This is automatically generated documentation. Edit after the "COMMENTS" heading; changes to the main body will be lost.
IPAddrPairRewriter -- Click element;
rewrites IP packets' addresses by address pair
IPAddrPairRewriter(INPUTSPEC1, ..., INPUTSPECn)
Package: ip (core)
Rewrites the source and/or destination addresses on IP packets, along with
their checksums. IPAddrPairRewriter implements per-address-pair network
address translation, a midpoint between Basic NAT (see IPAddrRewriter) and
NAPT (see IPRewriter and TCPRewriter).
IPAddrPairRewriter maintains a mapping table that records how addresses are
rewritten. On receiving a packet, IPAddrPairRewriter first looks up that
packet in the mapping table by source/destination address pair. If the table
contains a mapping, then the packet is rewritten according to the mapping and
emitted on the specified output port. If there was no mapping, the packet is
handled by the INPUTSPEC corresponding to the input port on which the packet
arrived. (There are as many input ports as INPUTSPECs.) Most INPUTSPECs
install new mappings, so that future packets from the same address are handled
by the mapping table rather than some INPUTSPEC. The six forms of INPUTSPEC
handle input packets as follows:
- 'drop', 'pass OUTPUT', 'keep FOUTPUT ROUTPUT', 'ELEMENTNAME'
- These INPUTSPECs behave like those in IPRewriter.
- 'pattern SADDR[-SADDR2] DADDR FOUTPUT ROUTPUT'
- Creates a mapping according to the given pattern, 'SADDR DADDR'. Either
pattern field may be a dash '-', in which case the corresponding field is left
unchanged. For instance, the pattern '18.104.22.168 -' will rewrite input packets'
source address, but leave its destination address unchanged. SADDR may be a
range 'L-H' or prefix 'ADDR/PFX'; IPRewriter will choose an unallocated
address in that range, or drop the packet if no address is available.
Normally addresses are chosen randomly within the range. To allocate
addresses sequentially (which can make testing easier), append a pound sign to
the range, as in '22.214.171.124-126.96.36.199#'.
Say a packet with address pair (SA, DA) is received, and the corresponding new
addresses are (SA', DA'). Then two mappings are installed:
(SA, DA) => (SA', DA') [FOUTPUT]
(DA', SA') => (DA, SA) [ROUTPUT]
Thus, the input packet is rewritten and sent to FOUTPUT, and packets from the
reply flow are rewritten to look like part of the original flow and sent to
- 'pattern PATNAME FOUTPUT ROUTPUT'
- Behaves like the version in IPRewriter, except that PATNAME must name an
Input packets must have their IP header annotations set. IPAddrPairRewriter
changes IP packet data and destination IP address annotations.
Keyword arguments are:
- TIMEOUT time
- Time out connections every time seconds. Default is 5 minutes.
- GUARANTEE time
- Preserve each connection mapping for at least time seconds after each
successfully processed packet. Defaults to 5 seconds. Incoming flows are
dropped if the mapping table is full of guaranteed flows.
- REAP_INTERVAL time
- Reap timed-out connections every time seconds. Default is 15 minutes.
- MAPPING_CAPACITY capacity
- Set the maximum number of mappings this rewriter can hold to capacity.
Capacity can either be an integer or the name of another rewriter-like
element, in which case this element will share the other element's capacity.
- mappings (read-only)
- Returns a human-readable description of the IPAddrRewriter's current set of
- nmappings (read-only)
- Returns the number of currently installed mapping pairs.
- patterns (read-only)
- Returns a human-readable description of the patterns associated with this