NAME
rwsetcat - Print the IP addresses in a binary IPset file
SYNOPSIS
rwsetcat [--count-ips] [--print-statistics] [--print-ips]
[{--integer-ips | --zero-pad-ips}] [--cidr-blocks]
[--network-structure | --network-structure=STRUCTURE]
[--ip-ranges] [--no-columns] [--column-separator=C]
[--no-final-delimiter] [{--delimited | --delimited=C}]
[--pager=PAGER_PROG] [SET_FILE...]
rwsetcat --help
rwsetcat --version
DESCRIPTION
When run with no switches, rwsetcat reads each IPset file given on the command line and prints its constituent IP addresses to the standard output, with one IP address per line. If no file names are listed on the command line, rwsetcat will attempt to read an IPset from the standard input.
rwsetcat can produce additional information about IPset files, such as the number of IPs they contain, the number of IPs at the /8, /16, /24, and /27 levels, and the minimum and maximum IPs.
OPTIONS
Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.
- --count-ips
-
Print a count of IP addresses in the IPset file. When this switch is the only one specified, the IPs in the IPset file will not be printed.
- --print-statistics
-
Print statistics about the IPset. The statistics include the minimum IP address, the maximum IP address, and, for each CIDR block of /8, /16, /24, /27, and /32, the number of blocks occupied and what percentage of coverage that represents. When this switch is the only one specified, the IPs in the IPset file will not be printed.
- --print-ips
-
Force printing of the IP addresses, even when the --count-ips or --print-statistics option is provided.
- --integer-ips
-
Cause IP addresses to be printed as integers. By default, IPs are printed in their canonical form (dotted decimal for IPv4).
- --zero-pad-ips
-
Cause IP addresses to be printed as in their canonical form, but each octet is padded with zeros so that each is three characters wide.
- --cidr-blocks
-
Print the IPs in the binary IPset file, grouping sequential IPs into the largest possible CIDR block. This switch cannot be combined with the --network-structure switch.
- --network-structure
- --network-structure=STRUCTURE
-
Print the number of IPs appearing in each CIDR block of the specified size listed in STRUCTURE. The switch can also, for each CIDR block, print the number of smaller CIDR blocks that are occupied. STRUCTURE has one of three forms: CIDR_LIST, CIDR_LIST/, or CIDR_LIST/SUMMARY_EXTRAS. CIDR_LIST and SUMMARY_EXTRAS are each a comma separated list of integers from 1 to 32 as well as the following letters:
-
T: /0 network (the total network; ignored in SUMMARY_EXTRAS) -
A: /8 network (legacy class A) -
B: /16 nework (legacy class B) -
C: /24 network (legacy class C) -
X: /27 network -
H: /32 network (individual host IP addresses) - --ip-ranges
-
Cause the output to contain three columns: the first is the number of IPs in the contiguous range, the second is the start of the range, and the final is the end of the range. This is the most compact way to print the output.
- --no-columns
-
Disable fixed-width columnar output when printing the output from the --network-structure or --ip-ranges switch.
- --column-separator=C
-
Use specified character between columns produced by the --network-structure and --ip-ranges switches. This character is also used after the final column when --ip-ranges is specified. When this switch is not specified, the default of '|' is used.
- --no-final-delimiter
-
Do not print the column separator after the final column in the output produced by --ip-ranges. Normally a delimiter is printed.
- --delimited
- --delimited=C
-
Run as if --no-columns --no-final-delimiter --column-sep=C had been specified. That is, disable fixed-width columnar output; if character C is provided, it is used as the delimiter between columns instead of the default '|'.
- --pager=PAGER_PROG
-
When output is to a terminal, invoke the program PAGER_PROG to view the output one screen full at a time. This switch overrides the SILK_PAGER environment variable, which in turn overrides the PAGER variable. If the value of the pager is determined to be the empty string, no paging will be performed and all output will be printed to the terminal.
- --help
-
Print the available options and exit.
- --version
-
Print the version number and information about how SiLK was configured, then exit the application.
A comma is not required between adjacent letters. Any combination of
integers and the symbols T,A,B,C,X,H may be
specified in CIDR_LIST. In addition, if the argument contains the
letter S or a slash (/), the output line for a CIDR block will
also show the number of smaller CIDR blocks that have at least 1 host.
This list of smaller CIDR blocks to summarize is generated by forming
the union of CIDR_LIST and SUMMARY_EXTRAS. By default,
SUMMARY_EXTRAS is 8,16,24,27, and this default is used when the
argument contains S but no slash. If the argument includes a slash
and SUMMARY_EXTRAS is empty, the list of smaller subnets is set
exactly to CIDR_LIST. If an argument is provided, the CIDR_LIST
must contain at least one element. If no argument is specified to the
switch, the default is TS/ABCX. An argument that contains nothing
but S and/or slash is illegal. This option disables printing of
the IPs in the IPset file; specify the H argument to the switch to
print the IP addresses.
EXAMPLES
Print the contents of a IPset.
$ rwsetcat sample.set 10.1.2.250 10.1.2.251 10.1.2.252 10.1.2.253 10.1.2.254 10.1.2.255 10.1.3.0 10.1.3.1 10.1.3.2 10.1.3.3 10.1.3.4
To get the contents in CIDR notation:
$ rwsetcat --cidr-blocks sample.set 10.1.2.250/31 10.1.2.252/30 10.1.3.0/30 10.1.3.4
To see contiguous IPs printed as ranges:
$ rwsetcat --ip-ranges sample.set
11| 10.1.2.250| 10.1.3.4|
To see contiguous IPs printed as ranges of integers:
$ rwsetcat --ip-ranges --integer-ips sample.set
11| 167838458| 167838468|
To count the IPs in the IPset:
$ rwsetcat --count-ips sample.set 11
To see the contents of the IPset and get a count of IPs, use multiple options:
$ rwsetcat --count-ips --cidr-blocks sample.set 11 10.1.2.250/31 10.1.2.252/30 10.1.3.0/30 10.1.3.4
For text-based sorting, use the --zero-pad-ips switch to force three digits per octet:
$ rwsetcat --zero-pad-ips --cidr-blocks sample.set 010.001.002.250/31 010.001.002.252/30 010.001.003.000/30 010.001.003.004
For numerical sorting, print as an integer:
$ rwsetcat --integer-ips sample.set 167838458 167838459 167838460 167838461 167838462 167838463 167838464 167838465 167838466 167838467 167838468
Use the --print-statistics and --network-structure switches for more detailed information:
$ rwsetcat --print-statistics sample.set
Network Summary
minimumIP = 10.1.2.250
maximumIP = 10.1.3.4
11 hosts (/32s), 0.000000% of 2^32
1 occupied /8, 0.390625% of 2^8
1 occupied /16, 0.001526% of 2^16
2 occupied /24s, 0.000012% of 2^24
2 occupied /27s, 0.000001% of 2^27
$ rwsetcat --network-structure=TABCXS sample.set
10.1.2.224/27 | 6 hosts
10.1.2.0/24 | 6 hosts in 1 /27
10.1.3.0/27 | 5 hosts
10.1.3.0/24 | 5 hosts in 1 /27
10.1.0.0/16 | 11 hosts in 2 /24s and 2 /27s
10.0.0.0/8 | 11 hosts in 1 /16, 2 /24s, and 2 /27s
TOTAL | 11 hosts in 1 /8, 1 /16, 2 /24s, and 2 /27s
To see the IPs generated by rwset without creating an intermediate IPset file, have rwset send its output to the standard output, and have rwsetcat read from stdin:
$ rwfilter ... --pass=stdout | rwset --sip=stdout | rwsetcat 192.168.1.1 192.168.1.2
ENVIRONMENT
- SILK_PAGER
-
When set to a non-empty string, rwsetcat automatically invokes this program to display its output a screen at a time. If set to an empty string, rwsetcat does not automatically page its output.
- PAGER
-
When set and SILK_PAGER is not set, rwsetcat automatically invokes this program to display its output a screen at a time.