1.\" $OpenBSD: ipcomp.4,v 1.6 2001/08/03 15:21:16 mpech Exp $ 2.\" 3.\" Copyright (c) 2001 Jean-Jacques Bernard-Gundol <jj@wabbitt.org> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by Jean-Jacques Bernard-Gundol 17.\" 4. The name of the author may not be used to endorse or promote products 18.\" derived from this software without specific prior written permission 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30.\" 31.Dd June 27, 2001 32.Dt IPCOMP 4 33.Os 34.Sh NAME 35.Nm IPComp 36.Nd IP Payload Compression Protocol 37.Sh NOTE 38.Tn IPComp 39is enabled with the following 40.Xr sysctl 3 41variable in 42.Pa /etc/sysctl.conf : 43.Bl -tag -width xxxxxxxxxxxxxxxxxxxxx 44.It net.inet.ipcomp.enable 45.El 46.Sh DESCRIPTION 47.Tn IPComp 48is a protocol used to reduce the size of IP datagrams. 49It can be used to enhance the communication performance between a pair 50of hosts/gateways, especially on slow links, by compressing the 51datagrams, provided the communicating entities have enough computation 52power. 53.Pp 54This protocol is especially useful when encryption or authentication 55is applied to IP datagrams using the 56.Tn IPsec 57protocol (see 58.Xr ipsec 4 59for more information about IPsec). 60Encrypting information is increasing its entropy to a point where 61compression to a lower layer becomes completely useless (i.e PPP 62Compression Control Protocol). 63IPcomp is applied at the network layer before other encryption 64operations are applied (except encryption protocols applied at a 65higher layer such as 66.Xr ssh 1 67or 68.Xr ssl 8 ). 69.Pp 70Just like for the other IPsec protocols, IPComp needs some parameters 71for each connection, specifying how the compression should be done 72between the entities. 73The parameters are collected in a structure called an 74IPComp Association or IPCA. 75The parameters stored in an IPCA are the destination address and the 76Compression Parameter Index (CPI). 77An IPCA is the pendant of the SA (Security Association) for IPsec. 78.Pp 79Currently, IPCA can be created using the 80.Xr ipsecadm 8 81tool. 82Using 83.Xr ipsecadm 8 84it is also possible to create IPComp flows and SA/IPCA 85bundles. 86Such a bundle is used to create a combination of IPsec and IPComp 87flows (thus enabling compression in an IPsec protocol). 88.Pp 89The compression is done on the data following the IP header and an 90IPComp header is inserted between the compressed data and the IP 91header. 92In the case of IPv6, there are extension headers which cannot be 93compressed since they are modified by the router along the way to the 94destination. 95These extension headers are hop-by-hop, routing, and fragmentation. 96.Pp 97When doing compression, it is possible that the uncompressed data is 98smaller in size than the compressed data. 99To avoid this behaviour, a non expansion policy is used in IPComp. 100If the data payload is smaller than a given threshold, it will not be 101compressed. 102No IPComp header will be inserted. 103.Pp 104IPComp uses the same policy framework as IPsec. 105However unlike IPsec, only one policy is available for IPComp: 106.Bl -tag -width IPSEC_LEVEL_USE 107.It IPSEC_LEVEL_USE 108Use IPComp for sending packets but still accept packets which are not 109compressed. 110.El 111.Sh DIAGNOSTICS 112.Xr netstat 1 113can be used to obtain some statistics about IPComp usage, using the 114.Fl p 115flag. 116Just like for IPsec, using the 117.Fl r 118flag, 119.Xr netstat 1 120displays information about IPComp flows. 121.Sh SEE ALSO 122.Xr enc 4 , 123.Xr inet 4 , 124.Xr ip 4 , 125.Xr ipsec 4 , 126.Xr netintro 4 , 127.Xr ipsecadm 8 128.Sh HISTORY 129The 130.Nm 131protocol first appeared in 132.Ox 3.0 . 133.Sh AUTHORS 134Support for the 135.Nm 136protocol was written by Jean-Jacques 137Bernard-Gundol <jj@wabbitt.org>. 138