Skip to content
Eddie Kohler edited this page Oct 17, 2017 · 5 revisions

CheckIPHeader Element Documentation

NAME

CheckIPHeader — Click element; checks IP header

SYNOPSIS

CheckIPHeader([OFFSET, keywords OFFSET, INTERFACES, BADSRC,

                       GOODDST, CHECKSUM, VERBOSE, DETAILS])

Ports: 1 input, 1-2 outputs
Processing: agnostic, but output 1 is push

DESCRIPTION

Input packets should have IP headers starting OFFSET bytes in. Default OFFSET is zero. Checks that the packet's length is reasonable, and that the IP version, header length, length, and checksum fields are valid. Checks that the IP source address is a legal unicast address, or that the packet is destined for one of this machine's addresses (see below). Shortens packets to the IP length, if the IP length is shorter than the nominal packet length (due to Ethernet padding, for example). Also sets the destination IP address annotation to the actual destination IP address.

CheckIPHeader emits valid packets on output 0. Invalid packets are pushed out on output 1, unless output 1 was unused; if so, drops invalid packets.

CheckIPHeader checks packets' source addresses for validity if one or more of the INTERFACES, BADSRC, and GOODDST keyword arguments are supplied (RFC1812 5.3.7).

CheckIPHeader prints a message to the console the first time it encounters an incorrect IP packet (but see VERBOSE below).

Keyword arguments are:

  • CHECKSUM — Boolean. If true, then check each packet's checksum for validity; if false, do not check the checksum. Default is true.
  • OFFSET — Unsigned integer. Byte position at which the IP header begins. Default is 0.
  • BADSRC — Space-separated list of IP addresses. CheckIPHeader will drop packets whose source address is on this list (but see GOODDST below). Default is empty.
  • GOODDST — Space-separated list of IP addresses. CheckIPHeader exempts packets whose destination address is on this list from BADSRC processing. Default is empty.
  • INTERFACES — Space-separated list of IP addresses with network prefixes, meant to represent this router's interface addresses. This argument specifies both BADSRC and GOODDST. Specifically, the argument "INTERFACES 18.26.4.9/24 18.32.9.44/28" acts like a BADSRC of "18.26.4.255 18.32.9.47 0.0.0.0 255.255.255.255" -- the set of broadcast addresses for this router -- and a GOODDST of "18.26.4.9 18.32.9.44". Default is not given.
  • VERBOSE — Boolean. If it is true, then a message will be printed for every erroneous packet, rather than just the first. False by default.
  • DETAILS — Boolean. If it is true, then CheckIPHeader will maintain detailed counts of how many packets were dropped for each possible reason, accessible through the drop_details handler. False by default.

NOTES

CheckIPHeader supports an old configuration syntax:

CheckIPHeader([BADSRC2, OFFSET, keywords])

The BADSRC2 argument behaves like the BADSRC keyword, except that if you use this syntax, 0.0.0.0 and 255.255.255.255 considered bad addresses in addition to those explicitly in the list. This syntax is deprecated and should not be used in new configurations.

ELEMENT HANDLERS

  • drops (read-only) — Returns the number of incorrect packets CheckIPHeader has seen.
  • drop_details (read-only) — Returns a text file showing how many erroneous packets CheckIPHeader has seen, subdivided by error. Only available if the DETAILS keyword argument was true.

SEE ALSO

CheckIPHeader2, MarkIPHeader, SetIPChecksum, StripIPHeader, CheckTCPHeader, CheckUDPHeader, CheckICMPHeader

Generated by click-elem2man from ../elements/ip/checkipheader.hh:8 on 2017/10/17.

Clone this wiki locally