matching a host or network inside a data group using class match

Posted By The Bhattman on 08/09/2010 09:06 AM

 

I would imagine that rule changes when you use "contains, ends_with, starts_with", correct?

 

 

Bhattman

 

Or are you talking about string datagroups? I don't think the most specific match would always be found. Or at least, I assume it wouldn't based on the fact that Deb added a Codeshare entry which manually finds the longest match. I haven't tested this in 10.x though.

 

 

Aaron

 

I haven't tested this, but assumed that starts_with is simply a string and wouldn't understand a network/mask type comparison..would 1.1.1.1 really start with 1.1.1.0/24?

 

 

I'm guessing that logically, the IP address comparison is a starts_with operation in that the bits of the network are checked left to right. So 00000001.00000001.00000001.00000001 (1.1.1.1) does start with 00000001.00000001.00000001.00000000 (1.1.1.0/24). Not that you could use starts_with for address comparisons, but logically I think that's the operation unRuleY is talking about.

 

 

Aaron

Posted By hoolio on 08/10/2010 06:38 AM

 

I haven't tested this, but assumed that starts_with is simply a string and wouldn't understand a network/mask type comparison..would 1.1.1.1 really start with 1.1.1.0/24?

 

 

I'm guessing that logically, the IP address comparison is a starts_with operation in that the bits of the network are checked left to right. So 00000001.00000001.00000001.00000001 (1.1.1.1) does start with 00000001.00000001.00000001.00000000 (1.1.1.0/24). Not that you could use starts_with for address comparisons, but logically I think that's the operation unRuleY is talking about.

 

 

Aaron

 

 

Great point! And that's what I'm curious about...whether it would actually compare the string, or the binary.