Skip to content

Commit

Permalink
Ensure all INIT have a verification tag of 0
Browse files Browse the repository at this point in the history
RFC 4960 Section 8.5.1 specifies that a packet containing an INIT
chunk MUST set the verificate tag of the packet to 0.

The current code follows that only if it has not received and
handled an INIT packet from the peer yet. In which case the
peerVerificationTag will not be zero, and any subsequent INIT will be
invalid and refused by the peer. This is a problem if the INIT ACK was
lost.

If both peers have this behavior, and both INIT ACKs were lost, we
fall into a situation where the initialization will never complete.

Resolve this scenario by ensuring the packet with the INIT chunk
always set the tag to zero, as is required.
  • Loading branch information
jmelancongen authored and JoeTurki committed Jan 21, 2025
1 parent 2600de3 commit f7e04df
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion association.go
Original file line number Diff line number Diff line change
Expand Up @@ -452,7 +452,7 @@ func (a *Association) sendInit() error {
}

outbound := &packet{}
outbound.verificationTag = a.peerVerificationTag
outbound.verificationTag = 0
a.sourcePort = defaultSCTPSrcDstPort
a.destinationPort = defaultSCTPSrcDstPort
outbound.sourcePort = a.sourcePort
Expand Down

0 comments on commit f7e04df

Please sign in to comment.