security
Click on the red underlined text to get to the source
... gateways. The internet protocol
also carries information on the precedence, security classification
and compartmentation of the TCP segments ...
... Connections
Precedence and Security
...
...
Precedence and Security:
...
...
The users of TCP may indicate the security and precedence of their
communication. Provision is made for default values to be used when
...
... gateways that operate in multilevel secure environments to
properly segregate datagrams for security considerations.
...
... system. These calls have parameters for passing the address, type of
service, precedence, security, and other control information.
...
... Precedence and Security ...
... internet protocol type of service field and
security option to provide precedence and security on a per connection
...
... type of service field and
security option to provide precedence and security on a per connection
basis to TCP users ...
... TCP modules will necessarily function in
a multilevel secure environment; some may be limited to unclassified
use only, and others may operate at only one security level and
compartment. Consequently, some TCP implementations and services ...
... TCP modules which operate in a multilevel secure environment must
properly mark outgoing segments with the security, compartment, and
precedence. Such TCP modules must also provide to their users or
...
... Telnet or THP an interface to allow
them to specify the desired security level, compartment, and
precedence of connections.
...
... TCB are the local and remote socket numbers, the security and
precedence of the connection, pointers to the user's send and receive
...
... ACK), or
if an incoming segment has a security level or compartment which
does not exactly match the level and compartment requested for the
connection ...
...
If an incoming segment has a security level, or compartment, or
precedence which does not exactly match the level, and compartment,
and precedence requested for the connection ...
... Precedence and Security ...
... connection be allowed only between ports operating
with exactly the same security and compartment values and at the
higher of the precedence level requested by the two ports.
...
...
The precedence and security parameters used in TCP are exactly those
defined in the Internet Protocol ...
... 2]. Throughout this TCP
specification the term "security/compartment" is intended to indicate
the security parameters used in IP ...
... specification the term "security/compartment" is intended to indicate
the security parameters used in IP including security, compartment,
...
... the security parameters used in IP including security, compartment,
user group, and handling restriction.
...
...
A connection attempt with mismatched security/compartment values or a
lower precedence value must be rejected by sending a reset. Rejecting
a connection ...
...
The security paramaters may be used even in a non-secure environment
(the values would indicate unclassified data), thus hosts ...
... hosts in
non-secure environments must be prepared to receive the security
parameters, though they need not send them.
...
... active/passive
[, timeout] [, precedence] [, security/compartment] [, options])
-> local connection name
...
... lower level protocol (e.g., IP). These considerations are the
result of concern about security, to the extent that no TCP be
able to masquerade ...
... authority to open a connection with the specified
precedence or security/compartment. The absence of precedence
or security/compartment specification in the OPEN call indicates
...
... precedence or security/compartment. The absence of precedence
or security/compartment specification in the OPEN call indicates
the default values must be used.
...
... TCP will accept incoming requests as matching only if the
security/compartment information is exactly the same and only if
the precedence is equal to or higher than the precedence
requested in the OPEN call.
...
... identifier, foreign
socket, precedence, security/compartment, and user timeout
information. Note that some parts of the foreign socket may be
...
... parameters of the incoming SYN segment. Verify the security and
precedence requested are allowed for this user, if not return
"error: precedence not allowed" or "error: security ...
... security and
precedence requested are allowed for this user, if not return
"error: precedence not allowed" or "error: security/compartment
not allowed." If passive enter the LISTEN state ...
... If the SYN bit is set, check the security. If the
security/compartment on the incoming segment ...
... bit is set, check the security. If the
security/compartment on the incoming segment does not exactly
match the security ...
... security/compartment on the incoming segment does not exactly
match the security/compartment in the TCB then send a reset and
return.
...
... security and precedence
If the security/compartment in the segment does not exactly
match the security ...
... security/compartment in the segment does not exactly
match the security/compartment in the TCB, send a reset
...
... If the SYN bit is on and the security/compartment and precedence
are acceptable then, RCV.NXT is set to SEG.SEQ ...
... SYN-RECEIVED
If the security/compartment and precedence in the segment do not
exactly match the security ...
... security/compartment and precedence in the segment do not
exactly match the security/compartment and precedence in the TCB
then send a reset, and return.
...
... STATE
If the security/compartment and precedence in the segment do not
exactly match the security ...
... security/compartment and precedence in the segment do not
exactly match the security/compartment and precedence in the TCB
then send a reset, any outstanding RECEIVEs and SEND ...
... connection between these ports with a
different security or precedence from causing an abort of the
current connection.
...