MirOS Manual: ipcomp(4)

IPCOMP(4)                  BSD Programmer's Manual                   IPCOMP(4)

NAME

     IPComp - IP Payload Compression Protocol

NOTE

     IPComp is enabled with the following sysctl(3) variable in
     /etc/sysctl.conf:

     net.inet.ipcomp.enable

DESCRIPTION

     IPComp is a protocol used to reduce the size of IP datagrams. It can be
     used to enhance the communication performance between a pair of
     hosts/gateways, especially on slow links, by compressing the datagrams,
     provided the communicating entities have enough computation power.

     This protocol is especially useful when encryption or authentication is
     applied to IP datagrams using the IPsec protocol (see ipsec(4) for more
     information about IPsec). Encrypting information is increasing its entro-
     py to a point where compression to a lower layer becomes completely use-
     less (e.g., the PPP Compression Control Protocol). IPcomp is applied at
     the network layer before other encryption operations are applied (except
     encryption protocols applied at a higher layer such as ssh(1) or ssl(8)).

     Just like for the other IPsec protocols, IPComp needs some parameters for
     each connection, specifying how the compression should be done between
     the entities. The parameters are collected in a structure called an IP-
     Comp Association or IPCA. The parameters stored in an IPCA are the desti-
     nation address and the Compression Parameter Index (CPI). An IPCA is the
     pendant of the SA (Security Association) for IPsec.

     Currently, IPCA can be created using the ipsecadm(8) tool. Using
     ipsecadm(8) it is also possible to create IPComp flows and SA/IPCA bun-
     dles. Such a bundle is used to create a combination of IPsec and IPComp
     flows (thus enabling compression in an IPsec protocol).

     The compression is done on the data following the IP header and an IPComp
     header is inserted between the compressed data and the IP header. In the
     case of IPv6, there are extension headers which cannot be compressed
     since they are modified by the router along the way to the destination.
     These extension headers are hop-by-hop, routing, and fragmentation.

     When doing compression, it is possible that the uncompressed data is
     smaller in size than the compressed data. To avoid this behaviour, a non
     expansion policy is used in IPComp. If the data payload is smaller than a
     given threshold, it will not be compressed. No IPComp header will be in-
     serted.

     IPComp uses the same policy framework as IPsec. However unlike IPsec,
     only one policy is available for IPComp:

     IPSEC_LEVEL_USE  Use IPComp for sending packets but still accept packets
                      which are not compressed.

DIAGNOSTICS

     netstat(1) can be used to obtain some statistics about IPComp usage, us-
     ing the -p flag. Just like for IPsec, using the -r flag, netstat(1)
     displays information about IPComp flows.

SEE ALSO

     enc(4), inet(4), ip(4), ipsec(4), netintro(4), ipsecadm(8)

HISTORY

     The IPComp protocol first appeared in OpenBSD 3.0.

AUTHORS

     Support for the IPComp protocol was written by Jean-Jacques Bernard-
     Gundol <jj@wabbitt.org>.

MirOS BSD #10-current           June 27, 2001                                1

Generated on 2014-07-04 21:17:45 by $MirOS: src/scripts/roff2htm,v 1.79 2014/02/10 00:36:11 tg Exp $

These manual pages and other documentation are copyrighted by their respective writers; their source is available at our CVSweb, AnonCVS, and other mirrors. The rest is Copyright © 2002‒2014 The MirOS Project, Germany.
This product includes material provided by Thorsten Glaser.

This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report – diffs preferred.