IP option 2, Security

Protocol suite:	TCP/IP.
Protocol type:	Connectionless network layer protocol.
Option length:	11 bytes.
Host implementation:
Router implementation:
Links:	IANA: IP option numbers.

This option provides a way for hosts to send security, compartmentation, handling restrictions, and TCC (closed user group) parameters.

It may appear at most once in the IP header and MUST be copied on fragmentation.

MAC header

IP header

IP option 2

Data :::

IP Option 2:

00	08	16
Type	Length	Security
Compartments		Handling restrictions
Transmission Control Code

Type. 8 bits. Set to 130.

00	01	02	03	04	05	06	07
C	Class		Option

C, Copy flag. 1 bit. Always set to 1.
The option is to be copied into all fragments.

Class. 2 bits. Always cleared to 0.
This is a control option.

Option. 5 bits. Always set to 2.
The IP option number.

Length. 8 bits. Set to 11.

Security. 16 bits.
Specifies one of 16 levels of security.

Compartments. 16 bits.
An all zero value is used when the information transmitted is not compartmented. Other values for the compartments field may be obtained from the Defense Intelligence Agency.

Handling restrictions. 16 bits.
The values for the control and release markings are alphanumeric digraphs and are defined in the Defense Intelligence Agency Manual DIAM 65-19, "Standard Security Markings".

Transmission Control Code. 24 bits.
Provides a means to segregate traffic and define controlled communities of interest among subscribers. The TCC values are trigraphs, and are available from HQ DCA Code 530.

Glossary:

RFCs:

[RFC 791] Internet Protocol.

STD: 5.
Defines Internet Protocol version 4.
Updated by:
RFC 1349.

[RFC 1108] U.S. Department of Defense Security Options for the Internet Protocol.

Obsoletes:
RFC 1038.

Publications:

Obsolete RFCs:

[RFC 1038] Draft Revised IP Security Option.

Obsoleted by:
RFC 1108.