Subject: Defines for IP security options wrong in
To: None <>
From: Darren Reed <>
List: tech-net
Date: 04/23/2001 02:00:20
In <netinet/ip.h>, we have a bunch of #defines like this:

/* bits for security (not byte swapped) */
#define IPOPT_SECUR_UNCLASS     0x0000
#define IPOPT_SECUR_CONFID      0xf135
#define IPOPT_SECUR_EFTO        0x789a
#define IPOPT_SECUR_MMMM        0xbc4d
#define IPOPT_SECUR_RESTR       0xaf13
#define IPOPT_SECUR_SECRET      0xd788
#define IPOPT_SECUR_TOPSECRET   0x6bc5

These are based on RFC 791.

RFC 1108 redefines the way basic IP security options (such as these) are
to be used.

Does anyone know, without doubt, about whether or not the old semantics in
RFC791 are still valid or is the format in RFC 1108 the only one used ?

If the latter (and there is confirmation of it), does anyone object to
these being changed ?