Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
addrtype(3)			SiLK Tool Suite			   addrtype(3)

NAME
       addrtype	- Labeling IPv4	addresses as internal or external

SYNOPSIS
	 rwfilter [--stype=ID] [--dtype=ID] ...

	 rwcut --fields=sType,dType ...

	 rwgroup --id-fields=sType,dType ...

	 rwsort	--fields=sType,dType ...

	 rwstats --fields=sType,dType ...

	 rwuniq	--fields=sType,dType ...

DESCRIPTION
       The address type	mapping	file provides a	way to map an IPv4 address to
       an integer denoting the IP as internal, external, or non-routable.
       With this mapping file, SiLK flow records can be	partitioned
       (rwfilter(1)), displayed	(rwcut(1)), grouped (rwgroup(1)), sorted
       (rwsort(1)), and	counted	(rwstats(1) and	rwuniq(1)) by the
       characteristic of the address.

       The address type	is a specialized form of the Prefix Map,
       pmapfilter(3), where the	following labels are assumed to	exist and to
       have the	indicated values:

	0     denotes a	(non-routable) IP address

	1     denotes an IP address internal to	the monitored network

	2     denotes an IP address external to	the monitored network

       The SiLK	tools look for the address type	mapping	file in	a standard
       location	as detailed in the "FILES" section below.  To provide an
       alternate location, specify that	location in the	SILK_ADDRESS_TYPES
       environment variable.

       Creating	the prefix map file that maps IPs to one of these labels is
       described in the	"MAPPING FILE" section below.

OPTIONS
       The address type	utility	provides the following options to the
       indicated applications.

   rwfilter Switches
       --stype=ID
	   When	ID is 0, pass the record if its	source address is non-
	   routable.  When ID is 1, pass the record if its source address is
	   internal.  When ID is 2, pass the record if its source address is
	   external (i.e., routable and	not internal).	When ID	is 3, pass the
	   record if its source	address	is not internal	(non-routable or
	   external).

       --dtype=ID
	   As --stype for the destination IP address.

   rwcut, rwgroup, rwsort, rwstats, and	rwuniq Switches
       --fields=FIELDS
	   FIELDS refers to a list of fields to	use for	the operation.	The
	   address type	utility	makes two additional fields, "sType" (alias
	   16) and "dType" (17)	available for display, grouping, sorting, and
	   counting using the rwcut(1),	rwgroup(1), rwsort(1), rwstats(1), and
	   rwuniq(1) tools:

	   sType,16
	       For the source IP address, prints 0 if the address is non-
	       routable, 1 if it is internal, or 2 if it is routable and
	       external.

	   dType,17
	       as sType, except	for the	destination address

MAPPING	FILE
       To denote an address as "non-routable", "internal", or "external" at
       your site, you will need	to create the address_types.pmap file and
       either install it in the	appropriate location (see the "FILES" section
       below) or set the SILK_ADDRESS_TYPES environment	variable to the	file's
       location.

       The rwpmapbuild(1) tool creates a prefix	map file from a	text file.  A
       template	for the	text file is available in
       $SILK_PATH/share/silk/addrtype-templ.txt.  The text file	used to	create
       address_types.pmap must include the following section to	ensure that
       IPs are mapped to the integer values that the addrtype.so expects:

	 #    Numerical	mappings of labels

	 label 0	     non-routable
	 label 1	     internal
	 label 2	     external

	 #    Default to "external" for	all un-defined ranges.

	 default	     external

       The remainder of	the file can list CIDR blocks and a label for each
       block:

	 # RFC1918 space
	 10.0.0.0/8	     non-routable
	 172.16.0.0/12	     non-routable
	 192.168.0.0/16	     non-routable

	 # My IP space (CMU)
	 128.2.0.0/16	     internal

       Once the	text file is saved to disk, use	rwpmapbuild to create
       address_types.pmap:

	 rwpmapbuild --input addresses.txt --output address_types.pmap

ENVIRONMENT
       SILK_ADDRESS_TYPES
	   This	environment variable allows the	user to	specify	the address
	   type	mapping	file to	use.  The value	may be a complete path or a
	   file	relative to SILK_PATH.	If the variable	is not specified, the
	   code	looks for a file named address_types.pmap as specified in the
	   "FILES" section below.

       SILK_PATH
	   This	environment variable gives the root of the install tree.  The
	   SiLK	applications check the directories $SILK_PATH/share/silk and
	   $SILK_PATH/share for	the address type mapping file,
	   address_types.pmap.

FILES
       The tools will look for the data	file that maps IPs to labels in	the
       following locations.  ($SILK_ADDRESS_TYPES is the value of the
       SILK_ADDRESS_TYPES environment variable,	if it is set.  $SILK_PATH is
       value of	the SILK_PATH environment variable, if it is set.  The use of
       /usr/local/ assumes the application is installed	in the /usr/local/bin/
       directory.)

	 $SILK_ADDRESS_TYPES
	 $SILK_PATH/share/silk/address_types.pmap
	 $SILK_PATH/share/address_types.pmap
	 /usr/local/share/silk/address_types.pmap
	 /usr/local/share/address_types.pmap

SEE ALSO
       rwcut(1), rwfilter(1), rwgroup(1), rwpmapbuild(1), rwpmapcat(1),
       rwsort(1), rwstats(1), rwuniq(1), pmapfilter(3),	silk(7)

SiLK 3.15.0			  2017-07-02			   addrtype(3)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | MAPPING FILE | ENVIRONMENT | FILES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=addrtype&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help