-
Notifications
You must be signed in to change notification settings - Fork 321
CheckIPHeader
CheckIPHeader — Click element; checks IP header
CheckIPHeader([OFFSET, keywords OFFSET, INTERFACES, BADSRC,
GOODDST, CHECKSUM, VERBOSE, DETAILS])
Ports: 1 input, 1-2 outputs
Processing: agnostic, but output 1 is push
Input packets should have IP headers starting OFFSET bytes in. Default OFFSET is zero. Checks that the packet's length is reasonable, and that the IP version, header length, length, and checksum fields are valid. Checks that the IP source address is a legal unicast address, or that the packet is destined for one of this machine's addresses (see below). Shortens packets to the IP length, if the IP length is shorter than the nominal packet length (due to Ethernet padding, for example). Also sets the destination IP address annotation to the actual destination IP address.
CheckIPHeader emits valid packets on output 0. Invalid packets are pushed out on output 1, unless output 1 was unused; if so, drops invalid packets.
CheckIPHeader checks packets' source addresses for validity if one or more of the INTERFACES, BADSRC, and GOODDST keyword arguments are supplied (RFC1812 5.3.7).
CheckIPHeader prints a message to the console the first time it encounters an incorrect IP packet (but see VERBOSE below).
Keyword arguments are:
- CHECKSUM — Boolean. If true, then check each packet's checksum for validity; if false, do not check the checksum. Default is true.
- OFFSET — Unsigned integer. Byte position at which the IP header begins. Default is 0.
- BADSRC — Space-separated list of IP addresses. CheckIPHeader will drop packets whose source address is on this list (but see GOODDST below). Default is empty.
- GOODDST — Space-separated list of IP addresses. CheckIPHeader exempts packets whose destination address is on this list from BADSRC processing. Default is empty.
- INTERFACES — Space-separated list of IP addresses with network prefixes, meant to represent this router's interface addresses. This argument specifies both BADSRC and GOODDST. Specifically, the argument "INTERFACES 18.26.4.9/24 18.32.9.44/28" acts like a BADSRC of "18.26.4.255 18.32.9.47 0.0.0.0 255.255.255.255" -- the set of broadcast addresses for this router -- and a GOODDST of "18.26.4.9 18.32.9.44". Default is not given.
- VERBOSE — Boolean. If it is true, then a message will be printed for every erroneous packet, rather than just the first. False by default.
- DETAILS —
Boolean. If it is true, then CheckIPHeader will maintain detailed counts of
how many packets were dropped for each possible reason, accessible through the
drop_details
handler. False by default.
CheckIPHeader supports an old configuration syntax:
CheckIPHeader([BADSRC2, OFFSET, keywords])
The BADSRC2 argument behaves like the BADSRC keyword, except that if you use this syntax, 0.0.0.0 and 255.255.255.255 considered bad addresses in addition to those explicitly in the list. This syntax is deprecated and should not be used in new configurations.
- drops (read-only) — Returns the number of incorrect packets CheckIPHeader has seen.
- drop_details (read-only) — Returns a text file showing how many erroneous packets CheckIPHeader has seen, subdivided by error. Only available if the DETAILS keyword argument was true.
CheckIPHeader2, MarkIPHeader, SetIPChecksum, StripIPHeader, CheckTCPHeader, CheckUDPHeader, CheckICMPHeader
Generated by click-elem2man from ../elements/ip/checkipheader.hh:8
on 2017/10/17.