1.\" $OpenBSD: ipcomp.4,v 1.13 2006/05/26 04:02:59 deraadt Exp $ 2.\" 3.\" Copyright (c) 2001 Jean-Jacques Bernard-Gundol <jj@wabbitt.org> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" 26.Dd June 27, 2001 27.Dt IPCOMP 4 28.Os 29.Sh NAME 30.Nm ipcomp 31.Nd IP Payload Compression Protocol 32.Sh DESCRIPTION 33IPComp is enabled with the following 34.Xr sysctl 3 35variable in 36.Pa /etc/sysctl.conf : 37.Bl -tag -width xxxxxxxxxxxxxxxxxxxxx -offset indent 38.It net.inet.ipcomp.enable 39.El 40.Pp 41IPComp is a protocol used to reduce the size of IP datagrams. 42It can be used to enhance the communication performance between a pair 43of hosts/gateways, especially on slow links, by compressing the 44datagrams, provided the communicating entities have enough computational 45power. 46.Pp 47This protocol is especially useful when encryption or authentication 48is applied to IP datagrams using the IPsec protocol (see 49.Xr ipsec 4 50for more information about IPsec). 51Encrypting information is increasing its entropy to a point where 52compression to a lower layer becomes completely useless (e.g., the 53PPP Compression Control Protocol). 54IPcomp is applied at the network layer before other encryption 55operations are applied (except encryption protocols applied at a 56higher layer such as 57.Xr ssh 1 58or 59.Xr ssl 8 ) . 60.Pp 61Just like for the other IPsec protocols, IPComp needs some parameters 62for each connection, specifying how the compression should be done 63between the entities. 64The parameters are collected in a structure called an 65IPComp Association (IPCA). 66The parameters stored in an IPCA are the destination address and the 67Compression Parameter Index (CPI). 68An IPCA is the pendant of the SA (Security Association) for IPsec. 69.Pp 70Currently, IPCA can be created using the 71.Xr ipsecctl 8 72tool. 73Using 74.Xr ipsecctl 8 75it is also possible to create IPComp flows and SA/IPCA 76bundles. 77Such a bundle is used to create a combination of IPsec and IPComp 78flows (thus enabling compression in an IPsec protocol). 79.Pp 80The compression is done on the data following the IP header and an 81IPComp header is inserted between the compressed data and the IP 82header. 83In the case of IPv6, there are extension headers which cannot be 84compressed since they are modified by the router along the way to the 85destination. 86These extension headers are hop-by-hop, routing, and fragmentation. 87.Pp 88When doing compression, it is possible that the uncompressed data is 89smaller in size than the compressed data. 90To avoid this behaviour, a non expansion policy is used in IPComp. 91If the data payload is smaller than a given threshold, it will not be 92compressed. 93No IPComp header will be inserted. 94.Pp 95IPComp uses the same policy framework as IPsec. 96However unlike IPsec, only one policy is available for IPComp: 97.Bl -tag -width IPSEC_LEVEL_USE 98.It IPSEC_LEVEL_USE 99Use IPComp for sending packets but still accept packets which are not 100compressed. 101.El 102.Sh DIAGNOSTICS 103.Xr netstat 1 104can be used to obtain some statistics about IPComp usage, using the 105.Fl p 106flag. 107Just like for IPsec, using the 108.Fl r 109flag, 110.Xr netstat 1 111displays information about IPComp flows. 112.Sh SEE ALSO 113.Xr enc 4 , 114.Xr inet 4 , 115.Xr ip 4 , 116.Xr ipsec 4 , 117.Xr netintro 4 , 118.Xr ipsecctl 8 , 119.Xr sysctl 8 120.Sh HISTORY 121The 122.Nm 123protocol first appeared in 124.Ox 3.0 . 125.Sh AUTHORS 126Support for the 127.Nm 128protocol was written by 129.An Jean-Jacques Bernard-Gundol Aq jj@wabbitt.org . 130