Internal network traffic is predefined in IPv4PrivateLan, which is used to configure defined ranges for private networks. IPv4PrivateLan can be used to ignore internal traffic that might otherwise create unnecessary noise in DPA rules. IPv4PrivateLan determines whether an IP address is off-site (not in the private LAN).

Private LAN ranges are defined as:

LAN BeginLAN End
10.0.0.010.255.255.255
192.168.0.0192.168.255.255
172.16.0.0172.31.255.255
0.0.0.00.0.0.0
255.255.255.255255.255.255.255

The following example shows how an IP address can be checked against the private LAN definition with the purpose of only running DPA logic on traffic going between external and internal nodes, while ignoring pure internal traffic.

This example runs as a Flow rule, but the functionality also works when run within packet rules.

function Flow_DetectExternalNetworkTraffic (dpiMsg, ruleEngine)
  require 'LOG'
  require 'IPv4PrivateLan'
  if (privateLan == nil) then
    privateLan = IPv4PrivateLan:new()
  end
  if IsFinalLongFlow(dpiMsg) or IsFinalShortFlow(dpiMsg) then
    local destip = GetDstIP4Int(dpiMsg)
    local srcip = GetSrcIP4Int(dpiMsg)
    if (privateLan:IsOffsiteIp(destip) or privateLan:IsOffsiteIp(srcip)) then
      EZINFO("External traffic detected, srcip: " .. GetSrcIP4String(dpiMsg) .. ", dstip: " .. GetDstIP4String(dpiMsg))
    end
  end
end