SCTP Packets and Chunks

An SCTP packet contains a header and data chunks; data chunks have a payload protocol ID.
An SCTP packet contains an SCTP header (comprising a source and destination port, verification tag, and checksum) that is common to all chunks in the packet. The verification tag allows a receiver to verify that the SCTP packet belongs to the current association and is not from a prior association. After the header are a variable number of data chunks; each chunk consists of a chunk header (containing a chunk type, chunk flags, and chunk length field) and chunk data.
RFC4960 describes the control chunk types, such as initiation (INIT), Initiation Acknowledgment, Heartbeat Request, Heartbeat Acknowledgment, Shutdown, State Cookie, and Cookie Acknowledgment. In addition to control chunks, there are also DATA chunks.
Each SCTP DATA chunk has a payload protocol identifier (PPID), which identifies to the application what type of data is in the chunk. PPIDs are assigned by the Internet Assigned Numbers Authority (IANA). When you Configure SCTP Security, you can filter on PPIDs.
Per RFC 4960, SCTP can fragment SCTP DATA chunks into smaller chunks and the SCTP endpoints will reassemble the fragmented DATA chunks. PAN-OS does not reassemble fragmented SCTP DATA chunks. On a Palo Alto Networks firewall, neither SCTP Diameter nor SS7 filtering applies to fragmented DATA chunks; an SCTP PPID filter does apply to fragmented DATA chunks.

Recommended For You