summaryrefslogtreecommitdiff
path: root/share/man/man4/ipcomp.4
blob: 48f22fb9b9f1c251065b597c58ed4255840598b9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
.\" $OpenBSD: ipcomp.4,v 1.15 2013/07/16 16:05:49 schwarze Exp $
.\"
.\" Copyright (c) 2001 Jean-Jacques Bernard-Gundol <jj@wabbitt.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 16 2013 $
.Dt IPCOMP 4
.Os
.Sh NAME
.Nm ipcomp
.Nd IP Payload Compression Protocol
.Sh DESCRIPTION
IPComp is enabled with the following
.Xr sysctl 3
variable in
.Pa /etc/sysctl.conf :
.Bl -tag -width xxxxxxxxxxxxxxxxxxxxx -offset indent
.It net.inet.ipcomp.enable
.El
.Pp
IPComp is a protocol used to reduce the size of IP datagrams.
It can be used to enhance the communication performance between a pair
of hosts/gateways, especially on slow links, by compressing the
datagrams, provided the communicating entities have enough computational
power.
.Pp
This protocol is especially useful when encryption or authentication
is applied to IP datagrams using the IPsec protocol (see
.Xr ipsec 4
for more information about IPsec).
Encrypting information is increasing its entropy to a point where
compression to a lower layer becomes completely useless (e.g., the
PPP Compression Control Protocol).
IPcomp is applied at the network layer before other encryption
operations are applied (except encryption protocols applied at a
higher layer such as
.Xr ssh 1
or
.Xr ssl 8 ) .
.Pp
Just like for the other IPsec protocols, IPComp needs some parameters
for each connection, specifying how the compression should be done
between the entities.
The parameters are collected in a structure called an
IPComp Association (IPCA).
The parameters stored in an IPCA are the destination address and the
Compression Parameter Index (CPI).
An IPCA is the pendant of the SA (Security Association) for IPsec.
.Pp
Currently, IPCA can be created using the
.Xr ipsecctl 8
tool.
Using
.Xr ipsecctl 8
it is also possible to create IPComp flows and SA/IPCA
bundles.
Such a bundle is used to create a combination of IPsec and IPComp
flows (thus enabling compression in an IPsec protocol).
.Pp
The compression is done on the data following the IP header and an
IPComp header is inserted between the compressed data and the IP
header.
In the case of IPv6, there are extension headers which cannot be
compressed since they are modified by the router along the way to the
destination.
These extension headers are hop-by-hop, routing, and fragmentation.
.Pp
When doing compression, it is possible that the uncompressed data is
smaller in size than the compressed data.
To avoid this behaviour, a non expansion policy is used in IPComp.
If the data payload is smaller than a given threshold, it will not be
compressed.
No IPComp header will be inserted.
.Pp
IPComp uses the same policy framework as IPsec.
However unlike IPsec, only one policy is available for IPComp:
.Bl -tag -width IPSEC_LEVEL_USE
.It IPSEC_LEVEL_USE
Use IPComp for sending packets but still accept packets which are not
compressed.
.El
.Sh DIAGNOSTICS
.Xr netstat 1
can be used to obtain some statistics about IPComp usage, using the
.Fl p
flag.
Just like for IPsec, using the
.Fl r
flag,
.Xr netstat 1
displays information about IPComp flows.
.Sh SEE ALSO
.Xr enc 4 ,
.Xr inet 4 ,
.Xr ip 4 ,
.Xr ipsec 4 ,
.Xr netintro 4 ,
.Xr ipsecctl 8 ,
.Xr sysctl 8
.Sh HISTORY
The
.Nm
protocol first appeared in
.Ox 3.0 .
.Sh AUTHORS
Support for the
.Nm
protocol was written by
.An Jean-Jacques Bernard-Gundol Aq Mt jj@wabbitt.org .