A1. IPv4 Options
This table shows how the IPv4 options are classified with regard to "mutability". Where two references are provided, the second one supercedes the first. This table is based in part on information provided in RFC 1700, "ASSIGNED NUMBERS", (October 1994).
IMMUTABLE -- included in ICV calculation
| Copy | Class | # | Name | Reference |
|---|---|---|---|---|
| 0 | 0 | 0 | End of Options List | [RFC791] |
| 0 | 0 | 1 | No Operation | [RFC791] |
| 1 | 0 | 2 | Security | [RFC1108] (historic but in use) |
| 1 | 0 | 5 | Extended Security | [RFC1108] (historic but in use) |
| 1 | 0 | 6 | Commercial Security | |
| 1 | 0 | 20 | Router Alert | [RFC2113] |
| 1 | 0 | 21 | Sender Directed Multi-Destination Delivery | [RFC1770] |
MUTABLE -- zeroed
| Copy | Class | # | Name | Reference |
|---|---|---|---|---|
| 1 | 0 | 3 | Loose Source Route | [RFC791] |
| 0 | 2 | 4 | Time Stamp | [RFC791] |
| 0 | 0 | 7 | Record Route | [RFC791] |
| 1 | 0 | 9 | Strict Source Route | [RFC791] |
| 0 | 2 | 18 | Traceroute | [RFC1393] |
EXPERIMENTAL, SUPERCEDED -- zeroed
| Copy | Class | # | Name | Reference |
|---|---|---|---|---|
| 1 | 0 | 8 | Stream ID | [RFC791, RFC1122 (Host Req)] |
| 0 | 0 | 11 | MTU Probe | [RFC1063, RFC1191 (PMTU)] |
| 0 | 0 | 12 | MTU Reply | [RFC1063, RFC1191 (PMTU)] |
| 1 | 0 | 17 | Extended Internet Protocol | [RFC1385, DH98 (IPv6)] |
| 0 | 0 | 10 | Experimental Measurement | |
| 1 | 2 | 13 | Experimental Flow Control | |
| 1 | 0 | 14 | Experimental Access Ctl | |
| 0 | 0 | 15 | ??? | |
| 1 | 0 | 16 | IMI Traffic Descriptor | |
| 1 | 0 | 19 | Address Extension |
Notes
NOTE: Use of the Router Alert option is potentially incompatible with use of IPsec. Although the option is immutable, its use implies that each router along a packet's path will "process" the packet and consequently might change the packet. This would happen on a hop-by-hop basis as the packet goes from router to router. Prior to being processed by the application to which the option contents are directed (e.g., Resource Reservation Protocol (RSVP)/Internet Group Management Protocol (IGMP)), the packet should encounter AH processing. However, AH processing would require that each router along the path is a member of a multicast-SA defined by the SPI. This might pose problems for packets that are not strictly source routed, and it requires multicast support techniques not currently available.
NOTE: Addition or removal of security labels (e.g., Basic Security Option (BSO), Extended Security Option (ESO), or Commercial Internet Protocol Security Option (CIPSO)) by systems along a packet's path conflicts with the classification of these IP options as immutable and is incompatible with the use of IPsec.
NOTE: End of Options List options SHOULD be repeated as necessary to ensure that the IP header ends on a 4-byte boundary in order to ensure that there are no unspecified bytes that could be used for a covert channel.