From 5472f3153ab8edf133e14ff04ec558ff20f00990 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20M=C3=A9lan=C3=A7on?= <jmelancon@genetec.com>
Date: Tue, 9 Jul 2024 08:33:16 -0400
Subject: [PATCH] Ensure all INIT have a verification tag of 0

RFC 4960 Section 8.5.1 specifies that a packet containing an INIT
chunk MUST set the verificate tag of the packet to 0.

The current code follows that only if it has not received and
handled an INIT packet from the peer yet. In which case the
peerVerificationTag will not be zero, and any subsequent INIT will be
invalid and refused by the peer. This is a problem if the INIT ACK was
lost.

If both peers have this behavior, and both INIT ACKs were lost, we
fall into a situation where the initialization will never complete.

Resolve this scenario by ensuring the packet with the INIT chunk
always set the tag to zero, as is required.
---
 association.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/association.go b/association.go
index 29e9978c..75f38076 100644
--- a/association.go
+++ b/association.go
@@ -430,7 +430,7 @@ func (a *Association) sendInit() error {
 	}
 
 	outbound := &packet{}
-	outbound.verificationTag = a.peerVerificationTag
+	outbound.verificationTag = 0
 	a.sourcePort = defaultSCTPSrcDstPort
 	a.destinationPort = defaultSCTPSrcDstPort
 	outbound.sourcePort = a.sourcePort