29 Aug 2007 29 Aug '07
On Wednesday 29 August 2007, Alec Matusis wrote:
We need to match IP ranges of connections, were ranges are specified in the "/" notation (e.g. 10.10.2.0/24)
What is the best way to do this without consuming too much CPU resources when the connection rate is very high?
Convert the IP address to an integer and check using an AND mask:
if ip & mask == base: # in range
where "ip" is the IP address of the incoming connection as an integer, "mask" is the netmask as an integer (/24 => 0xFFFFFF00) and "base" is the lowest IP address in the range ("base & mask == base" must hold).