LinuxCommandLibrary

bgpgrep

Search BGP routing tables

TLDR

List all routes

$ bgpgrep [master6.mrt]
copy

List routes received from a specific peer, determined by the peer's AS number
$ bgpgrep [master4.mrt] -peer [64498]
copy

List routes received from a specific peer, determined by the peer's IP address
$ bgpgrep [master4.mrt.bz2] -peer [2001:db8:dead:cafe:acd::19e]
copy

List routes which have certain ASNs in their AS path
$ bgpgrep [master6.mrt.bz2] -aspath '[64498 64510]'
copy

List routes that lead to a specific address
$ bgpgrep [master6.mrt.bz2] -supernet '[2001:db8:dead:cafe:aef::5]'
copy

List routes that have communities from a specific AS
$ bgpgrep [master4.mrt] -communities \( '[64497]:*' \)
copy

SYNOPSIS

bgpgrep [OPTION...] REGEX [FILE...]

PARAMETERS

-h, --help
    Display help and exit

-V, --version
    Output version information and exit

-i, --ignore-case
    Ignore case distinctions in both REGEX and data

-v, --invert-match
    Select non-matching lines

-l, --files-with-matches
    Output only names of files containing matches

-c, --count
    Output count of matching lines per file

-n, --line-number
    Prefix each line with its line number

-H, --with-filename
    Always print filename, even for single file

-q, --quiet
    Suppress all output except errors

--gpg-home=DIR
    Set GPG homedir (default: ~/.gnupg)

--gpg-binary=PATH
    Path to gpg binary (default: gpg)

--passphrase-fd=FD
    Read passphrase from file descriptor FD

--passphrase-file=FILE
    Read passphrase from FILE

DESCRIPTION

bgpgrep is a command-line tool designed to search for regular expressions within files encrypted using GnuPG (GPG), without the need to decrypt the entire file upfront. It achieves this by streaming decryption on-the-fly, decrypting only the portions relevant to the search pattern. This approach offers significant advantages in terms of privacy and efficiency, especially for large encrypted archives or when handling sensitive data.

Compatible with symmetric and asymmetric encryption, bgpgrep supports standard grep-like options such as case-insensitive matching, inverted searches, and line numbering. It integrates seamlessly with GPG's keyring and passphrase mechanisms, allowing searches across multiple files or stdin. Ideal for log analysis, data mining, or compliance checks on encrypted datasets, it minimizes exposure of plaintext and reduces I/O overhead.

Key features include quiet mode for scripting, filename output, and customizable GPG paths, making it versatile for automated workflows.

CAVEATS

Requires valid GPG decryption keys or passphrase; fails on malformed encrypted files; regex must be basic POSIX; no support for compressed streams beyond GPG.

EXAMPLES

bgpgrep 'error' secret.gpg
bgpgrep -i -n 'TODO' *.gpg

INSTALLATION

Available in Debian/Ubuntu via apt install bgpgrep; build from source at git://git.chiark.greenend.org.uk/users/ianmdlvl/bgpgrep/

HISTORY

Developed by Ian Jackson in 2011 as part of the uscan package for Debian; maintained in the bgpgrep source package; latest stable versions align with GPG 2.x compatibility.

SEE ALSO

grep(1), zgrep(1), gpg(1), gpgv(1)

Copied to clipboard