Community discussions

MikroTik App
 
changeip
Forum Guru
Forum Guru
Topic Author
Posts: 3829
Joined: Fri May 28, 2004 5:22 pm

IP exist within subnet script

Wed Sep 21, 2005 7:10 am

I'm working on a larger script for new inbound load balancing support on Mikrotik and have a question for the script guru's.

Can I determine (boolean) if a specific IP is within a specific subnet, ie:

:put (10.10.10.5 & 10.0.0.0/8)

This is from the manual - :put (10.16.0.134 & ~255.255.255.0)

I know the & isn't correct above, I'm just not sure how to accomplish it. I am not sure that the scripting engine even deals with 0.0.0.0/0 style ip addresses at all actually. If I try this:

:put [:toip 10.10.10.1/32]

nothing is output. If I use the above without the /32 it works. I am assuming its not possible but want to throw this one out to the guru's to show me otherwise.

The main goal is to get a true or false if a specific ip is within a specific subnet. I am making an 'exclude' variable that stores ips that should be not matched, ie 10/8, 172.16.x.x, 192.168/16, and any others someone wants to exclude.

Sam
 
sten
Forum Veteran
Forum Veteran
Posts: 919
Joined: Tue Jun 01, 2004 12:10 pm

Wed Sep 21, 2005 1:48 pm

For v2.9 only

:global inet 192.168.1.1/23
:put (255.255.255.255 << (32 - [:pick $inet ([:find $inet "/"] + 1) [:len $inet]])))

This should print the netmask (255.255.254.0)

The next one prints the network address of inet.

:global inet 192.168.1.1/23
:put ([:pick $inet 0 [:find $inet "/"]] & (255.255.255.255 << (32 - [:pick $inet ([:find $inet "/"]+1 ) [:len $inet]])))

The logic is that if you take the subnet mask of the route and AND it with the IP in question. If the IP in question is within that subnet then the subnet address would be equal.

A function such as :put [ / ip route lookup 192.168.1.1 ] would be more convenient :o)

None of the snippets have been tested before posting. I'm lazy.
 
changeip
Forum Guru
Forum Guru
Topic Author
Posts: 3829
Joined: Fri May 28, 2004 5:22 pm

Mon Sep 26, 2005 2:58 am

I tried a few different combinations of tests but never got my end result right. I would like to use address-list functions but they are way slow (at least from the console :find command they are). Sten, you got me closer... If anyone wants to take a stab at it and get $50 USD I will pay you immediately with paypal. : )

Here is what I am trying to do ...

:set bypass "192.168.2.0/24,10.10.50.0/24,172.16.87.64/26"
:set ip 192.168.2.58/32

:if ($ip WITHIN $bypass) do={ } else={ }

I will use ': toarray' and 'foreach' the bypass entries to test each one. Basically I need to check if a specific IP address/subnet is within another list of bypass ip addresses/subnets.

Also, whatever block of code it ends up being I need to include in the new inbound load balancing script - if you wish I will mention your code in the comments section. This will be used to exclude certain addresses from any ddns updates that are sent.

Sam
 
sten
Forum Veteran
Forum Veteran
Posts: 919
Joined: Tue Jun 01, 2004 12:10 pm

Mon Sep 26, 2005 9:44 am

If anyone wants to take a stab at it and get $50 USD I will pay you immediately with paypal. : )

Here is what I am trying to do ...

:set bypass "192.168.2.0/24,10.10.50.0/24,172.16.87.64/26"
:set ip 192.168.2.58/32

:if ($ip WITHIN $bypass) do={ } else={ }

I will use ': toarray' and 'foreach' the bypass entries to test each one. Basically I need to check if a specific IP address/subnet is within another list of bypass ip addresses/subnets.

:global list "192.168.2.0/24,10.10.50.0/24,172.16.87.64/26"
:global inet "10.10.50.10/32"

:global inetaddr ([:pick $inet 0 [:find $inet "/"]] & (255.255.255.255 << (32 - [:pick $inet ([:find $inet "/"] + 1) [:len $inet]]))
:foreach net in=[:toarray $list ] do={
:if ( ([:pick $net 0 [:find $net "/"]] & (255.255.255.255 << (32 - [:pick $net ([:find $net "/"] + 1) [:len $net]]))) = ($inetaddr & (255.255.255.255 << (32 - [:pick $net ([:find $net "/"] + 1) [:len $net]])))) do={
:put ( "matching network: " . $net )
}
}

Does this work for you?
Contact me at: lists@wm-access.no :)
 
changeip
Forum Guru
Forum Guru
Topic Author
Posts: 3829
Joined: Fri May 28, 2004 5:22 pm

Mon Sep 26, 2005 6:19 pm

[admin@mikroHome] system script> run temp

"Console has crashed or maybe system is completely busy; please log in again."

I get the above error - however I think the code is right. I will tweak it and see what I can do to make it work. Is that email below a good paypal addy so i can send you some money?

I wish the scripting engine had some debugging or error logging in it. If one single thing is wrong the script either doesn't run at all, or just stops running and doesn't tell you anything. I am always putting :log info "" commands on every other line just to see where things stop, but thats a pain really.

Thanks!
Sam
 
sten
Forum Veteran
Forum Veteran
Posts: 919
Joined: Tue Jun 01, 2004 12:10 pm

Mon Sep 26, 2005 6:24 pm

no that e-mail address is my public (mailinglist) e-mail address.
 
PackElend
Member Candidate
Member Candidate
Posts: 268
Joined: Tue Sep 29, 2020 6:05 pm

Re: IP exist within subnet script

Thu Jun 09, 2022 12:13 pm

:put (10.10.10.5 & 10.0.0.0/8)
This is from the manual - :put (10.16.0.134 & ~255.255.255.0)
even if it's ages old, if anyone comes across it, here's the answer:
“in”		:put (1.1.1.1/32 in 1.0.0.0/8);
from https://wiki.mikrotik.com/wiki/Manual:S ... _Operators

so it would be in Sam's case
[admin@...] > :put (10.10.10.5/32 in 10.0.0.0/8)
true

Who is online

Users browsing this forum: JDF and 24 guests