My new project - a book about SCTP

A few people mentioned that there are not much resources about SCTP on the Internet besides my blog. This makes me just a little proud and a bit sad at the same time. SCTP is not at all popular but it is used a lot in the Telecom world and I believe it deserves its spot online. Looks like my posts sort of do the job, but it is not the best reading experience one can get. For this reason I decided to convert the posts to a book and in this post I want to share with you some details about it.

Why bother with writing a book? Posts do the job just fine?

This is probably true for the most of the people. However the posts are written from a developer for developers and they focus on the information. The style is bad, the graphics are mediocre at best. I want to take this content one step further and make it a nice read!

What will be in the book?

The book will include:

Will the content differ from the blog posts?

Yes and no. Most of the information will be the same, but it will be edited (and probably rearranged) so that it will be more consistent. Bottom line - almost the same information, presented in far better way!

Of course the unpublished content initially will be only in the book.

Hardcopy or e-book?

It will be an electronic book - PDF and EPUB version.

Okay, I want to know more. How can I stay in the loop?

I've created a newsteller on MailChimp and at this point it will be completely dedicated to the book. If you are interested - subscribe! I promise I won't spam you - you'll receive no more than one e-mail per week from me with news about the book, preview chapters, etc. You could even influence my work - I will involve the subscribers with any decisions I have to make during the writing.

If you want to help me, please spread the word about the book and share a link to the mail list. The more subscribers I get, more confident I am that my work is valued.

Click here to subscribe to the newsteller!

rpcap becomes tranqap

In my previous post I announced a project of mine which I use to collect PCAP files from remote machines. I will not go in too much details about it, if you are interested - check the blog post. I named the project rpcap (from remote pcap) and as it was for my personal use I didn't check if the name was not already used.

As you probably have already guessed, the name is used even for a project doing similar thing. I will not go into to much details about the original rpcap project either, so if you are interested - go check its website.

Long story short - I needed a new name. And it is tranqap. It comes from the French word tranquille (which means "calm, quiet, peaceful") and of course PCAP. I truly hope that this new name holds true for the real purpose of the project - to make network traffic captures tranquille.

Check out for the updated links to source code and documentation.

What is tranqap

EDIT: Initially this post was titled "What is rpcap". For reasons described here, I had to rename it. I will keep the original hyperlink, to avoid confusion, but all references to rpcap here will be replaced to tranqap.

Why this project exists

I used to work on an IMS project, which involved multiple machines. In nutshell, IMS stands for IP Multimedia Subsystem and it is a SIP based implementation of voice service in LTE mobile network. I don't want to explain what IMS is, as it is totally out of the scope of this post, but if you are interested the page for IMS in Wikipedia is a good start.

Tracing a voice call in an IMS setup involves packet capturing on four different machines, which turned out to be a pretty tedious job. Up to now, my work required to collect PCAP files from one or maximum two remote machines. To achieve this I used a simple bash script, which starts tcpdump over SSH and redirects the output to a Wireshark instance running locally. You can find the script in my dotfiles shared on GitHub.

Using this script for capturing traffic from four remote machines was not very straightforward. I often ended up forgetting to start the script for any of the machines, forget to save the file, close wireshark by mistake and so on.

At this point the idea for tranqap was born.

Read more…

Zodiac FX review

What is Zodiac FX

Zodiac FX is an OpenFlow enabled switch, developed by Northbound Networks. They promote it on their kickstarter project as:

The OpenFlow switch that is powerful enough to develop world changing SDN applications yet small enough to sit on your desk.

I've played with Openflow during Nick Feamster's course Software Defined Networking and I've decided that owning such device is a good opportunity to run Openflow controllers in a real network. I can't say how powerful the switch is, because all I have done up to now is to get it out of the box and start it up, but it is definitely small! Its dimensions are 10 x 8 cm, so expect something as big as Raspberry Pi, for example.

Read more…

SCTP Multi-homing in Linux


After exploring how SCTP multi-homing works, it's time to see how to use this feature in Linux. This post will show how to implement multi-homing for the client-server application, used up to now. Baseline code for the development will be the 'one-to-many_advanced' branch, used in SCTP specific socket functions in Linux post. It already uses SCTP's advanced interface so only a few modifications are required to get the job done.

Implementing multi-homing means that the server should bind to more than one IP address and the client - to connect to more than one destination IP address. Both applications can also operate on single IP address. Mixed scenario is also possible, e.g. multi-homed server can communicate with non multi-homed client.

The code in this post uses one-to-many styles sockets, however the approach is the same for one-to-one sockets. I am pretty sure that you will be able to handle the latter case by yourself, so I will not discuss it. Anyway do not hesitate to leave a comment, in case you have got any questions.

Read more…

Multi-homing in SCTP

What is multihoming

In the previous posts about the SCTP protocol, I promised a separate article about multi-homing. I think we have covered most of the basic topics and now it is time to review this killer feature. The behaviour of a multi-homed SCTP node is scattered around RFC 4960 and in this post I will present the most important aspects.

I think Section 6.4 has got the best definition for multi-homing:

An SCTP endpoint is considered multi-homed if there are more than one transport address that can be used as a destination address to reach that endpoint.

Read more…

SCTP specific socket functions in Linux


In the previous posts we have used socket related functions common for protocols other than SCTP. For example with connect() you can connect to a remote peer with either TCP or SCTP socket. recvmsg() and sendmsg() can also be used with UDP and SCTP. This is normal, because SCTP has features similar to TCP (connection oriented) and UDP (message based). However SCTP's unique features deserve specific API. In this post we will review some SCTP only functions for sending and receiving messages, establishing associations and extracting local and peer IP addresses from the association.

Read more…

SCTP notifications in Linux


In the previous post we have discussed the ancillary data - one of the ways to access SCTP specific protocol parameters and events. Today we will review another similar topic - the SCTP notifications. They are also received with recvmsg(), but you receive different kind of information. Ancillary data allowed us to get some SCTP specific parameters for the DATA chunk containing the payload, like stream number, association id, etc. With notifications you can access more general information about the association - e.g. receive event when it is established, when it is teared down, remote errors, etc.

SCTP notifications are described in Section 6 of RFC 6458. The implementation of Linux has got some really small differences from the specification, but they are in terms of structure/parameter names. I will try to list them, but even if I forget something you will easily notice them by yourself.

Read more…