[Gllug] IPComp

Ian Norton bredroll at darkspace.org.uk
Thu Sep 2 16:06:18 UTC 2004


On Thu, 2004-09-02 at 13:14, Russell Howe wrote:
> Your project could focus on seperating IPcomp from the *S/WAN projects,
> while retaining all existing functionality, but it might not be much
> fun, and could well prove either exceptionally easy or exceptionally
> hard.
> 
> Not to mention that it would dramatically change the amount of coding
> you'd be doing - you'd probably spend most of your time figuring out:
> 
> a) How on earth it hooks into *S/WAN
> b) How on earth to hook it into the networking layer instead
> c) How on earth to configure it from userspace
> d) I'm sure there'll be a d... :)

Regarding encryption and compression, The reason that *SWAN encompases
an IPComp system is if you have good encryption then you must always
compress first to get any benefit (it also helps prevent fragmentation).

I've already figured out about hooking into the network stack with
sk_buffs and should be able to transform the relevant (only TCP or UDP)
datagrams before they get munged into ipsec packets. So.. theoretically,
It should co-exist with IPSec anyway.

Also as IPComp has an IANA protocol number I would be able to do
filtering on the data 'properly' with iptables,

Given that I've not seen much evidence that IPComp is used
frequently/easily outside IPSec (although I can't see why it shouldnt
be) do you think that an easier to operate implementation would be a
good idea?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20040902/f3d7b82d/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list