7. IPv4

7.1. Types

class ipv4.addr

Class used to represent an ipv4 address.

addr(str)
addr(addr)
addr(a, b, c, d)

Address constructors from string value, number or byte numbers.

Examples:

ipv4.addr("127.0.0.1")
ipv4.addr(127, 0, 0, 1)
class ipv4.network

Class used to represent an ipv4 network address.

network(str)
network(ipaddr, mask)

Network constructors from string value, number or byte numbers.

Examples:

ipv4.network("127.0.0.1/8")
ipv4.network(ipv4.addr(127, 0, 0, 1), 8)
net

Network address.

Note

This field is read-only.

mask

Network mask.

Note

This field is read-only.

7.2. Functions

ipv4.register_proto(proto, name)

Register the dissector to associate with the given protocol proto number.

7.3. Dissector

This module register the ipv4 dissector.

ipv4.create(raw)

Create a new IPv4 packet on top of the given raw packet.

class ipv4.ipv4

Dissector data for an ipv4 packet.

See also

haka.dissector_data.

hdr_len
version
tos
len
id
frag_offset
ttl
proto
checksum

IPv4 fields as numbers.

src
dst

Source and destination as ipv4.addr.

flags

IPv4 flags table.

rb
df
mf

Individual flags as boolean.

all

Flags value as number.

payload

Payload of the packet. Class that contains the ipv4 data payload. The data can be accessed using the standard Lua operators # to get the length and [] to access the bytes.

verify_checksum()

Verify if the checksum is correct.

compute_checksum()

Recompute the checksum and set the resulting value in the packet.

drop()

Drop the IPv4 packet.

7.4. Example

------------------------------------
-- IP attacks
------------------------------------

haka.rule{
    hooks = { 'ipv4-up' },
    eval = function (self, pkt)
        if pkt.src == pkt.dst and pkt.src ~= ipv4.addr("127.0.0.1") then
            haka.alert{
                description = "Land attack detected",
                severity = 'high',
                confidence = 'medium',
                sources = { haka.alert.address(pkt.src) },
            }
            pkt:drop()
        end
    end
}