ipv4_address_in_network¶
Description¶
Test whether an IPv4 address is in a given subnet.
Given an IPv4 address string in dotted-quad format on the left, and a subnet slashed-dotted-quad subnet string on the right, test whether the address on the left belongs to the subnet on the right. Note that this function does not support the “class” and “private” subnet network addresses on the right.
This function returns a boolean true if the address is considered part of the subnet, or false if it isn’t, or null if either address or subnet is not properly formatted.
Return type¶
bool
Domain¶
This is a scalar function (calculates a single output value for a single input row.)
Categories¶
Usage¶
ipv4_address_in_network(ipv4, netv4)
Argument |
Type |
Optional |
Repeatable |
Restrictions |
|---|---|---|---|---|
ipv4 |
ipv4 or string |
no |
no |
none |
netv4 |
string |
no |
no |
none |
Examples¶
filter ipv4_address_in_network(addrstr, netstr)
If the given addrstr is considered to be within the network described by netstr, keep the event, else discard it.
addrstr (input) |
netstr (input) |
match (output) |
comment |
|---|---|---|---|
11.0.0.1 |
10.0.0.1/8 |
false |
CIDR mismatch |
193.168.48.17 |
193.168.0.0/16 |
true |
CIDR match |
10.0.0.1/16 |
10.0.0.1/8 |
null |
invalid address |
localhost |
10.0.0.1/8 |
null |
invalid address |
2130706432 |
10.0.0.1/8 |
null |
invalid address |
193.168.48.17 |
2130706432 |
null |
invalid network |