This is nice to see. We need more scripting-friendly IP addressing tools.
I’ve made https://github.com/vyos/ipaddrcheck for automated extended “validness” checks (like “is it a valid IPv4 network prefix), now I think testing for overlaps can be a good option to add there too.
What I would love is a tool, ideally CLI, that could pull appropriate subnets in sequence from a larger block. For example:
“With a netblock of 10.0.0.0/8, give me three sequential /24s and a /22”
output:
Are people unaware of ipcalc?
I can recommend sipcalc as well.
that looks even more appropriate for scripting
I’m curious about how this is implemented. It seems to delegate the lifting to some sort of policy engine. The logic seems to be some dsl embedded within the go file: https://github.com/mhausenblas/cidrchk/blob/master/main.go#L20
It seems to use the evaluation module from https://github.com/open-policy-agent/opa
Seems like an odd dependency. Go’s stdlib has IPNet.Contains.
This is nice to see. We need more scripting-friendly IP addressing tools.
I’ve made https://github.com/vyos/ipaddrcheck for automated extended “validness” checks (like “is it a valid IPv4 network prefix), now I think testing for overlaps can be a good option to add there too.
Thanks and also thanks for sharing
ipaddrcheck
!What I would love is a tool, ideally CLI, that could pull appropriate subnets in sequence from a larger block. For example: “With a netblock of 10.0.0.0/8, give me three sequential /24s and a /22” output:
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
10.0.3.0/22
You should report contains via an exit code instead of printing out yes/no, so scripts can write:
instead of:
I’m curious to understand why checks are routed through “rego”: I’m not familiar with rego, but it seems like it adds a lot of code and complexity…
Reminds me of the python cidr iterator I wrote back when I was in university
https://gist.github.com/freddyb/3846097