Matching IP scopes.

Re: Matching IP scopes.

Sandman said the following on 27/02/2006 19:59:[color=blue]
> So, I have this list of valid IP scopes, in the form below. How do I
> match if $_SERVER[REMOTE_ADDR] is covered in any of these scopes?
>
> 193.11.120.0/21
> 193.11.128.0/24
> 193.11.129.0/24
> 193.11.130.0/24
> 193.11.131.0/24
>
>
> First, I don't really know how to interprete the "/24" ending. I am
> guessing that "193.11.131 .0/24" means "193.11.131 .X to 193.11.131.Y"
> or something, but what? When that's translated to something useful,
> how do I match IP numbers reliably?[/color]

The /XX represents the length of the subnet mask in bits, so your hunch
is pretty much correct.

An IP address matches a given network IP address if:

(Address ^ Mask) == (NetAddress ^ Mask)

where Mask = 11111...0000, the number of ones given by the /XX.


--
Oli

Re: Matching IP scopes.

Oli Filth said the following on 27/02/2006 20:05:
[color=blue]
> An IP address matches a given network IP address if:
>
> (Address ^ Mask) == (NetAddress ^ Mask)
>[/color]

Oops, those should be &, not ^...

--
Oli

Re: Matching IP scopes.

In article <mYIMf.60881$mf 2.26167@newsfe6-win.ntli.net>,
Oli Filth <catch@olifilth .co.uk> wrote:
[color=blue]
> Sandman said the following on 27/02/2006 19:59:[color=green]
> > So, I have this list of valid IP scopes, in the form below. How do I
> > match if $_SERVER[REMOTE_ADDR] is covered in any of these scopes?
> >
> > 193.11.120.0/21
> > 193.11.128.0/24
> > 193.11.129.0/24
> > 193.11.130.0/24
> > 193.11.131.0/24
> >
> >
> > First, I don't really know how to interprete the "/24" ending. I am
> > guessing that "193.11.131 .0/24" means "193.11.131 .X to 193.11.131.Y"
> > or something, but what? When that's translated to something useful,
> > how do I match IP numbers reliably?[/color]
>
> The /XX represents the length of the subnet mask in bits, so your hunch
> is pretty much correct.
>
> An IP address matches a given network IP address if:
>
> (Address ^ Mask) == (NetAddress ^ Mask)
>
> where Mask = 11111...0000, the number of ones given by the /XX.[/color]

Ok, but how do I calculate it? Bits you say, but how do I translate 24
bits to addresses? For instance, the first line above, what addresses
does it cover?


--
Sandman[.net]

Re: Matching IP scopes.

Sandman said the following on 27/02/2006 20:27:[color=blue]
> In article <mYIMf.60881$mf 2.26167@newsfe6-win.ntli.net>,
> Oli Filth <catch@olifilth .co.uk> wrote:
>[color=green]
>> Sandman said the following on 27/02/2006 19:59:[color=darkred]
>>> So, I have this list of valid IP scopes, in the form below. How do I
>>> match if $_SERVER[REMOTE_ADDR] is covered in any of these scopes?
>>>
>>> 193.11.120.0/21
>>> 193.11.128.0/24
>>> 193.11.129.0/24
>>> 193.11.130.0/24
>>> 193.11.131.0/24
>>>
>>>
>>> First, I don't really know how to interprete the "/24" ending. I am
>>> guessing that "193.11.131 .0/24" means "193.11.131 .X to 193.11.131.Y"
>>> or something, but what? When that's translated to something useful,
>>> how do I match IP numbers reliably?[/color]
>> The /XX represents the length of the subnet mask in bits, so your hunch
>> is pretty much correct.
>>
>> An IP address matches a given network IP address if:
>>
>> (Address ^ Mask) == (NetAddress ^ Mask)
>>
>> where Mask = 11111...0000, the number of ones given by the /XX.[/color]
>
> Ok, but how do I calculate it? Bits you say, but how do I translate 24
> bits to addresses? For instance, the first line above, what addresses
> does it cover?
>[/color]

An IP address is a 32-bit quantity, which can be represented as A.B.C.D,
where the actual 32-bit value is given by:

Y = (A * 2^24) + (B * 2^16) + (C * 2^8) + D

[I'm using ^ to represent "to the power of" in this case.]

So convert your test address and network address to this form, either
directly or by using the ip2long() function.

Then form your subnet mask as a 32-bit value.
[HINT: (2^X - 1) = (1000....000 - 1) = 111....111]

Then test the equality of the expression I originally posted, noting
that I got it wrong, and it should be:

(Address & Mask) == (NetAddress & Mask)


--
Oli

Re: Matching IP scopes.

On Mon, 27 Feb 2006 21:27:43 +0100, Sandman <mr@sandman.net > wrote:
[color=blue]
>Ok, but how do I calculate it? Bits you say, but how do I translate 24
>bits to addresses? For instance, the first line above, what addresses
>does it cover?[/color]

The user-contributed notes on http://uk.php.net/ip2long may interest you.

--
Andy Hassall :: andy@andyh.co.u k :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

Re: Matching IP scopes.

In article <BuJMf.19835$bw 1.4310@newsfe2-win.ntli.net>,
Oli Filth <catch@olifilth .co.uk> wrote:
[color=blue]
> Sandman said the following on 27/02/2006 20:27:[color=green]
> > In article <mYIMf.60881$mf 2.26167@newsfe6-win.ntli.net>,
> > Oli Filth <catch@olifilth .co.uk> wrote:
> >[color=darkred]
> >> Sandman said the following on 27/02/2006 19:59:
> >>> So, I have this list of valid IP scopes, in the form below. How do I
> >>> match if $_SERVER[REMOTE_ADDR] is covered in any of these scopes?
> >>>
> >>> 193.11.120.0/21
> >>> 193.11.128.0/24
> >>> 193.11.129.0/24
> >>> 193.11.130.0/24
> >>> 193.11.131.0/24
> >>>
> >>>
> >>> First, I don't really know how to interprete the "/24" ending. I am
> >>> guessing that "193.11.131 .0/24" means "193.11.131 .X to 193.11.131.Y"
> >>> or something, but what? When that's translated to something useful,
> >>> how do I match IP numbers reliably?
> >> The /XX represents the length of the subnet mask in bits, so your hunch
> >> is pretty much correct.
> >>
> >> An IP address matches a given network IP address if:
> >>
> >> (Address ^ Mask) == (NetAddress ^ Mask)
> >>
> >> where Mask = 11111...0000, the number of ones given by the /XX.[/color]
> >
> > Ok, but how do I calculate it? Bits you say, but how do I translate 24
> > bits to addresses? For instance, the first line above, what addresses
> > does it cover?
> >[/color]
>
> An IP address is a 32-bit quantity, which can be represented as A.B.C.D,
> where the actual 32-bit value is given by:
>
> Y = (A * 2^24) + (B * 2^16) + (C * 2^8) + D
>
> [I'm using ^ to represent "to the power of" in this case.]
>
> So convert your test address and network address to this form, either
> directly or by using the ip2long() function.
>
> Then form your subnet mask as a 32-bit value.
> [HINT: (2^X - 1) = (1000....000 - 1) = 111....111]
>
> Then test the equality of the expression I originally posted, noting
> that I got it wrong, and it should be:
>
> (Address & Mask) == (NetAddress & Mask)[/color]

I get it now, I think I have it working. Thanks!


--
Sandman[.net]