diff options
Diffstat (limited to 'static/openbsd/man4/ipcomp.4')
| -rw-r--r-- | static/openbsd/man4/ipcomp.4 | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/static/openbsd/man4/ipcomp.4 b/static/openbsd/man4/ipcomp.4 new file mode 100644 index 00000000..acd6f709 --- /dev/null +++ b/static/openbsd/man4/ipcomp.4 @@ -0,0 +1,124 @@ +.\" $OpenBSD: ipcomp.4,v 1.17 2022/12/23 07:16:55 jmc Exp $ +.\" +.\" Copyright (c) 2001 Jean-Jacques Bernard-Gundol <jj@wabbitt.org> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 23 2022 $ +.Dt IPCOMP 4 +.Os +.Sh NAME +.Nm ipcomp +.Nd IP Payload Compression Protocol +.Sh DESCRIPTION +IPComp is enabled with the following +.Xr sysctl 2 +variable in +.Pa /etc/sysctl.conf : +.Bl -tag -width xxxxxxxxxxxxxxxxxxxxx -offset indent +.It net.inet.ipcomp.enable +.El +.Pp +IPComp is a protocol used to reduce the size of IP datagrams. +It can be used to enhance the communication performance between a pair +of hosts/gateways, especially on slow links, by compressing the +datagrams, provided the communicating entities have enough computational +power. +.Pp +This protocol is especially useful when encryption or authentication +is applied to IP datagrams using the IPsec protocol (see +.Xr ipsec 4 +for more information about IPsec). +Encrypting information is increasing its entropy to a point where +compression to a lower layer becomes completely useless (e.g., the +PPP Compression Control Protocol). +IPcomp is applied at the network layer before other encryption +operations are applied (except encryption protocols applied at a +higher layer such as +.Xr ssh 1 +or +.Xr ssl 8 ) . +.Pp +Just like for the other IPsec protocols, IPComp needs some parameters +for each connection, specifying how the compression should be done +between the entities. +The parameters are collected in a structure called an +IPComp Association (IPCA). +The parameters stored in an IPCA are the destination address and the +Compression Parameter Index (CPI). +An IPCA is the pendant of the SA (Security Association) for IPsec. +.Pp +Currently, IPCA can be created using the +.Xr ipsecctl 8 +tool. +Using +.Xr ipsecctl 8 +it is also possible to create IPComp flows and SA/IPCA +bundles. +Such a bundle is used to create a combination of IPsec and IPComp +flows (thus enabling compression in an IPsec protocol). +.Pp +The compression is done on the data following the IP header and an +IPComp header is inserted between the compressed data and the IP +header. +In the case of IPv6, there are extension headers which cannot be +compressed since they are modified by the router along the way to the +destination. +These extension headers are hop-by-hop, routing, and fragmentation. +.Pp +When doing compression, it is possible that the uncompressed data is +smaller in size than the compressed data. +To avoid this behaviour, a non expansion policy is used in IPComp. +If the data payload is smaller than a given threshold, it will not be +compressed. +No IPComp header will be inserted. +.Pp +IPComp uses the same policy framework as IPsec. +However unlike IPsec, only one policy is available for IPComp: +.Bl -tag -width IPSEC_LEVEL_USE +.It IPSEC_LEVEL_USE +Use IPComp for sending packets but still accept packets which are not +compressed. +.El +.Sh DIAGNOSTICS +.Xr netstat 1 +can be used to obtain some statistics about IPComp usage: +.Pp +.Dl $ netstat -s -p ipcomp +.Sh SEE ALSO +.Xr enc 4 , +.Xr inet 4 , +.Xr ip 4 , +.Xr ipsec 4 , +.Xr netintro 4 , +.Xr ipsecctl 8 , +.Xr sysctl 8 +.Sh HISTORY +The +.Nm +protocol first appeared in +.Ox 3.0 . +.Sh AUTHORS +Support for the +.Nm +protocol was written by +.An Jean-Jacques Bernard-Gundol Aq Mt jj@wabbitt.org . |