Sign inDemoInstall

Package Overview
File Explorer

Install Socket

Detect and block malicious and high-risk dependencies


Package iplib provides enhanced tools for working with IP networks and addresses. These tools are built upon and extend the generic functionality found in the Go "net" package. The main library comes in two parts: a series of utilities for working with net.IP (sort, increment, decrement, delta, compare, convert to binary or hex- string, convert between net.IP and integer) and an enhancement of net.IPNet called iplib.Net that can calculate the first and last IPs of a block as well as enumerating the block into []net.IP, incrementing and decrementing within the boundaries of the block and creating sub- or super-nets of it. For most features iplib exposes a v4 and a v6 variant to handle each network properly, but in all cases there is a generic function that handles any IP and routes between them. One caveat to this is those functions that require or return an integer value representing the address, in these cases the IPv4 variants take an int32 as input while the IPv6 functions require a *big.Int in order to work with the 128bits of address. For managing the complexity of IPv6 address-spaces, this library adds a new mask, called a Hostmask, as an optional constraint on iplib.Net6 networks, please see the type-documentation for more information on using it. For functions where it is possible to exceed the address-space the rule is that underflows return the version-appropriate all-zeroes address while overflows return the all-ones. There are also two submodules under iplib: the iplib/iid module contains functions for generating RFC 7217-compliant IPv6 Interface ID addresses, and iplib/iana imports the IANA IP Special Registries and exposes functions for comparing IP addresses against those registries to determine if the IP is part of a special reservation (for example RFC 1918 private networks or the RFC 3849 documentation network).

Version published




Documentation CircleCI Go Report Card Coverage Status

I really enjoy Python's ipaddress library and Ruby's ipaddr, I think you can write a lot of neat software if some of the little problems around manipulating IP addresses and netblocks are taken care of for you, so I set out to write something like them for my language of choice, Go. This is what I've come up with.

IPLib is a hopefully useful, aspirationally full-featured library built around and on top of the address primitives found in the net package, it seeks to make them more accessible and easier to manipulate.

It includes:

net.IP tools

Some simple tools for performing common tasks against IP objects:

  • compare two addresses
  • make a copy of a net.IP address
  • get the delta between two addresses
  • sort
  • decrement or increment addresses
  • print addresses as binary or hexadecimal strings, or print their addr.ARPA DNS name
  • print v6 in fully expanded form
  • convert between net.IP and integer values
  • get the version of a v4 address or force a IPv4-mapped IPv6address to be a v4 address

An enhancement of net.IPNet, iplib.Net is an interface with two, version- specific implementations providing features such as:

  • retrieve the first and last usable address
  • retrieve the wildcard mask
  • enumerate all or part of a netblock to []net.IP
  • decrement or increment addresses within the boundaries of the netblock
  • return the supernet of a netblock
  • allocate subnets within the netblock
  • return next- or previous-adjacent netblocks
Net4 and Net6 implementations of Net

The two address versions behave differently in both large and subtle ways, and the version-specific implementations seek to account for this. For example the Net4 implementation omits the network and broadcast addresses from consideration during enumeration; while the Net6 implementation introduces the concept of a HostMask, which blocks usable addresses off from the right in the same way that a netmask constrains them from the left

Additional version-specific considerations described in the Net4 and Net6 sections below.



go get -u

Using iplib

There are a series of functions for working with v4 or v6 net.IP objects:

package main

import (

func main() {
	ipa := net.ParseIP("")
	ipb := iplib.IncrementIPBy(ipa, 15)      // ipb is
	ipc := iplib.NextIP(ipa)                 // ipc is

	fmt.Println(iplib.CompareIPs(ipa, ipb))  // -1
	fmt.Println(iplib.DeltaIP(ipa, ipb))     // 15
	fmt.Println(iplib.IPToHexString(ipc))    // "c0a80102"

	iplist := []net.IP{ ipb, ipc, ipa }
	sort.Sort(iplib.ByIP(iplist))            // []net.IP{ipa, ipc, ipb}

	fmt.Println(iplib.IP4ToUint32(ipa))      // 3232235777
	fmt.Println(iplib.IPToBinaryString(ipa)) // 11000000.10101000.00000001.00000001
	fmt.Println(iplib.IP4ToARPA(ipa))        //

Addresses that require or return a count default to using uint32, which is sufficient for working with the entire IPv4 space. As a rule these functions are just lowest-common wrappers around IPv4- or IPv6-specific functions. The IPv6-specific variants use big.Int so they can access the entire v6 space.

The iplib.Net interface

Net describes an iplib.Net object, the exposed functions are those that are required for comparison, sorting, generic initialization and for ancillary functions such as those found in this package's submodules.

Using iplib.Net4

Net4 represents an IPv4 network. Since the first and last addresses of a v4 network are typically not allocated for use these will be omitted by Enumerate(), NextIP() and PreviousIP(); they wont show up in Count(); and FirstAddress() and LastAddress() show the 2nd and 2nd-to-the-last addresses respectively. The v4-specific method NetworkAddress() returns the first address, while BroadcastAddress() returns the last. There is an exception made for Net4 networks defined with a 31-bit netmask, since these are assumed to be for RFC3021 point-to-point links.

Additionally Net4 contains a Wildcard() method which will return the network's wildcard address.

n := iplib.NewNet4(net.ParseIP(""), 16)
fmt.Println(n.Count())            // 65534 (note: not 65536)
fmt.Println(n.Enumerate(2, 1024)) // []
fmt.Println(n.IP())               //
fmt.Println(n.FirstAddress())     //
fmt.Println(n.LastAddress())      //
fmt.Println(n.BroadcastAddress()) //
fmt.Println(n.Wildcard())         // 0000ffff
fmt.Println(n.Subnet(0))          // [] <nil>
fmt.Println(n.Supernet(0))        // <nil>

Using iplib.Net6

Net6 represents and IPv6 network. In some ways v6 is simpler than v4, as it does away with the special behavior of addresses at the front and back of the netblock. For IPv6 the primary problem is the sheer size of the thing: there are 2^128th addresses in IPv6, which translates to 340 undecillion!

n := iplib.NewNet6(net.ParseIP("2001:db8::"), 56, 0)
fmt.Println(n.Count())                  // 4722366482869645213696
fmt.Println(n.Enumerate(2, 1024))       // [2001:db8::400 2001:db8::401]
fmt.Println(n.FirstAddress())           // 2001:db8::
fmt.Println(n.NextIP(n.FirstAddress())) // 2001:db8::1 <nil>
fmt.Println(n.LastAddress())            // 2001:db8:0:ff:ffff:ffff:ffff:ffff
fmt.Println(n.Subnet(0, 0))             // [2001:db8::/57 2001:db8:0:80::/57] <nil>
fmt.Println(n.Supernet(0, 0))           // 2001:db8::/55 <nil>

HostMasks with Net6

To manage the address space, Net6 introduces HostMask. This optional constraint can be used to block addresses on the right-side of a netblock somewhat like Netmasks do on the left. Hostmask must be specified at initialization time and, if set, will affect the behavior of Count(), Enumerate(), LastAddress(), NextIP() and PreviousIP(). Subnet() and Supernet() generate objects that inherit the hostmask of their parent, while a hostmask must be specified for NextNet() and PreviousNet().

// this is the same as the previous example, except with a hostmask set
n := NewNet6(net.ParseIP("2001:db8::"), 56, 60)
fmt.Println(n.Count())                  // 4096
fmt.Println(n.Enumerate(2, 1024))       // [2001:db8:0:40:: 2001:db8:0:40:100::]
fmt.Println(n.FirstAddress())           // 2001:db8::
fmt.Println(n.NextIP(n.FirstAddress())) // 2001:db8:0:0:100:: <nil>
fmt.Println(n.LastAddress())            // 2001:db8:0:ff:f00::
fmt.Println(n.Mask().String())          // ffffffffffffff000000000000000000
fmt.Println(n.Hostmask.String())        // 0000000000000000f0ffffffffffffff
fmt.Println(n.Subnet(0, 60))            // [2001:db8::/57 2001:db8:0:80::/57] <nil>
fmt.Println(n.Supernet(0, 60))          // 2001:db8::/55 <nil>


Last updated on 24 Dec 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc