Chinaunix首页 | 论坛 | 认证专区 | 博客 登录 | 注册

独孤阁

只求原创,决不转载! 一家之言,抛砖引玉!

  • 博客访问: 2918359
  • 博文数量: 258
  • 博客积分: 10011
  • 博客等级: 上将
  • 技术积分: 4936
  • 用 户 组: 普通用户
  • 注册时间: 2005-12-21 09:34
文章分类

全部博文(258)

文章存档

2008年(19)

2007年(89)

2006年(133)

2005年(17)

微信关注

IT168企业级官微



微信号:IT168qiye



系统架构师大会



微信号:SACC2013

订阅
热词专题
SCTP协议跟踪 2005-12-26 08:53:19

分类: 网络与安全

简要介绍SCTP协议(RFC2960)的跟踪, 分析其建立连接和断开连接的详细过程.

SCTP协议跟踪

本文档的Copyleft归yfydz所有,使用GPL发布,可以自由拷贝、转载,转载时请保持文档的完整性,严禁用于任何商业用途。
msn: yfydz_no1@hotmail.com
来源:http://yfydz.cublog.cn

参考文献: RFC2960, 3309

1. SCTP(Stream Control Transmission Protocol)位于IP层与应用层之间,和TCP/UDP等并列,IP协议号:132,SCTP协议设计中考虑到了TCP协议SYN Flood攻击的问题,并进行相应的改进,目前在Linux2.6内核中已经有了SCTP的实现。

2. SCTP数据包包括通用数据头和一个到多个CHUNK,CHUNK可为数据CHUNK和控制CHUNK

3. 和TCP/UDP一样,SCTP也使用16位的端口以进行不同的应用

4. SCTP通用头
                         SCTP Common Header Format

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Source Port Number        |     Destination Port Number   |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                      Verification Tag                         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                           Checksum                            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    注意: SCTP的checksum是32位的,不象TCP/UDP是16位的,范围包括全部SCTP包,但不包括IP头,因此不会象TCP和UDP那样在IPv4下和IPv6下不同.checksum计算方法在RFC2960中是用alder32算法,但发现有问题,在3309中进行了修改,使用和以太网校验类似的CRC32算法

5. CHUNK通用头

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |   Chunk Type  | Chunk  Flags  |        Chunk Length           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                                                    
      /                          Chunk Value                          /
                                                                    
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   ID Value    Chunk Type
   -----       ----------
   0          - Payload Data (DATA)
   1          - Initiation (INIT)
   2          - Initiation Acknowledgement (INIT ACK)
   3          - Selective Acknowledgement (SACK)
   4          - Heartbeat Request (HEARTBEAT)
   5          - Heartbeat Acknowledgement (HEARTBEAT ACK)
   6          - Abort (ABORT)
   7          - Shutdown (SHUTDOWN)
   8          - Shutdown Acknowledgement (SHUTDOWN ACK)
   9          - Operation Error (ERROR)
   10         - State Cookie (COOKIE ECHO)
   11         - Cookie Acknowledgement (COOKIE ACK)
   12         - Reserved for Explicit Congestion Notification Echo (ECNE)
   13         - Reserved for Congestion Window Reduced (CWR)
   14         - Shutdown Complete (SHUTDOWN COMPLETE)
   15 to 62   - reserved by IETF
   63         - IETF-defined Chunk Extensions
   64 to 126  - reserved by IETF
   127        - IETF-defined Chunk Extensions
   128 to 190 - reserved by IETF
   191        - IETF-defined Chunk Extensions
   192 to 254 - reserved by IETF
   255        - IETF-defined Chunk Extensions


    CHUNK是描述SCTP的数据结构,分控制CHUNK和数据CHUNK,控制CHUNK一般用于连接的建立和断开,数据CHUNK用于描述数据,因此数据CHUNK就类似于TCP包中的TCP标志位,除了INIT,INIT_ACK和SHUTDOWN_COMPLETE三种CHUNK必须单独发送外,其他类型的CHUNK可以捆绑在同一个包中发送以提高效率

6. 状态机


                       -----          -------- (frm any state)
                     /             /  rcv ABORT      [ABORT]
    rcv INIT        |         |    |   ----------  or ----------
    --------------- |         v    v   delete TCB     snd ABORT
    generate Cookie      +---------+                 delete TCB
    snd INIT ACK       ---|  CLOSED |
                          +---------+
                           /            [ASSOCIATE]
                          /             ---------------
                         |          |    create TCB
                         |          |    snd INIT
                         |          |    strt init timer
          rcv valid      |          |
        COOKIE  ECHO     |          v
    (1) ---------------- |      +------------+
        create TCB       |      | COOKIE-WAIT| (2)
        snd COOKIE ACK   |      +------------+
                         |          |
                         |          |    rcv INIT ACK
                         |          |    -----------------
                         |          |    snd COOKIE ECHO
                         |          |    stop init timer
                         |          |    strt cookie timer
                         |          v
                         |      +--------------+
                         |      | COOKIE-ECHOED| (3)
                         |      +--------------+
                         |          |
                         |          |    rcv COOKIE ACK
                         |          |    -----------------
                         |          |    stop cookie timer
                         v          v
                       +---------------+
                       |  ESTABLISHED  |
                       +---------------+
                      (from the ESTABLISHED state only)
                                    |
                                    |
                           /--------+--------
       [SHUTDOWN]         /                  
       -------------------|                   |
       check outstanding  |                   |
       DATA chunks        |                   |
                          v                   |
                     +---------+              |
                     |SHUTDOWN-|              | rcv SHUTDOWN/check
                     |PENDING  |              | outstanding DATA
                     +---------+              | chunks
                          |                   |------------------
     No more outstanding  |                   |
     ---------------------|                   |
     snd SHUTDOWN         |                   |
     strt shutdown timer  |                   |
                          v                   v
                     +---------+        +-----------+
                 (4) |SHUTDOWN-|        | SHUTDOWN- |  (5,6)
                     |SENT     |        | RECEIVED  |
                     +---------+        +-----------+
                          |                  |
    (A) rcv SHUTDOWN ACK  |                  |
    ----------------------|                  |
    stop shutdown timer   |     cv:SHUTDOWN |
    send SHUTDOWN COMPLETE|        (B)       |
    delete TCB            |                  |
                          |                  | No more outstanding
                          |                  |-----------------
                          |                  | send SHUTDOWN ACK
    (B)rcv SHUTDOWN       |                  | strt shutdown timer
    ----------------------|                  |
    send SHUTDOWN ACK     |                  |
    start shutdown timer  |                  |
    move to SHUTDOWN-     |                  |
    ACK-SENT              |                |  |
                          |                v  |
                          |             +-----------+
                          |             | SHUTDOWN- | (7)
                          |             | ACK-SENT  |
                          |             +----------+-
                          |                   | (C)rcv SHUTDOWN COMPLETE
                          |                   |-----------------
                          |                   | stop shutdown timer
                          |                   | delete TCB
                          |                   |
                          |                   | (D)rcv SHUTDOWN ACK
                          |                   |--------------
                          |                   | stop shutdown timer
                          |                   | send SHUTDOWN COMPLETE
                          |                   | delete TCB
                          |                   |
                              +---------+    /
                           -->| CLOSED  |<--/
                               +---------+

              Figure 3: State Transition Diagram of SCTP


7. 建立连接
 
 发起方                                                               接收方
-------------------------------------------------------------------------
发送INIT---------------------------------->
(状态变为COOKIE_WAIT)
                                            <---------------接收INIT,发送INIT_ACK,附带COOKIE
                                                               (状态仍为CLOSED)
接收INIT_ACK,发送COOKIE_ECHO----->
(状态变为COOKIE_ECHOED)
                                           <---------------接收COOKIE_ECHO,发送COOKIE_ACK
                                                               (状态转为ESTABLISHED)
接收COOKIE_ACK,状态转为ESTABLISHED

由于接收端是收到COOKIE_ECHO包后才认为连接合法,所以某种程度上可以避免类似SYN FLOOD的攻击

8. 正常断开连接
 发起方                                                                             接收方
-----------------------------------------------------------------------------------------------
发送SHUTDOWN--------------------->
(状态变为SHUTDOWN_SENT)
                                                               <---------------接收SHUTDOWN
                                                                                   (状态变为SHUTDOWN_RECEIVED)
                                                               <---------------发送SHUTDOWN_ACK
                                                                                  (状态变为SHUTDOWN_ACK_SENT)
接收SHUTDOWN_ACK,发送SHUTDOWN_COMPLETE----->
(状态变为CLOSED)
                                                               <---------------接收SHUTDOWN_COMPLETE
                                                                                   (状态转为CLOSED)

同时断开,两边同时发SHUTDOWN,则都发SHUTDOWN_ACK,都转为SHUTDOWN_ACK_SENT状态,发送SHUTDOWN_COMPLETE断开连接

9. 异常断开
   接收或发送了ABORT类型的CHUNK,立即断开

10. 控制CHUNK和TCP标志位的类比

 CHUNK        TCP FLAG
-------------------------------------------------
 INIT         SYN 
 INIT_ACK     SYN ACK
 SACK         ACK
 SHUTDOWN     FIN
 ABORT        RST
 DATA         PSH

11. 状态跟踪
 主要跟踪INIT,INIT_ACK, COOKIE_ECHO, COOKIE_ACK, SHUTDOWN, SHUTDOWN_ACK, SHUTDOWN_COMPLETE和ABORT这些控制CHUNK来改变连接状态

12. NAT
 主要就是修改SCTP的端口,然后计算校验和,和TCP、UDP类似

13. 总结
 SCTP的协议跟踪和NAT的实现可以参考TCP协议跟踪的处理,比较麻烦的一点就是各类CHUNK的识别,不象TCP标志那样简单明显,其他处理都比较类似。

阅读(7426) | 评论(1) | 转发(0) |
给主人留下些什么吧!~~

xiaoxiaoyule2014-12-25 23:38:46

楼主辛苦了,学习了。

评论热议
请登录后评论。

登录 注册