-
Notifications
You must be signed in to change notification settings - Fork 78
/
checkipheader.hh
176 lines (124 loc) · 5.39 KB
/
checkipheader.hh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
#ifndef CLICK_CHECKIPHEADER_HH
#define CLICK_CHECKIPHEADER_HH
#include <click/batchelement.hh>
#include <click/atomic.hh>
CLICK_DECLS
class Args;
/*
=c
CheckIPHeader([OFFSET, I<keywords> OFFSET, INTERFACES, BADSRC,
GOODDST, CHECKSUM, VERBOSE, DETAILS])
=s ip
checks IP header
=d
Input packets should have IP headers starting OFFSET bytes in. Default OFFSET
is zero. Checks that the packet's length is reasonable, and that the IP
version, header length, length, and checksum fields are valid. Checks that the
IP source address is a legal unicast address, or that the packet is destined
for one of this machine's addresses (see below). Shortens packets to the IP
length, if the IP length is shorter than the nominal packet length (due to
Ethernet padding, for example). Also sets the destination IP address
annotation to the actual destination IP address.
CheckIPHeader emits valid packets on output 0. Invalid packets are pushed out
on output 1, unless output 1 was unused; if so, drops invalid packets.
CheckIPHeader checks packets' source addresses for validity if one or more of
the INTERFACES, BADSRC, and GOODDST keyword arguments are supplied (RFC1812
5.3.7).
CheckIPHeader prints a message to the console the first time it encounters an
incorrect IP packet (but see VERBOSE below).
Keyword arguments are:
=over 5
=item CHECKSUM
Boolean. If true, then check each packet's checksum for validity; if false, do
not check the checksum. Default is true.
=item OFFSET
Unsigned integer. Byte position at which the IP header begins. Default is 0.
=item BADSRC
Space-separated list of IP addresses. CheckIPHeader will drop packets whose
source address is on this list (but see GOODDST below). Default is empty.
=item GOODDST
Space-separated list of IP addresses. CheckIPHeader exempts packets whose
destination address is on this list from BADSRC processing. Default is empty.
=item INTERFACES
Space-separated list of IP addresses with network prefixes, meant to represent
this router's interface addresses. This argument specifies both BADSRC and
GOODDST. Specifically, the argument "INTERFACES 18.26.4.9/24 18.32.9.44/28"
acts like a BADSRC of "18.26.4.255 18.32.9.47 0.0.0.0 255.255.255.255" -- the
set of broadcast addresses for this router -- and a GOODDST of "18.26.4.9
18.32.9.44". Default is not given.
=item VERBOSE
Boolean. If it is true, then a message will be printed for every erroneous
packet, rather than just the first. False by default.
=item DETAILS
Boolean. If it is true, then CheckIPHeader will maintain detailed counts of
how many packets were dropped for each possible reason, accessible through the
C<drop_details> handler. False by default.
=back
=n
CheckIPHeader supports an old configuration syntax:
CheckIPHeader([BADSRC2, OFFSET, I<keywords>])
The BADSRC2 argument behaves like the BADSRC keyword, except that if you use
this syntax, 0.0.0.0 and 255.255.255.255 considered bad addresses in addition
to those explicitly in the list. This syntax is deprecated and should not be
used in new configurations.
=h count read-only
Returns the number of correct packets CheckIPHeader has seen.
=h drops read-only
Returns the number of incorrect packets CheckIPHeader has seen.
=h drop_details read-only
Returns a text file showing how many erroneous packets CheckIPHeader has seen,
subdivided by error. Only available if the DETAILS keyword argument is true.
=a CheckIPHeader2, MarkIPHeader, SetIPChecksum, StripIPHeader,
CheckTCPHeader, CheckUDPHeader, CheckICMPHeader
*/
class CheckIPHeader : public SimpleElement<CheckIPHeader> {
public:
CheckIPHeader() CLICK_COLD;
~CheckIPHeader() CLICK_COLD;
const char *class_name() const override { return "CheckIPHeader"; }
const char *port_count() const override { return PORTS_1_1X2; }
const char *processing() const override { return PROCESSING_A_AH; }
const char *flags() const { return Element::AGNOSTIC; }
int configure(Vector<String> &, ErrorHandler *) CLICK_COLD;
void add_handlers() CLICK_COLD;
Packet *simple_action(Packet *p);
struct OldBadSrcArg {
static bool parse(const String &str, Vector<IPAddress> &result, Args &args);
};
struct InterfacesArg {
static bool parse(
const String &str, Vector<IPAddress> &result_bad_src,
Vector<IPAddress> &result_good_dst, Args &args
);
};
protected:
enum Reason {
MINISCULE_PACKET = 0,
BAD_VERSION,
BAD_HLEN,
BAD_IP_LEN,
BAD_CHECKSUM,
BAD_SADDR,
NREASONS
};
private:
unsigned _offset;
Vector<IPAddress> _bad_src; // array of illegal IP src addresses
bool _checksum;
#if HAVE_FAST_CHECKSUM && FAST_CHECKSUM_ALIGNED
bool _aligned;
#endif
bool _verbose;
Vector<IPAddress> _good_dst; // array of IP dst addrs for which _bad_src does not apply
atomic_uint64_t _count;
atomic_uint64_t _drops;
atomic_uint64_t *_reason_drops;
static const char * const reason_texts[NREASONS];
enum { h_count, h_drops, h_drop_details };
inline Reason valid(Packet *p);
Packet *drop(Reason reason, Packet *p, bool batch);
static String read_handler(Element *e, void *thunk) CLICK_COLD;
friend class CheckIPHeader2;
};
CLICK_ENDDECLS
#endif