public void validate(Association ass) { // step 1 - deduce the validation rules: // validation depends on the types of chunk in the list. if ((_chunks != null) && (_chunks.Count > 0)) { int init = findChunk(ChunkType.INIT); if (init >= 0) { if (init != 0) { throw new InvalidSCTPPacketException("Init must be only chunk in a packet"); } if (_verTag != 0) { throw new InvalidSCTPPacketException("VerTag on an init packet expected to be Zeros"); } } else { int abo = findChunk(ChunkType.ABORT); if (abo >= 0) { // we have an abort _chunks = _chunks.GetRange(0, abo + 1); // remove any subsequent chunks. reflectedVerify(abo, ass); } else { int sdc = findChunk(ChunkType.SHUTDOWN_COMPLETE); if (sdc >= 0) { if (sdc == 0) { reflectedVerify(sdc, ass); } else { throw new InvalidSCTPPacketException( "SHUTDOWN_COMPLETE must be only chunk in a packet"); } } else { // somewhat hidden here - but this is the normal case - not init abort or shutdown complete if (_verTag != ass.getMyVerTag()) { throw new InvalidSCTPPacketException("VerTag on plain packet expected to match ours " + _verTag + " != " + ass.getMyVerTag()); } } } } } }
/* * 8.5. Verification Tag * * The Verification Tag rules defined in this section apply when sending * or receiving SCTP packets that do not contain an INIT, SHUTDOWN * COMPLETE, COOKIE ECHO (see Section 5.1), ABORT, or SHUTDOWN ACK * chunk. The rules for sending and receiving SCTP packets containing * one of these chunk types are discussed separately in Section 8.5.1. * * When sending an SCTP packet, the endpoint MUST fill in the * Verification Tag field of the outbound packet with the tag value in * the Initiate Tag parameter of the INIT or INIT ACK received from its * peer. * * When receiving an SCTP packet, the endpoint MUST ensure that the * value in the Verification Tag field of the received SCTP packet * matches its own tag. If the received Verification Tag value does not * match the receiver's own tag value, the receiver shall silently * discard the packet and shall not process it any further except for * those cases listed in Section 8.5.1 below. * * 8.5.1. Exceptions in Verification Tag Rules * * A) Rules for packet carrying INIT: * * - The sender MUST set the Verification Tag of the packet to 0. * * - When an endpoint receives an SCTP packet with the Verification * Tag set to 0, it should verify that the packet contains only an * INIT chunk. Otherwise, the receiver MUST silently discard the * packet. * * B) Rules for packet carrying ABORT: * * - The endpoint MUST always fill in the Verification Tag field of * the outbound packet with the destination endpoint's tag value, if * it is known. * * - If the ABORT is sent in response to an OOTB packet, the endpoint * MUST follow the procedure described in Section 8.4. * * * * Stewart Standards Track [Page 105] * * RFC 4960 Stream Control Transmission Protocol September 2007 * * * - The receiver of an ABORT MUST accept the packet if the * Verification Tag field of the packet matches its own tag and the * T bit is not set OR if it is set to its peer's tag and the T bit * is set in the Chunk Flags. Otherwise, the receiver MUST silently * discard the packet and take no further action. * * C) Rules for packet carrying SHUTDOWN COMPLETE: * * - When sending a SHUTDOWN COMPLETE, if the receiver of the SHUTDOWN * ACK has a TCB, then the destination endpoint's tag MUST be used, * and the T bit MUST NOT be set. Only where no TCB exists should * the sender use the Verification Tag from the SHUTDOWN ACK, and * MUST set the T bit. * * - The receiver of a SHUTDOWN COMPLETE shall accept the packet if * the Verification Tag field of the packet matches its own tag and * the T bit is not set OR if it is set to its peer's tag and the T * bit is set in the Chunk Flags. Otherwise, the receiver MUST * silently discard the packet and take no further action. An * endpoint MUST ignore the SHUTDOWN COMPLETE if it is not in the * SHUTDOWN-ACK-SENT state. * * D) Rules for packet carrying a COOKIE ECHO * * - When sending a COOKIE ECHO, the endpoint MUST use the value of * the Initiate Tag received in the INIT ACK. * * - The receiver of a COOKIE ECHO follows the procedures in Section * 5. * * E) Rules for packet carrying a SHUTDOWN ACK * * - If the receiver is in COOKIE-ECHOED or COOKIE-WAIT state the * procedures in Section 8.4 SHOULD be followed; in other words, it * should be treated as an Out Of The Blue packet. * */ private void reflectedVerify(int cno, Association ass) { Chunk chunk = _chunks[cno]; bool t = ((Chunk.TBIT & chunk._flags) > 0); int cverTag = t ? ass.getPeerVerTag() : ass.getMyVerTag(); if (cverTag != _verTag) { throw new InvalidSCTPPacketException($"VerTag on an {(ChunkType)chunk._type} doesn't match " + (t ? "their " : "our ") + " vertag " + _verTag + " != " + cverTag); } }