An SCTP packet contains a header and data chunks; data
chunks have a payload protocol ID.
An SCTP packet contains an SCTP header (comprising a
source and destination port, verification tag, and checksum) that is
common to all chunks in the packet. The verification tag allows
a receiver to verify that the SCTP packet belongs to the current
association and is not from a prior association. After the header
are a variable number of data chunks; each chunk consists of a chunk
header (containing a chunk type, chunk flags, and chunk length field)
and chunk data.
the control chunk types, such as initiation (INIT), Initiation Acknowledgment,
Heartbeat Request, Heartbeat Acknowledgment, Shutdown, State Cookie,
and Cookie Acknowledgment. In addition to control chunks, there are
also DATA chunks.
Each SCTP DATA chunk has a payload protocol identifier (PPID), which identifies to the application
what type of data is in the chunk. PPIDs are assigned by the Internet
Assigned Numbers Authority (IANA). When you Configure
SCTP Security, you can filter on PPIDs.
Per RFC 4960, SCTP can fragment SCTP DATA chunks into smaller
chunks and the SCTP endpoints will reassemble the fragmented DATA
chunks. PAN-OS does not reassemble fragmented SCTP DATA chunks.
On a Palo Alto Networks firewall, neither SCTP Diameter nor SS7
filtering applies to fragmented DATA chunks; an SCTP PPID filter
does apply to fragmented DATA chunks.