1. 19
  1.  

  2. 6

    Are people unaware of ipcalc?

    1. 3

      I can recommend sipcalc as well.

      1. 2

        that looks even more appropriate for scripting

    2. 4

      I’m curious about how this is implemented. It seems to delegate the lifting to some sort of policy engine. The logic seems to be some dsl embedded within the go file: https://github.com/mhausenblas/cidrchk/blob/master/main.go#L20

      1. 1

        It seems to use the evaluation module from https://github.com/open-policy-agent/opa

        1. 2

          Seems like an odd dependency. Go’s stdlib has IPNet.Contains.

      2. 3

        This is nice to see. We need more scripting-friendly IP addressing tools.

        I’ve made https://github.com/vyos/ipaddrcheck for automated extended “validness” checks (like “is it a valid IPv4 network prefix), now I think testing for overlaps can be a good option to add there too.

        1. 1

          Thanks and also thanks for sharing ipaddrcheck!

        2. 2

          What I would love is a tool, ideally CLI, that could pull appropriate subnets in sequence from a larger block. For example: “With a netblock of 10.0.0.0/8, give me three sequential /24s and a /22” output:

          10.0.0.0/24

          10.0.1.0/24

          10.0.2.0/24

          10.0.3.0/22

          1. 2

            You should report contains via an exit code instead of printing out yes/no, so scripts can write:

            if cidrchk contains "$cidr" "$ip" >/dev/null; then
            

            instead of:

            if cidrchk contains "$cidr" "$ip" | grep -q yes; then
            

            I’m curious to understand why checks are routed through “rego”: I’m not familiar with rego, but it seems like it adds a lot of code and complexity…

            1. 1

              Reminds me of the python cidr iterator I wrote back when I was in university

              https://gist.github.com/freddyb/3846097