 Generating Encryption Cookie

When sending an INIT ACK as a response to an INIT message, the sender
of INIT ACK should create an Encryption Cookie and send it as part of
the INIT ACK. Inside this Encryption Cookie, the sender should include
a security signature, a time stamp on when the cookie is created, and
the lifespan of the cookie, along with all the information necessary
for it to establish the association.

The following steps SHOULD be taken to generate the cookie:

1) create an association TCB using information from both the received
   INIT and the outgoing INIT ACK messages,

2) in the TCB, set the creation time to the current time of day, and
   the lifespan to the protocol parameter 'Valid.Cookie.Life',

3) attach a private security key to the TCB and generate a 128-bit MD5
   signature from the key/TCB combination (see [4] for details on
   MD5), and

Stewart, et al                                               [Page  39]

4) generate the Encryption Cookie by combining the TCB and the
   resultant MD5 signature.

After sending the INIT ACK with the cookie, the sender SHOULD delete
the TCB and any other local resource related to the new association,
so as to prevent resource attacks.

The private key should be a cryptographic quality random number with
a sufficient length. Discussion in RFC 1750 [1] can be helpful in
selection of the key.

4.1.4 Cookie Processing

When an endpoint receives an INIT ACK chunk in response to its INIT
chunk, and the INIT ACK contains an Encryption Cookie parameter, it
MUST immediately send a COOKIE chunk to its peer with the received
cookie.  The sender MAY also add any pending DATA chunks to the
message.

The sender shall also start the T1-init timer after sending out
the COOKIE chunk. If the timer expires, the sender shall retransmit
the COOKIE chunk and restart the T1-init timer. This is repeated until
either a COOKIE ACK is received or the endpoint is marked
unreachable (and thus the association enters the CLOSED state).

4.1.5 Cookie Authentication

When an endpoint receives a COOKIE chunk from another endpoint with
which it has no association, it shall take the following actions:

1) compute an MD5 signature using the TCB data carried in the cookie
   along with the receiver's private security key,

2) authenticate the cookie as one that it previously generated by
   comparing the computed MD5 signature against the one carried in the
   cookie. If this comparison fails, the datagram, including the
   COOKIE and the attached user data, should be silently discarded,

3) compare the creation time stamp in the cookie to the current local
   time, if the elapsed time is longer than the lifespan carried in
   the cookie, then the datagram, including the COOKIE and the
   attached user data, SHOULD be discarded and the endpoint MUST
   transmit a stale cookie operational error to the sending endpoint,

4) if the cookie is valid, create an association to the sender of the
   COOKIE message with the information in the TCB data carried in the
   COOKIE, and enter the ESTABLISHED state,

5) immediately acknowledge any DATA chunk in the datagram with a SACK
   (subsequent datagram acknowledgement should following the rules
   defined in Section 5.2, 5.2), and,

Stewart, et al                                               [Page  40]

6) send a COOKIE ACK chunk to the sender acknowledging reception of
   the cookie. The COOKIE ACK MAY be piggybacked with any outbound
   DATA chunk or SACK chunk.

Note that if a COOKIE is received from an endpoint with which the
receiver of the COOKIE has an existing association, the procedures in
section 4.2 should be followed.

4.1.6 An Example of Normal Association Establishment

In the following example, "A" initiates the association and then sends
a user message to "Z", then "Z" sends two user messages to "A" later
(assuming no bundling or segmentation occurs):

Endpoint A                                          Endpoint Z

{app sets association with Z}
(build TCB)
INIT [INIT Tag=Tag_A
      & other info]  --------\
(Start T1-init timer)         \
(Enter COOKIE-WAIT state)      \---> (compose temp TCB and Cookie_Z)

                                /--- INIT ACK [Veri Tag=Tag_A,
                               /               INIT Tag=Tag_Z,
(Cancel T1-init timer) <------/                Cookie_Z, & other info]
                                     (destroy temp TCB)
COOKIE [Cookie_Z] -----------\
(Start T1-init timer)         \
(Enter COOKIE-SENT state)      \---> (build TCB enter ESTABLISHED state)

                               /---- COOKIE-ACK
                              /
(Cancel T1-init timer, <-----/
 Enter established state)
...
{app sends 1st user data; strm 0}
DATA [TSN=initial TSN_A
    Strm=0,Seq=1 & user data]--\
(Start T3-rxt timer)            \
                                 \->

                              /----- SACK [TSN ACK=init TSN_A,Frag=0]
(Cancel T3-rxt timer) <------/
...

Stewart, et al                                               [Page  41]
                                     ...
                                     {app sends 2 datagrams;strm 0}
                               /---- DATA
                              /        [TSN=init TSN_Z
                          <--/          Strm=0,Seq=1 & user data 1]
SACK [TSN ACK=init TSN_Z,      /---- DATA
      Frag=0]      --------\  /        [TSN=init TSN_Z +1,
                            \/          Strm=0,Seq=2 & user data 2]
                     <------/\
                              \
                               \------>

Note that If T1-init timer expires at "A" after the INIT or COOKIE
chunks are sent, the same INIT or cookie chunk with the same Initiate
Tag (i.e., Tag_A) or cookie shall be retransmitted and the timer
restarted. This shall be repeated Max.Init.Retransmits times before "A"
considers "Z" unreachable and reports the failure to its upper layer
(and thus the association enters the CLOSED state). When
retransmitting the INIT, the endpoint SHALL following the rules
defined in 5.3 to determine the proper timer value.

4.2 Handle Duplicate INIT, INIT ACK, COOKIE, and COOKIE ACK

At any time during

During the life time of an association (in one of the possible
states) between
states), an endpoint and may receive from its peer, peer endpoint one of the
setup chunks
may be received from the peer, the (INIT, INIT ACK, COOKIE, and COOKIE ACK). The receiver
shall process treat such a duplicate setup chunk chuck as a duplicate and process it as
described in this section.

The following scenarios can cause duplicated chunks:

A) The peer has crashed without being detected, and re-started itself
   and sent out a new INIT Chunk trying to restore the association,

B) Both sides are trying to initialize the association at about the
   same time,

C) The chunk is from a staled datagram that was used to establish
   the present association or a past association which is no longer in
   existence, or

D) The chunk is a false message generated by an attacker. attacker, or

E) The peer never received the COOKIE ACK and is retransmitting its
   COOKIE.

In case A), the endpoint shall reset the present association and set a
new association with its peer. Case B) is unique and is discussed in
Section 4.2.1. However, in cases C) C), D) and D), E), the endpoint must retain
the present association.

The rules in the following sections shall be applied in order to
identify and correctly handle these cases.

Stewart, et al                                               [Page  42]

4.2.1 Handle Duplicate INIT in COOKIE-WAIT or COOKIE-SENT State

This usually indicates an initialization collision, i.e., both
endpoints are attempting at about the same time to establish an
association with the other endpoint.

In such a case, each of the two side shall respond to the other side
with an INIT ACK, with the Verification Tag field of the common header
set to the tag value received from the INIT message, and the Initiate
Tag field set to its own tag value (the same tag used in the INIT
message sent out by itself). Each responder shall also generate a
cookie with the INIT ACK.

After that, no other actions shall be taken by either side, i.e., the
endpoint shall not change its state, and the T1-init timer shall be
let
left running. The normal procedures for handling cookies will
resolve the duplicate INITs to a single association.

4.2.2 Handle Duplicate INIT in Other States

Upon reception of the duplicated INIT, the receiver shall generate an
INIT ACK with an Encryption Cookie.

In the outbound INIT ACK, the endpoint shall set the Verification Tag
field in the common header to the peer's new tag value (from the
duplicated INIT message), and the Initiate Tag field to its own tag
value (unchanged from the existing association). The included
Encryption Cookie shall be generated using the current time and a
temporary TCB constructed with the information provided in the
duplicated INIT message (see Section 4.1.3). This temporary TCB MUST
be destroyed after the outbound INIT ACK is built.

After sending out the INIT ACK, the endpoint shall take no further
actions, i.e., the existing association, including its current state,
and the corresponding TCB MUST not be changed.

4.2.3 Handle Duplicate INIT ACK

If an INIT ACK is received by an endpoint in any state
other than the COOKIE-WAIT state, the endpoint should discard
the INIT ACK message. A duplicate INIT ACK usually indicates the
processing of an old INIT or duplicated INIT message.

4.2.4 Handle Duplicate Cookie

When a duplicated COOKIE chunk is received in any state for an
existing association the following rules shall be applied:

1) compute an MD5 signature using the TCB data carried in the cookie
   along with the receiver's private security key,

Stewart, et al                                               [Page  43]

2) authenticate the cookie by comparing the computed MD5 signature
   against the one carried in the cookie. If this comparison fails,
   the datagram, including the COOKIE and the attached user data,
   should be silently discarded (this is case C or D above).

3) compare the timestamp in the cookie to the current time, if
   the cookie is older than the lifespan carried in the cookie,
   the datagram, including the COOKIE and the attached user data,
   should be discarded and the endpoint MUST transmit a stale cookie
   error to the sending endpoint only if the Verification tags of the
   cookie's TCB does NOT match the current tag values in the association
   (this is case C or D above). If both Verification tags do match
   consider the cookie valid (this is case E).

4) If the cookie proves to be valid, unpack the TCB into a
   temporary TCB.

5) If the Verification Tags in the Temporary TCB matches the
   Verification Tags in the existing TCB, the cookie is a
   duplicate cookie. A cookie ack should be sent to the peer
   endpoint but NO update should be made to the existing
   TCB.

6) If the the local Verification Tag in the temporary TCB
   does not match the local Verification Tag in the existing
   TCB, then the cookie is a an old stale cookie and does
   not correspond to the existing association (case C above).
   The datagram should be silently discarded.

7) If the Peers peer's Verification Tag in the temporary TCB does not
   match the Peer's peer's Verification Tag in the existing TCB TCB,
   then a restart of the peer has occurred (case A above).
   In such a case, the endpoint should report the restart to its ULP
   and respond the peer with a COOKIE ACK message. It shall also
   update the Verification Tag, initial TSN, and the destination
   address list of the existing TCB with the information from the
   temporary TCB. After that the temporary TCB can be discarded.

   Furthermore, all the congestion control parameters (e.g., cwnd,
   ssthresh) related to this peer shall be reset to their initial
   values (see Section 6.2.1).

  IMPLEMENTATION NOTE: It is an implementation decision on how
  to handle any pending datagrams. The implementation may elect
  to either A) send all messages back to its upper layer with the
  restart report, or B) automatically re-queue any datagrams
  pending by marking all of them as never-sent and assigning
  new TSN's at the time of their initial transmissions based upon
  the updated starting TSN (as defined in section 5.5). 5).

  Note: The "peer's Verification Tag" is the tag received in the INIT
  or INIT ACK chunk.

Stewart, et al                                               [Page  44]

4.2.5 Handle Duplicate COOKIE-ACK.

At any state other than COOKIE-SENT, an endpoint may receive a
duplicated COOKIE ACK chunk. If so, the chunk should be silently
discarded.

4.2.6 Handle Stale COOKIE Error

A stale cookie error indicates one of a number of possible events:

A) that the association failed to completely setup before the
   cookie issued by the sender was processed.

B) an old cookie was processed after setup completed.

C) an old cookie is received from someone that the receiver is
   not interested in having a an association with and the ABORT
   message was lost.

When processing a stale cookie an endpoint should first examine
if an association is in the process of being setup, i.e. the
association is in the COOKIE-SENT state. In all cases if
the association is NOT in the COOKIE-SENT state, the stale
cookie message should be silently discarded.

If the association is in the COOKIE-SENT state, the endpoint may elect
one of the following three alternatives.

1) Send a new INIT message to the endpoint, to generate a new cookie
   and re-attempt the setup procedure.

2) Discard the TCB and report to the upper layer the inability of
   setting-up the association.

3) Send a new INIT message to the endpoint, adding a cookie
   preservative parameter requesting an extentsion extension on the life time of
   the cookie. When calculating the time extension, an implementation
   SHOULD use the RTT information measured based on the previous
   COOKIE / Stale COOKIE message exchange, and should add no more
   than 1 second beyond the measured RTT, due to a long cookie life
   time makes the endpoint more subject to a replay attack.

4.3 Other Initialization Issues

4.3.1 Selection of Tag Value

Initiate Tag values should be selected from the range of 0x1 to
0xffffffff. It is very important that the Tag value be randomized to
help protect against "man in the middle" and "sequence number" attacks.
It is suggested that RFC 1750 [1] be used for the Tag randomization.

Stewart, et al                                               [Page  45]

Moreover, the tag value used by either endpoint in a given association
MUST never be changed during the lifetime of the association. However,
a new tag value MUST be used each time the endpoint tears-down and
then re-establishes the association to the same peer.

5. User Data Transfer

For transmission efficiency, SCTP defines mechanisms for bundling of
small user messages and segmentation of large user messages.
The following diagram depicts the flow of user messages through SCTP.

              +--------------------------+
              |      User Messages       |
              +--------------------------+
    SCTP user        ^  |
   ==================|==|=======================================
                     |  v (1)
          +------------------+    +--------------------+
          | SCTP DATA Chunks |    |SCTP Control Chunks |
          +------------------+    +--------------------+
                     ^  |             ^  |
                     |  v (2)         |  v (2)
                  +--------------------------+
                  |      SCTP datagrams      |
                  +--------------------------+
    SCTP                      ^  |
   ===========================|==|===========================
                              |  v
          Unreliable Packet Transfer Service (e.g., IP)

   Note:
   (1) When converting user messages into Data chunks, SCTP sender
       will segment user messages larger than the current path MTU
       into multiple data chunks. The segmented message will normally
       be reassembled from data chunks before delivery to the user by
       the SCTP receiver (see Section 5.9 for details).

   (2) Multiple data and control chunks may be multiplexed by the
       sender into a single SCTP datagram for transmission, as long as
       the final size of the datagram does not exceed the current path
       MTU. The receiver will de-multiplex the datagram back into
       the original chunks.

The segmentation and bundling mechanisms, as detailed in Sections 5.9
and 5.10, are optional to implement by the data sender, but they MUST
be implemented by the data receiver, i.e., an SCTP receiver MUST be
prepared to receive and process bundled or segmented data.

Stewart, et al                                               [Page  46]

5.1  Transmission of DATA Chunks

The following general rules SHALL be applied by the sender for
transmission and/or retransmission of outbound DATA chunks:

A) At any given time, the sender MUST NOT transmit new data onto any
   destination transport address if it its peer's rwnd indicates that the
   peer has no buffer space (i.e. rwnd or more octets of data
   outstanding. The outstanding data size is defined as the total size
   of ALL data chunks outstanding. 0, see Section 5.2.1).

   However, regardless of the value of rwnd (including if it is 0),
   the sender can always have ONE data packet in flight to the
   receiver. This rule allows the sender to probe for a change in rwnd
   that the sender missed due to the update having been lost in
   transmission from the receiver to the sender.

B) At any given time, the sender MUST NOT transmit new data onto a
   given transport address if it has cwnd or more octets of data
   outstanding on that transport address.

C) When the time comes for the sender to transmit, before sending
   new DATA chunks, the sender MUST first transmit any outstanding
   DATA chunks which are marked for retransmission (limited by the
   current cwnd).

D) Then, the sender can send out as many new DATA chunks as Rule A and
   Rule B above allow.

Note: multiple DATA chunks committed for transmission MAY be
bundled in a single packet, unless bundling is explicitly disallowed
by ULP of the data sender. Furthermore, DATA chunks being
retransmitted MAY be bundled with new DATA chunks, as long as the
resulting packet size does not exceed the path MTU.

Note: before a sender transmits a data packet, if any received DATA
chunks have not been acknowledged (e.g., due to delayed ack), the
sender should create a SACK and bundle it with the outbound DATA
chunk, as long as the size of the final SCTP datagram does not exceed
the current MTU. See Section 5.2.

  IMPLEMENTATION Note: when the window is full (i.e., transmission is
  disallowed by Rule A and/or Rule B), the sender MAY still accept
  send requests from its upper layer, but SHALL transmit no more DATA
  chunks until some or all of the outstanding DATA chunks are
  acknowledged and transmission is allowed by Rule A and Rule B
  again.

Whenever a transmission or retransmission is made, made to any address, if
the T3-rxt timer of that address is not currently running, the sender
MUST start the that timer. However, if the timer of that address is
already running, the sender SHALL restart the timer ONLY IF the
earliest (i.e., lowest TSN) outstanding DATA chunk sent to that
address is being retransmitted.

Stewart, et al                                               [Page  47]

When starting or restarting the T3-rxt timer, the timer value must be
adjusted according to the timer rules defined in Sections 5.3.2,
and 5.3.3.

5.2  Acknowledgment on Reception of DATA Chunks

The SCTP receiver MUST always acknowledge the SCTP sender about the
reception of each DATA chunk.

The guidelines on delayed acknowledgment algorithm specified in
Section 4.2 of RFC 2581 [3] SHOULD be followed. Specifically, an
acknowledgement
acknowledgment SHOULD be generated for at least every second datagram
received, and SHOULD be generated within 200 ms of the arrival of any
unacknowledged datagram.

  IMPLEMENTATION NOTE: the maximal delay for generating an
  acknowledgement
  acknowledgment may be configured by the SCTP user, either
  statically or dynamically, in order to meet the specific
  timing requirement of the signaling protocol being carried.

Acknowledgments MUST be sent in SACK control chunks. A SACK chunk can
acknowledge the reception of multiple DATA chunks. See Section 2.3.3
for SACK chunk format. In particular, the SCTP receiver MUST fill in
the Cumulative TSN ACK field to indicate the latest cumulative TSN
number it has received, and any received segments beyond the
Cumulative TSN SHALL also be reported.

Upon reception of the SACK, the data sender MUST adjust its total
outstanding data count and the outstanding data count on those
destination addresses for which one or more data chunks is
acknowledged by the SACK.

The following example illustrates the use of delayed acknowledgments:

Endpoint A                                      Endpoint Z

{App sends 3 messages; strm 0}
DATA [TSN=7,Strm=0,Seq=3] ------------> (ack delayed)
(Start T3-rxt timer)

DATA [TSN=8,Strm=0,Seq=4] ------------> (send ack)
                              /------- SACK [TSN ACK=8,Frag=0]
(cancel T3-rxt timer)  <-----/
...
...

DATA [TSN=9,Strm=0,Seq=5] ------------> (ack delayed)
(Start T3-rxt timer)
                                       ...
                                       {App sends 1 message; strm 1}
                                       (bundle SACK with DATA)
                                /----- SACK [TSN Ack=9,Frag=0] \
                               /         DATA [TSN=6,Strm=1,Seq=2]
(cancel T3-rxt timer)  <------/        (Start T3-rxt timer)

Stewart, et al                                               [Page  48]

(ack delayed)
...
(send ack)
SACK [TSN ACK=6,Frag=0] -------------> (cancel T3-rxt timer)

5.2.1 Tracking Peer's Receive Buffer Space

Whenever a SACK arrives, a new updated a_rwnd arrives with it. This
value represents the amount of buffer space the sender of the SACK, at
the time of transmitting the SACK, has left of its total receive
buffer space (as specified in the INIT/INIT-ACK). After processing the
SACK, the receiver of the SACK must use the following rules to
re-calculate the congestion control rwnd, using the received a_rwnd
value.

A) At the establishment of the association, the endpoint initializes
   the congestion control rwnd to the Advertised Receiver Window
   Credit (a_rwnd) the peer specified in the INIT or INIT ACK.

B) Any time a new DATA chunk is transmitted to a peer, the endpoint
   subtracts the data size of the chunk from the rwnd of that peer.

D)

C) Any time a SACK arrives, the endpoint performs the following:

   If all outstanding TSNs are acknowledged by the SACK, adopt
   the a_rwnd value in the SACK as the new rwnd.

   Otherwise, take the value of the current rwnd, and add to it the
   data size of any newly acknowledged TSNs that has its BE bits set
   to 11, OR that moved the cumulative TSN point forward. Then, set
   the congestion control rwnd to the lesser of the calculated value
   and the a_rwnd carried in the SACK.

E)

D) Any time the T3-rxt timer expires on any address, causing all
   outstanding chunks sent to that address to be marked for
   retransmission, add all of the data sizes of those chunks to the rwnd.

E) Any time a DATA chunk is marked for retransmission via the
   fast retransmit algorithm (section 6.2.4), add the DATA chunks
   size to the rwnd.

5.3 Management of Retransmission Timer

SCTP uses a retransmission timer T3-rxt to ensure data delivery in the
absence of any feedback from the remote data receiver. The duration of
this timer is referred to as RTO (retransmission timeout).

When the receiver endpoint is multi-homed, the data sender endpoint
will calculate a separate RTO for each different destination transport
addresses of the receiver endpoint.

Stewart, et al                                               [Page  49]

The computation and management of RTO in SCTP follows closely with how
TCP manages its retransmission timer. To compute the current RTO, an
SCTP sender maintains two state variables per destination transport
address: SRTT (smoothed round-trip time) and RTTVAR (round-trip time
variation).

5.3.1 RTO Calculation

The rules governing the computation of SRTT, RTTVAR, and RTO are
as follows:

C1) Until an RTT measurement has been made for a packet sent
    to the given destination transport address, set RTO to the
    protocol parameter 'RTO.Initial'.

C2) When the first RTT measurement R is made, set SRTT <- R,
    RTTVAR <- R/2, and RTO <- SRTT + 4 * RTTVAR.

C3) When a new RTT measurement R' is made, set

    RTTVAR <- (1 - RTO.Beta) * RTTVAR + RTO.Beta * |SRTT - R'|
    SRTT <- (1 - RTO.Alpha) * SRTT + RTO.Alpha * R'

    Note, the value of SRTT used in the update to RTTVAR is its value
    *before* updating SRTT itself using the second assignment.

    After the computation, update RTO <- SRTT + 4 * RTTVAR.

C4) When data is in flight and when allowed by rule C5 below, a new
    RTT measurement MUST be made each round trip.  Furthermore,
    it is RECOMMENDED that new RTT measurements should be made no
    more than once per round-trip for a given destination transport
    address. There are two reasons for this recommendation:  first,
    it appears that measuring more frequently often does not in
    practice yield any significant benefit [5]; second, if
    measurements are made more often, then the values of RTO.Alpha and
    RTO.Beta in rule C3 above should be adjusted so that SRTT and
    RTTVAR still adjust to changes at roughly the same rate (in terms
    of how many round trips it takes them to reflect new value) as
    they would if making only one measurement per round-trip and
    using RTO.Alpha and RTO.Beta as given in rule C3. However, the
    exact nature of these adjustments remains a research issue.

C5) Karn's algorithm: RTT measurements MUST NOT be made using
    packets that were retransmitted (and thus for which it is
    ambiguous whether the reply was for the first instance of the
    packet or a later instance).

C6) Whenever RTO is computed, if it is less than RTO.Min seconds
    then it is rounded up to RTO.Min seconds. The reason for this
    rule is that RTOs that do not have a high minimum value are
    susceptible to unnecessary timeouts [5].

Stewart, et al                                               [Page  50]

C7) A maximum value may be placed on RTO provided it is at least
    60
    RTO.max seconds.

There is no requirement for the clock granularity G used for computing
RTT measurements and the different state variables, other than

G1) Whenever RTTVAR is computed, if RTTVAR = 0, then adjust
    RTTVAR <- G.

Experience [5] has shown that finer clock granularities (<= 100 msec)
perform somewhat better than more coarse granularities.

5.3.2 Retransmission Timer Rules

The rules for managing the retransmission timer are as follows:

R1) Every time a packet containing data is sent to any address (including
    a retransmission), if the T3-rxt timer of that address is not
    running, start it running so that it will expire after the RTO seconds. of
    that address. The RTO used here is that obtained after any doubling
    due to previous T3-rxt timer expirations on the coresponding corresponding
    destination address as discussed in rule E2 below.

R2) Whenever all outstanding data on an address has been acknowledged,
    turn off the T3-rxt timer. timer of that address.

R3) Whenever a SACK is received that acknowledges new data chunks
    including the one with the earliest outstanding TSN (i.e., moving
    the cumulative ACK point forward), on that address,
    restart T3-rxt timer of that address with the its current RTO.

The following example shows the use of various timer rules (assuming
the receiver uses delayed acks).

Endpoint A                                         Endpoint Z
{App begins to send}
Data [TSN=7,Strm=0,Seq=3] ------------> (ack delayed)
(Start T3-rxt timer)
                                        {App sends 1 message; strm 1}
                                        (bundle ack with data)
DATA [TSN=8,Strm=0,Seq=4] ----\     /-- SACK [TSN ACK=7,Frag=0] \
                               \   /      DATA [TSN=6,Strm=1,Seq=2]
                                \ /     (Start T3-rxt timer)
                                 \
                                / \
(Re-start T3-rxt timer) <------/   \--> (ack delayed)
(ack delayed)
...
{send ack}
SACK [TSN ACK=6,Frag=0] --------------> (Cancel T3-rxt timer)
                                        ..
                                        (send ack)
(Cancel T3-rxt timer)  <-------------- SACK [TSN ACK=8,Frag=0]

Stewart, et al                                               [Page  51]

5.3.3 Handle T3-rxt Expiration

Whenever the retransmission timer T3-rxt expires on a destination
address, do the following:

E1) On the destination address where the timer expires, adjust its
    ssthresh with rules defined in Section 6.2.3 and set the
    cwnd <- MTU.

E2) On the destination address where the timer expires, set
    RTO <- RTO * 2 ("back off the timer"). The maximum value discussed
    in rule C7 above (RTO.max) may be used to provide an upper bound
    to this doubling operation.

E3) Determine how many of the earliest (i.e., lowest TSN) outstanding
    Data chunks on the address where the T3-rxt has expired that will
    fit into a single packet, subject to the MTU constraint for the
    path corresponding to the destination transport address where the
    retransmission is being sent to (this may be different from the
    address where the timer expires [see Section 5.4]). Call this
    value K. Bundle and retransmit those K data chunks in a single
    packet to the address. Note, the sender is
    allowed not to bundle, but only retransmit the earliest chunk in
    the outbound packet.

E4) Start the retransmission timer T3-rxt on the destination address
    to where the retransmission is sent, if rule R1 above indicates to
    do so. Note, the RTO to be used for starting T3-rxt should be the
    one of the destination address to where the retransmission is
    sent, which, when the receiver is multi-homed, may be different
    from the destination address where the timer expired (see Section
    5.4 below).

Note that after retransmitting, once a new RTT measurement is obtained
(which can happen only when new data has been sent and acknowledged,
per rule C5, or for a measurement made from a Heartbeat [see Section
7.3]), the computation in rule C3 is performed, including the
computation of RTO, which may result in "collapsing" RTO back down
after it has been subject to doubling (rule E2).

The final rule for managing the retransmission timer concerns failover
(see Section 5.4.1):

F1) Whenever SCTP switches from the current destination transport
    address to a different one, the current retransmission timer is timers are
    left running. As soon as SCTP transmits a packet containing data
    to the new transport address, restart start the timer, timer on that transport
    address, using the RTO value for of the path to destination address where
    the new address, data is being sent, if rule R1 indicates to do so.

5.4 Multi-homed SCTP Endpoints

An SCTP endpoint is considered multi-homed if there are more than one
transport addresses that can be used as a destination address to reach
that endpoint.

Stewart, et al                                               [Page  52]

Moreover, at the sender side, one of the multiple destination
addresses of the multi-homed receiver endpoint shall be selected as
the primary destination transport address by the UPL (see Sections
4.1.2 and 9.1 for details).

When the SCTP sender is transmitting to the multi-homed receiver, by
default the transmission SHOULD always take place on the primary
transport address, unless the SCTP user explicitly specifies the
destination transport address to use.

The acknowledgement acknowledgment SHOULD be transmitted to the same destination
transport address from which the DATA or control chunk being
acknowledged were received.

However, when acknowledging multiple DATA chunks in a single SACK, the
SACK message may be transmitted to one of the destination transport
addresses from which the DATA or control chunks being acknowledged
were received.

Furthermore, when the receiver is multi-homed, the SCTP data sender
SHOULD try to retransmit a chunk to an active destination transport
address that is different from the last destination address where the
data chunk was sent to.

Note, retransmissions do not affect the total outstanding data
count. However, if the data chunk is retransmitted onto a different
destination address, both the outstanding data counts on the new
destination address and the old destination address where the data
chunk was last sent to shall be adjusted accordingly.

5.4.1 Failover from Inactive Destination Address

Some of the destination transport addresses of a multi-homed SCTP data
receiver may become inactive due to either the occurrance occurrence of certain
error conditions (see Section 7.2) or adjustments from SCTP user.

When there is outbound data to send and the primary destination
transport address becomes inactive (e.g., due to failures), or where
the SCTP user explicitly requests to send data to an inactive
destination transport address, before reporting an error to its ULP,
the SCTP sender should try to send the data to an alternate active
destination transport address if one exists.

5.5 Stream Identifier and Stream Sequence Number

Every DATA chunk MUST carry a valid stream identifier. If a DATA chunk
with an invalid stream identifier is received, the receiver shall,
after acknowledging the reception of the DATA chunk following the normal
procedure, respond immediately with an ERROR message with cause set to
Invalid Stream Identifier (see Section 2.3.9) and discard the DATA
chunk.

Stewart, et al                                               [Page  53]

The stream sequence number in all the streams shall start from 0x0
when the association is established. Also, when the stream sequence
number reaches the value 0xffff the next stream sequence number shall
be set to 0x0.

5.6 Ordered and Un-ordered Delivery

By default the SCTP receiver shall ensure the DATA chunks within any
given stream be delivered to the upper layer according to the order of
their stream sequence number. If there are DATA chunks arriving out of
order of their stream sequence number, the receiver MUST hold the
received DATA chunks from delivery until they are re-ordered.

However, an SCTP sender can indicate that no ordered delivery is
required on a particular DATA chunk within the stream by setting the U
flag of the DATA chunk to 1.

In this case, the receiver must bypass the ordering mechanism and
immediately delivery the data to the upper layer (after re-assembly if
the user data is segmented by the sender).

This provides an effective way of transmitting "out-of-band" data in a
given stream. Also, a stream can be used as an "unordered" stream by
simply setting the U flag to 1 in all outbound DATA chunks sent
through that stream.

  IMPLEMENTATION NOTE: when sending an unordered DATA chunk, an
  implementation may choose to place the DATA chunk in an outbound
  datagram that is at the head of the outbound transmission queue if
  possible.

Note that the 'Sequence 'Stream Sequence Number' field in an un-ordered data
chunk has no significance; the sender can fill it with arbitrary
value, but the receiver MUST ignore the field.

5.7 Report Gaps in Received DATA TSNs

Upon the reception of a new DATA chunk, an SCTP receiver shall examine
the continuity of the TSNs received. If the receiver detects that gaps
exist in the received DATA chunk sequence, an SACK with fragment
reports shall be sent back immediately.

Based on the segment reports from the SACK, the data sender can
calculate the missing DATA chunks and make decisions on whether to
retransmit them (see Section 5.3 for details).

Multiple gaps can be reported in one single SACK (see Section 2.3.3).

Note that when the data sender is multi-homed, the SCTP receiver
SHOULD always try to send the SACK to the same network from where the
last DATA chunk was received.

Stewart, et al                                               [Page  54]

Upon the reception of the SACK, the data sender SHALL remove all DATA
chunks which have been acknowledged by the SACK. The data sender MUST
also treat all the DATA chunks which fall into the gaps between the
fragments reported by the SACK as "missing". The number of "missing"
reports for each outstanding DATA chunk MUST be recorded by the data
sender in order to make retransmission decision, see Section 6.2.4 for
details.

The following example shows the use of SACK to report a gap.

Endpoint A                                    Endpoint Z
{App sends 3 messages; strm 0}
DATA [TSN=6,Strm=0,Seq=2] ---------------> (ack delayed)
(Start T3-rxt timer)

DATA [TSN=7,Strm=0,Seq=3] --------> X (lost)

DATA [TSN=8,Strm=0,Seq=4] ---------------> (gap detected,
                                            immediately send ack)
                                /----- SACK [TSN ACK=6,Frag=1,
                               /             Strt=2,End=2]
                        <-----/
(remove 6 and 8 from out-queue,
 and strike 7 as "1" missing report)

Note: in order to keep the size of the outbound SCTP datagram not to
exceed the current path MTU, the maximal number of fragments that can
be reported within a single SACK chunk is limited. When a single SACK
can not cover all the fragments needed to be reported due to the MTU
limitation, the endpoint SHALL send only one SACK, reporting the
fragments from the lowest to highest TSNs, within the size limit set
by the MTU, and leave the remaining highested highest TSN fragment numbers
unacknowledged.

5.8 Adler-32 Checksum Calculation

When sending an SCTP datagram, the sender MUST strengthen the data
integrity of the transmission by including the Adler-32 checksum
value calculated on the datagram, as described below.

After the datagram is constructed (containing the SCTP common header
and one or more control or DATA chunks), the sender shall:

1) fill in the proper Verification Tag in the SCTP common header and
   intialize
   initialize the Adler-32 checksum filed to 0's.

2) calculate the Adler-32 checksum of the whole datagram, including the
   SCTP common header and all the chunks. Refer to Sections 8.2 and 9
   in [2] for details of the Adler-32 algorithm. And,

3) put the resultant value into the Adler-32 checksum field in the
   common header, and leave the rest of the bits unchanged.

Stewart, et al                                               [Page  55]

When an SCTP datagram is received, the receiver MUST first check the
Adler-32 checksum:

1) store the received Adler-32 checksum value aside,

2) replace the 32 bits of the Adler-32 checksum field in the received
   SCTP datagram with all '0's and calculate an Adler-32 checksum
   value of the whole received datagram. And,

3) verify that the calculated Adler-32 checksum is the same as the
   received Adler-32 checksum, If not, the receiver MUST treat the
   datagram as an invalid SCTP datagram.

The default procedure of handling invalid SCTP datagrams is to
silently discard them.

5.9 Segmentation

Segmentation MUST be performed by the data sender if the user message
to be sent has a large size that causes the outbound SCTP datagram
size exceeding the current MTU.

Note, if the data receiver is multi-homed, the sender shall choose a
size no larger than the latest MTU of the current primary destination
address.

When determining when to segment, the SCTP implementation MUST take
into account the SCTP datagram header as well as the DATA chunk
header. The implementation MAY also take account of the space required
for a SACK chunk.

  IMPLEMENTATION NOTE: if segmentation is not support by the sender,
  an error should be reported to the sender's SCTP user if the data to be
  sent has a size exceeding the current MTU. In such cases the Send
  primitive discussed in Section 9.1 would need to return an error
  to the upper layer.

Segmentation takes the following steps:

1) the data sender SHALL break the large user message into a series of
   DATA chunks, such that each of the chunks can be fit into an IP
   datagram smaller than or equal to the current MTU,

2) the data sender MUST then assign, in sequence, a separate TSN to
   each of the DATA chunks in the series,

3) the data sender MUST also set the B/E bits of the first DATA chunk
   in the series to '10', the B/E bits of the last DATA chunk in the
   series to '01', and the B/E bits of all other DATA chunks in the
   series to '00'.

Stewart, et al                                               [Page  56]

The data receiver MUST recognize the segmented DATA chunks, by
examining the B/E bits in each of the received DATA chunks, and queue
the segmented DATA chunks for re-assembly. Then, it shall pass the
re-assembled user message to the specific stream for possible
re-ordering and final dispatching.

Note, if the data receiver runs out of buffer space while still
waiting for more segments to complete the re-assembly of the message,
it should dispatch part of its inbound message through a partial
delivery API (see Section 9), freeing some of its receive buffer space
so that the rest of the message may be received.

5.10 Bundling and Multiplexing

An SCTP sender achieves data bundling by simply including multiple
DATA chunks in one outbound SCTP datagram. Note that the total size of
the resultant IP datagram, including the SCTP datagram and IP headers,
MUST be less or equal to the current MTU.

Note, if the data receiver is multi-homed, the sender shall choose a
size no larger than the latest MTU of the current primary destination
address.

When multiplexing control chunks with DATA chunks, control chunks have
the priority and MUST be placed first in the outbound SCTP datagram
and be transmitted first. The transmitter MUST transmit DATA chunks
within a SCTP datagram in increasing order of TSN.

Partial chunks MUST NOT be placed in a SCTP datagram.

The receiver MUST process the chunks in order in the datagram.  The
receiver uses the chunk length field to determine the end of a chunk
and beginning of the next chunk taking account of the fact that all
chunks end on a thirty-two-bit word boundary. If the receiver detects
a partial chunk, it MUST drop the chunk.

6. Congestion control

Congestion control is one of the basic functions in the SCTP protocol.
For some applications, it may be likely that adequate resources will
be allocated to SCTP traffic to assure prompt delivery of
time-critical SCTP data - thus it would appear to be unlikely, during
normal operations, that SCTP transmissions encounter severe congestion
condition. However SCTP must prepare itself for adverse operational
conditions, which can develop upon partial network failures or
unexpected traffic surge.  In such situations SCTP must follow correct
congestion control steps to recover from congestion quickly in order
to get data delivered as soon as possible.  In the absence of network
congestion, these preventive congestion control algorithms should show
no impact on the protocol performance.

Stewart, et al                                               [Page  57]
  IMPLEMENTATION NOTE: as far as its specific performance requirements
  are met, an implementation is always allowed to adopt a more
  conservative congestion control algorithm than the one defined
  below.

The congestion control algorithms used by SCTP are based on RFC 2581
[3], "TCP Congestion Control".  This section describes how the
algorithms defined in RFC 2581 are adopted for use in SCTP.  We first
list differences in protocol designs between TCP and SCTP, and then
describe SCTP's congestion control scheme.  The description will use
the same terminology as in TCP congestion control whenever
appropriate.

6.1 SCTP Differences from TCP Congestion control

One difference between SCTP and TCP is that Selective Acknowledgment
function (SACK) is designed into SCTP, rather than an enhancement that
is added to the protocol later as is the case for TCP. SCTP SACK
carries different semantic meanings from that of TCP SACK. TCP
considers the information carried in the SACK as advisory information
only. In SCTP, any DATA chunk that has been acknowledged by SACK,
including DATA that arrived at the receiving end out of order, are
considered having been delivered to the destination application, and
the sender is free to discard the local copy. Consequently, the value
of cwnd controls the amount of outstanding data, rather than the upper
bound between the highest acknowledged sequence number and the latest
DATA chunk that can be sent within the congestion window, as is the
case in TCP. SCTP SACK leads to different implementations of
fast-retransmit and fast-recovery from that of TCP.

The biggest difference between SCTP and TCP, however, is multi-homing.
SCTP is designed to establish robust communication associations
between two end points each of which may be reachable by more than one
transport address.  Potentially different addresses may lead to
distinguished data paths between the two points, thus ideally one may
need a separate set of congestion control parameters for each of the
paths.  The treatment here of congestion control for multihomed multi-homed
receivers is new with SCTP and may require refinement in the
future. The current algorithms make the following assumptions:

o The sender always uses the same destination address until being
  instructed by the upper layer otherwise.

o The sender keeps a separate congestion control parameter set for each
  of the destination addresses. The parameters should decay if the
  address is not used for a long enough time period.

o For each of the destination addresses, do slow-start upon the first
  transmission to that address.

Stewart, et al                                               [Page  58]

6.2 SCTP Slow-Start and Congestion Avoidance

The slow start and congestion avoidance algorithms MUST be used by a
SCTP sender to control the amount of outstanding data being injected
into the network.  The congestion control in SCTP is employed in regard
to the association, not to an individual stream.  In some situations it
may be beneficial for an SCTP sender to be more conservative than the
algorithms allow, however an SCTP sender MUST NOT be more aggressive
than the following algorithms allow.

Like TCP, an SCTP sender uses the following three control variables to
regulate its transmission rate.

o Receiver advertised window size (rwnd, in octets), which is set by
  the receiver based on its available buffer space for incoming packets.

o Congestion control window (cwnd, in octets), which is adjusted by
  the sender based on observed network conditions.

o Slow-start threshold (ssthresh, in octets), which is used by the
  sender to distinguish slow start and congestion avoidance phases.

SCTP also requires one additional control variable, partial_bytes_acked,
which is used during congestion avoidance phase to facilitate cwnd
adjustment.

6.2.1 Slow-Start

Beginning data transmission into a network with unknown conditions
requires SCTP to probe the network to determine the available capacity.
The slow start algorithm is used for this purpose at the beginning of a
transfer, or after repairing loss detected by the retransmission timer.

o The initial cwnd before data transmission or after a sufficiently
  long idle period MUST be <= 2*MTU.

o The initial cwnd after a retransmission timeout MUST be no more
  than 1*MTU.

o The initial value of ssthresh MAY be arbitrarily high (for example,
  some implementations use the size of the receiver advertised window).

o Whenever cwnd is greater than zero, the sender is allowed to have cwnd
  octets of data outstanding on that transport address.

o When cwnd is less than or equal to ssthresh an SCTP sender MUST use
  the slow start algorithm to increase cwnd (assuming the current
  congestion window is being fully utilized). If the incoming SACK
  advances the cumulative TSN, cwnd MUST be increased by at most the
  lesser of 1) the total size of the previously outstanding DATA
  chunk(s) covered by this advancement of the cumulative TSN, acknowledged, and 2) the current destinations path MTU.
  This prevents against the ACK-Splitting attack outlined in [15].

Stewart, et al                                               [Page  59]
  NOTE: because an SCTP In instances where the data sender's cwnd receiver endpoint is not tied to its multi-homed,
  if a SACK arrives at the data sender that advances the
  sender's cumulative TSN point, as duplicate SACKs come in, even though they
  may not advance then the cumulative TSN point an SCTP data sender can still
  use them should update
  its cwnd (or cwnds) apportioned to clock the destination addresses where
  the data was transmitted to. However if the SACK does not advance
  the cumulative TSN point, the data sender MUST not adjust the cwnd
  of any of the destination addresses.

  NOTE: because an SCTP data sender's cwnd is not tied to its
  cumulative TSN point, as duplicate SACKs come in, even though they
  may not advance the cumulative TSN point an SCTP sender can still
  use them to clock out new data.  That is, the data newly
  acknowledged by the SACK diminishes the amount of data now in
  flight to less than cwnd; and so the current, unchanged value of
  cwnd now allows new data to be sent.  On the other hand, the
  increase of cwnd must be tied to the cumulative TSN advancement as
  specified above.  Otherwise the duplicate SACKs will not only clock
  out new data, but also will adversely clock out *more* new data
  than what has just left the network, during a time of possible
  congestion.

o When the sender does not transmit data on a given transport address,
  the cwnd of the transport address should be adjusted to
  max(cwnd / 2, 2*MTU) per RTO.

6.2.2 Congestion Avoidance

When cwnd is greater than ssthresh, cwnd should be incremented
by 1*MTU per RTT if the sender has cwnd or more octets of data
outstanding on the corresponding transport address.

In practice an implementation can achieve this goal in the
following way:

o partial_bytes_acked is initialized to 0.

o Whenever cwnd is greater than ssthresh, upon each SACK arrival,
  increase partial_bytes_acked by the total number of octets of all
  new chunks acknowledged in that SACK.

o When partial_bytes_acked is equal or greater than cwnd and before
  the arrival of the SACK the sender has cwnd or more octets of data
  outstanding, increase cwnd by MTU, and reset partial_bytes_acked to
  (partial_bytes_acked - cwnd).

o Same as in the slow start, when the sender does not transmit data on
  a given transport address, the cwnd of the transport address should
  be adjusted to max(cwnd / 2, 2*MTU) per RTO.

Stewart, et al                                               [Page  60]

6.2.3 Congestion Control

Upon detection of packet losses from SACK, SACK reports (see section 6.2.4),
the sender should do the following:

  ssthresh = max(cwnd/2, 2*MTU)
  cwnd = ssthresh

Basically, a packet loss causes cwnd to be cut in half.

When the T3-rxt timer expires, expires on an address, SCTP should perform
slow start by:

  ssthresh = max(cwnd/2, 2*MTU)
  cwnd = 1*MTU

and assuring assure that no more than one data packet will be in flight on that
address until the sender receives acknowledgment for successful delivery. delivery
of data to that address.

6.2.4 Fast Retransmit on Gap Reports

In the absence of data losses, a SCTP receiver performs delayed
acknowledgment. However, whenever a receiver notices a hole in the
arriving TSN sequence, it should start sending a SACK back every time
a packet arrives carrying data.

At the sender end, whenever the sender receives a SACK that indicate
some TSN(s) missing, it SHOULD wait for 3 further miss indications
(via subsequent SACKs) on the same TSN(s) before taking action.

When the TSN(s) is reported as missing in consecutive SACKs for the
4th time, the sender shall:

1) Mark the missing DATA chunk(s) for retransmission,

2) Adjust the ssthresh and cwnd of the destination address(es) where
   the missing data chunks were last sent, according to the formula
   described in Section 6.2.3.

3) Determine how many of the earliest (i.e., lowest TSN) missing Data
   chunks will fit into a single packet, subject to constraint of the
   path MTU of the destination transport address to which the packet
   is being sent. Call this value K. Retransmit those K data chunks in
   a single packet.

4) Restart T3-rxt timer ONLY IF the last SACK advanced acknowledged the cumulative lowest
   outstanding TSN point, number sent to that address, or we are retransmitting
   the first outstanding Data
   chunk. chunk sent to that address.

   Note, before the above adjustments, if the received SACK also
   acknowledges new data chunks and advances the cumulative TSN point,
   the cwnd adjustment rules defined in Sections 6.2.1 and 6.2.2 must
   be applied first.

Stewart, et al                                               [Page  61]

A straightforward implementation of the above requires that the sender
keeps a counter for each TSN hole first reported by a SACK; the
counter keeps track of whether 3 subsequent SACKs have reported the
same hole.

Because cwnd in SCTP indirectly bounds the number of outstanding
TSN's, the effect of TCP fast-recovery is achieved automatically with
no adjustment to the congestion control window size.

6.3 Path MTU Discovery

RFC 1191 [11] discusses "Path MTU Discovery", whereby a sender
maintains an estimate of the maximum transmission unit (MTU) along a
given Internet path and refrains from sending datagrams along that
path which exceed the MTU, other than occasional attempts to probe for
a change in the path MTU.  RFC 1191 is thorough in its discussion of
the MTU discovery mechanism and strategies for determining the current
end-to-end MTU setting as well as detecting changes in this value.
RFC 1981 [12] discusses applying the same mechanisms for IPv6.

An SCTP sender SHOULD apply these techniques, and SHOULD do so on a
per-destination-address basis.

There are 4 ways in which SCTP differs from the description in RFC 1191
of applying MTU discovery to TCP:

1)  SCTP associations can span multiple set of addresses.
    Per the above comment, an SCTP sender MUST maintain separate
    MTU estimates for each destination address of its peer.

2)  Elsewhere in this document, when the term "MTU" is discussed,
    it refers to the MTU associated with the destination address
    corresponding to the context of the discussion.

3)  Unlike TCP, SCTP does not have a notion of "Maximum Segment
    Size".  Accordingly, the MTU for each destination address
    SHOULD be initialized to a value no larger than the link MTU
    for the local interface to which datagrams for that remote
    destination address will be routed.

4)  Since data transmission in SCTP is naturally structured in
    terms of TSNs rather than bytes (as is the case for TCP), the
    discussion in section 6.5 of RFC 1191 applies: when retransmitting
    a datagram to a remote address for which the datagram appears
    too large for the path MTU to that address, the datagram SHOULD
    be retransmitted without the DF bit set, allowing it to possibly
    be fragmented. Transmissions of new datagrams MUST have DF set.

Other than these differences, the discussion of TCP's use of MTU
discovery in RFCs 1191 and 1981 applies to SCTP, too, on a
per-destination-address basis.

Stewart, et al                                               [Page  62]

7.  Fault Management

7.1 Endpoint Failure Detection

The data sender shall keep a counter on the total number of
consecutive retransmissions to its peer (including retransmissions to
ALL the destination transport addresses of the peer if it is
multi-homed).
If the value of this counter exceeds the limit indicated in the
protocol parameter 'Association.Max.Retrans', the data sender shall
consider the peer endpoint unreachable and shall stop transmitting any
more data to it (and thus the association enters the CLOSED state). In
addition, the data sender shall report the failure to the upper layer,
and optionally report back all outstanding user data remaining in its
outbound queue. The association is automatically terminated when the
peer endpoint becomes unreachable.

The counter shall be reset each time a datagram sent to that
destination address is acknowledged by the peer endpoint, or
a HEARTBEAT-ACK is received from the peer endpoint.

7.2 Path Failure Detection

When the remote endpoint is multi-homed, the data sender should keep a
'retrans.count' counter for each of the destination transport
addresses of the remote endpoint.

Each time the data sender retransmits T3-rxt timer on any address, or when a HEARTBEAT sent to
an outstanding datagram, idle address is not acknowledged, the 'retrans.count' counter of the
that destination address, to which the
datagram was previously sent, address will be incremented.  When the value in
'retrans.count' exceeds the protocol parameter 'Path.Max.Retrans' of
that destination address, the data sender should mark the destination
transport address as inactive, and a notification SHOULD be sent to
the upper layer.

When an outstanding TSN is acknowledged, acknowledged or a HEARTBEAT sent to that
address is acknowledged with a HEARTBEAT-ACK, the data sender shall
clear the 'retrans.count' counter of the destination transport address
to which the datagram was last sent. sent (or HEARTBEAT was sent). Note,
when the data receiver is multi-homed and the last sent was a
retransmission to an alternate address of the receiver, there exists
an ambiguity as to whether or not the acknowledgment should be
credited to the address of the last sent. However, this ambiguity does
not seem to bear any significant consequence to SCTP behavior. If this
ambiguity is undesirable, the data sender may choose not to clear the
'retrans.count' counter if the last sent was a retransmission.

Note, when configuring the SCTP endpoint, the user should avoid
having the value of 'Association.Max.Retrans' larger than the
summation of the 'Path.Max.Retrans' of all the destination addresses
for the remote endpoint. Otherwise, all the destination addresses may
become inactive while the endpoint still considers the peer endpoint
reachable. When this condition occurs, how the SCTP chooses to function
is implemenation implementation specific.

Stewart, et al                                               [Page  63]

Note, when the primary destination address is marked inactive (due to
excessive retransmissions, for instance), the sender MAY automatically
transmit new datagrams to an alternate destination address if one
exists and is active. This is, howerver, however, an implementation option.

7.3 Path Heartbeat

By default, an SCTP endpoint shall monitor the reachability of the
idle destination transport address(es) of its peer by sending
HEARTBEAT messages periodically to the destination transport
address(es).

A destination transport address is considered "idle" if no new chunk
which can be used for updating path RTT (usually including first
transmission DATA, INIT, COOKIE, etc.) and no heartbeat has been sent
to it within the current heartbeat period of that address. This
applies to both active and inactive destination addresses.

The upper layer can optionally initiate the following functions:

A) disable heart beat on a specific destination transport address of a
   given association,
B) re-enable heart beat on a specific destination transport address of
   a given association, and,
C) request an on-demand heartbeat on a specific destination transport
   address of a given association.

The endpoint should increment the respective 'retrans.count' counter
of the destination transport address each time a HEARTBEAT is sent to
that address.

When the value of this counter reaches the protocol parameter
'Path.Max.Retrans', the endpoint should mark the corresponding
destination address as inactive if it is not so marked, and may also
optionally report to the upper layer the change of reachability of
this destination address. After this, the endpoint should continue
heartbeat on this destination address but should stop increasing the
counter.

The sender of the HEARTBEAT message should include in the Heartbeat
Information field of the message the current time when the message is
sent out and the information on the destination address to which the
message is sent.

The receiver of the HEARTBEAT should immediately respond with a
HEARTBEAT ACK that contains the Heartbeat Information field copied out
from the received HEARTBEAT message.

Upon the receipt of the HEARTBEAT ACK, the sender of the HEARTBEAT
should clear the 'retrans.count' counter of the destination transport
address to which the HEARTBEAT was sent, and mark the destination
transport address as active if it is not so marked. The endpoint may
optionally report to the upper layer when an inactive destination
address is marked as active due to the reception of the latest
HEARTBEAT ACK.

Stewart, et al                                               [Page  64]

The receiver of the HEARTBEAT ACK should also perform an RTT
measurement for that destination transport address using the time
value carried in the HEARTBEAT ACK message.

On an idle destination address that is allowed to heartbeat, HEARTBEAT
messages is RECOMMENDED to be sent once per RTO of that destination
address, with jittering of +/- 50%, and exponential back-off if the
previous HEARTBEAT is unanswered.

A primitive is provided for the SCTP user to change the heart
beat interval and turn on or off the heart beat on a given destination
address. Note, the heartbeat interval set by the SCTP user on any of
the idle destination addresses SHOULD be no smaller than the RTO of
that distination destination address. Separate timers may be used to control the
heartbeat transmission for different idle destination addresses.

7.4 Handle "Out of the blue" Packets

An SCTP datagram is called an "out of the blue" (OOTB) datagram if it
is correctly formed, i.e., passed the receiver's Adler-32 check (see
Section 5.8), but the receiver is not able to identify the association
to which this datagram belongs.

The receiver of an OOTB datagram MUST do the following:

1) check if the OOTB datagram contains an ABORT chunk. If so, the
   receiver MUST silently discarded the OOTB datagram and take no
   futher
   further action. Otherwise,

2) the receiver should respond the sender of the OOTB datagram with an
   ABORT. When sending the ABORT, the receiver of the OOTB datagram
   MUST fill in the Verification Tag field of the outbound datagram
   with the value found in the Verification Tag field of the OOTB
   datagram. After sending this ABORT, the receiver of the OOTB
   datagram shall discard the OOTB datagram and take no further
   action.

7.5 Verification Tag

The Verification Tag rules defined in this section apply when sending
or receiving SCTP datagrams which do NOT contain an INIT, SHUTDOWN
ACK, or ABORT chunk. The rules for sending and receiving SCTP
datagrams containing one of these chunk types are discussed separately
in Section 7.5.1.

When sending an SCTP datagram, the sender MUST fill in the
Verification Tag field of the outbound datagram with the tag value of
the peer endpoint to which this SCTP datagram is destinated. destined.

When receiving an SCTP datagram, the receiver MUST ensure that the
value in the Verification Tag field of the received SCTP datagram
matches its own Tag. If the received tag value does not match the
receiver's own tag value, the receiver shall silently discard the
datagram and shall not process it any further.

Stewart, et al                                               [Page  65]

7.5.1 Exceptions in Verification Tag Rules

A) Rules for datagram carrying INIT:

 - The sender MUST set the Verification Tag of the datagram to 0.
 - The receiver, when noticing an incoming SCTP datagram with the
   Verification Tag set to 0, should continue to process the datagram
   only if an INIT chunk is present. Otherwise, the receiver MUST
   silently discard the datagram and take no further action.

B) Rules for datagram carrying ABORT:

 - The sender shall always fill in the Verification Tag field of the
   outbound datagram with the destination endpoint's tag value if it
   is known.
 - If the ABORT is sent in response to an OOTB datagram, the sender
   MUST follow the procedure described in Section 7.4.
 - The receiver MUST accept the datagram IF the Verification Tag
   matches either its own tag, OR the tag of one of its existing
   peers. peer. Otherwise, the
   receiver MUST silently discard the datagram and take no further
   action.

C) Rules for datagram carrying SHUTDOWN ACK:

 - When sending a SHUTDOWN ACK, the sender is allowed to either use
   the destination endpoint's tag or set the Verification Tag field
   of the outbound datagram to 0.
 - The receiver of a SHUTDOWN ACK shall accept the datagram IF the
   Verification Tag field of the datagram matches its own tag OR is
   set to 0. Otherwise, the receiver MUST silently discard the
   datagram and take no further action. NOTE: the receiver of the
   SHUTDOWN ACK MUST ignore the chunk if it is not in the SHUTDOWN
   SENT state.

8. Termination of Association

All existing associations should be terminated when an endpoint exits
from service. An association can be terminated by either close or
shutdown.

8.1 Close of an Association

When an endpoint decides to close down an existing association, it
shall send an ABORT message to its peer endpoint. The sender MUST fill
in the peer's Verification Tag in the outbound datagram and MUST NOT
bundle any other DATA chunk with the ABORT.

No acknowledgment is required for an ABORT message. In any
circumstances, an endpoint MUST NOT respond to any received datagram
that contains an ABORT with its own ABORT (also see Section 7.4).

The receiver shall apply the special Verification Tag check rules
described in Section 7.5.1 when handling the datagram carrying an
ABORT.

Stewart, et al                                               [Page  66]

After checking the Verification Tag, the peer shall remove the
association from its record, and shall report the termination to its
upper layer.

8.2 Shutdown of an Association

Using the TERMINATE primitive (see Section 9.1), the upper layer of an
endpoint in an association can gracefully shutdown the association.
This will guarantee that all outstanding datagrams from the peer of
the shutdown initiator be delivered before the association
terminates.

Upon receipt of the TERMINATE primitive from its upper layer, the
initiator endpoint enters SHUTDOWN-PENDING state and remains there
until all outstanding TSNs have been acknowledged by the far end. It
accepts no new data from its upper layer, but retransmits data to the
far end if necessary to fill gaps.

Once all outstanding TSNs have been acknowledged, the initiator
endpoint shall send a SHUTDOWN message to the peer of the association,
and shall include the last cumulative TSN it has received from the
peer in the 'Cumulative TSN ACK' field. It shall then start the
T2-shutdown timer and enter the Shutdown-sent state. If the timer
expires, the initiator must re-send the SHUTDOWN with the updated last
TSN received from its peer.

The same rules in 5.3 SHALL be followed to determine the proper timer
value for T2-shutdown. The sender of the SHUTDOWN message may also
optionally include a SACK to indicate any gaps by bundling both the
SACK and SHUTDOWN message together.

Note the sender of a shutdown should limit the number of
retransmissions of the shutdown message to the protocol parameter
'Association.Max.Retrans'. If this threshold is exceeded the endpoint
should destroy the TCB and may report the endpoint unreachable to the
upper layer (and thus the association enters the CLOSED state).

Upon the reception of the SHUTDOWN, the peer shall enter the
Shutdown-received state, and shall verify, by checking the TSN ACK
field of the message, that all its outstanding datagrams have been
received by the initiator.

If there are still outstanding datagrams left, the peer shall mark
them for retransmission and start the retransmit procedure as defined
in Section 5.3.

While in Shutdown-sent state, the initiator shall immediately respond
to each inbound SCTP datagram containing user data from the peer with
a SACK and restart the T2-shutdown timer.

If there is no more outstanding datagrams, the peer shall send a
SHUTDOWN ACK and then remove all record of the association.

Stewart, et al                                               [Page  67]

Upon the receipt of the SHUTDOWN ACK, the initiator shall stop the
T2-shutdown timer and remove all record of the association.

Note: that it should be the responsibility of the initiator to assure
that all the outstanding datagrams on its side have been resolved
before it initiates the shutdown procedure.

Note: an endpoint shall reject any new data request from its upper
layer if it is in Shutdown-sent or Shutdown-received state until
completion of the sequence.

Note: if an endpoint is in Shutdown-sent state and receives an INIT
message from its peer, it should discard the INIT message and
retransmit the shutdown message. The sender of the INIT should respond
with a stand-alone SHUTDOWN ACK in an SCTP datagram with the
Verification Tag field of its common header set to 0, and let the
normal T1-init timer cause the INIT message to be retransmitted and
thus restart the association.

Note: if an endpoint is in Shutdown-sent state and receives a
SHUTDOWN message from its peer, the endpoint shall respond
immediately with a SHUTDOWN ACK and shall stop the T2-shutdown timer
and remove all record of the association.

9. Interface with Upper Layer

The Upper Layer Protocols (ULP) shall request for services by passing
primitives to SCTP and shall receive notifications from SCTP for
various events.

The primitives and notifications described in this section should be
used as a guideline for implementing SCTP. The following functional
description of ULP interface primitives is, at best, fictional. is shown for illustrative
purposes. We must warn readers that different SCTP implementations may
have different ULP interfaces. However, all SCTPs must provide a
certain minimum set of services to guarantee that all SCTP
implementations can support the same protocol hierarchy. This section specifies the
functional interfaces required of all SCTP implementations.

9.1 ULP-to-SCTP

The following sections functionally characterize a ULP/SCTP interface.
The notation used is similar to most procedure or function calls in
high level languages.

The ULP primitives described below specify the basic functions the
SCTP must perform to support inter-process communication. Individual
implementations must define their own exact format, and may provide
combinations or subsets of the basic functions in single calls.

A) Initialize

Format: INITIALIZE ([local port], [local eligible address ]) address])
-> local SCTP instance name

Stewart, et al                                               [Page  68]

This primitive allows SCTP to initialize its internal data structures
and allocate necessary resources for setting up its operation
environment. Note that once SCTP is initialized, ULP can communicate
directly with other endpoints without re-invoking this primitive.

A local SCTP instance name will be returned to the ULP by the SCTP.

Mandatory attributes:

None.

Optional attributes:

The following types of attributes may be passed along with the
primitive:

 o local port - SCTP port number, if ULP wants it to be specified;

 o local eliglible eligible address - A single address that the local SCTP
   endpoint should bind. By default all transport interface cards
   should be used by the local endpoint.

   IMPLEMENTAION

   IMPLEMENTATION NOTE: if this optional attribute is supported by an
   implementation, it will be the responsibility of the implementation
   to enforce that the IP source address field of any SCTP datagrams
   sent out by this endpoint MUST contain the IP addresses
   indicated in the local eligible address.

B) Associate

Format: ASSOCIATE(local SCTP instance name, destination transport
addr, outbound stream count [,destination eligible transport addr
list]) count)
-> association id [,destination transport addr list] [,outbound stream
count]

This primitive allows the upper layer to initiate an association to a
specific peer endpoint.

The peer endpoint shall be specified by one of the transport addresses
which defines the endpoint (see section 1.1). 1.4).  If the local SCTP
instance has not been initialized, the ASSOCIATE is considered an
error.

The set of transport addresses specified in the "destination eligible
transport addr list" shall be used as valid destinations by the
initiating endpoint when sending to the peer endpoint. If this
parameter is not specified, the initiating endpoint will consider ALL
of the transport addresses returned by the INIT ACK message from the
peer endpoint as valid ones. Note, when specified, the "destination
eligible transport addr list" MUST be the same as, or a sub-set of,
the transport addresses returned in the INIT ACK message from the peer
endpoint. Otherwise, it shall be considered as a configuration error.

An association id, which is a local handle to the SCTP association,
will be returned on successful establishment of the association. If
SCTP is not able to open an SCTP association with the peer endpoint,
an error is returned.

Stewart, et al                                               [Page  69]

Other association parameters may be returned, including the complete
destination transport addresses of the peer as well as the outbound
stream count of the local endpoint. One of the transport address from
the returned destination addresses (or the "destination eligible
transport addr list" if provided) will be selected by the local
endpoint as default primary destination address for sending SCTP
datagrams to this peer.  The returned "destination transport addr
list" can be used by the ULP to change the default primary destination
address or to force sending a datagram to a specific transport address.

  IMPLEMENTION

  IMPLEMENTATION NOTE: If ASSOCIATE primitive is implemented as a
  blocking function call, the ASSOCIATE primitive can return
  association parameters in addition to the association id upon
  successful establishment. If ASSOCIATE primitive is implemented as a
  non-blocking call, only the association id shall be returned and
  association parameters shall be passed using the COMMUNICATION UP
  notification.

Mandatory attributes:

 o local SCTP instance name - obtained from the INITIALIZE operation.

 o destination transport addr - specified as one of the transport
   addresses of the peer endpoint with which the association is to be
   established.

 o outbound stream count - the number of outbound streams the ULP
   would like to open towards this peer endpoint.

Optional attributes:

 o destination eligible transport addr list - a list of transport
   addresses that the local endpoint is allowed to use for sending
   datagrams to this peer. By default, all transport addresses
   indicated by the peer in its INIT ACK message can be used.

None.

C) Terminate

Format: TERMINATE(association id)
-> result

Gracefully terminates an association. Any locally queued user data
will be delivered to the peer. The association will be terminated only
after the peer acknowledges all the messages sent.  A success code
will be returned on successful termination of the association. If
attempting to terminate the association results in a failure, an error
code shall be returned.

Mandatory attributes:

 o association id - local handle to the SCTP association

Optional attributes:

None.

Stewart, et al                                               [Page  70]

D) Abort

Format: ABORT(association id) id [, cause code])
-> result

Ungracefully terminates an association. Any locally queued user data
will be discarded and an ABORT message is sent to the peer. A success
code will be returned on successful abortion of the association. If
attempting to abort the association results in a failure, an error
code shall be returned.

Note: If possible the SCTP should attempt to return all un-acknowledged
data to the upper layer, however this behavior is implementation
dependent.

Mandatory attributes:

 o association id - local handle to the SCTP association

Optional attributes:

 o cause code - reason of the abort to be passed to the peer.

None.

E) Send

Format: SEND(association id, buffer address, byte count [,context]
[,stream id] [,life time] [,destination transport address] [,un-order
flag] [,no-bundle flag])
-> result

This is the main method to send user data via SCTP.

Mandatory attributes:

 o association id - local handle to the SCTP association

 o buffer address - the location where the user message to be
   transmitted is stored;

 o byte count - The size of the user data in number of octets;

Optional attributes:

 o context - optional information that will be carried in the
   sending failure notification to the ULP if the transportation of
   this datagram fails.

 o stream id - to indicate which stream to send the data on. If not
   specified, stream 0 will be used.

Stewart, et al                                               [Page  71]
 o life time - specifies the life time of the user data. The user data
   will not be sent by SCTP after the life time expires. This
   parameter can be used to avoid efforts to transmit stale
   user messages. SCTP notifies the ULP, if the data cannot be
   initiated to transport (i.e. sent to the destination via SCTP's
   send primitive) within the life time variable. However, the
   user data will be transmitted if a TSN has been assigned to the
   user data before the life time expired.

 o destination transport address - specified as one of the destination
   transport addresses of the peer endpoint to which this message
   should be sent. Whenever possible, SCTP should use this destination
   transport address for sending the datagram, instead of the current
   primary destination transport address.

 o un-order flag - this flag, if present, indicates that the user
   would like the data delivered in an un-ordered fashion to the peer.

 o no-bundle flag - instructs SCTP not to bundle the user data with
   other outbound DATA chunks. Note: SCTP may still bundle even when
   this flag is present, when faced with network congestion.

F) Set Primary

Format: SETPRIMARY(association id, destination transport address)
-> result

Instructs the local SCTP to use the specified destination transport
address as primary destination address for sending datagrams.

The result of attempting this operation shall be returned. If the
specified destination transport address is not present in the
"destination transport address list" returned earlier in an associate
command or communication up notification, an error shall be returned.

Mandatory attributes:

 o association id - local handle to the SCTP association

 o destination transport address - specified as one of the transport
   addresses of the peer endpoint, which should be used as primary
   address for sending datagrams. This overrides the current primary
   address information maintained by the local SCTP endpoint.

Stewart, et al                                               [Page  72]

G) Receive

Format: RECEIVE(association id, buffer address, buffer size
   [,stream id])
-> byte count [,transport address] [,stream id] [,sequence [,stream sequence number]
   [,partial flag] [, delivery number]

This primitive shall read the first user message in the SCTP in-queue
to ULP, if there is one available, into the specified buffer. The size
of the message read, in octets, will be returned. It may, depending on
the specific implementation, also return other information such as the
sender's address, the stream id on which it is received, whether there
are more messages available for retrieval, etc. For ordered messages,
their stream sequence number may also be returned.

Depending upon the implementation, if this primitive is invoked when
no message is available the implementation should return an indication
of this condition or should block the invoking process until data does
become available.

Mandatory attributes:

 o association id - local handle to the SCTP association

 o buffer address - the memory location indicated by the ULP to store
   the received message.

 o buffer size - the maximum size of data to be received, in octets.

Optional attributes:

 o stream id - to indicate which stream to receive the data on.

 o stream sequence number - the stream sequence number assigned by the
   sending SCTP peer.

 o partial flag - if this returned flag is set to 1, then this
   message is a partial delivery of the whole message. When
   this flag is set, the stream id and stream sequence number MUST
   accompany this receive. When this flag is set to 0, it indicates
   that no more deliveries will be received for this stream sequence
   number.

Stewart, et al                                               [Page  73]

H) Status

Format: STATUS(association id)
-> status data

This primitive should return a data block containing the following
information:
  association connection state,
  destination transport address list,
  destination transport address reachability state,
  current receiver window size,
  current congestion window sizes,
  number of DATA chunks awaiting acknowledgement, acknowledgment,
  number of DATA chunks pending receipt,
  primary destination transport address,
  SRTT on primary destination address,
  RTO on primary destination address,
  SRTT and RTO on other destination addresses, etc.

Mandatory attributes:

 o association id - local handle to the SCTP association

Optional attributes:

 None.

I) Change Heartbeat

Format: CHANGEHEARTBEAT(association id, destination transport address,
   new state [,interval])
-> result

Instructs the local endpoint to enable or disable heart beat on the
specified destination transport address.

The result of attempting this operation shall be returned.
Note, even when enabled, heart beat will not take place if the
destination transport address is not idle.

Mandatory attributes:

 o association id - local handle to the SCTP association

 o destination transport address - specified as one of the transport
   addresses of the peer endpoint.

 o new state - the new state of heart beat for this destination
   transport address (either enabled or disabled).

Optional attributes:

 o interval - if present, indicates the frequence frequency of the heart beat if
   this is to enable heart beat on a destination transport
   address. Default interval is the RTO of the destination address.

Stewart, et al                                               [Page  74]

J) Request HeartBeat

Format: REQUESTHEARTBEAT(association id, destination transport
   address)
-> result

Instructs the local endpoint to perform a HeartBeat on the specified
destination transport address of the given association. The returned
result should indicate whether the transmission of the HEARTBEAT
message to the destination address is successful.

Mandatory attributes:

 o association id - local handle to the SCTP association

 o destination transport address - the transport address of the
   association on which a heartbeat should be issued.

K) Get SRTT Report

Format: GETSRTTREPORT(association id, destination transport address)
-> srtt result

Instructs the local SCTP to report the current SRTT measurement on the
specified destination transport address of the given association. The
returned result can be an intager integer containing the most recent SRTT in
milliseconds.

Mandatory attributes:

 o association id - local handle to the SCTP association

 o destination transport address - the transport address of the
   association on which the SRTT measurement is to be reported.

L) Set Failure Threshould Threshold

Format: SETFAILURETHRESHOLD(association id, destination transport
address, failure threshold)
-> result

This primitive allows the local SCTP to customize the reachability
failure detection threshold 'Path.Max.Retrans' for the specified
destination address.

Mandatory attributes:

 o association id - local handle to the SCTP association

 o destination transport address - the transport address of the
   association on which the failure detection threshold is to be set.

 o failure threshold - the new value of 'Path.Max.Retrans' for the
   destination address.

Stewart, et al                                               [Page  75]

M) Set Protocol Parameters

Format: SETPROTOCOLPARAMETERS(association id, [,destination transport
address,] protocol parameter list)
-> result

This primitive allows the local SCTP to customize the protocol
parameters.

Mandatory attributes:

 o association id - local handle to the SCTP association

 o protocol parameter list - The specific names and values of the
   protocol parameters (e.g., RTO.Initial, Association.Max.Retrans [see Section 12])
   13]) that the SCTP user wishes to customize.

Optional attributes:

 o destination transport address - some of the protocol parameters may
   be set on a per destination transport address basis.

9.2 SCTP-to-ULP

It is assumed that the operating system or application environment
provides a means for the SCTP to asynchronously signal the ULP
process. When SCTP does signal an ULP process, certain information is
passed to the ULP.

  IMPLEMENTATION NOTE: in some cases this may be done through a
  seperate socket or error channel.

A) DATA ARRIVE notification

SCTP shall invoke this notification on the ULP when a user message is
successfully received and ready for retrieval.

The following may be optionally be passed with the notification:

 o association id - local handle to the SCTP association

 o stream id - to indicate which stream the data is received on.

Stewart, et al                                               [Page  76]

B) SEND FAILURE notification

If a message can not be delivered SCTP shall invoke this notification
on the ULP.

The following may be optionally be passed with the notification:

 o association id - local handle to the SCTP association

 o data - the location ULP can find the un-delivered message.

 o cause code - indicating the reason of the failure, e.g., size too
   large, message life-time expiration, etc.

 o context - optional information associated with this message (see
   D in section 9.1).

C) NETWORK STATUS CHANGE notification

When a destination transport address is marked down (e.g., when SCTP
detects a failure), or marked up (e.g., when SCTP detects a recovery),
SCTP shall invoke this notification on the ULP.

The following shall be passed with the notification:

 o association id - local handle to the SCTP association

 o destination transport address - This indicates the destination
   transport address of the peer endpoint affected by the change;

 o new-status - This indicates the new status.

D) COMMUNICATION UP notification

This notification is used when SCTP becomes ready to send or receive
user messages, or when a lost communication to an endpoint is
restored.

  IMPLEMENTATION NOTE: If ASSOCIATE primitive is implemented as a
  blocking function call, the association parameters are returned as a
  result of the ASSOCIATE primitive itself. In that case,
  COMMUNICATION UP notification is optional at the association
  initiator's side.

The following shall be passed with the notification:

 o association id - local handle to the SCTP association

 o status - This indicates what type of event that has occurred

 o destination transport address list - the complete set of transport
   addresses of the peer

Stewart, et al                                               [Page  77]
 o outbound stream count - the maximum number of streams allowed to be
   used in this association by the ULP

E) COMMUNICATION LOST notification

When SCTP loses communication to an endpoint completely or

 o inbound stream count - the number of streams the peer endpoint
   has requested with this association (this may not be the same
   number has 'outbound stream count').

E) COMMUNICATION LOST notification

When SCTP loses communication to an endpoint completely or detects
that the endpoint has performed an abort or graceful shutdown
operation, it shall invoke this notification on the ULP.

The following shall be passed with the notification:

 o association id - local handle to the SCTP association

 o status - This indicates what type of event that has occurred;

The following may be optionally passed with the notification:

 o unsent-messages - The number and location of un-sent messages
   still in hold by SCTP;

 o unacknowledged-messages - The number and location of messages
   that were attempted to be transported to the destination, but were
   not acknowledged when the loss of communication was detected.

 o last-acked - the sequence number last acked by that peer endpoint;

 o last-sent - the sequence number last sent to that peer endpoint;

 o received-but-not-delivered - messages that were received by SCTP
   but not yet delivered to the ULP.

Note: the un-send data report may not be accurate for those user
messages which are segmented by SCTP during transmission.

F) COMMUNICATION ERROR notification

When SCTP receives an ERROR chunk from its peer and decides to notify
its ULP, it can invoke this notification on the ULP.

The following can be passed with the notification:

 o association id - local handle to the SCTP association

 o error info - this indicates the type of error and optionally some
   additional information received through the ERROR chunk.

Stewart, et al                                               [Page  78]

10. Security Considerations

10.1 Security Objectives

As a common transport protocol designed to reliably carry time-
sensitive user messages, such as billing or signalling signaling messages for
telephony services, between two networked endpoints, SCTP has the
following security objectives.

  - availability of reliable and timely data transport services
  - integrity of the user-to-user information carried by SCTP

10.2 SCTP Responses To Potential Threats

It is clear that SCTP may potentially be used in a wide variety of
risk situations.  It is important for operator(s) of the systems
concerned to analyze their particular situations and decide on the
appropriate counter-measures.

Where the SCTP system serves a group of users, it is probably
operating as part of a professionally managed corporate or service
provider network.  It is reasonable to expect that this management
includes an appropriate security policy framework.  [RFC 2196, "Site
Security Handbook", B. Fraser Ed., September 1997] should be
consulted for guidance.

The case is more difficult where the SCTP system is operated by a
private user. The service provider with whom that user has a
contractual arrangement SHOULD provide help to ensure that the
user's site is secure, ranging from advice on configuration through
downloaded scripts and security software.

10.2.1 Countering Insider Attacks

The principles of the Site Security Handbook [13] should be applied
to minimize the risk of theft of information or sabotage by
insiders.  These include publication of security policies, control
of access at the physical, software, and network levels, and
separation of services.

10.2.2 Protecting against Data Corruption in the Network

Where the risk of undetected errors in datagrams delivered by the
lower layer transport services is considered to be too great,
additional checksum protection may be required.  The question is
whether this is appropriately provided as an SCTP service because it
is needed by most potential users of SCTP, or whether instead it
should be provided by the SCTP user application.  (The SCTP protocol
overhead, as opposed to the signalling signaling payload, is protected
adequately by the Adler-32 checksum and measures taken in SCTP to prevent
replay attacks and masquerade.)  In any event, the checksum must be
specifically designed to ensure that it detects the errors left
behind by the Adler-32 checksum.

Stewart, et al                                               [Page  79]

10.2.3 Protecting Confidentiality

In most cases, the risk of breach of confidentiality applies to the
signalling
signaling data payload, not to the SCTP or lower-layer protocol
overheads. If that is true, encryption of the SCTP user data only
may be considered. As with the supplementary checksum service, user
data encryption may be performed by the SCTP user application.

Particularly for mobile users, the requirement for confidentiality
may include the masking of IP addresses and ports.  In this case
IPSEC ESP should be used instead of application-level encryption.
Similarly, where other reasons prompt the use of the IPSEC ESP
service, application-level encryption is unnecessary. It will be up
to the SCTP system operators to configure the application
appropriately.

Regardless of which level performs the encryption, the IPSEC ISAKMP
service should be used for key management.

Operators should consult [RFC 2401, "Security Architecture for the
Internet Protocol", S. Kent, R. Atkinson,  November 1998] for
information on the configuration of IPSEC services between hosts
with and without intervening firewalls.

10.2.4 Protecting against Blind Denial of Service Attacks

A blind attack is one where the attacker is unable to intercept or
otherwise see the content of data flows passing to and from the
target SCTP node where it is not a party to the association.  Blind
denial of service attacks may take the form of flooding, masquerade,
or improper monopolization of services.

10.2.4.1 Flooding

The objective of flooding is to cause loss of service and incorrect
behaviour
behavior at target systems through resource exhaustion, interference
with legitimate transactions, and exploitation of buffer-related
software bugs.  Flooding may be directed either at the SCTP node or at
resources in the intervening IP Access Links or the Internetwork.
Where the latter entities are the target, flooding will manifest
itself as loss of network services, including potentially the breach
of any firewalls in place.

In general, protection against flooding begins at the equipment
design level, where it includes measures such as:

 - avoiding commitment of limited resources before determining that
   the request for service is legitimate
 - giving priority to completion of processing in progress over the
   acceptance of new work
 - identification and removal of duplicate or stale queued requests
   for service.

Stewart, et al                                               [Page  80]

Network equipment should be capable of generating an alarm and log
if a suspicious increase in traffic occurs.  The log should provide
information such as the identity of the incoming link and source
address(es) used which will help the network or SCTP system operator
to take protective measures.  Procedures should be in place for the
operator to act on such alarms if a clear pattern of abuse emerges.

The design of SCTP is resistant to flooding attacks, particularly in
its use of a four-way start-up handshake, its use of a cookie to
defer commitment of resources at the responding SCTP node until the
handshake is completed, and its use of a verification tag to prevent
insertion of extraneous messages into the flow of an established
association.

10.2.4.2 Masquerade

Masquerade can be used to deny service in several ways:

 - by tying up resources at the target SCTP node to which the
   impersonated node has limited access.  For example, the target node
   may by policy permit a maximum of one SCTP association with the
   impersonated SCTP node. The masquerading attacker may attempt to
   establish an association purporting to come from the impersonated
   node so that the latter cannot do so when it requires it.
 - by deliberately allowing the impersonation to be detected,
   thereby provoking counter-measures which cause the impersonated node
   to be locked out of the target SCTP node.
 - by interfering with an established association by inserting
   extraneous content such as a SHUTDOWN request.

SCTP prevents masquerade through IP spoofing by use of the four-way
startup handshake.  Because the initial exchange is memoryless, no
lockout mechanism is triggered by masquerade attacks.  SCTP protects
against insertion of extraneous messages into the flow of an
established association by use of the verification tag.

Logging of received INIT requests and abnormalities such as
unexpected INIT ACKs might be considered as a way to detect patterns
of hostile activity.  However, the potential usefulness of such
logging must be weighed against the increased SCTP startup
processing it implies, rendering the SCTP node more vulnerable to
flooding attacks.  Logging is pointless without the establishment of
operating procedures to review and analyze the logs on a routine
basis.

10.2.4.3 Improper Monopolization of Services

Attacks under this heading are performed openly and legitimately by
the attacker.  They are directed against fellow users of the target
SCTP node or of the shared resources between the attacker and the
target node.  Possible attacks include the opening of a large number
of associations between the attacker's node and the target, or
transfer of large volumes of information within a legitimately-
established association.

Stewart, et al                                               [Page  81]

Such attacks take advantage of policy deficiencies at the target
SCTP node.  Defense begins with a contractual prohibition of
behaviour
behavior directed to denial of service to others.  Policy limits
should be placed on the number of associations per adjoining SCTP
node.  SCTP user applications should be capable of detecting large
volumes of illegitimate or "no-op" messages within a given
association and either logging or terminating the association as a
result, based on local policy.

10.3 Protection against Fraud and Repudiation

The objective of fraud is to obtain services without authorization
and specifically without paying for them.  In order to achieve this
objective, the attacker must induce the SCTP user application at the
target SCTP node to provide the desired service while accepting
invalid billing data or failing to collect it.  Repudiation is a
related problem, since it may occur as a deliberate act of fraud or
simply because the repudiating party kept inadequate records of
service received.

Potential fraudulent attacks include interception and misuse of
authorizing information such as credit card numbers, blind
masquerade and replay, and man-in-the middle attacks which modify
the messages passing through a target SCTP association in real time.

The interception attack is countered by the confidentiality measures
discussed in section 10.2.3 above.

Section 10.2.4.2 describes how SCTP is resistant to blind masquerade
attacks, as a result of the four-way startup handshake and the
validation tag.  The validation tag and TSN together are protections
against blind replay attacks, where the replay is into an existing
association.

However, SCTP does not protect against man-in-the-middle attacks
where the attacker is able to intercept and alter the messages sent
and received in an association.  Where a significant possibility of
such attacks is seen to exist, or where possible repudiation is an
issue, the use of the IPSEC AH service is recommended to ensure both
the integrity and the authenticity of the messages passed.

SCTP also provides no protection against attacks originating at or
beyond the SCTP node and taking place within the context of an
existing association.  Prevention of such attacks should be covered
by appropriate security policies at the host site, as discussed in
section 10.2.1.

Stewart, et al                                               [Page  82]

11. IANA Consideration Recommended Transmission Control Block (TCB) Parameters

This protocol will require port reservation like TCP for the use section details a recommended set of
"well known" servers parameters that should
be contained within the Internet. It TCB for an implementation. This section is suggested that all
current TCP ports
for illustrative purposes and should not be automatically reserved in deemed has requirements
on an implementation NOR as an exhaustive list of all parameters
inside an SCTP TCB. Each implemenation may need its own additional
parameters to optimize their implemenation.

11.1 Parameters necessary for the SCTP port
address space. New requests should follow IANA's instance

Associations - A list of current mechanisms associations and mappings to the
               data consumers for TCP. each association. This protocol may also be extended through IANA in three ways:
 -- through definition of additional chunk types,
 -- through definition of additional parameter types, or
 -- through definition of additional cause codes within Operation
    Error chunks

In
               the case where form of a particular ULP using hash table or other implementation dependent
               structure. The data consumers may be process identification
               information such as file descriptors, named pipe pointer, or
               table pointers dependent on how SCTP desires is implemented.

Secret Key   - A secret key used by this endpoint to have its own
ports, the ULP should sign all cookies. This
               SHOULD be responsible for registering a cryptographic quality random number with IANA for
getting its ports assigned.

11.1 IETF-defined Chunk
               a sufficient length. Discussion in RFC 1750 [1] can be
               helpful in selection of the key.

Address List - The list of IP addresses that this instance has bound. This
               information is passed to ones peer('s) in INIT and INIT-ACK
               messages.

SCTP Port    - The local SCTP port number the endpoint is bound to.

11.2 Parameters necessary per association (i.e. the TCB)

State        - A state variable indicating what state the association is
               in, i.e . COOKIE_WAIT, COOKIE_SENT, ESTABLISHED,
               SHUTDOWN_PENDING, SHUTDOWN_SENT, SHUTDOWN_RECEIVED.
               Note: No "CLOSED" state is illustrated since if a
               association is "CLOSED" its TCB SHOULD be removed.

Peer Transport
Address List - A list of SCTP transport addresses that the peer is
               bound to. This information is derived from the INIT or
               INIT-ACK and is used to associate an inbound datagram
               with a given association. Normally this information is
               hashed or keyed for quick lookup and access of the TCB.

Primary
Destination  - This is the current primary destination transport
               address of the peer endpoint.

Overall
Error Count  - The overall association error count.

Overall Error
Threshold    - The threshold for this association that if the Overall
               Error Count reaches will cause this association to be
               torn down.

Stewart, et al                                               [Page  83]

Per Transport
Address Data - For each destination transport address in the peer's
               address list derived from the INIT or INIT ACK message,
               a number of data elements needs to be maintained
               including:
             - Error count - The current error count for this
                             destination.
             - Error Threshold - Current error threshold for
                                 this destination i.e. what value
                                 marks the destination down if
                                 Error count reaches this value.
             - cwnd  - The current congestion window.
             - ssthresh - The current ssthresh value.
             - RTO  - The current retransmission timeout vaule.
             - SRTT - The current smoothed round trip time.
             - RTTVAR - The current RTT variation.
             - partial_bytes_acked - The tracking method for
                                     increase of cwnd when in
                                     congestion avoidance mode
                                     (see section 6.2.2)
             - state - The current state of this destionation,
                       i.e. DOWN, UP, ALLOW-HB, NO-HEARTBEAT,
                       etc.
             - P-MTU - The current known path MTU.
             - Per Destination Timer - A timer used by each
                                       destination.
             - RTO-Pending - A flag used to track if one of
                             the datagrams sent to this address
                             is currently being used to compute
                             a RTT. If this flag is 0, the next
                             datagram sent to this destination
                             should be used to compute a RTT and
                             this flag should be set. Every time
                             the RTT calcualtion completes (i.e.
                             the datagram is SACK'd) clear this
                             flag.

             - last-timeused - The time this destination was
                               last sent to. This can be used
                               to determine if a HEARTBEAT is
                               needed.

Peer Verification
Tag          - Tag value to be sent in every datagram and is received
               in the INIT or INIT ACK message.

My Verification
Tag          - Tag expected in every inbound datagram and sent in the
               INIT or INIT ACK message.

Peer Rwnd    - Current calculated value of the peer's rwnd.

Next TSN     - My next TSN number I will assign. This is sent in
               the INIT or INIT-ACK message to the peer and
               incremented each time a DATA chunk is assigned a
               TSN (normally just prior to transmit or during
               segmentation).

Stewart, et al                                               [Page  84]

Last Rcvd TSN - This is the last TSN I received and is the
                current cumulative TSN point. This value is
                set initially by taking the peers initial TSN,
                received in the INIT or INIT-ACK message, and
                subtracting one from it.

Mapping Array - An array of bits or bytes indicating which out of
                order TSN's have been received (relative to the
                cumulative TSN i.e. Last Rcvd TSN). If no GAP's exist,
                i.e. no out of order messages have been received,
                this array will be set to all zero. This structure
                may be in the form of a circular buffer or bit array.

Ack State     - This flag indicates if the next received datagram
                is to be responded to with a SACK. This is initialized
                to 0,  when a datagram is received it is incremented.
                If this value reaches 2, a SACK is sent and the value
                is reset to 0. Note: this is used only when no datagrams
                are received out of order, when DATA chunks are out
                of order SACK's are not delayed (see Section 5).

Out Queue     - A queue of outbound datagrams.

In Queue      - A queue of inbound datagrams.

Reasm Queue   - A re-assembly queue.

Inbound
Streams       - An array of structures to track the inbound streams.
                Normally including the next sequence number expected
                and possibly the stream number.

Outbound
Streams       - An array of structures to track the outbound streams.
                Normally including the next sequence number to
                be sent on the stream.

Stewart, et al                                               [Page  85]

12. IANA Consideration

This protocol will require port reservation like TCP for the use of
"well known" servers within the Internet. It is suggested that all
current TCP ports should be automatically reserved in the SCTP port
address space. New requests should follow IANA's current mechanisms
for TCP.

This protocol may also be extended through IANA in three ways:
 -- through definition of additional chunk types,
 -- through definition of additional parameter types, or
 -- through definition of additional cause codes within Operation
    Error chunks

In the case where a particular ULP using SCTP desires to have its own
ports, the ULP should be responsible for registering with IANA for
getting its ports assigned.

12.1 IETF-defined Chunk Extension

The appropriate use of specific chunk types is an integral part of the
SCTP protocol.  In consequence, the intention is that new IETF-defined
chunk types MUST be supported by standards-track RFC documentation.
As a transitional step, a new chunk type MAY be introduced in an
Experimental RFC. Chunk type codes MUST remain permanently associated
with the original documentation on the basis of which they were
allocated.  Thus if the RFC supporting a given chunk type is
deprecated in favour favor of a new document, the corresponding chunk type
code value is also deprecated and a new code value is allocated in
association with the replacement document.

The documentation for a new chunk code type must include the following
information:
(a) a long and short name for the new chunk type;
(b) a detailed description of the structure of the chunk, which MUST
    conform to the basic structure defined in section 2.2;
(c) a detailed definition and description of intended use of each field
    within the chunk, including the chunk flags if any;
(d) a detailed procedural description of the use of the new chunk type
    within the operation of the protocol.

If the primary numbering space reserved for IETF use (0x00 to 0xFD) is
exhausted, new codes shall subsequently be allocated in the extension
range 0x0000 through 0xFFFF. Chunks allocated in this range MUST
conform to the following structure:

Stewart, et al                                               [Page  86]

First word (32 bits):
  as shown in section 2.2, with chunk type code equal to 0xFF.

Second word:
  first octet MUST be all 1's (0xFF). Next octet MUST be all 0's
  (0x00).  Final two octets contain the allocated extension code value.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |1 1 1 1 1 1 1 1|Chunk  Flags   |      Chunk Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |1 1 1 1 1 1 1 1|0 0 0 0 0 0 0 0|    Extension Type Code        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   \                                                               \
   /                    Value                                      /
   \                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

11.2

12.2 IETF-defined Chunk Parameter Extension

The allocation of a new chunk parameter type code from the IETF
numbering space MUST be supported by RFC documentation.  As with chunk
type codes, parameter type codes are uniquely associated with their
supporting document and MUST be replaced if new documentation is
provided.  This documentation may be Informational, Experimental, or
standards-track at the discretion of the IESG.  It MUST contain the
following information:
(a) Name of the parameter type.
(b) Detailed description of the structure of the parameter field. This
    structure MUST conform to the general type-length-value format
    described in section 2.2.1.
(c) Detailed definition of each component of the parameter value.
(d) Detailed description of the intended use of this parameter type,
    and an indication of whether and under what circumstances
    multiple instances of this parameter type may be found within the
    same chunk.

Additional parameter type codes may be allocated initially from the
range 0x0000 through 0xFFFD.  If this space is exhausted, extension
codes shall be allocated in the range 0x0000 through 0xFFFF.  Where an
extension code has been allocated, the format of the parameter must
conform to the following structure:

Stewart, et al                                               [Page  87]

First word (32 bits):
  contains the parameter type code 0xFFFF and parameter length as
  described in section 2.2.1.

Second word:
  first octet MUST be all 1's (0xFF).  Next octet MUST be all 0's
  (0x00). Final two octets contain the allocated extension code
  value.

The Value portion of the parameter, if any, follows the second word.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1|             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |1 1 1 1 1 1 1 1|0 0 0 0 0 0 0 0|    Extension Type Code        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   \                                                               \
   /                    Value                                      /
   \                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

11.3

12.3 IETF-defined Additional Error Causes

Additional cause codes may be allocated in the range 0x0004 to 0xFFFF
upon receipt of any permanently-available public documentation
containing the following information:
(a) Name of the error condition.
(b) Detailed description of the conditions under which an SCTP
    endpoint should issue an Operation Error with this cause code.
(c) Expected action by the SCTP endpoint which receives an Operation
    Error chunk containing this cause code.
(d) Detailed description of the structure and content of data fields
    which accompany this cause code.

The initial word (32 bits) of a cause code parameter MUST conform to
the format shown in section 2.3.9, i.e.:
 -- first two octets contain the cause code value
 -- last two octets contain length of the cause parameter.

11.4

12.4 Payload Protocol Identifiers

Except for value 0x00000000 which is reserved by SCTP to indicate the
absence of a payload protocol identifier in a DATA chunk, SCTP will
not be responsible for standardizing or verifying any payload protocol
identifiers; SCTP simply receives the identifier from the upper layer
and carries it with the corresponding payload data.

The upper layer, i.e, the SCTP user, SHOULD standardize any specific
protocol identifier with IANA if it is so desired. The use of any
specific payload protocol identifier is out of the scope of SCTP.

12.

Stewart, et al                                               [Page  88]

13. Suggested SCTP Protocol Parameter Values

The following protocol parameters are RECOMMENDED:

RTO.Initial              - 3  seconds
RTO.Min                  - 1  second
RTO.Max	                 - 60 seconds
RTO.Alpha                - 1/8
RTO.Beta                 - 1/4
Valid.Cookie.Life        - 5  seconds
Association.Max.Retrans  - 10 attempts
Path.Max.Retrans         - 5  attempts (per destination address)
Max.Init.Retransmits     - 8  attempts

'retrans.count'          - counter (per destination address)
'receiver.buffer'        - variable (per peer endpoint)

  IMPLEMENTATION NOTE: The SCTP implementation SHOULD may allow ULP to
  customize some of these protocol parameters (see Section 9).

13.

14. Acknowledgments

The authors wish to thank Mark Allman, Richard Band, Scott Bradner,
Ram Dantu, R. Ezhirpavai, Sally Floyd, Matt Holdrege, Henry Houh,
Christian Huetima, Gary Lehecka, John Loughney, Daniel Luan, Lyndon
Ong, Kelvin Porter, Heinz Prantner, Jarno Rajahalme, Ivan Rodreguez,
A. Sankar, Greg Sidebottom, Brian Wyld, and many others for their
invaluable comments.

14.

15.  Authors' Addresses

Randall R. Stewart                      Tel: +1-847-632-7438
Motorola, Inc.                          EMail: rstewar1@email.mot.com
1501 W. Shure Drive, #2315
Arlington Heights, IL 60004
USA

Qiaobing Xie                            Tel: +1-847-632-3028
Motorola, Inc.                          EMail: qxie1@email.mot.com
1501 W. Shure Drive, #2309
Arlington Heights, IL 60004
USA

Ken Morneault                           Tel: +1-703-484-3323
Cisco Systems Inc.                      EMail: kmorneau@cisco.com
13615 Dulles Technology Drive
Herndon, VA. 20171
USA

Chip Sharp                              Tel: +1-919-472-3121
Cisco Systems Inc.                      EMail:chsharp@cisco.com
7025 Kit Creek Road
Research Triangle Park, NC  27709
USA

Stewart, et al                                               [Page  89]

Hanns Juergen Schwarzbauer              Tel: +49-89-722-24236
SIEMENS AG
Hofmannstr. 51
81359 Munich
Germany
EMail: HannsJuergen.Schwarzbauer@icn.siemens.de

Tom Taylor                              Tel: +1-613-736-0961
Nortel Networks
1852 Lorraine Ave.
Ottawa, Ontario
Canada K1H 6Z8
EMail:taylor@nortelnetworks.com

Ian Rytina                              Tel: +61-3-9301-6164
Ericsson Australia                      EMail:ian.rytina@ericsson.com
37/360 Elizabeth Street
Melbourne, Victoria 3000
Australia

Malleswar Kalla                         Tel: +1-973-829-5212
Telcordia Technologies
MCC 1J211R
445 South Street
Morristown, NJ 07960
USA
EMail: kalla@research.telcordia.com

Lixia Zhang                             Tel: +1-310-825-2695
UCLA Computer Science Department        EMail: lixia@cs.ucla.edu
4531G Boelter Hall
Los Angeles, CA 90095-1596
USA

Vern Paxson                             Tel: +1-510-642-4274 x 302
ACIRI                                   EMail: vern@aciri.org
1947 Center St., Suite 600,
Berkeley, CA 94704-1198
USA

15.

16. References

[1]  Eastlake , D. (ed.), "Randomness Recommendations for Security",
     RFC 1750, December 1994.

[2]  Deutsch, P., and Gailly, J-L., "ZLIB Compressed Data Format
     Specification version 3.3", RFC 1950, May 1996.

[3]  Allman, M., Paxson, V., and Stevens, W., "TCP Congestion
     Control", RFC 2581, April 1999.

Stewart, et al                                               [Page  90]

[4]  Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
     August 1999.

[5]  Allman, M., and Paxson, V., "On Estimating End-to-End Network
     Path Properties", Proc. SIGCOMM'99, 1999.

[6]  Karn, P., and Simpson, W., "Photuris: Session-Key Management
     Protocol", RFC 2522, March 1999.

[7]  Bradner, S., "The Internet Standards Process -- Revision 3",
     RFC 2026, October 1996.

[8]  Postel, J. (ed.), "Transmission Control Protocol", RFC 793,
     September 1981.

[9]  Postel, J. (ed.), "User Datagram Protocol", RFC 768, August 1980.

[10] Reynolds, J., and Postel, J. (ed.), "Assigned Numbers", RFC 1700,
     October 1994.

[11] Mogul, J., and Deering, S., "Path MTU Discovery", RFC 1191,
      November 1990.

[12] McCann, J., Deering, S., and Mogul, J., "Path MTU Discovery for
     IP version 6", RFC 1981, August 1996.

[13] Fraser, B. (ed.), "Site Security Handbook", RFC 2196, September
     1997.

[14] Kent, S., and Atkinson, R., "Security Architecture for the
     Internet Protocol", RFC 2401,  November 1998.

[15] Savage, S., Cardwell, N., Wetherall, D., and Anderson, T.,
     "TCP Congestion Control with a Misbehaving Receiver",  ACM
     Computer Communication Review, 29(5), October 1999.

      This Internet Draft expires in 6 months from January, February, 2000