Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
IPCOMP(4)	       FreeBSD Kernel Interfaces Manual		     IPCOMP(4)

     ipcomp -- IP Payload Compression Protocol

     IPComp is enabled with the	following sysctl(2) variable in


     IPComp is a protocol used to reduce the size of IP	datagrams.  It can be
     used to enhance the communication performance between a pair of
     hosts/gateways, especially	on slow	links, by compressing the datagrams,
     provided the communicating	entities have enough computational power.

     This protocol is especially useful	when encryption	or authentication is
     applied to	IP datagrams using the IPsec protocol (see ipsec(4) for	more
     information about IPsec).	Encrypting information is increasing its en-
     tropy to a	point where compression	to a lower layer becomes completely
     useless (e.g., the	PPP Compression	Control	Protocol).  IPcomp is applied
     at	the network layer before other encryption operations are applied (ex-
     cept encryption protocols applied at a higher layer such as ssh(1)	or

     Just like for the other IPsec protocols, IPComp needs some	parameters for
     each connection, specifying how the compression should be done between
     the entities.  The	parameters are collected in a structure	called an IP-
     Comp Association (IPCA).  The parameters stored in	an IPCA	are the	desti-
     nation address and	the Compression	Parameter Index	(CPI).	An IPCA	is the
     pendant of	the SA (Security Association) for IPsec.

     Currently,	IPCA can be created using the ipsecctl(8) tool.	 Using
     ipsecctl(8) it is also possible to	create IPComp flows and	SA/IPCA	bun-
     dles.  Such a bundle is used to create a combination of IPsec and IPComp
     flows (thus enabling compression in an IPsec protocol).

     The compression is	done on	the data following the IP header and an	IPComp
     header is inserted	between	the compressed data and	the IP header.	In the
     case of IPv6, there are extension headers which cannot be compressed
     since they	are modified by	the router along the way to the	destination.
     These extension headers are hop-by-hop, routing, and fragmentation.

     When doing	compression, it	is possible that the uncompressed data is
     smaller in	size than the compressed data.	To avoid this behaviour, a non
     expansion policy is used in IPComp.  If the data payload is smaller than
     a given threshold,	it will	not be compressed.  No IPComp header will be

     IPComp uses the same policy framework as IPsec.  However unlike IPsec,
     only one policy is	available for IPComp:

     IPSEC_LEVEL_USE  Use IPComp for sending packets but still accept packets
		      which are	not compressed.

     netstat(1)	can be used to obtain some statistics about IPComp usage, us-
     ing the -p	flag.  Just like for IPsec, using the -r flag, netstat(1) dis-
     plays information about IPComp flows.

     enc(4), inet(4), ip(4), ipsec(4), netintro(4), ipsecctl(8), sysctl(8)

     The ipcomp	protocol first appeared	in OpenBSD 3.0.

     Support for the ipcomp protocol was written by Jean-Jacques
     Bernard-Gundol <>.

FreeBSD	13.0		       January 12, 2018			  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help