CipeXpatch - Data Compression for CIPE

CipeXpatch adds data compression to CIPE version 1.5.4 with the following features:

Increases the effective bandwidth by a factor of up to 4, depending on the type of file transferred.
On average, the effective bandwidth is increased by a factor in the range of 1.5 - 2.5.
Data compression is optional. When disabled, CipeX is fully compatible with standard CIPE.
Only large packets are compressed. The minimum packet size for compression and the minimum compression ratio are adjustable.
Implemented for CIPE protocol versions 3 (ptpp interface) and 4 (Ethernet interface).
Pkcipe is supported as pkcipex.
Uses the name prefix cix instead of cip, allowing both the standard and patched version on the same system.
Logs the tunnel statistics when the interface goes down. Uses 64-bit counters for large volume statistics.
The MiniLZO package is used for the data compression.
Includes most of the latest patches for CIPE version 1.5.4.
Supported Linux kernel versions: > 2.4.7. and < 2.4.37. (Other versions are not tested.)

A preliminary patch for CIPE version 1.6.0 is available, tested on 2.4.29 and 2.6.10 kernels.

CipeX is programmed in the "C" language and is distributed as a set of patch files. (See "download" below)

Description

CIPE stands for Crypto IP Encapsulation. The CIPE package provides an encrypting IP tunnel device for creating encrypting routers for Virtual Private Network (VPN) applications. CIPE provides a Point-to-point (protocol = 3) or an Ethernet interface (protocol = 4). IP packets sent to the CIPE interface are encrypted and encapsulated in UDP datagrams and sent to the peer, the other end of the tunnel. There they are de-capsulated and de-crypted and received at the CIPE interface.
CipeXpatch adds data compression/expansion to the CIPE device, decreasing the volume of network traffic and increasing the effective tunnel bandwidth.
The encapsulated IP packet is compressed before encryption in the sending CipeX device and expanded after decryption in the receiving CipeX device. The MiniLZO routines used for data compression and expansion are fast, efficient and not very CPU-intensive.

Syntax

Protocol version 3:



/sbin/modprobe cixcb [ cipe_debug=n ]

/usr/local/sbin/cixed-cb [ -i | -s fd ]  -o configfile [option...]

Protocol version 4:



/sbin/modprobe cixdb [ cipe_debug=n ]

/usr/local/sbin/cixed-db [ -i | -s fd ]  -o configfile [option...]

Pkcipe:



/usr/local/sbin/pkcipex [ -i | -c host:port][-k keyfile][-p proto][-t secs]  name

Interface Parameters

The following parameters have been added to configure the data compression:


  nocomp

Disables the data compression.


  minsizecomp=size

Specifies the minimum packet size (in bytes) for data compression (default: 500).


  minratio=ratio

Specifies the minimum compression ratio (per cent) for transmission (default: 100, range: 100..999).

Configure Options

The following options have been added to the configure script:
--disable-mlzo Disables the compression code. Generates a standard cipcb or cipdb kernelmodule and the ciped-cb or ciped-db program.
--enable-rh242 Enables special handling for Red Hat 7.1 2.4.2 kernels. Requires also the option --with-mkvers=2,4,2 This option is only available for CipeX 1.5.4-x.yy.
--with-mkvers=x,y,z Overrides the minimum kernel version restriction. Without this option, the compression code is disabled for kernel versions < 2.4.7.

Protocol

The Most Significant Bit of the P-byte is used to indicate a compressed packet. (The P-byte is the byte appended to encapsulated packets to indicate the packet type and the number of pad-bytes, and is the last byte before the trailing 32-bit checksum.).

The last of the filler bytes in the confinfo structure of the CT_CONF message is used to indicate the compression capability.

Debug Value

A value of 256 for the cipe_debug insmod module option was added to enable debug information for the compression code. (Note that this option is not valid if no DEBUG code is included in the build, e.g. when built with the --disable-debug option.)

Prerequisites

You need the following to successfully build a CipeX-patched version of CIPE:

CIPE 1.5.4 or CIPE 1.6.0 [http://sites.inka.de/~bigred/devel/cipe.htm]

MiniLZO 1.08 [http://www.oberhumer.com/opensource/lzo/]

This CipeXpatch

Whatever you need to build a standard CIPE kernel module, such as the correct compiler and kernel include tree, and the patch(1) utility program.

Changelog

Version 1.5.4-0.20: Initial development release (May 2003).

Version 1.5.4-1.00: First production release (June 2003).

Version 1.5.4-1.07: Second development release (June 2003).

Version 1.5.4-1.10: Second production release (July 2003).

Version 1.6.0-0.50: Initial development release (Feb 2005).

Known Issues

See errata file for 1.5.4-1.10.

See errata file for 1.6.0-0.50.

Download

Current version:

Patch set: cipexpatch-1.5.4-1.10.tar.gz md5 checksum
Instruction summary: Unpack the archive in (for example) /usr/local/src/. It will create the subdirectory cipexpatch/ containing a patch script cipexpatch.sh and the archive cipex-1.5.4-1.10.patchset.tar.gz containing the patches. Read for detailed instructions the file PATCH-INSTRUCTIONS.

Patch set: cipexpatch-1.6.0-0.50.tar.gz md5 checksum
Instruction summary: Unpack the archive in (for example) /usr/local/src/. It will create the subdirectory cipexpatch/ containing a patch script cipexpatch.sh and the archive cipex-1.6.0-0.50.patchset.tar.gz containing the patches. Read for detailed instructions the file PATCH-INSTRUCTIONS.

Already patched versions:

cipex-1.5.4-1.10.tar.gz md5 checksum This is CIPE 1.5.4 with the above patch set already applied.

cipex-1.6.0-0.50.tar.gz md5 checksum This is CIPE 1.6.0 with the above (preliminary) patch set already applied.

cipex-1.6.0-0.70.tar.gz (preliminary update for kernel 2.6.18)

cipex-1.6.0-0.71.tar.gz (preliminary update for kernel 2.6.19)

Generic CIPE - patched versions:

cipe-1.6.0-StE-3.tar.gz (preliminary update for kernel 2.6.18)

cipe-1.6.0-StE-4.tar.gz (preliminary update for kernel 2.6.19)

Important Note: Use always the same compiler and source tree as used for building your kernel. Differences will result in unpredictable behavior and possibly cause system crashes. Run a 'make oldconfig' with the same .config and Makefile as used to build your kernel, if you changed the configuration since.

Sponsor

The Walinco Group contributed to the development costs of this software, and uses this software for inter-connecting local networks.

License

GNU GENERAL PUBLIC LICENSE (GPL)

Contact

Send feedback and bug reports to:

Hans Steegers, August 2009.

Disclaimer

USE OF ANY SOFTWARE PROVIDED ON THIS INTERNET SITE IS SUBJECT TO THESE
TERMS AND CONDITIONS.
PLEASE READ THESE TERMS CAREFULLY, BECAUSE USE OF THE
SOFTWARE CONSTITUTES ACCEPTANCE OF THESE TERMS AND CONDITIONS.

THIS SOFTWARE IS PROVIDED BY THE AUTHORS "AS IS" AND "INCLUDING ALL FAULTS."
THE AUTHORS MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND
CONCERNING THE ACCURACY, COMPLETENESS OR SUITABILITY OF THE SOFTWARE,
EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

THE SOFTWARE IS BEING PROVIDED UNDER THE LICENSE CONDITIONS, AS STATED UNDER
THE ABOVE HEADING "LICENSE".

THIS SOFTWARE IS BEING PROVIDED IN OPEN SOURCE FORM WITHOUT CHARGE FOR NON-COMMERCIAL
PURPOSES. ACCORDINGLY, THE AUTHORS SHALL NOT BE LIABLE UNDER ANY CIRCUMSTANCES
OR UNDER ANY LEGAL THEORY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL
OR CONSEQUENTIAL DAMAGES THAT MAY BE SUFFERED BY YOU OR ANY OTHER USER OF THE
SOFTWARE IN CONNECTION WITH OR AS A RESULT OF THE SOFTWARE OR DERIVED PRODUCTS,
REGARDLESS OF HOW SUCH DAMAGES MAY ARISE AND EVEN IF THE AUTHORS HAVE BEEN
PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.