| IP option 5, Extended Security |
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |
| Protocol suite: | TCP/IP. |
| Protocol type: | Connectionless network layer protocol. |
| Option length: | 3 to 31 bytes. |
| Host implementation: | |
| Router implementation: | |
| Links: | IANA: IP option numbers. |
RFC 1108, pg 13.
This option permits additional security labeling information, beyond that present in the Basic Security Option, to be supplied in an IP datagram to meet the needs of registered authorities. Note that information which is not labeling data or which is meaningful only to the end systems (not intermediate systems) is not appropriate for transmission in the IP layer and thus should not be transported using this option. This option must be copied on fragmentation. Unlike the Basic Option, this option may appear multiple times within a datagram, subject to overall IP header size constraints.
This option may be present only in conjunction with the Basic Security Option, thus all systems which support Extended Security Options must also support the Basic Security Option. However, not all systems which support the Basic Security Option need to support Extended Security Options and support for these options may be selective, i.e., a system need not support all Extended Security Options.
| MAC header | IP header | IP option 5 | Data ::: |
IP option 5:
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type | Length | Format code | Additional Security Info ::: | ||||||||||||||||||||||||||||
Type. 8 bits. Set to 133.
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 |
|---|---|---|---|---|---|---|---|
| C | Class | Option | |||||
C, Copy flag. 1 bit. Set to 1.
Indicates the option is to be copied into all fragments.
Class. 2 bits. Cleared to 0.
The option is a control option.Option. 5 bits. Set to 5.
The IP option number.
Length. 8 bits.
Total length of the option in bytes.
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 |
|---|---|---|---|---|---|---|---|
| 0 | Length | ||||||
Format code.
8 bits.
Specifies the syntax and semantics for the Additional Security Information
field. For each Format Code, an RFC will be published to specify the
syntax and to provide an algorithmic description of the processing required to
determine whether a datagram carrying a label specified by this Format Code
should be accepted or rejected. This specification must be sufficiently detailed
to permit vendors to produce interoperable implementations, e.g., it should be
comparable to the specification of the Basic Security Option provided in this RFC.
However, the specification need not include a mapping from the syntax of
the option to human labels if such mapping would cause distribution of the specification to be restricted.
Additional Security Info.
Variable length, 0 .. 29 bytes.
This field contains the additional security labelling information specified by
the Format code of the Extended Security Option.
The syntax and processing requirements for this field are specified by the associated RFC.
RFCs:
[RFC 1108] U.S. Department of Defense Security Options for the Internet Protocol.
[RFC 1038] Draft Revised IP Security Option.
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |