IPCOMP(4) BSD Programmer's Manual IPCOMP(4)
IPComp - IP Payload Compression Protocol
IPComp is enabled with the following sysctl(3) variable in /etc/sysctl.conf: net.inet.ipcomp.enable
IPComp is a protocol used to reduce the size of IP datagrams. It can be used to enhance the communication performance between a pair of hosts/gateways, especially on slow links, by compressing the datagrams, provided the communicating entities have enough computation power. This protocol is especially useful when encryption or authentication is applied to IP datagrams using the IPsec protocol (see ipsec(4) for more information about IPsec). Encrypting information is increasing its entro- py to a point where compression to a lower layer becomes completely use- less (e.g., the PPP Compression Control Protocol). IPcomp is applied at the network layer before other encryption operations are applied (except encryption protocols applied at a higher layer such as ssh(1) or ssl(8)). Just like for the other IPsec protocols, IPComp needs some parameters for each connection, specifying how the compression should be done between the entities. The parameters are collected in a structure called an IP- Comp Association or IPCA. The parameters stored in an IPCA are the desti- nation address and the Compression Parameter Index (CPI). An IPCA is the pendant of the SA (Security Association) for IPsec. Currently, IPCA can be created using the ipsecadm(8) tool. Using ipsecadm(8) it is also possible to create IPComp flows and SA/IPCA bun- dles. Such a bundle is used to create a combination of IPsec and IPComp flows (thus enabling compression in an IPsec protocol). The compression is done on the data following the IP header and an IPComp header is inserted between the compressed data and the IP header. In the case of IPv6, there are extension headers which cannot be compressed since they are modified by the router along the way to the destination. These extension headers are hop-by-hop, routing, and fragmentation. When doing compression, it is possible that the uncompressed data is smaller in size than the compressed data. To avoid this behaviour, a non expansion policy is used in IPComp. If the data payload is smaller than a given threshold, it will not be compressed. No IPComp header will be in- serted. IPComp uses the same policy framework as IPsec. However unlike IPsec, only one policy is available for IPComp: IPSEC_LEVEL_USE Use IPComp for sending packets but still accept packets which are not compressed.
netstat(1) can be used to obtain some statistics about IPComp usage, us- ing the -p flag. Just like for IPsec, using the -r flag, netstat(1) displays information about IPComp flows.
enc(4), inet(4), ip(4), ipsec(4), netintro(4), ipsecadm(8)
The IPComp protocol first appeared in OpenBSD 3.0.
Support for the IPComp protocol was written by Jean-Jacques Bernard- Gundol <firstname.lastname@example.org>. MirOS BSD #10-current June 27, 2001 1
Generated on 2015-10-06 19:36:22 by $MirOS: src/scripts/roff2htm,v 1.80 2015/01/02 13:54:19 tg Exp $
These manual pages and other documentation are copyrighted by their respective writers;
their source is available at our CVSweb,
AnonCVS, and other mirrors. The rest is Copyright © 2002–2015 The MirOS Project, Germany.
This product includes material provided by Thorsten Glaser.
This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report – diffs preferred.