Installing and Administering PPP
Chapter 5 103
Security Techniques
Building a Stanza - Specifics
Keywords Based on IP Options
The ‘ip-opt=’ keyword can be used to select packets based on whether
they bear various IP options, including those described in the table
below:
Example:
!ip-opt=srcrt # block source routed packets
frag Keyword
The ‘frag’ keyword permits filtering of IP fragments. When IP packets
are larger than the media permits, the datagram can be fragmented into
smaller segments, transmitted, and reassembled at the destination. IP
datagrams can be up to 65,535 bytes long, but most physical networks do
not support datagrams that large. Ethernet supports datagrams 1500
bytes long. SLIP’s default is 1024 bytes.
OPTION DESCRIPTION
rr Record Route is used to trace the route an internet
datagram takes.
ts Time Stamp.
security Security is used to carry Security, Compartmentation,
User Group (TCC), and Handling - Restriction Codes
compatible with DOD requirements.
lsrr Loose Source Routing is used to route the internet
datagram based on information supplied by the source
satid SATNET Stream Identifier (obsolete).
ssrr Strict Source Routing is used to route the internet
datagram based on information supplied by the source.
srcrt Either Loose Source Routing or Strict Source Routing.
any Any IP option including the ‘No Operation’ option.