From de1cf0b237db99ab7b49e31ea44eef75b6758014 Mon Sep 17 00:00:00 2001
From: Dan Milne <d@nmilne.com>
Date: Mon, 17 Nov 2025 21:45:41 +1100
Subject: [PATCH] Use network IDS, rather than the CIDR containment method

---
 app/controllers/network_ranges_controller.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/controllers/network_ranges_controller.rb b/app/controllers/network_ranges_controller.rb
index 83ca2c1..552e839 100644
--- a/app/controllers/network_ranges_controller.rb
+++ b/app/controllers/network_ranges_controller.rb
@@ -245,8 +245,10 @@ class NetworkRangesController < ApplicationController
     if network_range.persisted?
       # Real network - use cached events_count for total requests (much more performant)
       if network_range.events_count > 0
-        # Base query for consistent IP containment logic
-        base_query = Event.where("ip_address <<= ?", network_range.cidr)
+        # Use indexed network_range_id for much better performance instead of expensive CIDR operator
+        # Include child network ranges to capture all traffic within this network block
+        network_ids = [network_range.id] + network_range.child_ranges.pluck(:id)
+        base_query = Event.where(network_range_id: network_ids)
 
         # Use separate queries: one for grouping (without ordering), one for recent activity (with ordering)
         events_for_grouping = base_query.limit(1000)