Please implement new inspectors which allow one to resolve an IP address’s relationship to a CIDR address: ip address is contained by cidr address cidr address contains ip address
The addition of these inspectors would be a great help to BigFix customers and implementors for usecases such as relay affiliation, specific software deployments, _BESClient_Download_Direct settings, et al.
I’ve been meaning to post this one for a long time.
It sounds like there is no way to test for the current IP address being in a CIDR address.
I would like to exclude all addresses that are in the cidr range of 10.180.0.0/17.
This is what we use for our relay affiliation which is able to find location names in a table based on IP address of the client. Cidr notation works. I have no idea how it works.
if (exists (file “SubnetMap.txt” of client folder of site whose (name of it = “RelayAffiliation”)) and (not exist setting “_BESClient_Register_Affiliation_SeekList” of client or not exist value of setting “_BESClient_Register_Affiliation_SeekList” of client or value of setting “_BESClient_Register_Affiliation_SeekList” of client != (/* If No Record Found, then use FailOvers. However, this could also be used to handle prioritization of subnets / ( if (number of elements of it = 0) then ("HeadRelay;“) else concatenation “;” of (elements of it)) of set of /* Prepare Affiliation String / ( preceding text of last “;” of ( (if(exists item 0 of it AND item 0 of it != “” ) then (item 0 of it & “;”) else “”) / & (if(exists item 2 of it AND item 2 of it != “” AND item 6 of it is contained by “state,country,region,all relays” ) then (item 2 of it & “;”) else “”) & (if(exists item 3 of it AND item 3 of it != “” AND item 6 of it is contained by “country,region,all relays”) then (item 3 of it & “;”) else “”) & (if(exists item 4 of it AND item 4 of it != “” AND item 6 of it is contained by “region,all relays”) then (item 4 of it & “;”) else “”) & (if(exists item 6 of it AND item 6 of it = “headend”) then (“HeadRelay” & “;”) else “”) / )) of / Disect Line From SubnetMap.txt / ( / Location Code - item 0 / preceding text of first “%09” of it, / City Code - item 1 / preceding text of first “%09” of following text of first “%09” of it, / State - item 2 / preceding text of first “%09” of following text of first “%09” of following text of first “%09” of it, / Country - item 3 / preceding text of first “%09” of following text of first “%09” of following text of first “%09” of following text of first “%09” of it, / Region - item 4 / preceding text of first “%09” of following text of first “%09” of following text of first “%09” of following text of first "%09"of following text of first “%09” of it, / Address - item 5 / preceding text of first “%09” of following text of first “%09” of following text of first “%09” of following text of first “%09” of following text of first “%09” of following text of first “%09” of it, / FailOverFlag item 6 / following text of first “%09” of following text of first “%09” of following text of first “%09” of following text of first “%09” of following text of first “%09” of following text of first “%09” of it ) of / Remove Duplicates / (elements of set of it) of / Compare Subnets Of Network Adapters To SubnetMap.txt / ( following texts of firsts “||” of unique values of ( (bit (preceding text of first “%09” of it as integer)) of item 2 of it as string & “||” & following text of first “%09” of item 2 of it) of ( ( first (following text of first “/” of it as integer) of item 0 of it, first (following text of first “/” of it as integer) of item 1 of it, item 2 of it ) of ( (item 0 of it & “/” & following text of first “/” of preceding text of first “%09” of item 1 of it) , ( ( concatenation of (last 8 of (“00000000” & (it as integer) as bits as string)) of substrings separated by “.” of it) of preceding text of first “/” of item 1 of it & “/” & following text of first “/” of preceding text of first “%09” of item 1 of it ) , (following text of first “/” of item 1 of it) ) of ( ( ( ( concatenations of (last 8 of (“00000000” & (it as integer) as bits as string)) of substrings separated by “.” of it) ) of (( ( addresses whose (it as string != “0.0.0.0”) of ip interfaces whose (loopback of it = false) of network ) as string ) ) ) , ( lines whose ( (it = regex "[[:digit:]]+.[[:digit:]]+.[[:digit:]]+.[[:digit:]]+/[[:digit:]]+[[:blank:]].[[:blank:]].*”) AND (it contains “%09”) ) of (file “SubnetMap.txt” of client folder of site whose (name of it = “RelayAffiliation”)) ) ) ) whose (item 0 of it = item 1 of it) ) & “;HeadRelay” ))) then true else false
Do you want clients with at least one interface in the 10.180.0.0/17 CIDR to not be relevant for this task at all, or do you want to just ignore the 10.180.0.0/17 interfaces when determining the value for the seeklist?
The long relevance above was a workaround I came up with for the lack of CIDR comparisons. Considering that an IP address and a Subnet Mask are each 4 bytes long, that relevance combines the bytes, converts them to bit sets, and performs bitwise AND operations against the first X bytes (matching Subnet Length) to see whether they are a match.
We’re stuck with that when you need to compare the system’s IP addresses against a list of CIDRs; but for a single subnet that doesn’t change, it’s probably easier to compare the IP addresses to the exclusion range.
With that network and CIDR the valid address range is 10.180.0.0 - 10.180.127.255. We can just add one new relevance clase
not exists( addresses whose (it as string != "0.0.0.0") of ip interfaces whose (loopback of it = false) of network) whose (it >= "10.180.0.0" and it <= "10.180.127.255")
Thanks Jason. That seems to work, but I wonder how that relevance determines that the 10.180.0.0/17 address is the currently active address aka pingable. I don’t want to get too confusing because I think there is an anomaly in our network where a machine has two addresses but only one responds to a ping.
The lookup happening on the client is addresses of ip interfaces of network and will return every IP address configured, regardless of whether ‘ping’ is allowed through the network, or whether this is the primary address.
Is there a way to get the primary address? I know we covered this before with using gateway.
(addresses whose (it as string != "0.0.0.0") of ipv4 interfaces whose
(loopback of it = false) of adapters whose (exists gateway of it) of network ) as string
But my current VPN gateway which I am connected to through GlobalProtect is 0.0.0.0.
Hi @mbartosh, would this be an option (you need to be in local client context)?
Q: exists wake on lan subnet cidr string whose (it = "10.180.0.0/17")
A: False
T: 0.019 ms
Q: exists wake on lan subnet cidr string whose (it = "192.168.15.0/24")
A: True
T: 0.018 ms
