Re: SCTP is in the Tree :-)

From: Randall Stewart <rrs_at_cisco.com> Date: Thu, 09 Nov 2006 12:42:30 -0500 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:02 UTC

Bjoern:

I will send this to Peter and let him test it..

Peter: let me know if this fixes at least some of it to
go though.

Bjoern: if you want we may want to get together sometime and
         discuss getting the f/w and maybe nat to support
         SCTP.. I assume you are the owner??

R

Bjoern A. Zeeb wrote:
> On Wed, 8 Nov 2006, Randall Stewart wrote:
> 
>> Ivan Voras wrote:
>>
>>> Randall Stewart wrote:
>>>
>>>
>>>> Stream Control Transmission Protocol (SCTP) - is a reliable message
>>>> oriented transport protocol which provides network fault tolerance
>>>> It supports multiple streams and multihoming. A very good overview
>>>> of the protocol is given in RFC 3268.
>>>
>>>
>>>
>>> Looks cool :)
>>>
>>> It's under IP so it's routable, but I imagine it probably needs routers
>>> along the way to know about it in order to use the more advanced 
>>> features?
>>
>>
>> Nope.. not at all..
>>
>> The only issue is when you cross a firewall or NAT :-(
>>
>> Note that I have heard that the latest FreeBSD IPv6 FW for
>> some reason drops SCTP packets even if you have typed in
>> allow ip from any to any...
>>
>> Something about not liking protocol 132 in the extension
>> headers :(
> 
> 
> would that patch help you (I'd have to investigate in detail but like
> some of us I am currently in Milan and I still don't know the details
> of SCTP [as in I haven't read the RFC yet]):
> 
> Index: ip_fw2.c
> ===================================================================
> RCS file: /local/mirror/FreeBSD/r/ncvs/src/sys/netinet/ip_fw2.c,v
> retrieving revision 1.153
> diff -u -p -r1.153 ip_fw2.c
> --- ip_fw2.c    6 Nov 2006 13:42:04 -0000       1.153
> +++ ip_fw2.c    9 Nov 2006 17:32:22 -0000
> _at__at_ -311,6 +311,7 _at__at_ static int fw_deny_unknown_exthdrs = 1;
>   */
>  #define        L3HDR(T, ip)    ((T *)((u_int32_t *)(ip) + (ip)->ip_hl))
>  #define        TCP(p)          ((struct tcphdr *)(p))
> +#define        SCTP(p)         ((struct sctphdr *)(p))
>  #define        UDP(p)          ((struct udphdr *)(p))
>  #define        ICMP(p)         ((struct icmphdr *)(p))
>  #define        ICMP6(p)        ((struct icmp6_hdr *)(p))
> _at__at_ -2222,6 +2223,12 _at__at_ do 
> {                                                                     \
>                                 args->f_id.flags = TCP(ulp)->th_flags;
>                                 break;
> 
> +                       case IPPROTO_SCTP:
> +                               PULLUP_TO(hlen, ulp, struct sctphdr);
> +                               src_port = SCTP(ulp)->src_port;
> +                               dst_port = SCTP(ulp)->dest_port;
> +                               break;
> +
>                         case IPPROTO_UDP:
>                                 PULLUP_TO(hlen, ulp, struct udphdr);
>                                 dst_port = UDP(ulp)->uh_dport;
> 
> 

-- 
Randall Stewart
NSSTG - Cisco Systems Inc.
803-345-0369 <or> 803-317-4952 (cell)