-
Notifications
You must be signed in to change notification settings - Fork 81
IPAddrRewriter
IPAddrRewriter — Click element; rewrites IP packets' addresses
IPAddrRewriter(INPUTSPEC1, ..., INPUTSPECn)
Rewrites the source and/or destination addresses on IP packets, along with their checksums. IPAddrRewriter implements the functionality of a network address translator (Basic NAT), where internal hosts are assigned temporary IP addresses as they access the Internet. Basic NAT works for any IP protocol, but the number of internal hosts that can access the Internet simultaneously is limited by the number of external IP addresses available. See also IPRewriter and TCPRewriter, which implement network address/port translation (NAPT).
IPAddrRewriter maintains a mapping table that records how addresses are rewritten. On receiving a packet, IPAddrRewriter first looks up that packet in the mapping table by source or destination address. If the table contains a mapping for either address, then the packet is rewritten according to the mapping and emitted on the specified output port. If there was no mapping, the packet is handled by the INPUTSPEC corresponding to the input port on which the packet arrived. (There are as many input ports as INPUTSPECs.) Most INPUTSPECs install new mappings, so that future packets from the same address are handled by the mapping table rather than some INPUTSPEC. The six forms of INPUTSPEC handle input packets as follows:
-
'drop', 'pass OUTPUT', 'keep FOUTPUT ROUTPUT', 'ELEMENTNAME' — These INPUTSPECs behave like those in IPRewriter.
-
'pattern SADDR[-SADDR2] - FOUTPUT ROUTPUT' — Creates a mapping according to the given pattern. The destination address must be a dash '-', since IPAddrRewriter only changes outgoing packets' source addresses. (If you want to rewrite destination addresses, use IPAddrPairRewriter instead.) SADDR may be a range 'L-H' or prefix 'ADDR/PFX'; IPRewriter will choose an unallocated address in that range, or drop the packet if no address is available. Normally addresses are chosen randomly within the range. To allocate addresses sequentially (which can make testing easier), append a pound sign to the range, as in '1.0.0.1-1.255.255.254#'. SADDR may also be a dash, in which case the source address is left unchanged.
Packets sent from the old source address are rewritten and sent to FOUTPUT, and packets sent to the new source address are rewritten back and sent to ROUTPUT.
-
'pattern PATNAME FOUTPUT ROUTPUT' — Behaves like the version in IPRewriter, except that PATNAME must name an IPAddrRewriter-like pattern.
Input packets must have their IP header annotations set. IPAddrRewriter changes IP packet data and destination IP address annotations.
Keyword arguments are:
- TIMEOUT time — Time out connections every time seconds. Default is 5 minutes.
- GUARANTEE time — Preserve each connection mapping for at least time seconds after each successfully processed packet. Defaults to 5 seconds. Incoming flows are dropped if the mapping table is full of guaranteed flows.
- REAP_INTERVAL time — Reap timed-out connections every time seconds. Default is 15 minutes.
- MAPPING_CAPACITY capacity — Set the maximum number of mappings this rewriter can hold to capacity. Capacity can either be an integer or the name of another rewriter-like element, in which case this element will share the other element's capacity.
- table (read-only) — Returns a human-readable description of the IPAddrRewriter's current mapping table.
- table_size (read-only) — Returns the number of mappings in the table.
- patterns (read-only) — Returns a human-readable description of the patterns associated with this IPAddrRewriter.
IPRewriter, IPAddrPairRewriter, TCPRewriter, IPRewriterPatterns, RoundRobinIPMapper, FTPPortMapper, ICMPRewriter, ICMPPingRewriter, StoreIPAddress (for simple uses)
Generated by click-elem2man from ../elements/ip/ipaddrrewriter.hh:8
on 2018/10/03.