Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#288 SCTP (and other protocol) support

open
nobody
None
5
2011-08-20
2011-08-20
Joshua Kinard
No

SCTP, DCCP, and UDPLite are all transport-layer protocols that can carry traffic and whose first few header fields carry source/destination port numbers in the same range as TCP and UDP. While support for filtering these probably needs to be added in the Linux Kernel (uncertain about other OSes and firewall tools), long-term, I think it would be good to support filtering these protocols by source/destination IPs and ports rather than having to define specific IP protocol #'s.

Discussion

  • Vadim Kurland
    Vadim Kurland
    2011-08-21

    I see iptables modules that can match sctp and dccp (in iptables 1.4.4) but not for UDPLite. Converting this to a feature request.

     
  • Joshua Kinard
    Joshua Kinard
    2011-08-21

    SCTP has usage in telephony mostly (was designed for SIGTRAN and SS7). There doesn't even exist a Windows driver for it, and Linux has just a handful of apps. But it's got potential to emerge as a general-purpose transport-layer protocol down the road, so I figured getting this in would be useful down the road as the telephony and IP networks begin to merge more.

    DCCP, I haven't looked into a whole lot yet. I see it as being more similar to UDP (whereas SCTP is more similar to TCP).

    UDPLite is very similar to UDP, except that it allows for partial checksums. It's possible iptables might loop it in under the main udp stuff, but with a special flag or something. I ahven't looked, to be honest.

    Thanks for considering!