Some time ago, I looked into implementing zlib compression to cipe for low
bandwidth connections. With today's processor speeds, we can stream
gzip -9 throughputs at 1mb/s or more which is fine for DSL or cable
lines. Here's the idea:
+---<cipe w/ zlib-9 on a DS3/T3>-->internet
The low bandwidth connections like DSL could acheive an effective DS3
bandwidth if the compression is high enough (of course this would really
only help for text, but think what goes across coroprate
vpn's: powerpoint, word, excel, etc...)
I've decided to put some more time into developing this. I have gotten
zlib to work in kernel-land with a little modification (basically changing
malloc/free's to kmalloc/kfree's).
I've posted my modified version of output.c at
http://xeon.eboch.com/cipe/output.c for parusal. Look for the <zLib>
sections to see where my modifications have been made within existing
I've also added a cipe_compress function towards the top of the file.
Here's the theory:
1. Interrupt skb transmission *before* encryption.
2. See if space can be saved by compressing the outgoing skb.
3. Change the payload of skb->data to contain compressed
information; the first 2 bytes contain the decompressed packet size in
network byte order (htons). The remainder is the compressed data.
4. After modifying the skb, let it continue on to be encrypted.
This seems to work pretty well. Just compressing the data (sending
kernel debug messages for compresion info), I can get a 91% compression
ratio for 'telnet cipe-host chargen'. I realize that chargen is trivial
uncompressed data and not real-world, but it does show that the
cipe_compress function works.
Compressing the data is easy; it's done and works. The problems that I am
running into are as follows:
1. How (where) do I interrupt the incoming packet stream *after*
decryption to decompress the data? I figure this happens in
sock.c/cipe_recvmsg(), but I've not been able to figure out where.
2. Since I'm changing skb structures on an outbound message, do I need
to worry about memory leaks? I'm using skb_push/pull to change the data
size, so I wouldn't expect so. Still, this question should be addressed.
Any suggestions and/or comments would be greatly appreciated. I work
doing VPN stuff and would love to get this implemented for our clients.
Exception (not meant to be offensive):
I looked into vtun.sourceforge.net, but I don't like their userland
implementation. I get the feeling that it may have the same problems that
tunneling ppp through ssh may have on tcp connections; please don't
suggest vtun, I like cipe!
20417 SW 70th Ave.
Tualatin, OR 97062