IP option 2, Security

Description Glossary RFCs Publications Obsolete RFCs


Protocol suite: TCP/IP.
Protocol type:Connectionless network layer protocol.
Option length:11 bytes.
Host implementation:
Router implementation:
Links: IANA: IP option numbers.

This option provides a way for hosts to send security, compartmentation, handling restrictions, and TCC (closed user group) parameters.

It may appear at most once in the IP header and MUST be copied on fragmentation.

MAC header IP header IP option 2 Data :::

IP Option 2:

0001020304050607 0809101112131415 1617181920212223 2425262728293031
Type Length Security
Compartments Handling restrictions
Transmission Control Code  

Type. 8 bits. Set to 130.

C Class Option

C, Copy flag. 1 bit. Always set to 1.
The option is to be copied into all fragments.

Class. 2 bits. Always cleared to 0.
This is a control option.

Option. 5 bits. Always set to 2.
The IP option number.

Length. 8 bits. Set to 11.

Security. 16 bits.
Specifies one of 16 levels of security.

Compartments. 16 bits.
An all zero value is used when the information transmitted is not compartmented. Other values for the compartments field may be obtained from the Defense Intelligence Agency.

Handling restrictions. 16 bits.
The values for the control and release markings are alphanumeric digraphs and are defined in the Defense Intelligence Agency Manual DIAM 65-19, "Standard Security Markings".

Transmission Control Code. 24 bits.
Provides a means to segregate traffic and define controlled communities of interest among subscribers. The TCC values are trigraphs, and are available from HQ DCA Code 530.



[RFC 791] Internet Protocol.

[RFC 1108] U.S. Department of Defense Security Options for the Internet Protocol.


Obsolete RFCs:

[RFC 1038] Draft Revised IP Security Option.

Description Glossary RFCs Publications Obsolete RFCs