HomeToolboxGallery

Software & Services
Hotels "R" MeIdleGuardKeyGuardNetflowNsUpkeeppsRadarVPN BypassWiFi Jitter Analyzer
Thronic.com content is FREE. Monetary support is optional.
Find anything of value?
PayPal, Bitcoin


Scripts
2D Rotation (JS)3D Rotation (JS)KiKiTrix (JS)AutoWrite (JS)Digitize Text (JS)Image Animation (JS)ASCII Loading Indicator (JS)Div Layer Movement (JS)Div Layer Resizing (JS)Text Scrolling (JS)Statistics Graph (PHP)RW Protect (BAT)SRT Renamer (PHP)String Encryption (PHP)Windows WiFi Hotspot (BAT)

General Computing

Thoughts on Coding StyleDomain 301 Perma RedirectWin/Linux PuTTY File TransferOpenVPN Site-to-Site SetupParity Data CheckingRclone Quick ReferenceSnapRAID NotesSSH TunnelingTransfer E-Mails with IMAPUDK Third Person CameraVPN Protocol Ports

GNU/Linux

Apache Process Mem UsageApache and CA OpenSSLApache2 htpasswd NotesCentOS 7 GlusterFS NotesCracking WEP and WPADebian 7 on Hyper-VDebian 7 to 8 UpgradeDebian 8 to 9 UpgradeDebian 9 DRBD SetupDebian and VirtualboxDebian and LSBInitScriptsDebian and systemdDebian Apache LetsEncryptDebian Apt AutoremoveDebian Cron & AnacronDebian KVM HypervisorLinux Bash ColorsLinux Cron BackupLinux Dnsmasq Setup NotesIptables Chain ExampleIptables Firewall and GatewayLinux MD RAID BasicsLinux iproute2 RoutingLinux SFTP Network ShareAvoid Linux Shell LoggingChecking Storage UsageLinux I/O Disk PerformanceLinux ZFS NotesVi/Vim Basic Reference

Microsoft
Bypass Windows PasswordDaz and ToolkitInt/Ext Drive ConfusionMRTG Network Traffic ViewMS Outlook NotesDOS File Content SearchDOS Merging VCF filesROBOCOPY Batch ScriptingPowerShell Reference NotesTeamViewer on HeadlessWorkgroup Failover ClusterDisable OneDrive in W10Windows WiFi and netshWindows Boot Custom UIHyper-V NetworkingHyper-V ReplicationIIS10 and PHP7 SetupPlex Media Server MigrationSecuring RDP ConnectionsServer 2012 R2 SetupWBAdmin Bare-Metal Backup

BSD/UNIX
FreeBSD 10.0 Setup (NOR)

C#/.NET
C# Associative ArraysC# Asynchronized WebcallC# Base64 GZipped JSONC# Code Execution TimerC# Dealing with WhitespacesC# djDBI for SQL CEC# Form ReferencingC# Get Folder SizeC# Handling DisconnectsC# HTTP POST and GETC# Importing DLL FunctionsC# Installing ServicesC# Kill and Start ProcessesC# Lambda ExpressionsC# Local AppData HandlingC# Memory StreamReadingC# Minimize to System TrayC# PDFsharp and MigraDocC# Public Fields vs PropsC# Registry HandlingC# Regular ExpressionsC# Require AdministratorC# RichTextBox File StreamC# Application SettingsC# SqlCeConnection CodeC# Start with hidden formC# String EncryptionC# Cross Thread HandlingC# Updating A RuntimeC# Gmail as SMTPVSI Dependency ErrorC# Handle XML

C/C++
C Autodelete Old FilesC/C++ Multiline StringsC Socket ListeningC StringsWin32 Button ControlWin32 Edit ControlWin32 GetLastError()Win32 KeyloggingWin32 KeypostingWin32 Simple WindowWin32 Socket ProgrammingWin32 VERSIONINFO

PHP
Bitwise IP HandlingPHP ClassesContent Length HandlingDetecting Mobile BrowsersdjDBI Database InterfaceHostname and Port RegexJSON Output HeadersMS Access Conn with COMProportional Image SizingRandom StringsRecursive FunctionsSending MailPHP SessionsSimple HTML-2-PDFPHP SimpleXMLTernary Operator and If/Else

SQL
MS Access Connection StringsMSSQL Case SensitivityMySQL Root Password ResetMySQL Check Slow QueriesColumn CountingQuick Note on CROSS JOINQuick Note on INNER JOINRandom Rows

HTML
HTML Raw Skeleton

JavaScript
AJAX Basicsevent.keyCode ReferenceIE7 Onclick EventsIE GIF Animation Problem

Java
Java Notater (NOR)

CSS
Border StylesFlyout MenusFont-Family Reference

Electrical

Betegnelser og SpenningsfallLovdata Elektrisk ArbeidResistors Series and ParallelSilicone and Circuit Boards

RC Hobby
Engine Break-In Procedure

Gaming

CSS Dedicated Server






Dag J Nedrelid
System and web developer. Tech hobbyist. Dad. Gamer.

PHP Bitwise IP Handling

By Dag, on December 30th, 2016

How to properly compare an IP address against a bitmask. Useful for e.g. blocking subnets without using abundant string comparisons.

$BlockedNetworks = array(ip2long("192.168.0.0"),
                         ip2long("10.0.0.0"));
$BlockRange = ip2long("255.255.0.0");
$VisitIP = ip2long($_SERVER['REMOTE_ADDR']);
foreach ($BlockedNetworks as $BN) {
	if (($VisitIP & $BlockRange) == $BN)
		exit(); // or redirect or whatever you want.
}

In the example above, any IP in the 192.168.x.x and 10.0.x.x ranges will be matched. The 255 numbers you see in masks represent all 8 bits in an octet being turned on, so comparing against it will always reserve the octet bits without turning them off. Meaning 192.168.1.10 & 255.255.0.0 equals 192.168.0.0 because the last two octets will be turned off during comparison.

How Does It Work?
Bitwise AND(& operator). It's what network masks are all about. It's the bitwise operator used in programming if you need to turn off a bit, by comparing to a off-bit/0.

1 & 1 = 1
1 & 0 = 0
0 & 1 = 0

In Detail

Let's investigate 192.168.1.10, and use that as our IP address of choice. To find out the binary version of this address, we just need to take an empty octet/set of 8 binary bits and turn some of them on so they add up to 192, 168, 1 and 10.

Here's a turned off byte/octet:
[0 0 0 0 0 0 0 0] Which represents:
[128 64 32 16 8 4 2 1] in decimal values when individually turned on.

To get 192 we need to turn on 128 + 64. The octet now looks like this:
[1 1 0 0 0 0 0 0]

Now that we know how to convert binary into decimal, let's do the whole address:
[11000000].[10101000].[00000001].[00001010] = 192.168.1.10

Let's put it on top of the mask and compare bits one by one:
  [11000000].[10101000].[00000001].[00001010] (192.168.1.10)
& [11111111].[11111111].[00000000].[00000000] (255.255.0.0)
= [11000000].[10101000].[00000000].[00000000] (192.168.0.0)

As you see, when comparing 1 AND 1 it will stay 1, while 0 turns it off. Hence why 192.168.1.10 will equal 192.168.0.0 when using bitwise AND comparison. This should give a deeper understanding of network masks works in general and how they work in normal networking.

Same thing works on IPv6 adresses, they are just bigger to deal with (128 bits vs 32) and use hexadecimal number groups instead of octets.
2001:0db8:85a3:0042:1000:8a2e:0370:7334
= 0010000000000001:0000110110111000:1000010110100011:0000000001000010:0001000000000000:1000101000101110:0000001101110000:0111001100110100

A bitmask could look something like:
ffff:ffff:ffff:ffff:0000:0000:0000:0000

To match everything in the network when compared directly to it with the algorithm at the beginning of this document:
2001:0db8:85a3:0042:xxxx:xxxx:xxxx:xxxx

A Quick Note on The Hexadecimal System

It's just a number system with a base of 16 instead of 2 and 10 (0-9 and a-f/A-F). E.g. a value like 0xABCD consists of a prefix (0x) to tell the parser it's actually a hexadecimal value, and the value itself. Since A follows after 9, its value is 10 - and so on up until 15(F). So you got 10, 11, 12 and 13. These are actually just easier ways of representing binary and decimal values since the base of 16 is bigger. A B C and D represents groups of 4 binary bits with a base of 2, and those bits represents the same decimal values with a base of 10 as in the binary system. Knowing this, a convertion between them is always possible even if you choose to do it through math or just value mapping/representation.

One Simple Illustration, To Rule Them All:
Hexidecimal: 0xABCD
   = Binary: 0x[1010][1011][1100][1101] > [8+2=10][8+2+1=11][8+4=12][8+4+1=13].
  = Decimal: 0x[32768+0+8192+0][2048+0+512+256][128+64+0+0][8+4+0+1] = 43981.


©2007-2018 https://thronic.com
Π