# *****************************************************************************
# 
# $Id: INSTALL,v 0.5 2003/04/09 13:24:16 brian Exp $
# 
# *****************************************************************************
# 
# Copyright (C) 2001-2002  OpenSS7 Corporation <http://www.openss7.com>
# 
# All Rights Reserved.
# 
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# 
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
# 
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc., 675 Mass
# Ave, Cambridge, MA 02139, USA.
# 
# *****************************************************************************
# 
# Commercial licensing and support of this software is available from OpenSS7
# Corporation at a fee.  See http://www.openss7.com/
# 
# *****************************************************************************
# 
# Last Modified $Date: 2003/04/09 13:24:16 $ by $Author: brian $
# 
# *****************************************************************************

This is the linux-sctp-0.2.14 prerelease.  It can be obtained from the
download area of http://www.openss7.org as linux-sctp-0.2.14.tgz.

The tarball linux-sctp-0.2.14.tgz unpacks with the command

        tar -xzvf linux-sctp-0.2.14.tgz

into the following files and directories under linux-sctp-0.2.14:

        INSTALL             - Installation instructions
        LICENSE             - GNU Public License
        README              - This file
        doc                 - Miscellaneous documentation
        man                 - sctp.7 man page for Linux
        patch-0.2           - patch file to patch Linux 2.4.18 kernel sources
        patch-0.2.1         - incremental patch file
        patch-0.2.2         - incremental patch file
        patch-0.2.3         - incremental patch file
        patch-0.2.4         - incremental patch file
        patch-0.2.5         - incremental patch file
        patch-0.2.6         - incremental patch file
        patch-0.2.7         - incremental patch file
        patch-0.2.8         - incremental patch file
        patch-0.2.9         - incremental patch file
        patch-0.2.9b        - incremental patch file
        patch-total-0.2.9b  - total patch file
        patch-0.2.9c        - incremental patch file
        patch-0.2.10        - incremental patch file
        patch-0.2.10b       - incremental patch file
        patch-0.2.11        - incremental patch file
        patch-0.2.12        - incremental patch file
        patch-total-0.2.11  - total patch file
        patch-total-0.2.13  - total patch file
        patch-total-0.2.14  - total patch file
        test                - Test files and Ethereal dumps from ETSI bakeoff.

The patch for the Linux 2.4.18 kernel is in the file patch-0.2  This
patch may work with other kernel sources with some manual manipulation.
Start with a full copy of the true Linux 2.4.18 kernel sources in a
separate directory in case anything goes wrong during the patching
process.

If you kernel sources are in the directory /usr/src/linux-2.4.18 and the
patch file is in ~/linux-sctp-0.2.14 use the patch command as follows to
patch the linux kernel sources in /usr/src/linux-2.4.18

        cd /usr/src/linux-2.4.18
        gzip -dc ~/linux-sctp-0.2.14/patch-0.2.gz | patch -p0

Then the additional patches should be applied as follows:

        gzip -dc ~/linux-sctp-0.2.14/patch-0.2.1.gz | patch -p0
        gzip -dc ~/linux-sctp-0.2.14/patch-0.2.2.gz | patch -p0
        gzip -dc ~/linux-sctp-0.2.14/patch-0.2.3.gz | patch -p0
        gzip -dc ~/linux-sctp-0.2.14/patch-0.2.4.gz | patch -p0

A total patch file should be applied directly to the original kernel
source with:

        cd /usr/src/linux-2.4.18
        gzip -dc ~/linux-sctp-0.2.14/patch-total-0.2.14.gz | patch -p0

Note: make sure that you do not have the environment variable
POSIXLY_CORRECT set or this patch will not apply correctly.  For csh do:

        unsetenv POSIXLY_CORRECT

before applying the patch.

Once the kernel sources are compiled, you can configure, compile and
install the kernel as usual.  The kernel will install as
vmlinuz-2.4.18-sctp and the sctp modules will be installed in
/lib/modules/2.4.18-sctp so that they can be kept separate from other
kernel versions.

The kernel sources compile nicely on RH7.2 systems.

When configuring the kernel, there are a number of new configuration
options for SCTP under networking options.  They are:

Stream Control Transmission Protocol (SCTP)
CONFIG_SCTP
   This provides support for the Stream Control Transmission
   Protocol (SCTP) RFC 2960 operation.  Those requiring use of the
   SCTP should say Y here.  See "linux/Documentation/sctp.txt" for
   more information.  This is EXPERIMENTAL code which could break
   TCP/IP in mysterious ways.  If unsure, just say N.

Slow Verification
CONFIG_SCTP_SLOW_VERIFICATION
   When a message comes from an SCTP endpoint with the correct
   verification tag, it is not necessary to check ports or addresses
   to identify the SCTP association to which it belongs.  When you
   say N here, port numbers and addresses are not checked on local
   tags and addresses are not checked on peer tags.  When you say Y
   here, the redundant port number and destination address checks
   are performed.  Both settings provide RFC 2960 compliant
   operation.  If unsure, just say N.

Throttle Heartbeats
CONFIG_SCTP_THROTTLE_HEARTBEATS
   Special feature of Linux SCTP which is not mentioned in RFC 2960.
   When you say Y here, SCTP will throttle the rate at which it
   responds to heartbeats to the system control sctp_heartbeat_itvl.
   This makes SCTP more resilient to implementations which flood
   heartbeat messages.  For RFC 2960 compliant operation, say N
   here.

Discard Out of the Blue Packets
CONFIG_SCTP_DISCARD_OOTB
   RFC 2960 requires the implementation to send ABORT to some OOTB
   packets (packets for which no SCTP association exists).  Sending
   ABORT chunks to unverified source addresses with the T bit set
   opens SCTP to blind masquerade attacks.  Not sending them may
   lead to delays at the peer endpoint aborting associations where
   our ABORT has been lost and the socket is already closed or if we
   have restarted and the peer still has open associations to us.
   If you say Y here, SCTP will discard all OOTB packets.  This is
   necessary if another SCTP stack is being run on the same machine.
   For RFC 2960 compliant operation, say N here.  If in doubt say Y.

TCP Compatible Sockets
CONFIG_SCTP_TCP_COMPATIBLE
   draft-ietf-tsvwg-sctpsocket-04.txt describes some ways to
   permit SCTP sockets to be TCP compatible.  If you say Y here,
   then you can open a SOCK_STREAM socket with IPPROTO_SCTP which
   will be compatible at the socket level with TCP.  This feature is
   experimental stuff and is not fully tested yet.  If you say N
   here, this feature is disabled.  If in doubt, say Y.

UDP Compatible Sockets
CONFIG_SCTP_UDP_COMPATIBLE
   draft-ietf-tsvwg-sctpsocket-04.txt describes some ways to
   permit SCTP sockets to be UDP compatible.  If you say Y here,
   then you can open a SOCK_RDM socket with IPPROTO_SCTP which will
   be compatible at the socket level with RUDP.  This feature is
   experimental stuff and is not fully functional.  If you say N here,
   this feature is disabled.  If in double, say N.

Extended IP Support for SCTP
CONFIG_SCTP_EXTENDED_IP_SUPPORT
   This provides extended IP support for SCTP for things like IP
   Transparent Proxy and IP Masquerading.  This is experimental
   stuff.  If in doubt, say N.

SCTP HMAC Algorithm SHA-1
CONFIG_SCTP_HMAC_SHA1
   This provides the ability to use the FIPS 180-1 (SHA-1) message
   authentication code in SCTP cookies.  If you say Y here, when the
   appropriate sysctl is set, SCTP will use the SHA-1 HMAC when
   signing cookies in the INIT ACK chunk.  If you say N here, the
   SHA-1 HMAC will be unavailable for use with SCTP.  If in doubt,
   say N.

SCTP HMAC Algorithm MD5
CONFIG_SCTP_HMAC_MD5
   This provides the ability to use the MD5 (RFC 1321) message
   authentication code in SCTP cookies.  If you say Y here, when the
   appropriate sysctl is set, SCTP will use the MD5 HMAC when
   signing cookies in the INIT ACK chunk.  If you say N here, the
   MD5 HMAC will be unavailable for use with SCTP.  If in doubt, say
   Y.

SCTP Adler 32 Checksum
CONFIG_SCTP_ADLER_32
   This provides the ability to use the older RFC 2960 Adler32
   checksum.  If CONFIG_SCTP_CRC_32 below is not selected, the
   Adler32 checksum is always provided.  If in doubt, say Y.

SCTP CRC-32c Checksum
CONFIG_SCTP_CRC_32C
   This provides the ability to use the newer CRC-32c checksum as
   described in draft-ietf-tsvwg-sctpcsum-06.txt.  When this is
   selected and CONFIG_SCTP_ADLER_32 is not selected above, then the
   only checksum that will be used is the CRC-32c checksum.  If in
   doubt, say Y.

Throttle Passive Opens
CONFIG_SCTP_THROTTLE_PASSIVEOPENS
   Special feature of Linux SCTP not mentioned in RFC 2960.  When
   secure algorithms are used for signing cookies, the
   implementation becomes vulnerable to INIT and COOKIE ECHO
   flooding.  If you say Y here, SCTP will only allow one INIT and
   one COOKE ECHO to be processed in each interval corresponding to
   the sysctl sctp_throttle_itvl.  Setting sctp_throttle_itvl to 0 defeats
   this function.  If you say N here, each INIT and COOKIE ECHO will
   be processed.

Explicit Congestion Notification
CONFIG_SCTP_ECN
   This enables support for Explicit Congestion Notification (ECN)
   chunks in SCTP messages as defined in RFC 2960 and RFC 3168.
   It also adds syctl (/proc/net/ipv4/sctp_ecn) which allows ECN for
   SCTP to be disabled at runtime.  If in doubt, say N.

ADD IP Support
CONFIG_SCTP_ADD_IP
   This enables support for ADD-IP as described in
   draft-ietf-tsvwg-addip-sctp-05.txt.  This allows the addition and
   removal of IP addresses from existing connections.  This is
   experimental stuff.  If in doubt, say N.

Adaptation Layer Information Support
CONFIG_SCTP_ADAPTATION_LAYER_INFO
   This enables support for the Adaptation Layer Information parameter
   described in draft-ietf-tsvwg-addip-sctp-05.txt for communicating
   application layer information bits at initialization.  This is
   experimental stuff.  If in doubt, say N.

Partial Reliability Support
CONFIG_SCTP_PARTIAL_RELIABILITY
   This enables support for PR-SCTP as described in
   draft-stewart-tsvwg-prsctp-00.txt.  This allows for partial
   reliability of message delivery on a "timed reliability" basis.
   This is experimental stuff.  If in doubt, say N.

SCTP Debugging
CONFIG_SCTP_DEBUG
   This provides a verbose amount of debugging information to fill up
   your system logs.  If in doubt, say N.

SCTP Safe Mode
CONFIG_SCTP_SAFE
   This compiles in a number of assertions and checks that make SCTP
   run a little safer and will print a little more debugging
   information.  If in doubt, say Y.

SCTP Error Generator
CONFIG_SCTP_ERROR_GENERATOR
   This provides an internal error generator that can be accessed
   with socket options for testing SCTP operation under packet loss.
   You will need this option to run some of the test programs distributed
   with the SCTP module.  If in doubt, say N.

I set these as follows:

	CONFIG_SCTP=m

	#
	# SCTP Configuration
	#
	# CONFIG_SCTP_SLOW_VERIFICATION is not set
	# CONFIG_SCTP_DISCARD_OOTB is not set
	# CONFIG_SCTP_THROTTLE_HEARTBEATS is not set
	# CONFIG_SCTP_THROTTLE_PASSIVEOPENS is not set
	CONFIG_SCTP_TCP_COMPATIBLE=y
	# CONFIG_SCTP_UDP_COMPATIBLE is not set
	# CONFIG_SCTP_EXTENDED_IP_SUPPORT is not set
	CONFIG_SCTP_HMAC_SHA1=y
	CONFIG_SCTP_HMAC_MD5=y
	CONFIG_SCTP_ADLER_32=y
	CONFIG_SCTP_CRC_32C=y
	CONFIG_SCTP_ECN=y
	CONFIG_SCTP_ADD_IP=y
	CONFIG_SCTP_PARTIAL_RELIABILITY=y
	CONFIG_SCTP_DEBUG=y
	CONFIG_SCTP_ERROR_GENERATOR=y
	# CONFIG_KHTTPD is not set
	# CONFIG_ATM is not set
	# CONFIG_VLAN_8021Q is not set

Once you compile install and reboot on the new kernel, you will be able
to open SCTP sockets.  If you configure SCTP as a module (as I do), the
module will be loaded on demand when an SCTP socket is opened.

Header files are included in the package (in include).  These files can
either be included with:

	#include <netinet/sctp.h>
        #include <linux/sysctl.h>

and either placed in your /usr/src/include/ subdirectories or included
with a compile line command such as:

	gcc -I~/linux-sctp-0.2.14/include -o test test.c

Read the SCTP man page (in man/sctp.7) and look at the test programs
under the test directory.  You can place the manual page in you man
directory, such as /usr/local/share/man/man7 so that it is available
to your system, or just view it with less or man -f.

To compile the test programs just change to the test program directory
and type make:

        cd ~/linux-sctp-0.2.14/test
        make

