| RFC 9653 | Zero Checksum for SCTP | September 2024 |
| Tüxen, et al. | Standards Track | [Page] |
The Stream Control Transmission Protocol (SCTP) uses a 32-bit checksum inthe common header of each packet to provide some level of data integrity.If another method used by SCTP already provides the same or a higher level ofdata integrity, computing this checksum does not provide any additionalprotection but does consume computing resources.¶
This document provides a simple extension allowing SCTP to save thesecomputing resources by using zero as the checksum in a backwards-compatibleway.It also defines how this feature can be used when SCTP packets are encapsulatedin Datagram Transport Layer Security (DTLS) packets.¶
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained athttps://www.rfc-editor.org/info/rfc9653.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
SCTP as specified in[RFC9260] uses a CRC32c checksum toprovide some level of data integrity.When using, for example, Datagram Transport Layer Security (DTLS) as thelower layer for SCTP as specified in[RFC8261], using the CRC32cchecksum does not provide any additional protection over that already providedby DTLS.However, computing the CRC32c checksum at the sender and receiver sides doesconsume computational resources for no benefit.This is particularly important for endpoints that are computationally limitedand use SCTP over DTLS.¶
The extension described in this document allows an SCTP endpoint to declarethat it accepts SCTP packets with a checksum of zero when using a specificalternate error detection method. This declaration happens during the setup of the SCTP association and allows endpoints that support this extension to be interoperable with endpoints that don't.To provide this backwards compatibility, endpoints using this extension stillneed to implement the CRC32c checksum algorithm.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14[RFC2119][RFC8174] when, and only when, they appear in all capitals, as shown here.¶
SCTP uses a CRC32c checksum to provide some level of data integrity.The CRC32c checksum is computed based on the SCTP common header and the chunkscontained in the packet.In particular, the computation of the CRC32c checksum does not involve a pseudoheader for IPv4 or IPv6 like the computation of the TCP checksum, as specifiedin[RFC9293], or the UDP checksum, as specified in[RFC0768].¶
Zero is a valid result of the CRC32c checksum algorithm.For example, the following figure depicts an SCTP packet containing a minimalINIT chunk with a correct CRC32c checksum of zero.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Source Port Number = 5001 |Destination Port Number = 5001 |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Verification Tag = 0 |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Checksum = 0 |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Type = 1 |Chunk Flags = 0| Chunk Length = 20 |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Initiate Tag = 0xFCB75CCA |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Advertised Receiver Window Credit (a_rwnd) = 1500 |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|Number of Outbound Streams = 1 | Number of Inbound Streams = 1 |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Initial TSN = 0 |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Using SCTP in combination with other mechanisms or protocol extensions mightprovide data integrity protection with an equal or lower probability of falsenegatives than the one provided by using the CRC32c checksum algorithm.When using such alternate error detection methods, the SCTP common headercontaining the 32-bit checksum field might or might not be visible tomiddleboxes on the paths between the two endpoints.¶
Alternate error detection methods have two requirements:¶
An alternate error detection methodMUST provide an equal or lower probability of false negatives than the one provided by using the CRC32c checksum algorithm. ThisMAY only apply to packets satisfying some method-specific constraints.¶
Using an alternate error detection methodMUST NOT result in a path failure for more than two retransmission timeouts (RTOs) due to middleboxes on the path expecting correct CRC32c checksums.¶
To fulfill the second requirement, alternate error detection methods coulduse a heuristic to detect the existence of such middleboxes and use correctCRC32c checksums on these affected paths.¶
Using DTLS as the lower layer of SCTP as specified in[RFC8261] is one example that fulfills the first requirement.Another example is using SCTP Authentication as specified in[RFC4895].Of course, this only applies to each SCTP packet having an AUTH chunk as itsfirst chunk.However, using SCTP Authentication without any heuristic does not fulfill thesecond requirement.Since using DTLS as the lower layer of SCTP as specified in[RFC8261] also fulfills the second requirement, it can be usedas an alternate error detection method(seeSection 6).¶
If an alternate error detection method is used, the computation of theCRC32c checksum consumes computational resources without providing any benefit.To avoid this, an SCTP endpoint could be willing to accept SCTP packets withan incorrect CRC32c checksum value of zero in addition to SCTP packets withcorrect CRC32c checksum values.¶
Because zero is a valid result of the CRC32c checksum algorithm, a receiverof an SCTP packet containing a checksum value of zero cannot determine whetherthe sender included an incorrect CRC32c checksum of zero to reduce the CPU costor the result of the CRC32c checksum computation was actually zero.However, if the receiver is willing to use an alternate error detection method,this ambiguity is irrelevant, since the receiver is fine with not using theCRC32c checksum to protect incoming packets.¶
The Zero Checksum Acceptable Chunk Parameter is defined by thefollowing figure.¶
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Type = 0x8001 | Length = 8 |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Error Detection Method Identifier (EDMID) |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
All transported integer numbers are in network byte order, a.k.a.big endian.¶
The Zero Checksum Acceptable Chunk ParameterMAY appearin INIT and INIT ACK chunks andMUST NOT appear in any otherchunk.The ParameterMUST NOT appear more than once in any chunk.¶
If an endpoint not supporting the extension described in this documentreceives this parameter in an INIT or INIT ACK chunk, it isREQUIRED to skip this parameter and continue to process furtherparameters in the chunk.This behavior is specified by[RFC9260] because the highest-ordertwo bits of the Type are '10'.¶
An endpoint willing to accept SCTP packets with an incorrect checksum ofzeroMUST include the Zero Checksum Acceptable Chunk Parameterindicating the alternate error detection method it is willing to use in theINIT or INIT ACK chunk it sends.¶
An SCTP implementationMAY also require the upper layer toindicate that it is fine to use a specific alternate error detection methodbefore including the corresponding Zero Checksum Acceptable Chunk Parameter.¶
An SCTP endpoint cannot just use an incorrect CRC32c checksum value of zerofor all SCTP packets it sends.The following restrictions apply:¶
If an endpoint has not received an INIT or INIT ACK chunk containing aZero Checksum Acceptable Chunk Parameter indicating an alternate error detectionmethod it supports from its peer during the association setup,itMUST use a correct CRC32c checksum.In particular, when an endpoint¶
When an endpoint sends a packet containing a COOKIE ECHO chunk, itMUST include a correct CRC32c checksum in the packet containingthe COOKIE ECHO chunk.¶
When an endpoint supports the dynamic address reconfiguration specifiedin[RFC5061] and sends a packet containing an ASCONF chunk, itMUST include a correct CRC32c checksum in the packet containingthe ASCONF chunk.¶
If an alternate error detection method has some method-specificconstraints, the senderMUST include a correct CRC32c checksumin all packets that don't fulfill these method-specific constraints.¶
The first restriction allows backwards compatibility.The second and third restrictions allow a simpler implementation of theextension defined in this document, because looking up the associationfor SCTP packets containing a COOKIE ECHO chunk or an ASCONF chunk mightbe more complex than for other packets.Finally, the last restriction covers constraints specific to the alternate error detection method.¶
An SCTP endpointMAY require that the upper layer allowthe use of the alternate error detection method that was announced by the peerbefore sending packets with an incorrect checksum of zero.¶
If none of the above restrictions apply, an endpointSHOULDuse zero as the checksum when sending an SCTP packet.¶
If an endpoint has sent the Zero Checksum Acceptable Chunk Parameterindicating the support of an alternate error detection method in an INIT or INIT ACK chunk, in addition to SCTP packets containing thecorrect CRC32c checksum value itMUST accept SCTP packets that have anincorrect checksum value of zero and that fulfill the requirements ofthe announced alternate error detection method used for this association.Otherwise, the endpointMUST drop all SCTP packets with anincorrect CRC32c checksum.¶
In addition to processing OOTB packets with a correct CRC32c checksum asspecified in[RFC9260], an SCTP implementationMAY also process OOTB packets having an incorrect zero checksum.Doing so might result in faster SCTP association failure detection.¶
Using SCTP over DTLS as specified in[RFC8261] providesa stronger error detection method than using the CRC32c checksum algorithm.Since middleboxes will not observe the unencrypted SCTP packet, there isno risk in interfering with using zero as an incorrect checksum.There are no additional constraints (specific to the error detection method) on packetswhen using DTLS encapsulation.¶
This section describes how the socket API defined in[RFC6458] needs to be extended to provide a way for theapplication to control the acceptance of a zero checksum.¶
A 'Socket API Considerations' section is contained in all SCTP-relatedspecifications published after[RFC6458] describing an extensionfor which implementations using the socket API as specified in[RFC6458] would require some extension of the socket API.Please note that this section is informational only.¶
A socket API implementation based on[RFC6458] is extended bysupporting one new write-only IPPROTO_SCTP-level socket option.¶
This IPPROTO_SCTP-level socket option with the name SCTP_ACCEPT_ZERO_CHECKSUMcan be used to control the acceptance of a zero checksum.It is a write-only socket option and applies only to future SCTP associationson the socket.¶
This option expects an unsigned integer.Possible values include:¶
Disable the use of any alternate error detection method.This means that all SCTP packets being received are only accepted if theyhave a correct CRC32c checksum value.¶
Use the alternate error detection method described inSection 6.¶
An implementation might only send packets with an incorrect checksum of zero,if the alternate error detection method announced by the peer is also enabledlocally via this socket option.¶
The default for this socket option is that the use of alternate errordetection methods is disabled.¶
A new chunk parameter type has been assigned by IANA in the "Chunk Parameter Types" registry for SCTP:¶
| ID Value | Chunk Parameter Type | Reference |
|---|---|---|
| 32769 | Zero Checksum Acceptable (0x8001) | RFC 9653 |
Furthermore, IANA has established a new "Error Detection Method"registry for SCTP.The assignment of new error detection methods is done through the SpecificationRequired policy as defined in[RFC8126].Documentation for a new error detection methodMUST contain thefollowing information:¶
A name of an alternate error detection method.¶
A reference to a specification describing:¶
the alternate error detection method,¶
why the alternate error detection method provides an equal or lower probability of false negatives than the one provided by using the CRC32c checksum,¶
any constraints (specific to the alternate error detection method) that are referred to in the fourth exception inSection 5.2, and¶
why using the alternate error detection method does not result in path failures due to middleboxes expecting correct CRC32c checksums for more than two RTOs. In case the alternate error detection method uses a heuristic for detecting such middleboxes, this heuristic needs to be described.¶
The initial contents of the registry are as follows:¶
| ID Value | Error Detection Method | Reference |
|---|---|---|
| 0 | Reserved | RFC 9653 |
| 1 | SCTP over DTLS | RFC 9653 |
| 2 - 4294967295 | Unassigned |
A designated expert (DE) is expected to ascertain the existence of suitabledocumentation (a specification) as described in[RFC8126] and toverify that the document is permanently and publicly available.Furthermore, the DE is expected to ensure that the above four points have beenaddressed appropriately.¶
This document does not change the considerations given in[RFC9260].¶
Due to the first requirement inSection 3, using an alternate error detection method provides an equal or better level of data integrity than the one provided by using the CRC32c checksum algorithm. The second requirement inSection 3 ensures that theexistence of middleboxes expecting correct CRC32c checksums does not result inpermanent path failures.¶
The authors wish to thankBernard Aboba,Deb Cooley,Martin Duke,Gorry Fairhurst,Mike Heard,Peter Lei,Nils Ohlmeier,Claudio Porfiri,Greg Skinner,Timo Völker,Éric Vyncke, andMagnus Westerlundfor their invaluable comments.¶