1.\" $OpenBSD: ipcomp.4,v 1.10 2003/06/13 22:04:32 deraadt Exp $ 2.\" 3.\" Copyright (c) 2001 Jean-Jacques Bernard-Gundol <jj@wabbitt.org> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" 26.Dd June 27, 2001 27.Dt IPCOMP 4 28.Os 29.Sh NAME 30.Nm IPComp 31.Nd IP Payload Compression Protocol 32.Sh NOTE 33.Tn IPComp 34is enabled with the following 35.Xr sysctl 3 36variable in 37.Pa /etc/sysctl.conf : 38.Bl -tag -width xxxxxxxxxxxxxxxxxxxxx 39.It net.inet.ipcomp.enable 40.El 41.Sh DESCRIPTION 42.Tn IPComp 43is a protocol used to reduce the size of IP datagrams. 44It can be used to enhance the communication performance between a pair 45of hosts/gateways, especially on slow links, by compressing the 46datagrams, provided the communicating entities have enough computation 47power. 48.Pp 49This protocol is especially useful when encryption or authentication 50is applied to IP datagrams using the 51.Tn IPsec 52protocol (see 53.Xr ipsec 4 54for more information about IPsec). 55Encrypting information is increasing its entropy to a point where 56compression to a lower layer becomes completely useless (e.g., the 57PPP Compression Control Protocol). 58IPcomp is applied at the network layer before other encryption 59operations are applied (except encryption protocols applied at a 60higher layer such as 61.Xr ssh 1 62or 63.Xr ssl 8 ) . 64.Pp 65Just like for the other IPsec protocols, IPComp needs some parameters 66for each connection, specifying how the compression should be done 67between the entities. 68The parameters are collected in a structure called an 69IPComp Association or IPCA. 70The parameters stored in an IPCA are the destination address and the 71Compression Parameter Index (CPI). 72An IPCA is the pendant of the SA (Security Association) for IPsec. 73.Pp 74Currently, IPCA can be created using the 75.Xr ipsecadm 8 76tool. 77Using 78.Xr ipsecadm 8 79it is also possible to create IPComp flows and SA/IPCA 80bundles. 81Such a bundle is used to create a combination of IPsec and IPComp 82flows (thus enabling compression in an IPsec protocol). 83.Pp 84The compression is done on the data following the IP header and an 85IPComp header is inserted between the compressed data and the IP 86header. 87In the case of IPv6, there are extension headers which cannot be 88compressed since they are modified by the router along the way to the 89destination. 90These extension headers are hop-by-hop, routing, and fragmentation. 91.Pp 92When doing compression, it is possible that the uncompressed data is 93smaller in size than the compressed data. 94To avoid this behaviour, a non expansion policy is used in IPComp. 95If the data payload is smaller than a given threshold, it will not be 96compressed. 97No IPComp header will be inserted. 98.Pp 99IPComp uses the same policy framework as IPsec. 100However unlike IPsec, only one policy is available for IPComp: 101.Bl -tag -width IPSEC_LEVEL_USE 102.It IPSEC_LEVEL_USE 103Use IPComp for sending packets but still accept packets which are not 104compressed. 105.El 106.Sh DIAGNOSTICS 107.Xr netstat 1 108can be used to obtain some statistics about IPComp usage, using the 109.Fl p 110flag. 111Just like for IPsec, using the 112.Fl r 113flag, 114.Xr netstat 1 115displays information about IPComp flows. 116.Sh SEE ALSO 117.Xr enc 4 , 118.Xr inet 4 , 119.Xr ip 4 , 120.Xr ipsec 4 , 121.Xr netintro 4 , 122.Xr ipsecadm 8 123.Sh HISTORY 124The 125.Nm 126protocol first appeared in 127.Ox 3.0 . 128.Sh AUTHORS 129Support for the 130.Nm 131protocol was written by 132.An Jean-Jacques Bernard-Gundol Aq jj@wabbitt.org . 133