如何使用cidr获取客户的IP地址

Question

I tried getting Public IP address from HttpServletRequest object using

httpServletRequest.getRemoteAddress();

which returns simple public ip address eg 123.21.21.12 but what I need is 132.21.21.12/8 .

I have checked this How to get client's IP address using javascript only? but all of these provide simple ip addresses not with CIDR bits.

Thank you.

Answer 1

As others stated in the comments to your question, there is no way to extract subnet mask information just from the IP address alone, and there is no reliable way to get this information from the server. Firstly, you are communicating with a single IP address and not the whole subnet, so the correct CIDR is, as others said, /32. Secondly, network mask is network layer information and the way IP routing works doesn't require any other information to be provided other than a destination IP address.

It is important to know what exactly are trying to accomplish and are using this information for. Do you need this just to fulfill some format requirements or you really need the subnet mask. Anyway, if we're talking about ordinary web client/server I could see two different scenarios:

1) You need exact information about client network configuration

Even if you would be able to programmatically obtain such data, I'm not sure how useful it would be. Because of the shortage of IPv4 addresses and the way ISPs allocate addresses to customers most of the clients are behind their home router which does NAT or in some cases behind carrier grade NAT. Having bunch of clients that all have the same 192.168.1.2/24 address would be a bit pointless.

2) You need the public information (used for global routing) to group customers or something related to that.

This means getting the public IP address (the one you get with httpServletRequest.getRemoteAddress(); ). There's no way to obtain the exact subnet with 100% accuracy but you can get the route object from a RIR (Regional Internet Registry) database that delegated the scope that IP belongs to. LIRs (organizations that got the address block) have the obligation to update this database with various information and one of those is creating these route objects. For that you can use Whois protocol which is really simple and easily implemented. Basically you just need to open TCP connection to a port 43, send a command that contain the IP address you need the info on and parse the output.

For your example (123.21.21.12) the route object would look like:

~ # whois -T route 123.21.21.12
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '123.21.16.0/20AS45899'

route:          123.21.16.0/20
descr:          VietNam Post and Telecom Corporation (VNPT)
descr:          VNPT-AS-AP
country:        VN
origin:         AS45899
remarks:        mailto: noc@vnn.vn
notify:         hm-changed@vnnic.net.vn
mnt-by:         MAINT-VN-VNPT
changed:        hm-changed@vnnic.net.vn 20100810
source:         APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

We can see that that IP address belongs to a AS45899 (VNPT) and that the route object is 123.21.16.0/20, which gives you the CIDR you wanted.

And if we query that IP address from a router that has a full BGP table:

# show bgp ipv4 unicast 123.21.21.12          
BGP routing table entry for 123.21.16.0/20, version 71369881
Paths: (3 available, best #1, table default)

we do see that indeed the Whois database is updated and that IP belongs to 123.21.16.0/20 route.

Keep in mind that this /20 could be aggregated route, but that's the best you can get. That's the routing information that's globally available and used by routers around the world to route traffic. How that /20 prefix is used inside the ISP network is up to their internal organization and policies and you can't check that. You also shouldn't get routes smaller than /24 this way.