-
Notifications
You must be signed in to change notification settings - Fork 78
AnonymizeIPAddr
AnonymizeIPAddr — Click element; anonymizes top-level IP addresses in passing packets
AnonymizeIPAddr
Ports: 1 input, 1-2 outputs
Processing: agnostic
AnonymizeIPAddr anonymizes the source and destination IP addresses in passing IPv4 packets. (Packets must have IP header annotations.) The anonymization transformation is prefix-preserving: If two input addresses shared the same p-bit prefix, then the corresponding output addresses also share the same p-bit prefix. AnonymizeIPAddr was based on Greg Minshall's tcpdpriv; see http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html.
The special IP addresses 0.0.0.0 and 255.255.255.255 are always mapped to themselves, independent of any other mapping.
AnonymizeIPAddr also incrementally updates the IP header checksum, so the new header is correct iff the old header was correct.
AnonymizeIPAddr only manipulates the IP header pointed to by the IP header annotation. This differs from tcpdpriv, which also anonymizes addresses on encapsulated IP headers for protocol 4 (ipip).
Keyword arguments are:
-
CLASS — Integer. Preserve some "class" information from input IP addresses. If CLASS is 1, then class A is preserved: an output address is in class A if and only if the corresponding input address was in class A. If CLASS is 2, then class B is preserved as well. CLASS 3 preserves classes A, B, and C, and CLASS 4 preserves classes A, B, C, and D. The CLASS flag works by preserving leading one bits; higher CLASSes, up to 32, preserve more one bits. Default CLASS is 0 (no preservation).
-
PRESERVE_8 — Space-separated list of integers. Preserve the listed 8-bit prefixes. For example, with 'PRESERVE_8 18', an output address is in the network 18.0.0.0/8 if and only if the input address was in that network. Default is empty.
In a prefix-preserving anonymization, PRESERVE_8 introduces structure into nearby 8-bit prefixes. For example, 'PRESERVE_8 18' also maps net 19 to net 19: nets 18 and 19 share their top 7 bits, so because of prefix preservation, net 19 must map to itself. Other nearby networks are permuted: nets 16 and 17, for example, must map to themselves or to each other. Here is the complete list:
Input nets map to Output nets 0-15 ... 0-15 16-17 ... 16-17 18 ... 18 19 ... 19 20-23 ... 20-23 24-31 ... 24-31 32-63 ... 32-63 64-127 ... 64-127 128-255 ... 128-255
AnonymizeIPAddr's anonymization corresponds to tcpdpriv's -A50 option.
Prefix-preserving anonymization is not foolproof. The [http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html](tcpdpriv distribution) contains a paper describing the possible attack. Tatu Ylonen closes that document by saying: "If you are very concerned about leaking your network topology, I would not recommend giving out trace information privatized with the -A50 option. I wouldn't expect this to be the case for most organizations."
- CLICK_LLRPC_MAP_IPADDRESS (llrpc) — Argument is a pointer to an IP address. An IP address is read from that location; the corresponding anonymized IP address is then stored into that location.
Generated by click-elem2man from ../elements/analysis/anonipaddr.hh:8 on 2018/10/03.