grepcidr 2.0 - Filter IPv4 and IPv6 addresses matching CIDR patterns
Release date: 2014-05-26
grepcidr can be used to filter a list of IP addresses against one or more Classless Inter-Domain Routing (CIDR) specifications. As with grep, there are options to invert matching and load patterns from a file. grepcidr is capable of efficiently processing large numbers of IPs and networks.
grepcidr has endless uses in network software, including: mail filtering and processing, network security, log analysis, and many custom applications.
For detailed instructions and examples, please see the README file or man page. A couple examples of usage:
grepcidr 2001:db8::/32 logfile grepcidr 126.96.36.199/19 access.log
Changes in version 2.0
- Added IPv6 support
- Replaced regex with 'hints' scanner (2x to 10x faster on some platforms)
- IP text now require strict termination, avoids matching reverse DNS
- Now complains about bad pattern formats instead of silently ignoring
- Supports multiple file names on command line, like regular grep
- Updated Makefile to be FreeBSD-friendly; also now includes -O3
- Fixed invert (-v) logic and added -i to include lines without an IP
- Now supports unlimited line length within input stream/file
- Added -s option to enforce strict alignment of CIDR mask
- Fixed bug, now recognizes /0 and 0.0.0.0
Note! There is a fork of grepcidr
|Jem Berkes (this site)||
grepcidr 2.0 - official
Most current version
|I am the original author, and this is the original project (created 2004 and most recently released May 2014) on pc-tools.net. The feature set and execution speed is comparable to the forked project below, but the two versions are not compatible. This official grepcidr is very fast, and has approximately equivalent performance to the below fork. My project is the only one I developed, tested, and stand behind (10 years and counting).|
grepcidr(*) 2.98 - FORK
Does not supercede the main project
|John has a completely different implementation and his version represents a near-total rewrite. These two projects now have unrelated code, and are developed independently. Although I have requested that he change his project name to differentiate it from my grepcidr 2.0, he chose to call his project grepcidr-2. (*) THIS NAME CREATES CONFUSION IN THE COMMUNITY. Although they both have the number 2, these are different projects. John's "2.98" does not upgrade or follow Jem's 2.0.|
Compiling and Installing
This has been tested on Ubuntu Linux, FreeBSD, NetBSD, OS X Mavericks, cygwin:
make make install
The Makefile uses -O3 optimization by default.
grepcidr [-V] [-cisvx] PATTERN [FILE...] grepcidr [-V] [-cisvx] [-e PATTERN | -f PATFILE] [FILE...] -V Show software version -c Display count of the matching lines, instead of showing the lines -i Inverse match, include lines without an IP, implies -v -s Enforce strict alignment of CIDR mask; host portion must be all zero -v Invert the sense of matching, output lines with IPs that don't match -x Strict matching, only look at start of line -e Specify individual IP or CIDR pattern(s) on command-line -f Load individual IP or CIDR pattern(s) from file
Sponsored in part by the Spamhaus Project. Thanks to the people at Spamhaus for helping add valuable new features, and for their thorough testing.
A great thanks to Chris Lewis for suggesting and helping test many features, such as IPv6, stricter CIDR, support for multiple input files and unlimited line length.
Thanks to John Levine for sharing his alternative implementation. I used a couple ideas from his code, such as portable 128-bit numbers. However, John's version is quite different and represents a significant fork in the project.
Thanks to Ryan Finnie for his work on the Debian package. I've adopted several of his changes including the Makefile, and the DocBook format which now is the source of the man page. Thanks to Ryan for writing the first manual in DocBook format.
Many thanks to Dick Wesseling who suggested an improved data structure format as well as binary search, to improve grepcidr performance.