This is automatically generated documentation. Edit after the "COMMENTS" heading; changes to the main body will be lost.

IPAddrPairRewriter Element Documentation


IPAddrPairRewriter -- Click element; rewrites IP packets' addresses by address pair


IPAddrPairRewriter(INPUTSPEC1, ..., INPUTSPECn)

Package: ip (core)


Rewrites the source and/or destination addresses on IP packets, along with their checksums. IPAddrPairRewriter implements per-address-pair network address translation, a midpoint between Basic NAT (see IPAddrRewriter) and NAPT (see IPRewriter and TCPRewriter). IPAddrPairRewriter maintains a mapping table that records how addresses are rewritten. On receiving a packet, IPAddrPairRewriter first looks up that packet in the mapping table by source/destination address pair. If the table contains a mapping, then the packet is rewritten according to the mapping and emitted on the specified output port. If there was no mapping, the packet is handled by the INPUTSPEC corresponding to the input port on which the packet arrived. (There are as many input ports as INPUTSPECs.) Most INPUTSPECs install new mappings, so that future packets from the same address are handled by the mapping table rather than some INPUTSPEC. The six forms of INPUTSPEC handle input packets as follows:

These INPUTSPECs behave like those in IPRewriter.
Creates a mapping according to the given pattern, 'SADDR DADDR'. Either pattern field may be a dash '-', in which case the corresponding field is left unchanged. For instance, the pattern ' -' will rewrite input packets' source address, but leave its destination address unchanged. SADDR may be a range 'L-H' or prefix 'ADDR/PFX'; IPRewriter will choose an unallocated address in that range, or drop the packet if no address is available. Normally addresses are chosen randomly within the range. To allocate addresses sequentially (which can make testing easier), append a pound sign to the range, as in ''. Say a packet with address pair (SA, DA) is received, and the corresponding new addresses are (SA', DA'). Then two mappings are installed: (SA, DA) => (SA', DA') [FOUTPUT] (DA', SA') => (DA, SA) [ROUTPUT] Thus, the input packet is rewritten and sent to FOUTPUT, and packets from the reply flow are rewritten to look like part of the original flow and sent to ROUTPUT.

Behaves like the version in IPRewriter, except that PATNAME must name an IPAddrRewriter-like pattern. Input packets must have their IP header annotations set. IPAddrPairRewriter changes IP packet data and destination IP address annotations. Keyword arguments are:

Time out connections every time seconds. Default is 5 minutes.
Preserve each connection mapping for at least time seconds after each successfully processed packet. Defaults to 5 seconds. Incoming flows are dropped if the mapping table is full of guaranteed flows.
Reap timed-out connections every time seconds. Default is 15 minutes.
Set the maximum number of mappings this rewriter can hold to capacity. Capacity can either be an integer or the name of another rewriter-like element, in which case this element will share the other element's capacity.


mappings (read-only)
Returns a human-readable description of the IPAddrRewriter's current set of mappings.
nmappings (read-only)
Returns the number of currently installed mapping pairs.
patterns (read-only)
Returns a human-readable description of the patterns associated with this IPAddrRewriter.


IPRewriter, IPAddrRewriter, TCPRewriter, IPRewriterPatterns, RoundRobinIPMapper, FTPPortMapper, ICMPRewriter, ICMPPingRewriter, StoreIPAddress (for simple uses)

Generated by 'click-elem2man' from '../elements/ip/ipaddrpairrewriter.hh' on 28/Feb/2010.


elements/ipaddrpairrewriter.txt · Last modified: 2010/02/28 13:58 (external edit)
Recent changes RSS feed Driven by DokuWiki