Skip to content

IPAddrPairRewriter

Jump to bottom Edit New page
Tom Barbette edited this page Oct 3, 2018 · 2 revisions

IPAddrPairRewriter Element Documentation

NAME

IPAddrPairRewriter — Click element; rewrites IP packets' addresses by address pair

SYNOPSIS

IPAddrPairRewriter(INPUTSPEC1, ..., INPUTSPECn)

DESCRIPTION

Rewrites the source and/or destination addresses on IP packets, along with their checksums. IPAddrPairRewriter implements per-address-pair network address translation, a midpoint between Basic NAT (see IPAddrRewriter) and NAPT (see IPRewriter and TCPRewriter).

IPAddrPairRewriter maintains a mapping table that records how addresses are rewritten. On receiving a packet, IPAddrPairRewriter first looks up that packet in the mapping table by source/destination address pair. If the table contains a mapping, then the packet is rewritten according to the mapping and emitted on the specified output port. If there was no mapping, the packet is handled by the INPUTSPEC corresponding to the input port on which the packet arrived. (There are as many input ports as INPUTSPECs.) Most INPUTSPECs install new mappings, so that future packets from the same address are handled by the mapping table rather than some INPUTSPEC. The six forms of INPUTSPEC handle input packets as follows:

  • 'drop', 'pass OUTPUT', 'keep FOUTPUT ROUTPUT', 'ELEMENTNAME' — These INPUTSPECs behave like those in IPRewriter.

  • 'pattern SADDR[-SADDR2] DADDR FOUTPUT ROUTPUT' — Creates a mapping according to the given pattern, 'SADDR DADDR'. Either pattern field may be a dash '-', in which case the corresponding field is left unchanged. For instance, the pattern '1.0.0.1 -' will rewrite input packets' source address, but leave its destination address unchanged. SADDR may be a range 'L-H' or prefix 'ADDR/PFX'; IPRewriter will choose an unallocated address in that range, or drop the packet if no address is available. Normally addresses are chosen randomly within the range. To allocate addresses sequentially (which can make testing easier), append a pound sign to the range, as in '1.0.0.1-1.255.255.254#'.

    Say a packet with address pair (SA, DA) is received, and the corresponding new addresses are (SA', DA'). Then two mappings are installed:

          (SA, DA) => (SA', DA') [FOUTPUT]
      (DA', SA') => (DA, SA) [ROUTPUT]

    Thus, the input packet is rewritten and sent to FOUTPUT, and packets from the reply flow are rewritten to look like part of the original flow and sent to ROUTPUT.

  • 'pattern PATNAME FOUTPUT ROUTPUT' — Behaves like the version in IPRewriter, except that PATNAME must name an IPAddrRewriter-like pattern.

Input packets must have their IP header annotations set. IPAddrPairRewriter changes IP packet data and destination IP address annotations.

Keyword arguments are:

  • TIMEOUT time — Time out connections every time seconds. Default is 5 minutes.
  • GUARANTEE time — Preserve each connection mapping for at least time seconds after each successfully processed packet. Defaults to 5 seconds. Incoming flows are dropped if the mapping table is full of guaranteed flows.
  • REAP_INTERVAL time — Reap timed-out connections every time seconds. Default is 15 minutes.
  • MAPPING_CAPACITY capacity — Set the maximum number of mappings this rewriter can hold to capacity. Capacity can either be an integer or the name of another rewriter-like element, in which case this element will share the other element's capacity.

ELEMENT HANDLERS

  • table (read-only) — Returns a human-readable description of the IPAddrRewriter's current mapping table.
  • table_size (read-only) — Returns the number of mappings in the table.
  • patterns (read-only) — Returns a human-readable description of the patterns associated with this IPAddrRewriter.

SEE ALSO

IPRewriter, IPAddrRewriter, TCPRewriter, IPRewriterPatterns, RoundRobinIPMapper, FTPPortMapper, ICMPRewriter, ICMPPingRewriter, StoreIPAddress (for simple uses)

Generated by click-elem2man from ../elements/ip/ipaddrpairrewriter.hh:8 on 2018/10/03.

Add a custom footer
Clone this wiki locally