[strongSwan] TFC with compression
Jafar Al-Gharaibeh
jafar at atcorp.com
Thu Jan 25 17:39:25 CET 2018
The whole point of TFC is to make all packets have the same length so
that an outside observer
can't infer anything from the size of the packets in the flow.
Compression changes the size of
every packet so you end up with non-equal size packets anyway.
Compression defeats the purpose
of TFC. Furthermore, if you really care about bandwidth and you use
compression then TFC is a bad idea
in the first place since it adds a considerable overhead. The other
case of applying TFC after compression
doesn't make sense at all.
Regards,
Jafar
On 1/25/2018 9:30 AM, Stefan Xenon wrote:
> Hi!
> I enabled TFC in ipsec.conf and traced the traffic with Wireshark. I
> noticed that TFC only seems to work when compression is disabled (in
> which case packed length is identical). Is there a way to use both TFC
> and compression at the same time? If not, what is the reason behind this
> limitation? Thank you for your help.
>
> Best regards,
> Stefan
>
More information about the Users
mailing list