An SCTP packet contains a header and data chunks; data
chunks have a payload protocol ID.
An SCTP packet contains an SCTP header (comprising a
source and destination port, verification tag, and checksum) that
is common to all chunks in the packet. The verification tag allows
a receiver to verify that the SCTP packet belongs to the current
association and is not from a prior association. After the header
are a variable number of data chunks; each chunk consists of a chunk
header (containing a chunk type, chunk flags, and chunk length field)
and chunk data.
the control chunk types, such as initiation (INIT), Initiation Acknowledgment,
Heartbeat Request, Heartbeat Acknowledgment, Shutdown, State Cookie,
and Cookie Acknowledgment. In addition to control chunks, there
are also DATA chunks.
Each SCTP DATA chunk has a payload protocol identifier (PPID), which identifies to the application
what type of data is in the chunk. PPIDs are assigned by the Internet
Assigned Numbers Authority (IANA). When you Configure
SCTP Security, you can filter on PPIDs.
Per RFC 4960, SCTP can fragment SCTP DATA chunks into smaller
chunks and the SCTP endpoints will reassemble the fragmented DATA chunks.
does not reassemble fragmented SCTP DATA chunks.
On a Palo Alto Networks
firewall, neither SCTP Diameter
nor SS7 filtering applies to fragmented DATA chunks; an SCTP PPID
filter does apply to fragmented DATA chunks.