My new project - a book about SCTP

A few people mentioned that there are not much resources about SCTP on the Internet besides my blog. This makes me just a little proud and a bit sad at the same time. SCTP is not at all popular but it is used a lot in the Telecom world and I believe it deserves its spot online. Looks like my posts sort of do the job, but it is not the best reading experience one can get. For this reason I decided to convert the posts to a book and in this post I want to share with you some details about it.

Why bother with writing a book? Posts do the job just fine?

This is probably true for the most of the people. However the posts are written from a developer for developers and they focus on the information. The style is bad, the graphics are mediocre at best. I want to take this content one step further and make it a nice read!

What will be in the book?

The book will include:

Will the content differ from the blog posts?

Yes and no. Most of the information will be the same, but it will be edited (and probably rearranged) so that it will be more consistent. Bottom line - almost the same information, presented in far better way!

Of course the unpublished content initially will be only in the book.

Hardcopy or e-book?

It will be an electronic book - PDF and EPUB version.

Okay, I want to know more. How can I stay in the loop?

I've created a newsteller on MailChimp and at this point it will be completely dedicated to the book. If you are interested - subscribe! I promise I won't spam you - you'll receive no more than one e-mail per week from me with news about the book, preview chapters, etc. You could even influence my work - I will involve the subscribers with any decisions I have to make during the writing.

If you want to help me, please spread the word about the book and share a link to the mail list. The more subscribers I get, more confident I am that my work is valued.

Click here to subscribe to the newsteller!

rpcap becomes tranqap

In my previous post I announced a project of mine which I use to collect PCAP files from remote machines. I will not go in too much details about it, if you are interested - check the blog post. I named the project rpcap (from remote pcap) and as it was for my personal use I didn't check if the name was not already used.

As you probably have already guessed, the name is used even for a project doing similar thing. I will not go into to much details about the original rpcap project either, so if you are interested - go check its website.

Long story short - I needed a new name. And it is tranqap. It comes from the French word tranquille (which means "calm, quiet, peaceful") and of course PCAP. I truly hope that this new name holds true for the real purpose of the project - to make network traffic captures tranquille.

Check out tranqap.com for the updated links to source code and documentation.

What is tranqap

EDIT: Initially this post was titled "What is rpcap". For reasons described here, I had to rename it. I will keep the original hyperlink, to avoid confusion, but all references to rpcap here will be replaced to tranqap.

Why this project exists

I used to work on an IMS project, which involved multiple machines. In nutshell, IMS stands for IP Multimedia Subsystem and it is a SIP based implementation of voice service in LTE mobile network. I don't want to explain what IMS is, as it is totally out of the scope of this post, but if you are interested the page for IMS in Wikipedia is a good start.

Tracing a voice call in an IMS setup involves packet capturing on four different machines, which turned out to be a pretty tedious job. Up to now, my work required to collect PCAP files from one or maximum two remote machines. To achieve this I used a simple bash script, which starts tcpdump over SSH and redirects the output to a Wireshark instance running locally. You can find the script in my dotfiles shared on GitHub.

Using this script for capturing traffic from four remote machines was not very straightforward. I often ended up forgetting to start the script for any of the machines, forget to save the file, close wireshark by mistake and so on.

At this point the idea for tranqap was born.

Read more…

Zodiac FX review

What is Zodiac FX

Zodiac FX is an OpenFlow enabled switch, developed by Northbound Networks. They promote it on their kickstarter project as:

The OpenFlow switch that is powerful enough to develop world changing SDN applications yet small enough to sit on your desk.

I've played with Openflow during Nick Feamster's course Software Defined Networking and I've decided that owning such device is a good opportunity to run Openflow controllers in a real network. I can't say how powerful the switch is, because all I have done up to now is to get it out of the box and start it up, but it is definitely small! Its dimensions are 10 x 8 cm, so expect something as big as Raspberry Pi, for example.

Read more…

SCTP Multi-homing in Linux

Introduction

After exploring how SCTP multi-homing works, it's time to see how to use this feature in Linux. This post will show how to implement multi-homing for the client-server application, used up to now. Baseline code for the development will be the 'one-to-many_advanced' branch, used in SCTP specific socket functions in Linux post. It already uses SCTP's advanced interface so only a few modifications are required to get the job done.

Implementing multi-homing means that the server should bind to more than one IP address and the client - to connect to more than one destination IP address. Both applications can also operate on single IP address. Mixed scenario is also possible, e.g. multi-homed server can communicate with non multi-homed client.

The code in this post uses one-to-many styles sockets, however the approach is the same for one-to-one sockets. I am pretty sure that you will be able to handle the latter case by yourself, so I will not discuss it. Anyway do not hesitate to leave a comment, in case you have got any questions.

Read more…

Multi-homing in SCTP

What is multihoming

In the previous posts about the SCTP protocol, I promised a separate article about multi-homing. I think we have covered most of the basic topics and now it is time to review this killer feature. The behaviour of a multi-homed SCTP node is scattered around RFC 4960 and in this post I will present the most important aspects.

I think Section 6.4 has got the best definition for multi-homing:

An SCTP endpoint is considered multi-homed if there are more than one transport address that can be used as a destination address to reach that endpoint.

Read more…

SCTP specific socket functions in Linux

Preface

In the previous posts we have used socket related functions common for protocols other than SCTP. For example with connect() you can connect to a remote peer with either TCP or SCTP socket. recvmsg() and sendmsg() can also be used with UDP and SCTP. This is normal, because SCTP has features similar to TCP (connection oriented) and UDP (message based). However SCTP's unique features deserve specific API. In this post we will review some SCTP only functions for sending and receiving messages, establishing associations and extracting local and peer IP addresses from the association.

Read more…

SCTP notifications in Linux

Introduction

In the previous post we have discussed the ancillary data - one of the ways to access SCTP specific protocol parameters and events. Today we will review another similar topic - the SCTP notifications. They are also received with recvmsg(), but you receive different kind of information. Ancillary data allowed us to get some SCTP specific parameters for the DATA chunk containing the payload, like stream number, association id, etc. With notifications you can access more general information about the association - e.g. receive event when it is established, when it is teared down, remote errors, etc.

SCTP notifications are described in Section 6 of RFC 6458. The implementation of Linux has got some really small differences from the specification, but they are in terms of structure/parameter names. I will try to list them, but even if I forget something you will easily notice them by yourself.

Read more…

Working with SCTP ancillary data in FreeBSD

Introduction

The socket interface provides good generalized interface for the underlying networking protocol, which is exactly what one programmer needs in most of the time. However for some more specific use cases someone might want to exploit specific protocol features, which can't present in the generalized interface. Ancillary data allows the socket interface to handle such specific protocol parameters/features, otherwise unaccessible from the socket API. Today we will add some ancillary data support to the one-to-many style application from the previous post.

Before digging right into the ancillary data I believe I owe you an explanation. My initial intention was to demonstrate the SCTP interface in Linux and as you have probably noticed, up to now I wrote only for Linux. However it turned out that not all ancillary data control messages are supported out of the box in the Linux distribution I currently use (Ubuntu 14.04.2 LTS with kernel version 3.16.0-36). Because the SCTP stack in Linux was ported from FreeBSD I decided to see what is supported there. Luckily all control messages described in Section 5.3 from RFC 6458 were supported in FreeBSD. That's why for this post I will use this operating system.

If you need to use some SCTP specific features in your Linux powered project I suggest you to use sctp_sendmsg, sctp_connectx, etc.

Read more…

SCTP Linux API: One-to-many style interface

Introduction

In the previous post we saw one very simple example of SCTP client-server application with the one-to-one style API. Here I will reimplement it with the one-to-many interface and we will see different approach to the same application. Again all the code used in this post is available for you on this GitHub project. Switch to 'one-to-many_basic' branch before you continue. This and the following posts will heavily use information from RFC 6458 Sockets API Extensions for the Stream Control Transmission Protocol (SCTP). As usual I will provide links to the relative sections for your convenience. If you are serious about using Linux's SCTP socket API I highly recommend you to read the entire specification. You will find tons of interesting information there.

Read more…