Question
generalization of one or a set of previous rules if a subset of the packets matched by this rule is also matched by the preceding rule(s) but taking a different action. For example, r5 is a generalization of r4 in the above Table . These two rules indicate that all the packets from 10.1.1.* are allowed, except TCP packets from 10.1.1.* to the port 25 of 192.168.1.*.
So my question is how do we achieve this in C#,how to find the generalized rules? how to compare two IP addresses and how to find if one IP address falls in the range of the other
La solution
When ever I need to compare/sort IP addresses, I always convert them to their (32-bit) numerical representation first, and then do a regular numerical compare/sort as necessary, rather than trying to compare each individual octet as a string.
The conversion itself can be done with something like the following:
https://stackoverflow.com/questions/21887276
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianuint ipAsNum = BitConverter.ToUInt32( IPAddress.Parse( ipAsString ).GetAddressBytes(), 0 );
Autres conseils
It seems that your problem is two parts:
First the algorithm to support ACL style rule
And
Second how to compare ip addresses to see if they match the rule.
To build this style of rule checks, you would check the instance of this data against each rule in descending order while keeping track if the condition is passing or failing. Since you are going in descending order, the rules at the top will override the rules at the bottom. If the instance data matches the condition, then the state should be set to the "Action" value.
To see if an ip address matches your ip format, convert the wildcard characters to 0. Then convert the ip address to a numeric format as indicated by the other answer from szr. Then you can use bitwise math to see if the ip fits that wildcard. This also has the advantage of supporting CIDR networks ranges rather than just the A,B,C classes.
I would recommend the use of IPNetwork Library https://github.com/lduchosal/ipnetwork. As of version 2, it supports IPv4 and IPv6 as well.
Contains
IPNetwork ipnetwork1 = IPNetwork.Parse("10.1.0.0/16"); // 10.1.*.*
IPNetwork ipnetwork2 = IPNetwork.Parse("192.168.1.0/24"); // 192.168.1.*
IPAddress ipaddress1 = IPAddress.Parse("192.168.1.1");
IPAddress ipaddress2 = IPAddress.Parse("192.168.2.100");
IPAddress ipaddress3 = IPAddress.Parse("10.1.2.3");
IPAddress ipaddress4 = IPAddress.Parse("10.4.5.6");
bool contains1 = IPNetwork.Contains(ipnetwork2, ipaddress1);
bool contains2 = IPNetwork.Contains(ipnetwork2, ipaddress2);
bool contains3 = IPNetwork.Contains(ipnetwork1, ipaddress3);
bool contains4 = IPNetwork.Contains(ipnetwork1, ipaddress4);
Console.WriteLine("{0} contains {1} : {2}", ipnetwork1, ipaddress1, contains1);
Console.WriteLine("{0} contains {1} : {2}", ipnetwork1, ipaddress2, contains2);
Console.WriteLine("{0} contains {1} : {2}", ipnetwork2, ipaddress3, contains3);
Console.WriteLine("{0} contains {1} : {2}", ipnetwork2, ipaddress4, contains4);
Output
10.1.0.0/16 contains 192.168.1.1 : True
10.1.0.0/16 contains 192.168.2.100 : False
192.168.1.0/24 contains 10.1.2.3 : True
192.168.1.0/24 contains 10.4.5.6 : False
Have fun !
